function blocks_ephem_block($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $currentlang = pnUserGetLang(); if (!pnSecAuthAction(0, 'Ephemeridsblock::', "{$row['title']}::", ACCESS_READ)) { return; } if (pnConfigGetVar('multilingual') == 1) { $column =& $pntable['ephem_column']; $querylang = "AND ({$column['elanguage']}='" . pnVarPrepForStore($currentlang) . "' OR {$column['elanguage']}='')"; } else { $querylang = ""; } $today = getdate(); $eday = $today['mday']; $emonth = $today['mon']; $column =& $pntable['ephem_column']; $result = $dbconn->Execute("SELECT {$column['yid']}, {$column['content']}\n FROM {$pntable['ephem']}\n WHERE {$column['did']}='" . pnVarPrepForStore($eday) . "' AND {$column['mid']}='" . pnVarPrepForStore($emonth) . "' {$querylang}"); $boxstuff = '<span class="pn-normal"><b>' . _ONEDAY . '</b></span><br />'; while (list($yid, $content) = $result->fields) { $result->MoveNext(); $boxstuff .= '<br /><br />'; $boxstuff .= '<b>' . pnVarPrepForDisplay($yid) . '</b><br />' . pnVarPrepHTMLDisplay(nl2br($content)) . ''; } if (empty($row['title'])) { $row['title'] = _EPHEMERIDS; } $row['content'] = $boxstuff; return themesideblock($row); }
function blocks_related_block($row) { global $sid, $story; list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!pnSecAuthAction(0, 'Relatedblock::', "{$row['title']}::", ACCESS_READ)) { return; } if ($story['topic']) { $row['content'] = '<font class="pn-normal">'; $column =& $pntable['stories_column']; $sql = "SELECT {$column['sid']} as sid, {$column['title']} as title FROM {$pntable['stories']} WHERE {$column['topic']}=" . pnVarPrepForStore($story['topic']) . " ORDER BY {$column['counter']} DESC"; $result = $dbconn->SelectLimit($sql, 1); $mrow = $result->GetRowAssoc(false); $result->MoveNext(); $column =& $pntable['related_column']; $result = $dbconn->Execute("SELECT {$column['name']} as name, {$column['url']} as url FROM {$pntable['related']} WHERE {$column['tid']}=" . pnVarPrepForStore($story['topic']) . ""); while (!$result->EOF) { $lrow = $result->GetRowAssoc(false); $result->MoveNext(); $row['content'] .= "<strong><big>·</big></strong> <a href=\"{$lrow['url']}\" target=\"_blank\">" . pnVarPrepForDisplay($lrow['name']) . "</a><br>\n"; } $row['content'] .= "<strong><big>·</big></strong> <a href=\"advtopics.php?topic={$story['topic']}\">" . _MOREABOUT . " " . pnVarPrepForDisplay($story['topicname']) . "</a><br>\n" . "<strong><big>·</big></strong> <a class=\"pn-normal\" href=\"modules.php?op=modload&name=Search&file=index&action=search&overview=1&active_stories=1&stories_author={$story['aid']}\">" . _NEWSBY . " " . pnVarPrepForDisplay($story['aid']) . "</a><br>\n" . '</font><br><hr noshade width="95%" size="1"><b>' . _MOSTREAD . " " . pnVarPrepForDisplay($story['topicname']) . ":</b><br>\n" . "<center><a href=\"advarticle.php?sid={$mrow['sid']}\">" . pnVarPrepForDisplay($mrow['title']) . "</a></center><br><br>\n" . '<div align="right">' . "<a href=\"print.php?sid={$mrow['sid']}\"><img src=\"images/global/print.gif\" border=\"0\" alt=\"" . _PRINTER . "\"></a> " . "<a class=\"pn-normal\" href=\"modules.php?op=modload&name=Recommend_Us&file=index&req=FriendSend&sid={$sid}\"><img src=\"images/global/friend.gif\" border=\"0\" Alt=\"" . _FRIEND . "\"></a>\n" . '</div>'; return themesideblock($row); } }
function blocks_thelang_block($row) { $currentlang = pnUserGetLang(); if (!pnSecAuthAction(0, 'Languageblock::', "{$row['title']}::", ACCESS_OVERVIEW)) { return; } if (!pnConfigGetVar('multilingual')) { return; } $currentURL = $_SERVER['REQUEST_URI']; if ($currentURL === "") { $currentURL = "index.php"; } $pattern = '/\\?newlang=.../'; $currentURL = preg_replace($pattern, '', $currentURL); $pattern = '/\\&newlang=.../'; $currentURL = pnVarPrepForDisplay(preg_replace($pattern, '', $currentURL)); $append = "&"; if (strpos($currentURL, '?') === false) { $append = "?"; } $lang = languagelist(); $handle = opendir('language'); while ($f = readdir($handle)) { if (is_dir("language/{$f}") && !empty($lang[$f])) { $langlist[$f] = $lang[$f]; $sel_lang[$f] = ''; } } asort($langlist); $content = '<center><font class="pn-normal">' . _SELECTGUILANG . '</font><br><br>'; if (pnConfigGetVar('useflags')) { $i = 1; foreach ($langlist as $k => $v) { if ($i > 3) { $content .= "<br>\n"; $i = 1; } $imgsize = @getimagesize("images/flags/flag-{$k}.png"); $content .= "<a href=\"{$currentURL}" . $append . "newlang={$k}\"><img src=\"images/flags/flag-{$k}.png\" border=\"0\" alt=\"{$lang[$k]}\" hspace=\"3\" vspace=\"3\" {$imgsize['3']}></a>"; $i++; } $content .= '</center>'; } else { $content .= '<form method="post" action="index.php"><select class="pn-text" name="newlanguage" onChange="top.location.href=this.options[this.selectedIndex].value">'; $sel_lang[$currentlang] = ' selected'; foreach ($langlist as $k => $v) { $content .= "<option value=\"{$currentURL}" . $append . "newlang={$k}\"{$sel_lang[$k]}>{$v}</option>\n"; } $content .= '</select></form></center>'; } if (empty($row['title'])) { $row['title'] = _SELECTLANGUAGE; } $row['content'] = $content; return themesideblock($row); }
function blocks_login_block($row) { global $HTTP_SERVER_VARS; if (empty($row['title'])) { $row['title'] = 'Login'; } if (!pnSecAuthAction(0, 'Loginblock::', "{$row['title']}::", ACCESS_READ)) { return; } // code taken pnGetBaseURI to fix issue with IIS not passing request_uri // markwest // Start of with REQUEST_URI if (isset($HTTP_SERVER_VARS['REQUEST_URI'])) { $path = $HTTP_SERVER_VARS['REQUEST_URI']; } else { $path = getenv('REQUEST_URI'); } if (empty($path) || substr($path, -1, 1) == '/') { // REQUEST_URI was empty or pointed to a path // Try looking at PATH_INFO $path = getenv('PATH_INFO'); if (empty($path)) { // No luck there either // Try SCRIPT_NAME if (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) { $path = $HTTP_SERVER_VARS['SCRIPT_NAME']; } else { $path = getenv('SCRIPT_NAME'); } } } if (!pnUserLoggedIn()) { // prettified a little with a table for inputs and button to avoid bugs like #493456 (Andy Varganov) $boxstuff = '<form action="user.php" method="post">'; $boxstuff .= '<table border="0" width="100%" cellspacing="0" cellpadding="1"><tr><td>'; $boxstuff .= '<span class="pn-normal"> ' . _BLOCKNICKNAME . '</span></td></tr><tr><td>'; $boxstuff .= '<input type="text" name="uname" size="14" maxlength="25"></td></tr><tr><td>'; $boxstuff .= '<span class="pn-normal"> ' . _BLOCKPASSWORD . '</span></td></tr><tr><td>'; $boxstuff .= '<input type="password" name="pass" size="14" maxlength="20"></td></tr><tr><td>'; if (pnConfigGetVar('seclevel') != 'High') { $boxstuff .= '<input type="checkbox" value="1" name="rememberme" />'; $boxstuff .= '<span class="pn-normal"> ' . _REMEMBERME . '</span></td></tr><tr><td>'; } $boxstuff .= '<br>'; $boxstuff .= '<input type="hidden" name="module" value="NS-User" />'; $boxstuff .= '<input type="hidden" name="op" value="login" />'; $boxstuff .= '<input type="hidden" name="url" value="' . pnVarPrepForDisplay($path) . '" />'; $boxstuff .= '<input type="submit" value="' . _LOGIN . '" /></td></tr><tr><td>'; $boxstuff .= '<br /><span class="pn-normal">' . _ASREGISTERED . '</span></td></tr><tr><td></table></form>'; if (empty($row['title'])) { $row['title'] = _LOGIN; } $row['content'] = $boxstuff; return themesideblock($row); } }
function blocks_category_block($row) { global $topic, $catid; list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!pnSecAuthAction(0, 'Categoryblock::', "{$row['title']}::", ACCESS_READ)) { return; } if (pnConfigGetVar('multilingual') == 1) { $column =& $pntable['stories_column']; $querylang = "AND ({$column['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$column['alanguage']}='')"; /* the OR is needed to display stories who are posted to ALL languages */ } else { $querylang = ''; } $column =& $pntable['stories_cat_column']; $result = $dbconn->Execute("SELECT {$column['catid']} as catid, {$column['title']} as title FROM {$pntable['stories_cat']} ORDER BY {$column['title']}"); if ($result->EOF) { return; } else { $boxstuff = '<span class="pn-normal">'; if ($catid == "") { // $boxstuff .= '<strong><big>·</big></strong> <b>'._ALL_CATEGORIES.'</b><br />'; $boxstuff .= ""; } else { $boxstuff .= "<strong><big>·</big></strong> <a href=\"modules.php?op=modload&name=News&file=index&topic={$topic}\">" . _ALL_CATEGORIES . "</a><br />"; } for (; !$result->EOF; $result->MoveNext()) { $srow = $result->GetRowAssoc(false); if (pnSecAuthAction(0, 'Stories::Category', "{$srow['title']}::{$srow['catid']}", ACCESS_READ)) { $column =& $pntable['stories_column']; $result2 = $dbconn->Execute("SELECT {$column['time']} AS unixtime\n FROM {$pntable['stories']}\n WHERE {$column['catid']}=" . pnVarPrepForStore($srow['catid']) . " {$querylang}\n ORDER BY {$column['time']} DESC"); if (!$result2->EOF) { $story = $result2->GetRowAssoc(false); $story['unixtime'] = $result2->UnixTimeStamp($story['unixtime']); $sdate = ml_ftime(_DATEBRIEF, $story['unixtime']); if ($catid == $srow['catid']) { $boxstuff .= "<strong><big>·</big></strong> <span class=\"pn-title\"><b>" . pnVarPrepForDisplay($srow['title']) . "</b></span> <span class=\"pn-sub\">(" . pnVarPrepForDisplay($sdate) . ")</span><br />"; } else { $boxstuff .= "<strong><big>·</big></strong> <a class=\"pn-normal\" href=\"modules.php?op=modload&name=News&file=index&catid={$srow['catid']}&topic={$topic}\">" . pnVarPrepForDisplay($srow['title']) . "</a> <span class=\"pn-sub\">(" . pnVarPrepForDisplay($sdate) . ")</span><br />"; } } } } } $boxstuff .= '</span>'; if (empty($row['title'])) { $row['title'] = _CATEGORIES; } $row['content'] = $boxstuff; return themesideblock($row); }
