if (isset($_POST['set_defaults'])) { XSRFdefender('publishContent'); $_zp_gallery->setAlbumPublish((int) isset($_POST['album_default'])); $_zp_gallery->setImagePublish((int) isset($_POST['image_default'])); $_zp_gallery->save(); $report = 'defaults'; } else { if (isset($_POST['publish'])) { $action = sanitize($_POST['publish']); unset($_POST['publish']); XSRFdefender('publishContent'); switch ($action) { case 'albums': unset($_POST['checkAllAuto']); foreach ($_POST as $key => $albumid) { $album = newAlbum(postIndexDecode($key)); $album->setShow(1); $album->save(); } $report = 'albums'; break; case 'images': foreach ($_POST as $action) { $i = strrpos($action, '_'); $imageid = sanitize_numeric(substr($action, $i + 1)); $rowi = query_single_row('SELECT * FROM ' . prefix('images') . ' WHERE `id`=' . $imageid); $rowa = query_single_row('SELECT * FROM ' . prefix('albums') . ' WHERE `id`=' . $rowi['albumid']); $album = newAlbum($rowa['folder']); $image = newImage($album, $rowi['filename']); switch (substr($action, 0, $i)) { case 'pub':
function processManagedObjects($i, &$rights) { $objects = array(); $albums = array(); $pages = array(); $news = array(); $l_a = strlen($prefix_a = 'managed_albums_list_' . $i . '_'); $l_p = strlen($prefix_p = 'managed_pages_list_' . $i . '_'); $l_n = strlen($prefix_n = 'managed_news_list_' . $i . '_'); foreach ($_POST as $key => $value) { if (substr($key, 0, $l_a) == $prefix_a) { //albums $key = sanitize(substr($key, $l_a)); if (preg_match('/(.*)(_edit|_view|_upload|_name)$/', $key, $matches)) { $key = postIndexDecode($matches[1]); if (array_key_exists($key, $albums)) { switch ($matches[2]) { case '_edit': $albums[$key]['edit'] = $albums[$key]['edit'] | MANAGED_OBJECT_RIGHTS_EDIT | MANAGED_OBJECT_MEMBER; break; case '_upload': $albums[$key]['edit'] = $albums[$key]['edit'] | MANAGED_OBJECT_RIGHTS_UPLOAD | MANAGED_OBJECT_MEMBER; break; case '_view': $albums[$key]['edit'] = $albums[$key]['edit'] | MANAGED_OBJECT_RIGHTS_VIEW | MANAGED_OBJECT_MEMBER; break; case '_name': $albums[$key]['name'] = $value; break; } } } else { if ($value) { $key = postIndexDecode($key); $albums[$key] = array('data' => $key, 'name' => '', 'type' => 'album', 'edit' => MANAGED_OBJECT_MEMBER); } } } if (substr($key, 0, $l_p) == $prefix_p) { //pages $key = sanitize(substr($key, $l_p)); if (preg_match('/(.*)(_edit|_view|_name)$/', $key, $matches)) { $key = postIndexDecode($matches[1]); if (array_key_exists($key, $pages)) { switch ($matches[2]) { case '_edit': $pages[$key]['edit'] = $pages[$key]['edit'] | MANAGED_OBJECT_RIGHTS_EDIT | MANAGED_OBJECT_MEMBER; break; case '_view': $pages[$key]['edit'] = $pages[$key]['edit'] | MANAGED_OBJECT_RIGHTS_VIEW | MANAGED_OBJECT_MEMBER; break; case '_name': $pages[$key]['name'] = $value; break; } } } else { if ($value) { $key = postIndexDecode($key); $pages[$key] = array('data' => $key, 'type' => 'pages', 'edit' => MANAGED_OBJECT_MEMBER); } } } if (substr($key, 0, $l_n) == $prefix_n) { //news $key = sanitize(substr($key, $l_n)); if (preg_match('/(.*)(_edit|_view|_name)$/', $key, $matches)) { $key = postIndexDecode($matches[1]); if (array_key_exists($key, $news)) { switch ($matches[2]) { case '_edit': $news[$key]['edit'] = $news[$key]['edit'] | MANAGED_OBJECT_RIGHTS_EDIT | MANAGED_OBJECT_MEMBER; break; case '_view': $news[$key]['edit'] = $news[$key]['edit'] | MANAGED_OBJECT_RIGHTS_VIEW | MANAGED_OBJECT_MEMBER; break; case '_name': $news[$key]['name'] = $value; break; } } } else { if ($value) { $key = postIndexDecode($key); $news[$key] = array('data' => $key, 'type' => 'news', 'edit' => MANAGED_OBJECT_MEMBER); } } } } foreach ($albums as $key => $analbum) { unset($albums[$key]); $albums[] = $analbum; } if (empty($albums)) { if (!