function blocks_weblinks_display($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!pnSecAuthAction(0, 'Weblinksblock::', "{$row['title']}::", ACCESS_READ)) { return; } $url = explode('|', $row['url']); if (!$url[0]) { $row['content'] = 'You forgot to set the module name!'; return themesideblock($row); } if (!$url[1]) { $url[1] = 10; } $links_col =& $pntable['links_links_column']; $linksok = 0; $linkcount = 0; $result = $dbconn->Execute("SELECT {$links_col['cat_id']}, {$links_col['title']} FROM {$pntable['links_links']} ORDER BY {$links_col['date']} DESC"); while (list($cid, $title) = $result->fields) { $result->MoveNext(); $linkcount++; if (pnSecAuthAction(0, "Web Links::Category", "{$title}::{$cid}", ACCESS_READ)) { $linksok++; } if ($linksok == $url[1]) { break; } } $oldurl = $url[1]; $url[1] = $linkcount; $row['content'] = '<span class="pn-normal">'; $links_col =& $pntable['links_links_column']; $cats_col =& $pntable['links_categories_column']; $sql = "SELECT {$links_col['lid']} as lid, {$links_col['cat_id']} as catid, {$links_col['title']} as title, {$links_col['description']} as description, {$links_col['hits']} as hits, IF({$links_col['cat_id']}, CONCAT('/', {$cats_col['title']}), {$cats_col['title']}) AS cattitle\n FROM {$pntable['links_links']}\n LEFT JOIN {$pntable['links_categories']}\n ON {$cats_col['cat_id']}={$links_col['cat_id']}\n ORDER BY {$links_col['date']} DESC"; $result = $dbconn->SelectLimit($sql, $url[1]); while (!$result->EOF) { $lrow = $result->GetRowAssoc(false); if (pnSecAuthAction(0, "Web Links::Category", "{$lrow['cattitle']}::{$lrow['catid']}", ACCESS_READ)) { $lrow['title'] = pnVarPrepForDisplay($lrow['title']); $lrow['description'] = pnVarPrepHTMLDisplay($lrow['description']); $lrow['cattitle'] = pnVarPrepForDisplay($lrow['cattitle']); $row['content'] .= "<strong><big>·</big></strong> <a href=\"modules.php?op=modload&name={$url['0']}&file=index&req=visit&lid={$lrow['lid']}\" target=\"_blank\" title=\"{$lrow['cattitle']}:\n{$lrow['description']}\" class=\"pn-sub\">{$lrow['title']}</a><br>\n"; $result->MoveNext(); } } //$row['content'] .= "<div align=\"right\"><font class=\"pn-sub\"><a href=\"modules.php?op=modload&name=Web_Links&file=index&req=NewLinks&newlinkshowdays=10\">"._READMORE."</a></font></div>"; $row['content'] .= '</span>'; return themesideblock($row); }
function blocks_user_block($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!pnSecAuthAction(0, 'Userblock::', "{$row['title']}::", ACCESS_READ)) { return; } if (pnUserLoggedIn() && pnUserGetVar('ublockon') == 1) { $column =& $pntable['users_column']; $uid = pnUserGetVar('uid'); $getblock = $dbconn->Execute("SELECT {$column['ublock']} FROM {$pntable['users']} WHERE {$column['uid']}=" . pnVarPrepForStore($uid) . ""); list($ublock) = $getblock->fields; $username = pnUserGetVar('name'); $row['title'] = _MENUFOR . " " . pnVarPrepForDisplay($username) . ""; $row['content'] = $ublock; return themesideblock($row); } }
function send_email() { $adminmail = pnConfigGetVar('adminmail'); $subject = "" . _ERROR404_MAILSUBJECT . ""; $sitename = pnConfigGetVar('sitename'); $remote_addr = pnServerGetVar('REMOTE_ADDR'); $http_referer = pnServerGetVar('HTTP_REFERER'); $redirect_url = pnServerGetVar('REDIRECT_URL'); $server = pnServerGetVar('HTTP_HOST'); $errordoc = "http://{$server}{$redirect_url}"; $errortime = ml_ftime(_DATETIMEBRIEF, date(time())); $message = "{$subject}\n\n"; $message .= "TIME: {$errortime}\n"; $message .= "REMOTE_ADDR: {$remote_addr}\n"; $message .= "ERRORDOC: " . pnVarPrepForDisplay($errordoc) . "\n"; $message .= "HTTP_REFERER: {$http_referer}\n"; pnMail($adminmail, $subject, $message, "From: \"{$sitename}\" <{$adminmail}>\nX-Mailer: PHP/" . phpversion()); echo "<br /><br /><strong>" . _ERROR404_MAILED . "</strong>\n"; }
function modules_adminmenu() { $output = new pnHTML(); if (!pnSecAuthAction(0, 'Modules::', '::', ACCESS_ADMIN)) { $output->Text(_MODULESNOAUTH); return $output->GetOutput(); } $output->Text(pnGetStatusMsg()); $output->Linebreak(2); $output->TableStart(_MODULES); $output->SetOutputMode(_PNH_RETURNOUTPUT); $columns = array(); $columns[] = $output->URL(pnVarPrepForDisplay(pnModURL('Modules', 'admin', 'list')), _LIST); $columns[] = $output->URL(pnVarPrepForDisplay(pnModURL('Modules', 'admin', 'regenerate', array('authid' => pnSecGenAuthKey()))), _REGENERATE); $output->SetOutputMode(_PNH_KEEPOUTPUT); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->TableAddRow($columns); $output->SetInputMode(_PNH_PARSEINPUT); $output->TableEnd(); return $output->GetOutput(); }
function user_title($title) { OpenTable(); echo "<center><font class=\"pn-title\"><b>" . pnVarPrepForDisplay($title) . "</b></font></center>"; CloseTable(); }
/** * Display a block based on the current theme * */ function themesideblock($row) { if (!isset($row['bid'])) { $row['bid'] = ''; } if (!isset($row['title'])) { $row['title'] = ''; } // check for collapsable menus being enabled, and setup the collapsable menu image. if (file_exists('themes/' . pnVarPrepForOS(pnUserGetTheme()) . '/images/upb.gif')) { $upb = '<img src="themes/' . pnVarPrepForOS(pnUserGetTheme()) . '/images/upb.gif" alt="" />'; } else { $upb = '<img src="images/global/upb.gif" alt="" />'; } if (file_exists('themes/' . pnVarPrepForOS(pnUserGetTheme()) . '/images/downb.gif')) { $downb = '<img src="themes/' . pnVarPrepForOS(pnUserGetTheme()) . '/images/downb.gif" alt="" />'; } else { $downb = '<img src="images/global/downb.gif" alt="" />'; } if (pnUserLoggedIn() && pnModGetVar('Blocks', 'collapseable') == 1 && isset($row['collapsable']) && $row['collapsable'] == '1') { if (pnCheckUserBlock($row) == '1') { if (!empty($row['title'])) { $row['minbox'] = '<a href="' . pnVarPrepForDisplay(pnModURL('Blocks', 'user', 'changestatus', array('bid' => $row['bid'], 'authid' => pnSecGenAuthKey()))) . '">' . $upb . '</a>'; } } else { $row['content'] = ''; if (!empty($row['title'])) { $row['minbox'] = '<a href="' . pnVarPrepForDisplay(pnModURL('Blocks', 'user', 'changestatus', array('bid' => $row['bid'], 'authid' => pnSecGenAuthKey()))) . '">' . $downb . '</a>'; } } } else { $row['minbox'] = ''; } // end collapseable menu config return themesidebox($row); }
function editmsg() { list($mid, $authid) = pnVarCleanFromInput('mid', 'authid'); list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); include "header.php"; GraphicAdmin(); OpenTable(); echo "<center><font class=\"pn-title\"><b>" . _MESSAGESADMIN . "</b></font></center>"; CloseTable(); $column =& $pntable['message_column']; $result = $dbconn->Execute("SELECT {$column['title']},\n {$column['content']},\n {$column['date']},\n {$column['expire']},\n {$column['active']},\n {$column['view']},\n {$column['mlanguage']} \n FROM {$pntable['message']}\n WHERE {$column['mid']}= '" . pnVarPrepForStore($mid) . "'"); list($title, $content, $mdate, $expire, $active, $view, $mlanguage) = $result->fields; if (!pnSecAuthAction(0, 'Messages::', "{$title}::{$mid}", ACCESS_EDIT)) { echo _MESSAGESEDITNOAUTH; include 'footer.php'; return; } OpenTable(); echo "<center><font class=\"pn-title\"><b>" . _EDITMSG . "</b></font></center>"; $asel1 = ''; $asel2 = ''; if ($active == 1) { $asel1 = "checked"; } elseif ($active == 0) { $asel2 = "checked"; } $sel1 = ''; $sel2 = ''; $sel3 = ''; $sel4 = ''; if ($view == 1) { $sel1 = "selected"; } elseif ($view == 2) { $sel2 = "selected"; } elseif ($view == 3) { $sel3 = "selected"; } elseif ($view == 4) { $sel4 = "selected"; } $esel1 = ''; $esel2 = ''; $esel3 = ''; $esel4 = ''; $esel5 = ''; $esel6 = ''; if ($expire == 86400) { $esel1 = "selected"; } elseif ($expire == 172800) { $esel2 = "selected"; } elseif ($expire == 432000) { $esel3 = "selected"; } elseif ($expire == 1296000) { $esel4 = "selected"; } elseif ($expire == 2592000) { $esel5 = "selected"; } elseif ($expire == 0) { $esel6 = "selected"; } echo "<form action=\"admin.php\" method=\"post\">"; echo "<b><font class=\"pn-normal\">" . _MESSAGETITLE . ":</font></b><br>" . "<input type=\"text\" name=\"title\" value=\"" . pnVarPrepForDisplay($title) . "\" size=\"50\" maxlength=\"100\"><br><br>" . "<b><font class=\"pn-normal\">" . _MESSAGECONTENT . ":</font></b><br>" . "<textarea name=\"content\" rows=\"10\" cols=\"80\">" . pnVarPrepForDisplay($content) . "</textarea><br><br><font class=\"pn-normal\">" . '<b>' . _LANGUAGE . ': </b></font>' . '<select name="mlanguage" size="1">' . '<option value="">' . _ALL . '</option>'; $lang = languagelist(); $sel_lang[$mlanguage] = ' selected'; $handle = opendir('language'); while ($f = readdir($handle)) { if (is_dir("language/{$f}") && !empty($lang[$f])) { $langlist[$f] = $lang[$f]; } } asort($langlist); // a bit ugly, but it works in E_ALL conditions (Andy Varganov) foreach ($langlist as $k => $v) { echo '<option value="' . $k . '"'; if (isset($sel_lang[$k])) { echo ' selected'; } echo '>' . $v . '</option>'; } print '</select><br><br>' . "<font class=\"pn-normal\"><b>" . _ACTIVE . "?</b> <input type=\"radio\" name=\"active\" value=\"1\" {$asel1}>" . _YES . " " . "<input type=\"radio\" name=\"active\" value=\"0\" {$asel2}>" . _NO . "</font>"; if ($active == 1) { echo "<br><br><font class=\"pn-normal\"><b>" . _CHANGEDATE . "</b>" . "<input type=\"radio\" name=\"chng_date\" value=\"1\">" . _YES . " " . "<input type=\"radio\" name=\"chng_date\" value=\"0\" checked>" . _NO . "</font><br><br>"; } elseif ($active == 0) { echo "<br><font class=\"pn-sub\">" . _IFYOUACTIVE . "</font><br><br>" . "<input type=\"hidden\" name=\"chng_date\" value=\"1\">"; } echo "<font class=\"pn-normal\"><b>" . _VIEWPRIV . "</b> <select name=\"view\">" . "<option value=\"1\" {$sel1}>" . _MVALL . "</option>" . "<option value=\"2\" {$sel2}>" . _MVUSERS . "</option>" . "<option value=\"3\" {$sel3}>" . _MVANON . "</option>" . "<option value=\"4\" {$sel4}>" . _MVADMIN . "</option>" . "</select></font><br><br>" . "<input type=\"hidden\" name=\"mdate\" value=\"{$mdate}\">" . "<input type=\"hidden\" name=\"mid\" value=\"{$mid}\">" . "<input type=\"hidden\" name=\"module\" value=\"" . $GLOBALS['module'] . "\">" . "<input type=\"hidden\" name=\"op\" value=\"savemsg\">" . "<input type=\"hidden\" name=\"authid\" value=\"" . pnSecGenAuthKey() . "\">" . "<input type=\"submit\" value=\"" . _SAVECHANGES . "\">" . "</form>"; CloseTable(); include "footer.php"; }
/** * modify block settings */ function template_firstblock_modify($blockinfo) { // Create output object $output = new pnHTML(); // Get current content $vars = pnBlockVarsFromContent($blockinfo['content']); // Defaults if (empty($vars['numitems'])) { $vars['numitems'] = 5; } // Create row $row = array(); $output->SetOutputMode(_PNH_RETURNOUTPUT); $row[] = $output->Text(_NUMITEMS); $row[] = $output->FormText('numitems', pnVarPrepForDisplay($vars['numitems']), 5, 5); $output->SetOutputMode(_PNH_KEEPOUTPUT); // Add row $output->SetInputMode(_PNH_VERBATIMINPUT); $output->TableAddRow($row, 'left'); $output->SetInputMode(_PNH_PARSEINPUT); // Return output return $output->GetOutput(); }
function draw_menu() { global $hlpfile; $currentlang = pnVarCleanFromInput('currentlang'); OpenTable(); echo '<center>' . "\n"; if (count($this->options) == 0) { $this->title_file = ''; } if ($this->title_file != '') { echo '<a href="' . $this->title_file . '" class="pn-title">'; } echo '<font class="pn-title"><b>' . pnVarPrepForDisplay($this->title_text) . '</b></font>'; if ($this->title_file != '') { echo '</a></center>'; } echo "\n" . '<br>' . "\n"; // if (($this->detail_menu) or ($GLOBALS['module']=='oldway')) // { // if (isset($this->help_file)) // { $currentlang = pnUserGetLang(); // fixed bug [ #357 ] empty pop up window if (file_exists($file = "modules/" . $GLOBALS['module'] . "/lang/" . pnVarPrepForOS($currentlang) . "/manual.html")) { $hlpfile = $file; echo '<center>[ <a href="javascript:openwindow(' . ')" class="pn-normal">' . _ONLINEMANUAL . '</a> ]' . "</center>\n"; } // } // } if ($this->detail_menu) { if (count($this->options) == 0) { echo _ADMIN_NO_OPTION . "\n"; } else { echo '<br><br>' . "\n" . '<table border="0" width="100%" cellspacing="1">' . "\n"; if ($this->graphic_menu) { $this->draw_options_graphic(); } else { $this->draw_options(); } echo '</table>' . "\n"; } } CloseTable(); }
function rss_parse_array($f) { $struct = ''; foreach ($f as $line) { // Fix for CDATA tag not removed when fetching RSS -- bharvey42 6/9/03 $line = preg_replace('#(<\\!\\[CDATA\\[)(.*)(\\]\\]>) #siU', '\\2', $line); $parse = ''; // get our positions $sp = strpos($line, '>'); $ep = strrpos($line, '<'); $ep2 = strrpos($line, '>'); // split into first tag, last tag, and content $first_tag = substr($line, 1, $sp - 1); $last_tag = substr($line, $ep + 1, $ep2 - $ep - 1); $content = substr($line, $sp + 1, $ep - 1 - $sp); if (!$line) { // blank line continue; } if ($first_tag == $last_tag) { // no content, single tag line if ($first_tag[0] == '/') { $parse['type'] = 'close'; if ($temp_str = strstr($first_tag, ':')) { $first_tag = $temp_str; } $parse['tag'] = strtolower(substr($first_tag, 1, strlen($first_tag) - 1)); } else { $parse['type'] = 'open'; $first_tag = preg_replace('/^\\S*:/', '', $first_tag); $first_tag = preg_replace('/\\s.*/', '', $first_tag); $parse['tag'] = strtolower($first_tag); } $parse['value'] = ''; } else { // complete $parse['type'] = 'complete'; $parse['tag'] = strtolower($first_tag); if ($content) { // Content might have HTML entities, turn it into // normal text and then parse it through our own // system $trans = get_html_translation_table(HTML_ENTITIES); $trans = array_flip($trans); // Need to do this twice as some systems pass us quotes like // &quot; - ug $content = strtr($content, $trans); $content = strtr($content, $trans); $content = pnVarPrepForDisplay($content); } $parse['value'] = $content; } $struct[] = $parse; } return $struct; }
function search_faqs() { list($q, $bool, $startnum, $total, $active_faqs) = pnVarCleanFromInput('q', 'bool', 'startnum', 'total', 'active_faqs'); if (empty($active_faqs)) { return; } if (!pnModAvailable('FAQ')) { return; } $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); $output =& new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $column =& $pntable['faqanswer_column']; $faqcatcol =& $pntable['faqcategories_column']; $query = "SELECT {$column['id_cat']} as id_cat, \n \t\t\t\t{$column['question']} as question, \n \t\t\t\t{$column['answer']} as answer,\n \t\t\t\t{$faqcatcol['categories']} as categories\n FROM {$pntable['faqanswer']} \n LEFT JOIN {$pntable['faqcategories']} ON {$column['id_cat']}={$faqcatcol['id_cat']}\n WHERE {$column['answer']} != \"\" AND \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; // faqs $query .= "{$column['question']} LIKE '" . pnVarPrepForStore($word) . "' OR \n"; $query .= "{$column['answer']} LIKE '" . pnVarPrepForStore($word) . "'\n"; $query .= ')'; $flag = true; } if (pnConfigGetVar('multilingual') == 1) { $query .= " AND ({$faqcatcol['flanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$faqcatcol['flanguage']}='')"; } $query .= " ORDER BY {$column['id']}"; // get the total count with permissions! if (empty($total)) { $total = 0; $countres =& $dbconn->Execute($query); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); if (pnSecAuthAction(0, "FAQ::", "{$row['categories']}::{$row['id_cat']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } if (!$result->EOF) { $output->Text(_FAQ . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "index.php?name=Search&action=search&active_faqs=1&bool={$bool}&q={$q}"; $output->Text("<dl>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); if (pnSecAuthAction(0, "FAQ::", "{$row['categories']}::{$row['id_cat']}", ACCESS_READ)) { $row['answer'] = strip_tags($row['answer']); if (strlen($row['answer']) > 128) { $row['answer'] = substr($row['answer'], 0, 125) . '...'; } $output->Text("<dt><a href=\"index.php?name=FAQ&myfaq=yes&id_cat={$row['id_cat']}\">" . pnVarPrepForDisplay($row[question]) . "</a></dt>"); $output->Text("<dd>" . pnVarPrepForDisplay($row[answer]) . "</dd>"); } $result->MoveNext(); } $output->Text('</dl>'); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text(_SEARCH_NO_FAQS); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
/** * Add HTML tags for a file upload field as part of a form. * * @access public * @since 1.13 - 2002/01/23 * @param string $fieldname the name of the field * @param integer $size (optional) the size of the field on the page in number * of characters * @param integer $maxsize (optional) the maximum file size allowed (in bytes) * @param string $accesskey (optional) accesskey to active this item * @return string An HTML string if <code>ReturnHTML()</code> has been called, * otherwise null */ function FormFile($fieldname, $size = 32, $maxsize = 1000000, $accesskey = '') { if (empty($fieldname)) { return; } $this->tabindex++; $output = '<input type="hidden" name="MAX_FILE_SIZE" value="' . pnVarPrepForDisplay($maxsize) . '" />'; $output .= '<input' . ' type="file"' . ' name="' . pnVarPrepForDisplay($fieldname) . '"' . ' id="' . pnVarPrepForDisplay($fieldname) . '"' . ' size="' . pnVarPrepForDisplay($size) . '"' . (empty($accesskey) ? '' : ' accesskey="' . pnVarPrepForDisplay($accesskey) . '"') . ' tabindex="' . $this->tabindex . '"' . ' />'; if ($this->GetOutputMode() == _PNH_RETURNOUTPUT) { return $output; } else { $this->output .= $output; } }