($rights & MANAGE_ALL_ALBUM_RIGHTS)) { $rights = $rights & ~ALBUM_RIGHTS; } } else { $rights = $rights | ALBUM_RIGHTS; if ($rights & (MANAGE_ALL_ALBUM_RIGHTS | ADMIN_RIGHTS)) { $albums = array(); } } if (empty($pages)) { if (!($rights & MANAGE_ALL_PAGES_RIGHTS)) { $rights = $rights & ~ZENPAGE_PAGES_RIGHTS; } } else { $rights = $rights | ZENPAGE_PAGES_RIGHTS; if ($rights & (MANAGE_ALL_PAGES_RIGHTS | ADMIN_RIGHTS)) { $pages = array(); } } if (empty($news)) { if (!($rights & MANAGE_ALL_NEWS_RIGHTS)) { $rights = $rights & ~ZENPAGE_NEWS_RIGHTS; } } else { $rights = $rights | ZENPAGE_NEWS_RIGHTS; if ($rights & (MANAGE_ALL_NEWS_RIGHTS | ADMIN_RIGHTS)) { $news = array(); } } $objects = array_merge($albums, $pages, $news); return $objects; }
query($sql); } } break; } } // tag action if (isset($_GET['rename'])) { XSRFdefender('tag_rename'); unset($_POST['XSRFToken']); foreach ($_POST as $key => $newName) { if (!empty($newName)) { $newName = sanitize($newName, 3); $key = substr($key, 2); // strip off the 'R_' $key = postIndexDecode(sanitize($key)); $newtag = query_single_row('SELECT `id` FROM ' . prefix('tags') . ' WHERE `name`=' . db_quote($newName)); $oldtag = query_single_row('SELECT `id` FROM ' . prefix('tags') . ' WHERE `name`=' . db_quote($key)); if (is_array($newtag)) { // there is an existing tag of the same name $existing = $newtag['id'] != $oldtag['id']; // but maybe it is actually the original in a different case. } else { $existing = false; } if ($existing) { query('DELETE FROM ' . prefix('tags') . ' WHERE `id`=' . $oldtag['id']); query('UPDATE ' . prefix('obj_to_tag') . ' SET `tagid`=' . $newtag['id'] . ' WHERE `tagid`=' . $oldtag['id']); } else { query('UPDATE ' . prefix('tags') . ' SET `name`=' . db_quote($newName) . ' WHERE `id`=' . $oldtag['id']); }
if (isset($_POST['set_defaults'])) { XSRFdefender('publishContent'); $_zp_gallery->setAlbumPublish((int) isset($_POST['album_default'])); $_zp_gallery->setImagePublish((int) isset($_POST['image_default'])); $_zp_gallery->save(); $report = 'defaults'; } else { if (isset($_POST['publish'])) { $action = sanitize($_POST['publish']); unset($_POST['publish']); XSRFdefender('publishContent'); switch ($action) { case 'albums': unset($_POST['checkAllAuto']); foreach ($_POST as $key => $albumid) { $album = newAlbum(sanitize(postIndexDecode($key))); $album->setShow(1); $album->save(); } $report = 'albums'; break; case 'images': foreach ($_POST as $action) { $i = strrpos($action, '_'); $imageid = sanitize_numeric(substr($action, $i + 1)); $rowi = query_single_row('SELECT * FROM ' . prefix('images') . ' WHERE `id`=' . $imageid); $rowa = query_single_row('SELECT * FROM ' . prefix('albums') . ' WHERE `id`=' . $rowi['albumid']); $album = newAlbum($rowa['folder']); $image = newImage($album, $rowi['filename']); switch (substr($action, 0, $i)) { case 'pub':