/** * Let the client email his * banner statistics */ function EmailStats() { list($login, $cid, $bid, $pass) = pnVarCleanFromInput('login', 'cid', 'bid', 'pass'); list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $column =& $pntable['bannerclient_column']; $result2 = $dbconn->Execute("SELECT {$column['name']}, {$column['email']}\n FROM {$pntable['bannerclient']}\n WHERE {$column['cid']}='" . pnVarPrepForStore($cid) . "'"); list($name, $email) = $result2->fields; if ($email == "") { include 'header.php'; OpenTable(); echo "<font class=\"pn-normal\">" . _BAN_STATSFORBAN . ";\n echo " . pnVarPrepForDisplay($bid) . ""; echo "" . _BAN_CANTSEND . "" . " " . pnVarPrepForDisplay($name) . "<br>" . "" . _BAN_CONTACTADMIN . "<br><br>" . "<a href=\"javascript:history.go(-1)\">" . _BAN_BACK . "</a>"; CloseTable(); include 'footer.php'; } else { $column =& $pntable['banner_column']; $result = $dbconn->Execute("SELECT {$column['bid']}, {$column['imptotal']}, {$column['impmade']}, {$column['clicks']}, {$column['imageurl']}, {$column['clickurl']}, {$column['date']}\n FROM {$pntable['banner']}\n WHERE {$column['bid']}='" . pnVarPrepForStore($bid) . "' AND {$column['cid']}='" . pnVarPrepForStore($cid) . "'"); list($bid, $imptotal, $impmade, $clicks, $imageurl, $clickurl, $date) = $result->fields; if ($impmade == 0) { $percent = 0; } else { $percent = substr(100 * $clicks / $impmade, 0, 5); } if ($imptotal == 0) { $left = _BAN_UNLIMITED; $imptotal = _BAN_UNLIMITED; } else { $left = $imptotal - $impmade; } $sitename = pnConfigGetVar('sitename'); $fecha = date("F jS Y, h:iA."); $subject = "" . _BAN_YOURSTATS . " {$sitename}"; $message = "" . _BAN_FORMAIL . " {$sitename}:\n\n\n" . _BAN_CLIENTNAME . ": {$name}\n" . _BAN_ID . ": {$bid}\n" . _BAN_IMAGE . ": {$imageurl}\n" . _BAN_URL . ": {$clickurl}\n\n" . _BAN_IMPPURCHASED . ": {$imptotal}\n" . _BAN_IMP_MADE . ": {$impmade}\n" . _BAN_IMP_LEFT . ": {$left}\n" . _BAN_CLICKS . ": {$clicks}\n" . _BAN_PERCENTCLICKS . ": {$percent}%\n\n\n" . _BAN_REPORTMADEON . ": {$fecha}"; $from = "{$sitename}"; pnMail($email, $subject, $message, "" . _BAN_FROM . ": {$from}\nX-Mailer: PHP/" . phpversion()); include 'header.php'; OpenTable(); echo "<font class=\"pn-normal\">" . _BAN_STATSFORBAN . " " . pnVarPrepForDisplay($bid) . " " . _BAN_SENTTO . "<br>" . "<i>" . pnVarPrepForDisplay($email) . "</i> for " . pnVarPrepForDisplay($name) . "<br><br>" . "<a href=\"javascript:history.go(-1)\">" . _BAN_BACK . "</a>"; CloseTable(); } }
function blocks_menu_select($row) { global $pntheme; list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); // Break out options from our content field $vars = pnBlockVarsFromContent($row['content']); $row['content'] = ""; // Defaults if (empty($vars['style'])) { $vars['style'] = 1; } // What style of menu $output = '<tr><td class="pn-title">' . _MENU_FORMAT . '</td><td></td></tr>'; $output .= '<tr><td class="pn-normal">' . _MENU_AS_LIST . ':</td><td><input type="radio" name="style" value="1"'; if ($vars['style'] == 1) { $output .= ' checked'; } $output .= '></td></tr><tr><td class="pn-normal">' . _MENU_AS_DROPDOWN . ':</td><td><input type="radio" name="style" value="2"'; if ($vars['style'] == 2) { $output .= ' checked'; } $output .= ' /></td></tr>'; // What to display $output .= '<tr><td class="pn-title">' . _DISPLAY . '</td><td></td></tr>'; $output .= '<tr><td class="pn-normal">' . _MENU_MODULES . ':</td><td><input type="checkbox" value="1" name="displaymodules"'; if (!empty($vars['displaymodules'])) { $output .= ' checked'; } $output .= ' /></td></tr><tr><td class="pn-normal">' . _WAITINGCONT . ':</td><td><input type="checkbox" value="1" name="displaywaiting"'; if (!empty($vars['displaywaiting'])) { $output .= ' checked'; } $output .= ' /></td></tr>'; // Content $c = 1; $output .= "</table><table>"; $output .= "<tr><td valign=\"top\" class=\"pn-title\">" . _MENU_CONTENT . ":</td><td><table border=\"1\"><tr><td align=\"center\" class=\"pn-normal\" style=\"color:{$pntheme['table_header_text']}; background-color:{$pntheme['table_header']}; text-align:center\"><b>" . _TITLE . "</b></td><td align=\"center\" class=\"pn-normal\" style=\"color:{$pntheme['table_header_text']}; background-color:{$pntheme['table_header']}; text-align:center\"><b>" . _URL . "</b></td><td align=\"center\" class=\"pn-normal\" style=\"color:{$pntheme['table_header_text']}; background-color:{$pntheme['table_header']}; text-align:center\"><b>" . _MENU_DESCRIPTION . " </b><span class=\"pn-sub\"><b>(" . _OPTIONAL . ")</b></span></td><td align=\"center\" class=\"pn-normal\" style=\"color:{$pntheme['table_header_text']}; background-color:{$pntheme['table_header']}; text-align:center\"><b>" . _DELETE . "</b></td><td align=\"center\" class=\"pn-normal\" style=\"color:{$pntheme['table_header_text']}; background-color:{$pntheme['table_header']}; text-align:center\"><b>" . _INSERT_BLANK_AFTER . "</b></td></tr>"; if (!empty($vars['content'])) { $contentlines = explode("LINESPLIT", $vars['content']); foreach ($contentlines as $contentline) { $link = explode('|', $contentline); $output .= "<tr><td valign=\"top\"><input type=\"text\" name=\"linkname[{$c}]\" size=\"30\" maxlength=\"255\" value=\"" . pnVarPrepForDisplay($link[1]) . "\" class=\"pn-normal\"></td><td valign=\"top\"><input type=\"text\" name=\"linkurl[{$c}]\" size=\"30\" maxlength=\"255\" value=\"" . pnVarPrepForDisplay($link[0]) . "\" class=\"pn-normal\"></td><td valign=\"top\"><input type=\"text\" name=\"linkdesc[{$c}]\" size=\"30\" maxlength=\"255\" value=\"" . pnVarPrepForDisplay($link[2]) . "\" class=\"pn-normal\" /></td><td valign=\"top\"><input type=\"checkbox\" name=\"linkdelete[{$c}]\" value=\"1\" class=\"pn-normal\"></td><td valign=\"top\"><input type=\"checkbox\" name=\"linkinsert[{$c}]\" value=\"1\" class=\"pn-normal\" /></td></tr>\n"; $c++; } } $output .= "<tr><td><input type=\"text\" name=\"new_linkname\" size=\"30\" maxlength=\"255\" class=\"pn-normal\" /></td><td><input type=\"text\" name=\"new_linkurl\" size=\"30\" maxlength=\"255\" class=\"pn-normal\" /></td><td class=\"pn-normal\"><input type=\"text\" name=\"new_linkdesc\" size=\"30\" maxlength=\"255\" class=\"pn-normal\" /></td><td class=\"pn-normal\">" . _NEWONE . "</td><td class=\"pn-normal\"><input type=\"checkbox\" name=\"new_linkinsert\" value=\"1\" class=\"pn-normal\" /></td></tr>\n"; $output .= '</table></td></tr>'; return $output; }
/** * Make common language selection dropdown * * @author Tim Litwiller */ function lang_dropdown() { $currentlang = pnUserGetLang(); echo "<select name=\"alanguage\" class=\"pn-text\" id=\"language\">"; $lang = languagelist(); print "<option value=\"\">" . _ALL . '</option>'; $handle = opendir('language'); while (false !== ($f = readdir($handle))) { if (is_dir("language/{$f}") && @$lang[$f]) { $langlist[$f] = $lang[$f]; } } asort($langlist); foreach ($langlist as $k => $v) { echo '<option value="' . $k . '"'; if ($currentlang == $k) { echo ' selected="selected"'; } echo '>' . pnVarPrepForDisplay($v) . '</option> '; } echo "</select>"; }
function search_stories() { list($startnum, $active_stories, $total, $stories_topics, $stories_cat, $stories_author, $q, $bool) = pnVarCleanFromInput('startnum', 'active_stories', 'total', 'stories_topics', 'stories_cat', 'stories_author', 'q', 'bool'); if (!isset($active_stories) || !$active_stories) { return; } if (!pnModAvailable('News')) { return; } $output =& new pnHTML(); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); if (empty($bool)) { $bool = 'OR'; } $flag = false; $storcol =& $pntable['stories_column']; $stcatcol =& $pntable['stories_cat_column']; $topcol =& $pntable['topics_column']; $query = ''; $query1 = "SELECT {$storcol['sid']} as sid,\n {$topcol['tid']} as topicid,\n {$topcol['topicname']} as topicname,\n {$topcol['topictext']} as topictext,\n {$storcol['catid']} as catid,\n {$storcol['time']} AS fdate,\n {$storcol['title']} AS story_title,\n {$storcol['aid']} AS aid,\n {$stcatcol['title']} AS cat_title\n FROM {$pntable['stories']}\n LEFT JOIN {$pntable['stories_cat']} ON ({$storcol['catid']}={$stcatcol['catid']})\n LEFT JOIN {$pntable['topics']} ON ({$storcol['topic']}={$topcol['tid']})\n WHERE "; // hack to get this to work, but much better than what we had before //$query .= " 1 = 1 "; // words $w = search_split_query($q); if (isset($w)) { foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; $query .= "{$storcol['title']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$storcol['hometext']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$storcol['bodytext']} LIKE '" . pnVarPrepForStore($word) . "' OR "; //$query .= "$storcol[comments] LIKE '".pnVarPrepForStore($word)."' OR "; $query .= "{$storcol['informant']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$storcol['notes']} LIKE '" . pnVarPrepForStore($word) . "'"; $query .= ')'; $flag = true; $no_flag = false; } } else { $no_flag = true; } // topics if (isset($stories_topics) && !empty($stories_topics)) { $flag = false; $start_flag = false; // dont set AND/OR if nothing is in front foreach ($stories_topics as $v) { if (empty($v)) { continue; } if (!$no_flag and !$start_flag) { $query .= ' AND ('; $start_flag = true; } if ($flag) { $query .= ' OR '; } $query .= "{$storcol['topic']}='" . pnVarPrepForStore($v) . "'"; $flag = true; } if (!$no_flag and $start_flag) { $query .= ') '; $no_flag = false; } } // categories if (!is_array($stories_cat)) { $stories_cat[0] = ''; } if (isset($stories_cat[0]) && !empty($stories_cat[0])) { if (!$no_flag) { $query .= ' AND ('; } $flag = false; foreach ($stories_cat as $v) { if ($flag) { $query .= ' OR '; } $query .= "{$stcatcol['catid']}='" . pnVarPrepForStore($v) . "'"; $flag = true; } if (!$no_flag) { $query .= ') '; $no_flag = false; } } // authors if (isset($stories_author) && $stories_author != '') { if (!$no_flag) { $query .= ' AND ('; } $query .