/** * Processes the check box bulk actions * */ function processZenpageBulkActions($type, &$reports) { global $_zp_zenpage; if (isset($_POST['ids'])) { //echo "action for checked items:". $_POST['checkallaction']; $action = sanitize($_POST['checkallaction']); $links = $_POST['ids']; $total = count($links); $message = NULL; $sql = ''; if ($action != 'noaction') { if ($total > 0) { if ($action == 'addtags' || $action == 'alltags') { foreach ($_POST as $key => $value) { $key = postIndexDecode($key); if (substr($key, 0, 10) == 'mass_tags_') { if ($value) { $tags[] = substr($key, 10); } } } $tags = sanitize($tags, 3); } $n = 0; switch ($action) { case 'deleteall': $message = gettext('Selected items deleted'); break; case 'showall': $message = gettext('Selected items published'); break; case 'hideall': $message = gettext('Selected items unpublished'); break; case 'commentson': $message = gettext('Comments enabled for selected items'); break; case 'commentsoff': $message = gettext('Comments disabled for selected items'); break; case 'resethitcounter': $message = gettext('Hitcounter for selected items'); break; case 'addtags': $message = gettext('Tags added to selected items'); break; case 'cleartags': $message = gettext('Tags cleared from selected items'); break; case 'alltags': $message = gettext('Tags added to articles of selected items'); break; case 'clearalltags': $message = gettext('Tags cleared from articles of selected items'); break; } foreach ($links as $titlelink) { $class = 'Zenpage' . $type; $obj = new $class($titlelink); switch ($action) { case 'deleteall': $obj->remove(); break; case 'addtags': $mytags = array_unique(array_merge($tags, $obj->getTags())); $obj->setTags($mytags); break; case 'cleartags': $obj->setTags(array()); break; case 'alltags': $allarticles = $obj->getArticles('', 'all', true); foreach ($allarticles as $article) { $newsobj = new ZenpageNews($article['titlelink']); $mytags = array_unique(array_merge($tags, $newsobj->getTags())); $newsobj->setTags($mytags); $newsobj->save(); } break; case 'clearalltags': $allarticles = $obj->getArticles('', 'all', true); foreach ($allarticles as $article) { $newsobj = new ZenpageNews($article['titlelink']); $newsobj->setTags(array()); $newsobj->save(); } break; case 'showall': $obj->set('show', 1); break; case 'hideall': $obj->set('show', 0); break; case 'commentson': $obj->set('commentson', 1); break; case 'commentsoff': $obj->set('commentson', 0); break; case 'resethitcounter': $obj->set('hitcounter', 0); break; } $obj->save(); } if (!is_null($message)) { $reports[] = "<p class='messagebox fade-message'>" . $message . "</p>"; } } } } }
$_zp_gallery->setWebsiteURL($web); $_zp_gallery->setAlbumUseImagedate((int) isset($_POST['album_use_new_image_date'])); $st = strtolower(sanitize($_POST['gallery_sorttype'], 3)); if ($st == 'custom') { $st = strtolower(sanitize($_POST['customalbumsort'], 3)); } $_zp_gallery->setSortType($st); if ($st == 'manual' || $st == 'random') { $_zp_gallery->setSortDirection(false); } else { $_zp_gallery->setSortDirection(isset($_POST['gallery_sortdirection'])); } foreach ($_POST as $item => $value) { if (strpos($item, 'gallery-page_') === 0) { $encoded = substr($item, 13); $item = sanitize(postIndexDecode($encoded)); $_zp_gallery->setUnprotectedPage($item, (int) isset($_POST['gallery_page_unprotected_' . $encoded])); } } $_zp_gallery->setSecurity(sanitize($_POST['gallery_security'], 3)); $notify = processCredentials($_zp_gallery); if (zp_loggedin(CODEBLOCK_RIGHTS)) { processCodeblockSave(0, $_zp_gallery); } $_zp_gallery->save(); $returntab = "&tab=gallery"; } /* * * Search options ** */ if (isset($_POST['savesearchoptions'])) { $fail = ''; $search = new SearchEngine();
if (isset($_POST['return_images'])) { $images = $search->getImages(); foreach ($images as $animage) { $image = newImage(newAlbum($animage['folder']), $animage['filename']); if ($unpublished || $image->getShow()) { $tags = array_unique(array_merge($image->getTags(), array($words))); $image->setTags($tags); $image->save(); } } } } else { $searchfields = array(); foreach ($_POST as $key => $value) { if (strpos($key, 'SEARCH_') !== false) { $searchfields[] = sanitize(str_replace('SEARCH_', '', postIndexDecode($key))); } } $words = sanitize($_POST['words']); } if (isset($_POST['thumb'])) { $thumb = sanitize($_POST['thumb']); } else { $thumb = ''; } $constraints = "\nCONSTRAINTS=" . 'inalbums=' . (int) isset($_POST['return_albums']) . '&inimages=' . (int) isset($_POST['return_images']) . '&unpublished=' . (int) isset($_POST['return_unpublished']); $redirect = $album . '/' . $albumname . '.alb'; if (!empty($albumname)) { $f = fopen(internalToFilesystem(ALBUM_FOLDER_SERVERPATH . $redirect), 'w'); if ($f !== false) { fwrite($f, "WORDS={$words}\nTHUMB={$thumb}\nFIELDS=" . implode(',', $searchfields) . $constraints . "\n");
if ($group->getName() == 'group') { //have to update any users who have this group designate. foreach ($admins as $admin) { if ($admin['valid'] && $admin['group'] === $groupname) { $user = $_zp_authority->newAdministrator($admin['user'], $admin['valid']); $user->setRights($group->getRights()); $user->setObjects($group->getObjects()); $user->save(); } } //user assignments: first clear out existing ones $_zp_authority->updateAdminField('group', NULL, array('`valid`>=' => '1', '`group`=' => $groupname)); //then add the ones marked $target = 'user_' . $i . '-'; foreach ($_POST as $item => $username) { $item = sanitize(postIndexDecode($item)); if (strpos($item, $target) !== false) { $username = substr($item, strlen($target)); $user = $_zp_authority->getAnAdmin(array('`user`=' => $username, '`valid`>=' => 1)); $user->setRights($group->getRights()); $user->setObjects($group->getObjects()); $user->setGroup($groupname); $user->save(); } } } } } header("Location: " . FULLWEBPATH . "/" . ZENFOLDER . '/' . PLUGIN_FOLDER . '/user_groups/user_groups-tab.php?page=users&tab=groups&saved'); exit; } else {
} $sqltags = substr($sqltags, 0, strlen($sqltags) - 4); query($sqltags); $sqlobjects = substr($sqlobjects, 0, strlen($sqlobjects) - 4); query($sqlobjects); } } } // delete if (isset($_GET['rename'])) { XSRFdefender('tag_rename'); unset($_POST['XSRFToken']); foreach ($_POST as $key => $newName) { if (!empty($newName)) { $newName = sanitize($newName, 3); $key = postIndexDecode($key); $key = substr($key, 2); // strip off the 'R_' $newtag = query_single_row('SELECT `id` FROM ' . prefix('tags') . ' WHERE `name`=' . db_quote($newName)); $oldtag = query_single_row('SELECT `id` FROM ' . prefix('tags') . ' WHERE `name`=' . db_quote($key)); if (is_array($newtag)) { // there is an existing tag of the same name $existing = $newtag['id'] != $oldtag['id']; // but maybe it is actually the original in a different case. } else { $existing = false; } if ($existing) { query('DELETE FROM ' . prefix('tags') . ' WHERE `id`=' . $oldtag['id']); query('UPDATE ' . prefix('obj_to_tag') . ' SET `tagid`=' . $newtag['id'] . ' WHERE `tagid`=' . $oldtag['id']); } else {