= "{$storcol['informant']}='" . pnVarPrepForStore($stories_author) . "'"; $result =& $dbconn->Execute("SELECT {$pntable['users_column']['uid']} as pn_uid FROM {$pntable['users']} WHERE {$pntable['users_column']['uname']} LIKE '%" . pnVarPrepForStore($stories_author) . "%' OR {$pntable['users_column']['name']} LIKE '%" . pnVarPrepForStore($stories_author) . "%'"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); $query .= " OR {$storcol['aid']}={$row['pn_uid']}"; $result->MoveNext(); } if (!$no_flag) { $query .= ') '; $no_flag = false; } } else { $stories_author = ''; } if (pnConfigGetVar('multilingual') == 1) { if (!empty($query)) { $query .= ' AND'; } $query .= " ({$storcol['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$storcol['alanguage']}='')"; } if (empty($query)) { $query = '1'; } $query .= " ORDER BY {$storcol['time']} DESC"; $query = $query1 . $query; // get the total count with permissions! if (empty($total)) { $total = 0; $countres =& $dbconn->Execute($query); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } if (!$result->EOF) { $output->Text(_STORIES_TOPICS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = 'index.php?name=Search&action=search&active_stories=1&stories_author=' . pnVarPrepForDisplay($stories_author); if (isset($stories_cat) && $stories_cat) { foreach ($stories_cat as $v) { $url .= "&stories_cat%5B%5D={$v}"; } } if (isset($stories_topics) && $stories_topics) { foreach ($stories_topics as $v) { $url .= "&stories_topics%5B%5D={$v}"; } } $url .= '&bool=' . pnVarPrepForDisplay($bool); if (isset($q)) { $url .= '&q=' . pnVarPrepForDisplay($q); } $output->Text('<dl>'); while (!$result->EOF) { $row = $result->GetRowAssoc(false); if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) { $row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate'])); $output->Text('<dt><a href="index.php?name=News&file=article&sid=' . pnVarPrepForDisplay($row['sid']) . '">' . pnVarPrepHTMLDisplay($row['story_title']) . '</a></dt>'); $output->Text('<dd>'); $output->Text(pnVarPrepForDisplay($row['fdate']) . ' ('); if (!empty($row['topicid'])) { $output->Text($row['topictext']); } if (!empty($row['catid'])) { $output->Text(' - ' . pnVarPrepHTMLDisplay($row['cat_title'])); } $output->Text(')</dd>'); } $result->MoveNext(); } $output->Text('</dl>'); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text(_SEARCH_NO_STORIES_TOPICS); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
*/ list($func, $op, $name, $file, $type) = pnVarCleanFromInput('func', 'op', 'name', 'file', 'type'); // load the legacy includes include_once 'modules/Admin/pnlegacy/tools.php'; // set a constant so we can check the correct entry point later define('LOADED_AS_MODULE', '1'); $ModName = $module; include $adminfile; modules_get_manual(); if (substr($module, 0, 3) == 'NS-') { $function = substr($module, 3) . '_admin_'; } else { $function = $module . '_admin_'; } if (empty($op)) { $op = 'main'; } $function_op = $function . $op; $function_main = $function . 'main'; if (function_exists($function_op)) { $function_op($_REQUEST); } elseif (function_exists($function_main)) { $function_main($_REQUEST); } else { // neither function_admin_op nor function_admin_main are available header('HTTP/1.0 404 Not Found'); include 'header.php'; echo 'Adminfunction <strong>' . pnVarPrepForDisplay($function_op) . '</strong> in Module <strong>' . pnVarPrepForDisplay($module) . '</strong> not available'; include 'footer.php'; exit; }
/** * postcalendar_userapi_buildSubmitForm() * create event submit form */ function postcalendar_userapi_buildSubmitForm($args, $admin = false) { $_SESSION['category'] = ""; if (!PC_ACCESS_ADD) { return _POSTCALENDARNOAUTH; } extract($args); unset($args); //since we seem to clobber category $cat = $category; $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); // set up Smarty $tpl = new pcSmarty(); $tpl->caching = false; $template_name = pnModGetVar(__POSTCALENDAR__, 'pcTemplate'); if (!isset($template_name)) { $template_name = 'default'; } //================================================================= // Setup the correct config file path for the templates //================================================================= $modinfo = pnModGetInfo(pnModGetIDFromName(__POSTCALENDAR__)); $modir = pnVarPrepForOS($modinfo['directory']); $modname = $modinfo['displayname']; $all_categories =& pnModAPIFunc(__POSTCALENDAR__, 'user', 'getCategories'); //print_r($all_categories); unset($modinfo); $tpl->config_dir = "modules/{$modir}/pntemplates/{$template_name}/config/"; //================================================================= // PARSE MAIN //================================================================= $tpl->assign('webroot', $GLOBALS['web_root']); $tpl->assign_by_ref('TPL_NAME', $template_name); $tpl->assign('FUNCTION', pnVarCleanFromInput('func')); $tpl->assign_by_ref('ModuleName', $modname); $tpl->assign_by_ref('ModuleDirectory', $modir); $tpl->assign_by_ref('category', $all_categories); $tpl->assign('NewEventHeader', _PC_NEW_EVENT_HEADER); $tpl->assign('EventTitle', _PC_EVENT_TITLE); $tpl->assign('Required', _PC_REQUIRED); $tpl->assign('DateTimeTitle', _PC_DATE_TIME); $tpl->assign('AlldayEventTitle', _PC_ALLDAY_EVENT); $tpl->assign('TimedEventTitle', _PC_TIMED_EVENT); $tpl->assign('TimedDurationTitle', _PC_TIMED_DURATION); $tpl->assign('TimedDurationHoursTitle', _PC_TIMED_DURATION_HOURS); $tpl->assign('TimedDurationMinutesTitle', _PC_TIMED_DURATION_MINUTES); $tpl->assign('EventDescTitle', _PC_EVENT_DESC); //the double book variable comes from the eventdata array that is //passed here and extracted, injection is not an issue here if (is_numeric($double_book)) { $tpl->assign('double_book', $double_book); } //pennfirm begin patient info handling $ProviderID = pnVarCleanFromInput("provider_id"); if (is_numeric($ProviderID)) { $tpl->assign('ProviderID', $ProviderID); $tpl->assign('provider_id', $ProviderID); } elseif (is_numeric($event_userid) && $event_userid != 0) { $tpl->assign('ProviderID', $event_userid); $tpl->assign('provider_id', $event_userid); } else { if ($_SESSION['userauthorized'] == 1) { $tpl->assign('ProviderID', $_SESSION['authUserID']); } else { $tpl->assign('ProviderID', ""); } } $provinfo = getProviderInfo(); $tpl->assign('providers', $provinfo); $PatientID = pnVarCleanFromInput("patient_id"); // limit the number of results returned by getPatientPID // this helps to prevent the server from stalling on a request with // no PID and thousands of PIDs in the database -- JRM // the function getPatientPID($pid, $given, $orderby, $limit, $start) <-- defined in library/patient.inc $plistlimit = 500; if (is_numeric($PatientID)) { $tpl->assign('PatientList', getPatientPID(array('pid' => $PatientID, 'limit' => $plistlimit))); } elseif (is_numeric($event_pid)) { $tpl->assign('PatientList', getPatientPID(array('pid' => $event_pid, 'limit' => $plistlimit))); } else { $tpl->assign('PatientList', getPatientPID(array('limit' => $plistlimit))); } $tpl->assign('event_pid', $event_pid); $tpl->assign('event_aid', $event_aid); $tpl->assign('event_category', pnVarCleanFromInput("event_category")); if (empty($event_patient_name)) { $patient_data = getPatientData($event_pid, $given = "lname, fname"); $event_patient_name = $patient_data['lname'] . ", " . $patient_data['fname']; } $tpl->assign('patient_value', $event_patient_name); //================================================================= // PARSE INPUT_EVENT_TITLE //================================================================= $tpl->assign('InputEventTitle', 'event_subject'); $tpl->assign('ValueEventTitle', pnVarPrepForDisplay($event_subject)); //================================================================= // PARSE SELECT_DATE_TIME //================================================================= // It seems that with Mozilla at least, <select> fields that are disabled // do not get passed as form data. Therefore we ignore $double_book so // that the fields will not be disabled. -- Rod 2005-03-22 $output->SetOutputMode(_PNH_RETURNOUTPUT); if (_SETTING_USE_INT_DATES) { $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_startday)); $formdata = $output->FormSelectMultiple('event_startday', $sel_data, 0, 1, "", "", false, ''); $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_startmonth)); $formdata .= $output->FormSelectMultiple('event_startmonth', $sel_data, 0, 1, "", "", false, ''); } else { $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_startmonth)); $formdata = $output->FormSelectMultiple('event_startmonth', $sel_data, 0, 1, "", "", false, ''); $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_startday)); $formdata .= $output->FormSelectMultiple('event_startday', $sel_data, 0, 1, "", "", false, ''); } $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildYearSelect', array('pc_year' => $year, 'selected' => $event_startyear)); $formdata .= $output->FormSelectMultiple('event_startyear', $sel_data, 0, 1, "", "", false, ''); $output->SetOutputMode(_PNH_KEEPOUTPUT); $tpl->assign('SelectDateTime', $formdata); $tpl->assign('InputAllday', 'event_allday'); $tpl->assign('ValueAllday', '1'); $tpl->assign('SelectedAllday', $event_allday == 1 ? 'checked' : ''); $tpl->assign('InputTimed', 'event_allday'); $tpl->assign('ValueTimed', '0'); $tpl->assign('SelectedTimed', $event_allday == 0 ? 'checked' : ''); $tpl->assign('STYLE', $GLOBALS['style']); //================================================================= // PARSE SELECT_END_DATE_TIME //================================================================= $output->SetOutputMode(_PNH_RETURNOUTPUT); //if there is no end date we want the box to read todays date instead of jan 01 1994 :) if ($event_endmonth == 0 && $event_endday == 0 && $event_endyear == 0) { $event_endmonth = $month; $event_endday = $day; $event_endyear = $year; } if (_SETTING_USE_INT_DATES) { $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_endday)); $formdata = $output->FormSelectMultiple('event_endday', $sel_data, 0, 1, "", "", false, ''); $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_endmonth)); $formdata .= $output->FormSelectMultiple('event_endmonth', $sel_data, 0, 1, "", "", false, ''); } else { $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_endmonth)); $formdata = $output->FormSelectMultiple('event_endmonth', $sel_data, 0, 1, "", "", false, ''); $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_endday)); $formdata .= $output->FormSelectMultiple('event_endday', $sel_data, 0, 1, "", "", false, ''); } $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildYearSelect', array('pc_year' => $year, 'selected' => $event_endyear)); $formdata .= $output->FormSelectMultiple('event_endyear', $sel_data, 0, 1, "", "", false, ''); $output->SetOutputMode(_PNH_KEEPOUTPUT); $tpl->assign('SelectEndDate', $formdata); //================================================================= // PARSE SELECT_TIMED_EVENT //================================================================= $stimes = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildTimeSelect', array('hselected' => $event_starttimeh, 'mselected' => $event_starttimem)); $output->SetOutputMode(_PNH_RETURNOUTPUT); $timed_hours = $output->FormSelectMultiple('event_starttimeh', $stimes['h'], 0, 1, "", "", false, ''); $timed_minutes = $output->FormSelectMultiple('event_starttimem', $stimes['m'], 0, 1, "", "", false, ''); if (!_SETTING_TIME_24HOUR) { $ampm = array(); $ampm[0]['id'] = pnVarPrepForStore(_AM_VAL); $ampm[0]['name'] = pnVarPrepForDisplay(_PC_AM); $ampm[1]['id'] = pnVarPrepForStore(_PM_VAL); $ampm[1]['name'] = pnVarPrepForDisplay(_PC_PM); if ($event_startampm == "AM" || $event_startampm == _AM_VAL) { $ampm[0]['selected'] = 1; } else { $ampm[1]['selected'] = 1; } $timed_ampm = $output->FormSelectMultiple('event_startampm', $ampm, 0, 1, "", "", false, ''); } else { $timed_ampm = ''; } $output->SetOutputMode(_PNH_KEEPOUTPUT); $tpl->assign('SelectTimedHours', $timed_hours); $tpl->assign('SelectTimedMinutes', $timed_minutes); $tpl->assign('SelectTimedAMPM', $timed_ampm); $tpl->assign('event_startday', $event_startday); $tpl->assign('event_startmonth', $event_startmonth); $tpl->assign('event_startyear', $event_startyear); $tpl->assign('event_starttimeh', $event_starttimeh); $tpl->assign('event_starttimem', $event_starttimem); $tpl->assign('event_startampm', $event_startampm); $tpl->assign('event_dur_hours', $event_dur_hours); $tpl->assign('event_dur_minutes', $event_dur_minutes); //================================================================= // PARSE SELECT_DURATION //================================================================= $event_dur_hours = (int) $event_dur_hours; for ($i = 0; $i <= 24; $i += 1) { $TimedDurationHours[$i] = array('value' => $i, 'selected' => $event_dur_hours == $i ? 'selected' : '', 'name' => sprintf('%02d', $i)); } $tpl->assign('TimedDurationHours', $TimedDurationHours); $tpl->assign('InputTimedDurationHours', 'event_dur_hours'); $found_time = false; for ($i = 0; $i < 60; $i += _SETTING_TIME_INCREMENT) { $TimedDurationMinutes[$i] = array('value' => $i, 'selected' => $event_dur_minutes == $i ? 'selected' : '', 'name' => sprintf('%02d', $i)); if ($TimedDurationMinutes[$i]['selected'] == 'selected') { $found_time = true; } } if (!$found_time) { $TimedDurationMinutes[$i] = array('value' => $event_dur_minutes, 'selected' => 'selected', 'name' => sprintf('%02d', $event_dur_minutes)); } $tpl->assign('TimedDurationMinutes', $TimedDurationMinutes); $tpl->assign('hidden_event_dur_minutes', $event_dur_minutes); $tpl->assign('InputTimedDurationMinutes', 'event_dur_minutes'); //================================================================= // PARSE INPUT_EVENT_DESC //================================================================= $tpl->assign('InputEventDesc', 'event_desc'); if (empty($pc_html_or_text)) { $display_type = substr($event_desc, 0, 6); if ($display_type == ':text:') { $pc_html_or_text = 'text'; $event_desc = substr($event_desc, 6); } elseif ($display_type == ':html:') { $pc_html_or_text = 'html'; $event_desc = substr($event_desc, 6); } else { $pc_html_or_text = 'text'; } unset($display_type); } $tpl->assign('ValueEventDesc', pnVarPrepForDisplay($event_desc)); $eventHTMLorText = "<select name=\"pc_html_or_text\">"; if ($pc_html_or_text == 'text') { $eventHTMLorText .= "<option value=\"text\" selected=\"selected\">" . _PC_SUBMIT_TEXT . "</option>"; } else { $eventHTMLorText .= "<option value=\"text\">" . _PC_SUBMIT_TEXT . "</option>"; } if ($pc_html_or_text == 'html') { $eventHTMLorText .= "<option value=\"html\" selected=\"selected\">" . _PC_SUBMIT_HTML . "</option>"; } else { $eventHTMLorText .= "<option value=\"html\">" . _PC_SUBMIT_HTML . "</option>"; } $eventHTMLorText .= "</select>"; $tpl->assign('EventHTMLorText', $eventHTMLorText); //================================================================= // PARSE select_event_topic_block //================================================================= $tpl->assign('displayTopics', _SETTING_DISPLAY_TOPICS); if ((bool) _SETTING_DISPLAY_TOPICS) { $a_topics =& postcalendar_userapi_getTopics(); $topics = array(); foreach ($a_topics as $topic) { array_push($topics, array('value' => $topic['id'], 'selected' => $topic['id'] == $event_topic ? 'selected' : '', 'name' => $topic['text'])); } unset($a_topics); // only show this if we have topics to show if (count($topics) > 0) { $tpl->assign('topics', $topics); $tpl->assign('EventTopicTitle', _PC_EVENT_TOPIC); $tpl->assign('InputEventTopic', 'event_topic'); } } //================================================================= // PARSE select_event_type_block //================================================================= $categories = array(); foreach ($all_categories as $category) { array_push($categories, array('value' => $category['id'], 'selected' => $category['id'] == $event_category ? 'selected' : '', 'name' => $category['name'], 'color' => $category['color'], 'desc' => $category['desc'])); } // only show this if we have categories to show // you should ALWAYS have at least one valid category if (count($categories) > 0) { $tpl->assign('categories', $categories); $tpl->assign('EventCategoriesTitle', _PC_EVENT_CATEGORY); $tpl->assign('InputEventCategory', 'event_category'); $tpl->assign('hidden_event_category', $event_category); } //================================================================= // PARSE event_sharing_block //================================================================= $data = array(); if (_SETTING_ALLOW_USER_CAL) { array_push($data, array(SHARING_PRIVATE, _PC_SHARE_PRIVATE)); array_push($data, array(SHARING_PUBLIC, _PC_SHARE_PUBLIC)); array_push($data, array(SHARING_BUSY, _PC_SHARE_SHOWBUSY)); } if (pnSecAuthAction(0, 'PostCalendar::', '::', ACCESS_ADMIN) || _SETTING_ALLOW_GLOBAL || !_SETTING_ALLOW_USER_CAL) { array_push($data, array(SHARING_GLOBAL, _PC_SHARE_GLOBAL)); } $sharing = array(); foreach ($data as $cell) { array_push($sharing, array('value' => $cell[0], 'selected' => (int) $event_sharing == $cell[0] ? 'selected' : '', 'name' => $cell[1])); } //pennfirm get list of providers from openemr code in calendar.inc $tpl->assign("user", getCalendarProviderInfo()); $tpl->assign('sharing', $sharing); $tpl->assign('EventSharingTitle', _PC_SHARING); $tpl->assign('InputEventSharing', 'event_sharing'); //================================================================= // location information //================================================================= $tpl->assign('EventLocationTitle', _PC_EVENT_LOCATION); $tpl->assign('InputLocation', 'event_location'); $tpl->assign('ValueLocation', pnVarPrepForDisplay($event_location)); $tpl->assign('EventStreetTitle', _PC_EVENT_STREET); $tpl->assign('InputStreet1', 'event_street1'); $tpl->assign('ValueStreet1', pnVarPrepForDisplay($event_street1)); $tpl->assign('InputStreet2', 'event_street2'); $tpl->assign('ValueStreet2', pnVarPrepForDisplay($event_street2)); $tpl->assign('EventCityTitle', _PC_EVENT_CITY); $tpl->assign('InputCity', 'event_city'); $tpl->assign('ValueCity', pnVarPrepForDisplay($event_city)); $tpl->assign('EventStateTitle', _PC_EVENT_STATE); $tpl->assign('InputState', 'event_state'); $tpl->assign('ValueState', pnVarPrepForDisplay($event_state)); $tpl->assign('EventPostalTitle', _PC_EVENT_POSTAL); $tpl->assign('InputPostal', 'event_postal'); $tpl->assign('ValuePostal', pnVarPrepForDisplay($event_postal)); //================================================================= // contact information //================================================================= $tpl->assign('EventContactTitle', _PC_EVENT_CONTACT); $tpl->assign('InputContact', 'event_contname'); $tpl->assign('ValueContact', pnVarPrepForDisplay($event_contname)); $tpl->assign('EventPhoneTitle', _PC_EVENT_PHONE); $tpl->assign('InputPhone', 'event_conttel'); $tpl->assign('ValuePhone', pnVarPrepForDisplay($event_conttel)); $tpl->assign('EventEmailTitle', _PC_EVENT_EMAIL); $tpl->assign('InputEmail', 'event_contemail'); $tpl->assign('ValueEmail', pnVarPrepForDisplay($event_contemail)); $tpl->assign('EventWebsiteTitle', _PC_EVENT_WEBSITE); $tpl->assign('InputWebsite', 'event_website'); $tpl->assign('ValueWebsite', pnVarPrepForDisplay($event_website)); $tpl->assign('EventFeeTitle', _PC_EVENT_FEE); $tpl->assign('InputFee', 'event_fee'); $tpl->assign('ValueFee', pnVarPrepForDisplay($event_fee)); //================================================================= // Repeating Information //================================================================= $tpl->assign('RepeatingHeader', _PC_REPEATING_HEADER); $tpl->assign('NoRepeatTitle', _PC_NO_REPEAT); $tpl->assign('RepeatTitle', _PC_REPEAT); $tpl->assign('RepeatOnTitle', _PC_REPEAT_ON); $tpl->assign('OfTheMonthTitle', _PC_OF_THE_MONTH); $tpl->assign('EndDateTitle', _PC_END_DATE); $tpl->assign('NoEndDateTitle', _PC_NO_END); $tpl->assign('InputNoRepeat', 'event_repeat'); $tpl->assign('ValueNoRepeat', '0'); $tpl->assign('SelectedNoRepeat', (int) $event_repeat == 0 ? 