/** * Handles Image bulk actions * @param $album */ function processBulkImageActions($album) { $action = sanitize($_POST['checkallaction']); $ids = $_POST['ids']; $total = count($ids); $message = NULL; if ($action != 'noaction') { if ($total > 0) { if ($action == 'addtags') { foreach ($_POST as $key => $value) { $key = postIndexDecode($key); if (substr($key, 0, 10) == 'mass_tags_') { if ($value) { $tags[] = substr($key, 10); } } } $tags = sanitize($tags, 3); } if ($action == 'moveimages' || $action == 'copyimages') { $dest = sanitize($_POST['massalbumselect']); $folder = sanitize($_POST['massfolder']); if (!$dest || $dest == $folder) { return "&mcrerr=2"; } } $n = 0; foreach ($ids as $filename) { $n++; $imageobj = newImage($album, $filename); switch ($action) { case 'deleteall': $imageobj->remove(); break; case 'showall': $imageobj->set('show', 1); break; case 'hideall': $imageobj->set('show', 0); break; case 'commentson': $imageobj->set('commentson', 1); break; case 'commentsoff': $imageobj->set('commentson', 0); break; case 'resethitcounter': $imageobj->set('hitcounter', 0); break; case 'addtags': $mytags = array_unique(array_merge($tags, $imageobj->getTags())); $imageobj->setTags($mytags); break; case 'cleartags': $imageobj->setTags(array()); break; case 'copyimages': if ($e = $imageobj->copy($dest)) { return "&mcrerr=" . $e; } break; case 'moveimages': if ($e = $imageobj->moveImage($dest)) { return "&mcrerr=" . $e; } break; } $imageobj->save(); } } return $action; } }
/** * Process the bulk tags * * @return array */ function bulkTags() { $tags = array(); foreach ($_POST as $key => $value) { $key = postIndexDecode($key); if ($value && substr($key, 0, 10) == 'mass_tags_') { $tags[] = sanitize(substr($key, 10)); } } return $tags; }
/** * This is the "tokens" upload tab * * @author Stephen Billard (sbillard) * * Copyright 2014 by Stephen L Billard for use in {@link https://github.com/ZenPhoto20/ZenPhoto20 ZenPhoto20} * * @package plugins * @subpackage development */ require_once dirname(dirname(dirname(__FILE__))) . '/admin-globals.php'; admin_securityChecks(DEBUG_RIGHTS, $return = currentRelativeURL()); if (isset($_POST['delete_cookie'])) { foreach ($_POST['delete_cookie'] as $cookie => $v) { zp_clearCookie(postIndexDecode($cookie)); } header('location: ?page=develpment&tab=cookie'); exitZP(); } $subtab = getSubtabs(); printAdminHeader('development', $subtab); echo "\n</head>"; ?> <body> <?php printLogoAndLinks(); ?> <div id="main">
/** * processes the post from the above *@param int param1 the index of the entry in mass edit or 0 if single album *@param object param2 the album object *@return string error flag if passwords don't match *@since 1.1.3 */ function processAlbumEdit($index, $album) { if ($index == 0) { $prefix = ''; } else { $prefix = "{$index}-"; } $tagsprefix = 'tags_' . $prefix; $notify = ''; $album->setTitle(process_language_string_save($prefix . 'albumtitle', 2)); $album->setDesc(process_language_string_save($prefix . 'albumdesc', 1)); $tags = array(); for ($i = 0; $i < 4; $i++) { if (isset($_POST[$tagsprefix . 'new_tag_value_' . $i])) { $tag = trim(strip($_POST[$tagsprefix . 'new_tag_value_' . $i])); unset($_POST[$tagsprefix . 'new_tag_value_' . $i]); if (!empty($tag)) { $tags[] = $tag; } } } $l = strlen($tagsprefix); foreach ($_POST as $key => $value) { $key = postIndexDecode($key); if (substr($key, 0, $l) == $tagsprefix) { if ($value) { $tags[] = substr($key, $l); } } } $tags = array_unique($tags); $album->setTags($tags); $album->setDateTime(strip($_POST[$prefix . "albumdate"])); $album->setPlace(process_language_string_save($prefix . 'albumplace', 3)); if (isset($_POST[$prefix . 'thumb'])) { $album->setAlbumThumb(strip($_POST[$prefix . 