'checked' : ''); $tpl->assign('InputRepeat', 'event_repeat'); $tpl->assign('ValueRepeat', '1'); $tpl->assign('SelectedRepeat', (int) $event_repeat == 1 ? 'checked' : ''); unset($in); $in = array(_PC_EVERY, _PC_EVERY_OTHER, _PC_EVERY_THIRD, _PC_EVERY_FOURTH); $keys = array(REPEAT_EVERY, REPEAT_EVERY_OTHER, REPEAT_EVERY_THIRD, REPEAT_EVERY_FOURTH); $repeat_freq = array(); foreach ($in as $k => $v) { array_push($repeat_freq, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_freq ? 'selected' : '', 'name' => $v)); } $tpl->assign('InputRepeatFreq', 'event_repeat_freq'); if (empty($event_repeat_freq) || $event_repeat_freq < 1) { $event_repeat_freq = 1; } $tpl->assign('InputRepeatFreqVal', $event_repeat_freq); $tpl->assign('repeat_freq', $repeat_freq); unset($in); $in = array(_PC_EVERY_DAY, _PC_EVERY_WORKDAY, _PC_EVERY_WEEK, _PC_EVERY_MONTH, _PC_EVERY_YEAR); $keys = array(REPEAT_EVERY_DAY, REPEAT_EVERY_WORK_DAY, REPEAT_EVERY_WEEK, REPEAT_EVERY_MONTH, REPEAT_EVERY_YEAR); $repeat_freq_type = array(); foreach ($in as $k => $v) { array_push($repeat_freq_type, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_freq_type ? 'selected' : '', 'name' => $v)); } $tpl->assign('InputRepeatFreqType', 'event_repeat_freq_type'); $tpl->assign('repeat_freq_type', $repeat_freq_type); $tpl->assign('InputRepeatOn', 'event_repeat'); $tpl->assign('ValueRepeatOn', '2'); $tpl->assign('SelectedRepeatOn', (int) $event_repeat == 2 ? 'checked' : ''); unset($in); $in = array(_PC_EVERY_1ST, _PC_EVERY_2ND, _PC_EVERY_3RD, _PC_EVERY_4TH, _PC_EVERY_LAST); $keys = array(REPEAT_ON_1ST, REPEAT_ON_2ND, REPEAT_ON_3RD, REPEAT_ON_4TH, REPEAT_ON_LAST); $repeat_on_num = array(); foreach ($in as $k => $v) { array_push($repeat_on_num, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_on_num ? 'selected' : '', 'name' => $v)); } $tpl->assign('InputRepeatOnNum', 'event_repeat_on_num'); $tpl->assign('repeat_on_num', $repeat_on_num); unset($in); $in = array(_PC_EVERY_SUN, _PC_EVERY_MON, _PC_EVERY_TUE, _PC_EVERY_WED, _PC_EVERY_THU, _PC_EVERY_FRI, _PC_EVERY_SAT); $keys = array(REPEAT_ON_SUN, REPEAT_ON_MON, REPEAT_ON_TUE, REPEAT_ON_WED, REPEAT_ON_THU, REPEAT_ON_FRI, REPEAT_ON_SAT); $repeat_on_day = array(); foreach ($in as $k => $v) { array_push($repeat_on_day, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_on_day ? 'selected' : '', 'name' => $v)); } $tpl->assign('InputRepeatOnDay', 'event_repeat_on_day'); $tpl->assign('repeat_on_day', $repeat_on_day); unset($in); $in = array(_PC_OF_EVERY_MONTH, _PC_OF_EVERY_2MONTH, _PC_OF_EVERY_3MONTH, _PC_OF_EVERY_4MONTH, _PC_OF_EVERY_6MONTH, _PC_OF_EVERY_YEAR); $keys = array(REPEAT_ON_MONTH, REPEAT_ON_2MONTH, REPEAT_ON_3MONTH, REPEAT_ON_4MONTH, REPEAT_ON_6MONTH, REPEAT_ON_YEAR); $repeat_on_freq = array(); foreach ($in as $k => $v) { array_push($repeat_on_freq, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_on_freq ? 'selected' : '', 'name' => $v)); } $tpl->assign('InputRepeatOnFreq', 'event_repeat_on_freq'); if (empty($event_repeat_on_freq) || $event_repeat_on_freq < 1) { $event_repeat_on_freq = 1; } $tpl->assign('InputRepeatOnFreqVal', $event_repeat_on_freq); $tpl->assign('repeat_on_freq', $repeat_on_freq); $tpl->assign('MonthsTitle', _PC_MONTHS); //================================================================= // PARSE INPUT_END_DATE //================================================================= $tpl->assign('InputEndOn', 'event_endtype'); $tpl->assign('ValueEndOn', '1'); $tpl->assign('SelectedEndOn', (int) $event_endtype == 1 ? 'checked' : ''); //================================================================= // PARSE INPUT_NO_END //================================================================= $tpl->assign('InputNoEnd', 'event_endtype'); $tpl->assign('ValueNoEnd', '0'); $tpl->assign('SelectedNoEnd', (int) $event_endtype == 0 ? 'checked' : ''); $qstring = preg_replace("/provider_id=[0-9]*[&]{0,1}/", "", $_SERVER['QUERY_STRING']); $tpl->assign('qstring', $qstring); $output->SetOutputMode(_PNH_RETURNOUTPUT); $authkey = $output->FormHidden('authid', pnSecGenAuthKey()); $output->SetOutputMode(_PNH_KEEPOUTPUT); $form_hidden = "<input type=\"hidden\" name=\"is_update\" value=\"{$is_update}\" />"; $form_hidden .= "<input type=\"hidden\" name=\"pc_event_id\" value=\"{$pc_event_id}\" />"; $form_hidden .= "<input type=\"hidden\" name=\"category\" value=\"{$cat}\" />"; if (isset($data_loaded)) { $form_hidden .= "<input type=\"hidden\" name=\"data_loaded\" value=\"{$data_loaded}\" />"; $tpl->assign('FormHidden', $form_hidden); } $form_submit = '<input type=hidden name="form_action" value="commit"/> ' . $authkey . '<input type="submit" name="submit" value="go">'; $tpl->assign('FormSubmit', $form_submit); // do not cache this page if ($admin) { $output->Text($tpl->fetch($template_name . '/admin/submit.html')); } elseif (pnVarCleanFromInput("no_nav") == 1) { $output->Text($tpl->fetch($template_name . '/user/submit_no_nav.html')); } else { $output->Text($tpl->fetch($template_name . '/user/submit.html')); } $output->Text(postcalendar_footer()); return $output->GetOutput(); }
function user_main_last10submit($uname) { $pntable = pnDBGetTables(); list($dbconn) = pnDBGetConn(); $column =& $pntable['stories_column']; /** * Fetch active laguage */ if (pnConfigGetVar('multilingual') == 1) { $querylang = "AND (" . $column['alanguage'] . "='" . pnVarPrepForStore(pnUserGetLang()) . "' OR " . $column['alanguage'] . "='') "; } else { $querylang = ''; } /** * Build up SQL */ $query = "SELECT " . $column['sid'] . ", " . $column['title'] . " " . "FROM " . $pntable['stories'] . " " . "WHERE " . $column['informant'] . "='" . pnVarPrepForStore($uname) . "' " . $querylang . "ORDER BY " . $column['sid'] . " DESC"; /** * Make limited select */ $result = $dbconn->SelectLimit($query, 10, 0); /** * Do output */ OpenTable(); echo "<font class=\"pn-title\">" . _LAST10SUBMISSIONS . " " . pnVarPrepForDisplay($uname) . ":</font><br><ul>"; while (list($sid, $title) = $result->fields) { $result->MoveNext(); if (!$title) { $title = '- no Title -'; } echo "<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=News&file=article&sid={$sid}\">" . pnVarPrepForDisplay($title) . "</a><br>"; } echo "</ul>"; CloseTable(); }
// end of dynamic output $sitename = pnConfigGetVar('sitename'); if (isset($topicid) && is_numeric($topicid)) { $title = pnVarPrepForDisplay($sitename) . ' :: ' . pnVarPrepForDisplay($topictitle); } else { if (isset($catid) && is_numeric($catid)) { $title = pnVarPrepForDisplay($sitename) . ' :: ' . pnVarPrepForDisplay($categorytitle); } else { $title = pnVarPrepForDisplay($sitename); } } $link = pnVarPrepForDisplay(pnGetBaseURL()); $description = pnVarPrepForDisplay(pnConfigGetVar('backend_title')); $backend_language = pnVarPrepForDisplay($backendlang); $webmaster = pnVarPrepForDisplay(pnConfigGetVar('adminmail')); $image_url = $link . 'images/' . pnVarPrepForDisplay(pnConfigGetVar('site_logo')); $image_title = $title; // RSS parsers usually use this for the ALT tag on the image $image_link = $link; // RSS parsers usually use this as the link when users click on the image // start the RSS output echo "<?xml version=\"1.0\" encoding=\"{$charset}\"?>\n\n"; echo "<rss version=\"2.0\" xmlns:dc=\"http://purl.org/dc/elements/1.1/\">"; echo "<channel>\n"; echo "<title>{$title}</title>\n"; echo "<pubDate>" . date('r', strtotime($mostrecentdate)) . "</pubDate>\n"; echo "<link>{$link}</link>\n"; echo "<description>{$description}</description>\n"; echo "<language>{$backend_language}</language>\n"; echo "<image>\n"; echo " <title>{$image_title}</title>\n";