'thumb'])); } $album->setShow(isset($_POST[$prefix . 'Published'])); $album->setCommentsAllowed(isset($_POST[$prefix . 'allowcomments'])); $sorttype = strtolower(sanitize($_POST[$prefix . 'sortby'], 3)); if ($sorttype == 'custom') { $sorttype = strtolower(sanitize($_POST[$prefix . 'customimagesort'], 3)); } $album->setSortType($sorttype); if ($sorttype == 'manual') { $album->setSortDirection('image', 0); } else { if (empty($sorttype)) { $direction = 0; } else { $direction = isset($_POST[$prefix . 'image_sortdirection']); } $album->setSortDirection('image', $direction); } $sorttype = strtolower(sanitize($_POST[$prefix . 'subalbumsortby'], 3)); if ($sorttype == 'custom') { $sorttype = strtolower(sanitize($_POST[$prefix . 'customalbumsort'], 3)); } $album->setSubalbumSortType($sorttype); if ($sorttype == 'manual') { $album->setSortDirection('album', 0); } else { $album->setSortDirection('album', isset($_POST[$prefix . 'album_sortdirection'])); } if (isset($_POST[$prefix . 'reset_hitcounter'])) { $album->set('hitcounter', 0); } if (isset($_POST[$prefix . 'reset_rating'])) { $album->set('total_value', 0); $album->set('total_votes', 0); $album->set('used_ips', 0); } $olduser = $album->getUser(); $newuser = $_POST[$prefix . 'albumuser']; $pwd = trim($_POST[$prefix . 'albumpass']); $fail = ''; if ($olduser != $newuser) { if ($pwd != $_POST[$prefix . 'albumpass_2']) { $pwd2 = trim($_POST[$prefix . 'albumpass_2']); $_POST[$prefix . 'albumpass'] = $pwd; // invalidate password, user changed without password beign set if (!empty($newuser) && empty($pwd) && empty($pwd2)) { $fail = '&mismatch=user'; } } } if ($_POST[$prefix . 'albumpass'] == $_POST[$prefix . 'albumpass_2']) { $album->setUser($newuser); if (empty($pwd)) { if (empty($_POST[$prefix . 'albumpass'])) { $album->setPassword(NULL); // clear the gallery password } } else { $album->setPassword($pwd); } } else { if (empty($fail)) { $notify = '&mismatch=album'; } else { $notify = $fail; } } $oldtheme = $album->getAlbumTheme(); if (isset($_POST[$prefix . 'album_theme'])) { $newtheme = strip($_POST[$prefix . 'album_theme']); if ($oldtheme != $newtheme) { $album->setAlbumTheme($newtheme); } } $album->setPasswordHint(process_language_string_save($prefix . 'albumpass_hint', 3)); $album->setCustomData(process_language_string_save($prefix . 'album_custom_data', 1)); $album->save(); // Move/Copy/Rename the album after saving. $movecopyrename_action = ''; if (isset($_POST['a-' . $prefix . 'MoveCopyRename'])) { $movecopyrename_action = sanitize($_POST['a-' . $prefix . 'MoveCopyRename'], 3); } if ($movecopyrename_action == 'move') { $dest = UTF8ToFileSystem(sanitize_path($_POST['a' . $prefix . '-albumselect'], 3)); // Append the album name. $dest = ($dest ? $dest . '/' : '') . (strpos($album->name, '/') === FALSE ? $album->name : basename($album->name)); if ($dest && $dest != $album->name) { if ($returnalbum = $album->moveAlbum($dest)) { // A slight hack to redirect to the new album after moving. $_GET['album'] = $returnalbum; } else { $notify .= "&mcrerr=1"; } } else { // Cannot move album to same album. } } else { if ($movecopyrename_action == 'copy') { $dest = UTF8ToFileSystem(sanitize_path($_POST['a' . $prefix . '-albumselect'], 3)); // Append the album name. $dest = ($dest ? $dest . '/' : '') . (strpos($album->name, '/') === FALSE ? $album->name : basename($album->name)); if ($dest && $dest != $album->name) { if (!$album->copyAlbum($dest)) { $notify .= "&mcrerr=1"; } } else { // Cannot copy album to existing album. // Or, copy with rename? } } else { if ($movecopyrename_action == 'rename') { $renameto = UTF8ToFileSystem(sanitize_path($_POST['a' . $prefix . '-renameto'], 3)); $renameto = str_replace(array('/', '\\'), '', $renameto); if (dirname($album->name) != '.') { $renameto = dirname($album->name) . '/' . $renameto; } if ($renameto != $album->name) { if ($returnalbum = $album->renameAlbum($renameto)) { // A slight hack to redirect to the new album after moving. $_GET['album'] = $returnalbum; } else { $notify .= "&mcrerr=1"; } } } } } return $notify; }
if ($admin['valid']) { $hisgroups = explode(',', $admin['group']); if (in_array($groupname, $hisgroups)) { $user = Zenphoto_Authority::newAdministrator($admin['user'], $admin['valid']); user_groups::merge_rights($user, $hisgroups, user_groups::getPrimeObjects($user)); $user->save(); } } } //user assignments: first clear out existing ones Zenphoto_Authority::updateAdminField('group', NULL, array('`valid`>=' => '1', '`group`=' => $groupname)); //then add the ones marked $target = 'user_' . $i . '-'; foreach ($_POST as $item => $username) { if (strpos($item, $target) !== false) { $username = postIndexDecode(substr(sanitize($item), strlen($target))); //$username = substr($item, strlen($target)); $user = $_zp_authority->getAnAdmin(array('`user`=' => $username, '`valid`>=' => 1)); user_groups::merge_rights($user, $hisgroups, user_groups::getPrimeObjects($user)); $user->save(); } } } } } $notify = '&saved'; } else { $notify = '&post_error'; } header("Location: " . FULLWEBPATH . "/" . ZENFOLDER . '/' . PLUGIN_FOLDER . '/user_groups/user_groups-tab.php?page=users&tab=groups&subpage=' . $subpage . $notify); exitZP();
$_zp_gallery->setSecurity(sanitize($_POST['gallery_security'], 3)); $notify = processCredentials($_zp_gallery); if (zp_loggedin(CODEBLOCK_RIGHTS)) { $_zp_gallery->setCodeblock(processCodeblockSave(0)); } $_zp_gallery->save(); $returntab = "&tab=gallery"; } /* * * Search options ** */ if (isset($_POST['savesearchoptions'])) { $fail = ''; $search = new SearchEngine(); $searchfields = array(); foreach ($_POST as $key => $value) { if (strpos($key, 'SEARCH_') !== false) { $searchfields[] = substr(sanitize(postIndexDecode($key)), 7); } } setOption('search_fields', implode(',', $searchfields)); setOption('search_cache_duration', sanitize_numeric($_POST['search_cache_duration'])); $notify = processCredentials('search'); setOption('exact_tag_match', sanitize($_POST['tag_match'])); setOption('exact_string_match', sanitize($_POST['string_match'])); setOption('search_space_is', sanitize($_POST['search_space_is'])); setOption('search_no_albums', (int) isset($_POST['search_no_albums'])); setOption('search_no_images', (int) isset($_POST['search_no_images'])); setOption('search_no_pages', (int) isset($_POST['search_no_pages'])); setOption('search_no_news', (int) isset($_POST['search_no_news'])); setOption('search_within', (int) ($_POST['search_within'] && true)); $sorttype = strtolower(sanitize($_POST['sortby'], 3)); if ($sorttype == 'custom') {