function renameGroup() { $module = pnVarCleanFromInput('module'); list($gid, $gname) = pnVarCleanFromInput('gid', 'gname'); if (!pnSecConfirmAuthKey()) { include 'header.php'; echo _BADAUTHKEY; include 'footer.php'; exit; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $groupstable = $pntable['groups']; $groupscolumn =& $pntable['groups_column']; // Get details on current group $query = "SELECT {$groupscolumn['name']}\n FROM {$groupstable}\n WHERE {$groupscolumn['gid']}='" . (int) pnVarPrepForStore($gid) . "'"; $result = $dbconn->Execute($query); if ($result->EOF) { die("No such group ID {$gid}"); } list($oldgname) = $result->fields; $result->Close(); if (!pnSecAuthAction(0, 'Groups::', "{$oldgname}::{$gid}", ACCESS_EDIT)) { include 'header.php'; GraphicAdmin(); OpenTable(); echo "<CENTER><A HREF=\"admin.php?module=" . $module . "&op=secviewgroups\" CLASS=\"pn-title\"><FONT SIZE=\"4\"<B>" . _GROUPADMIN . "</B></FONT></A><font class=\"pn-normal\">: " . pnVarPrepForDisplay($gname) . "</font></CENTER>"; CloseTable(); echo _GROUPSEDITNOAUTH; include 'footer.php'; return; } $query = "UPDATE {$groupstable}\n SET {$groupscolumn['name']}=\"{$gname}\"\n WHERE {$groupscolumn['gid']}='" . (int) pnVarPrepForStore($gid) . "'"; $dbconn->Execute($query); pnRedirect('admin.php?module=' . $module . '&op=secviewgroup&gid=' . $gid); }
// echo " <name>op=modload&name=Search&file=index&action=search&active_stories=1&Search</name>\n"; // echo " <link>".$link."/modules.php</link>\n"; // echo "</textinput>\n"; echo "<image>\n"; echo " <title>{$image_title}</title>\n"; echo " <url>{$image_url}</url>\n"; echo " <link>{$image_link}</link>\n"; echo "</image>\n"; echo "<webMaster>{$webmaster}</webMaster>\n"; if ($managingeditor != "") { echo "<managingEditor>{$managingeditor}</managingEditor>\n"; } // while(list($sid, $title) = $result->fields) { while (list($sid, $title, $ihome, $hometext) = $result->fields) { $title = pnVarPrepHTMLDisplay($title); $link = pnVarPrepForDisplay(pnGetBaseURL() . "modules.php?op=modload&name=News&file=article&sid={$sid}"); $content = pnVarPrepForDisplay($hometext); echo "<item>\n"; echo "<title>{$title}</title>\n"; echo "<link>{$link}</link>\n"; if ($show_content) { echo "<description>\n"; echo $content; echo "</description>\n"; } echo "</item>\n"; $result->MoveNext(); } echo "</channel>\n"; echo "</rss>\n"; }
function search_downloads() { list($q, $active_downloads, $bool, $startnum, $total) = pnVarCleanFromInput('q', 'active_downloads', 'bool', 'startnum', 'total'); if (empty($active_downloads)) { return; } if (!pnModAvailable('Downloads')) { return; } $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); $output =& new pnHTML(); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; // fifers: have to explicitly name the columns so that if the underlying DB column names change, the code to access them doesn't. We use the column names in assoc array later... $column =& $pntable['downloads_downloads_column']; $query = "SELECT {$column['lid']} as lid, {$column['title']} as title, {$column['name']} as name, {$column['description']} as description, {$column['cid']} as cid FROM {$pntable['downloads_downloads']} WHERE \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; // downloads $query .= "{$column['description']} LIKE '" . pnVarPrepForStore($word) . "' OR \n"; $query .= "{$column['title']} LIKE '" . pnVarPrepForStore($word) . "' OR \n"; $query .= "{$column['submitter']} LIKE '" . pnVarPrepForStore($word) . "' OR \n"; $query .= "{$column['name']} LIKE '" . pnVarPrepForStore($word) . "' OR \n"; $query .= "{$column['homepage']} LIKE '" . pnVarPrepForStore($word) . "' \n"; $query .= ')'; $flag = true; } $query .= " ORDER BY {$column['lid']}"; if (empty($total)) { $total = 0; $countres =& $dbconn->Execute($query); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); // we have a download id so get its category $column2 =& $pntable['downloads_categories_column']; $result2 =& $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}"); list($title) = $result2->fields; if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } if (!$result->EOF) { $output->Text(_DOWNLOADS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "index.php?name=Search&action=search&active_downloads=1&bool={$bool}&q={$q}"; $output->Text("<dl>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); // we have a download id so get its category $column2 =& $pntable['downloads_categories_column']; $result2 =& $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}"); list($title) = $result2->fields; if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) { $row['description'] = strip_tags($row['description']); if (strlen($row['description']) > 128) { $row['description'] = substr($row['description'], 0, 125) . '...'; } $output->Text("<dt><a href=\"index.php?name=Downloads&req=viewdownloaddetails&lid={$row['lid']}\">" . pnVarPrepForDisplay($row[title]) . "</a></dt>"); $output->Text("<dd>" . pnVarPrepForDisplay($row[description]) . "</dd>"); } $result->MoveNext(); } $output->Text("</dl>"); // Mung URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text(_SEARCH_NO_DOWNLOADS); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function blocks_online_block($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!pnSecAuthAction(0, 'Onlineblock::', "{$row['title']}::", ACCESS_READ)) { return; } $sessioninfocolumn =& $pntable['session_info_column']; $sessioninfotable = $pntable['session_info']; $sessioninfocolumn =& $pntable['session_info_column']; $sessioninfotable = $pntable['session_info']; $activetime = time() - pnConfigGetVar('secinactivemins') * 60; $query = "SELECT count( 1 )\n FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['lastused']} > {$activetime} AND {$sessioninfocolumn['uid']} >0\n\t\t GROUP BY {$sessioninfocolumn['uid']}\n\t\t "; $result = $dbconn->Execute($query); $numusers = $result->RecordCount(); $result->Close(); $query2 = "SELECT count( 1 )\n FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['lastused']} > {$activetime} AND {$sessioninfocolumn['uid']} = '0'\n\t\t\t GROUP BY {$sessioninfocolumn['ipaddr']}\n\t\t\t "; $result2 = $dbconn->Execute($query2); $numguests = $result2->RecordCount(); $result2->Close(); // Pluralise if ($numguests == 1) { $guests = _GUEST; } else { $guests = _GUESTS; } if ($numusers == 1) { $users = _MEMBER; } else { $users = _MEMBERS; } $content = "<span class=\"pn-normal\">" . _CURRENTLY . " " . pnVarPrepForDisplay($numguests) . " " . pnVarPrepForDisplay($guests) . " " . _AND . " " . pnVarPrepForDisplay($numusers) . " " . pnVarPrepForDisplay($users) . " " . _ONLINE . "<br />\n"; if (pnUserLoggedIn()) { $content .= '<br />' . _YOUARELOGGED . ' <b>' . pnUserGetVar('uname') . '</b>.<br />'; if (pnModAvailable('Messages')) { // display private messages only when module is active $column =& $pntable['priv_msgs_column']; $result2 = $dbconn->Execute("SELECT count(*) FROM {$pntable['priv_msgs']} WHERE {$column['to_userid']}=" . pnUserGetVar('uid')); list($numrow) = $result2->fields; // get unread messages $result3 = $dbconn->Execute("SELECT count(*) FROM {$pntable['priv_msgs']} WHERE {$column['to_userid']}=" . pnUserGetVar('uid') . " AND {$column['read_msg']}='0'"); list($unreadrow) = $result3->fields; if ($numrow == 0) { $content .= '<br /></span>'; } else { $content .= "<br />" . _YOUHAVE . " (<a class=\"pn-normal\" href=\"modules.php?op=modload&name=Messages&file=index\" title=\"" . _PRIVATEMSGS . "\">" . pnVarPrepForDisplay($numrow) . "</a>|<a class=\"pn-normal\" href=\"modules.php?op=modload&name=Messages&file=index\" title=\"" . _PRIVATEMSGNEW . "\">" . pnVarPrepForDisplay($unreadrow) . "</a>) "; if ($numrow == 1) { $content .= _PRIVATEMSG; } elseif ($numrow > 1) { $content .= _PRIVATEMSGS; } $content .= "</span><br />"; } } } else { $content .= '<br />' . _YOUAREANON . '</span><br />'; } if (empty($row['title'])) { $row['title'] = _WHOSONLINE; } $row['content'] = $content; return themesideblock($row); }
echo '<li>$pndebug[\'pagerendertime\'] = 0;</li>' . "\n"; echo '</ul>' . "\n"; echo "<a href=\"upgrade.php?username={$username}&password={$password}&task=upgrade\">Upgrade all modules.</a>\n"; break; case 'upgrade': // get a list of modules needing upgrading $newmods = pnModAPIFunc('Modules', 'admin', 'list', array('state' => _PNMODULE_STATE_UPGRADED)); // upgrade and activate each module echo 'Starting upgrade.' . "\n"; echo '<ul>' . "\n"; foreach ($newmods as $newmod) { pnModAPIFunc('Modules', 'admin', 'upgrade', array('mid' => $newmod['id'])); pnModAPIFunc('Modules', 'admin', 'setstate', array('mid' => $newmod['id'], 'state' => _PNMODULE_STATE_ACTIVE)); echo "<li>{$newmod['name']} upgraded.</li>"; } echo '</ul>' . "\n"; // regenerate the modules list to pick up any final changes pnModAPIFunc('Modules', 'admin', 'regenerate'); echo 'Finished upgrade - ' . "\n"; echo 'Go to <a href="index.php">' . pnVarPrepForDisplay(pnConfigGetVar('sitename')) . '</a>.' . "\n"; break; default: echo '<p>Please provide your admin account credentials</p>' . "\n"; echo '<form action="upgrade.php?task=regenerate" method="post" enctype="application/x-www-form-urlencoded"><div>' . "\n"; echo '<div><label for="username">Username</label> : <input id="username" type="text" name="username" size="50" maxlength="255" /></div>' . "\n"; echo '<div><label for="password">Password</label> : <input id="password" type="password" name="password" size="50" maxlength="255" /></div>' . "\n"; echo '<input name="submit" type="submit" value="Submit" />' . "\n"; echo '</div></form>' . "\n"; } echo '</body>' . "\n"; echo '</html>';