/** * Processes the check box bulk actions * */ function processZenpageBulkActions($type) { global $_zp_zenpage; $action = false; if (isset($_POST['ids'])) { //echo "action for checked items:". $_POST['checkallaction']; $action = sanitize($_POST['checkallaction']); $links = sanitize($_POST['ids']); $total = count($links); $message = NULL; $sql = ''; if ($action != 'noaction') { if ($total > 0) { if ($action == 'addtags' || $action == 'alltags') { $tags = bulkTags(); } if ($action == 'addcats') { foreach ($_POST as $key => $value) { $key = postIndexDecode($key); if (substr($key, 0, 3) == 'cat') { if ($value) { $cats[] = substr($key, 3); } } } $cats = sanitize($cats, 3); } $n = 0; foreach ($links as $titlelink) { $class = 'Zenpage' . $type; $obj = new $class($titlelink); switch ($action) { case 'deleteall': $obj->remove(); SearchEngine::clearSearchCache(); break; case 'addtags': $mytags = array_unique(array_merge($tags, $obj->getTags())); $obj->setTags($mytags); break; case 'cleartags': $obj->setTags(array()); break; case 'alltags': $allarticles = $obj->getArticles('', 'all', true); foreach ($allarticles as $article) { $newsobj = new ZenpageNews($article['titlelink']); $mytags = array_unique(array_merge($tags, $newsobj->getTags())); $newsobj->setTags($mytags); $newsobj->save(); } break; case 'clearalltags': $allarticles = $obj->getArticles('', 'all', true); foreach ($allarticles as $article) { $newsobj = new ZenpageNews($article['titlelink']); $newsobj->setTags(array()); $newsobj->save(); } break; case 'addcats': $catarray = array(); $allcats = $obj->getCategories(); foreach ($cats as $cat) { $catitem = $_zp_zenpage->getCategory($cat); $catarray[] = $catitem['titlelink']; //to use the setCategories method we need an array with just the titlelinks! } $allcatsarray = array(); foreach ($allcats as $allcat) { $allcatsarray[] = $allcat['titlelink']; //same here! } $mycats = array_unique(array_merge($catarray, $allcatsarray)); $obj->setCategories($mycats); break; case 'clearcats': $obj->setCategories(array()); break; case 'showall': $obj->set('show', 1); break; case 'hideall': $obj->set('show', 0); break; case 'commentson': $obj->set('commentson', 1); break; case 'commentsoff': $obj->set('commentson', 0); break; case 'resethitcounter': $obj->set('hitcounter', 0); break; } $obj->save(); } } } } return $action; }
$ordered[$key] = $admin['date']; } } asort($ordered); $adminordered = array(); foreach ($ordered as $key => $user) { $adminordered[] = $admins[$key]; } $msg = NULL; if (isset($_GET['action'])) { $action = sanitize($_GET['action']); XSRFdefender($action); if ($action == 'expiry') { foreach ($_POST as $key => $action) { if (strpos($key, 'r_') === 0) { $userobj = $_zp_authority->getAnAdmin(array('`id`=' => str_replace('r_', '', postIndexDecode($key)))); if ($userobj) { switch ($action) { case 'delete': $userobj->remove(); break; case 'disable': $userobj->setValid(2); $userobj->save(); break; case 'enable': $userobj->setValid(1); $userobj->save(); break; case 'renew': $newdate = getOption('user_expiry_interval') * 86400 + strtotime($userobj->getDateTime());
$ordered[$key] = $admin['date']; } } asort($ordered); $adminordered = array(); foreach ($ordered as $key => $user) { $adminordered[] = $admins[$key]; } $msg = NULL; if (isset($_GET['action'])) { $action = sanitize($_GET['action']); XSRFdefender($action); if ($action == 'expiry') { foreach ($_POST as $key => $action) { if (strpos($key, 'r_') === 0) { $userobj = Zenphoto_Authority::getAnAdmin(array('`id`=' => str_replace('r_', '', postIndexDecode($key)))); if ($userobj) { switch ($action) { case 'delete': $userobj->remove(); break; case 'disable': $userobj->setValid(2); $userobj->save(); break; case 'enable': $userobj->setValid(1); $userobj->save(); break; case 'renew': $newdate = getOption('user_expiry_interval') * 86400 + strtotime($userobj->getDateTime());