function help_invoke_main() { $section = REQ('section'); $path = SKIN . '/help/sections/'; $scan = scan_dir($path); $result = array(); foreach ($scan as $id) { $id = str_replace('.tpl', '', $id); if (!$section || $section && $section == $id) { $result[$id] = proc_tpl("help/sections/{$id}"); } } cn_assign('help_sections', $result); if ($section) { echo exec_tpl('window', "style=help/style.css", "title=HELP - {$section}", 'content=' . exec_tpl('help/main')); } else { echoheader('-@help/style.css', 'Help section'); echo exec_tpl('help/main'); echofooter(); } }
function rating_bar($id, $value = '1/1', $from = 1, $to = 5) { global $_CACHE, $config_http_script_dir, $config_use_rater; if ($config_use_rater == 0) { return false; } // only 1 times if (empty($_CACHE['use_script_rater'])) { $rate = proc_tpl('rater', array('cutepath' => $config_http_script_dir)); } else { $rate = false; } // increase rater $_CACHE['use_script_rater']++; // average ratings list($cr, $ur) = explode('/', $value); if ($ur == 0) { $ur = 1; } $value = $cr / $ur; for ($i = $from; $i <= $to; $i++) { if ($value < $i) { $rate .= '<a href="#" id="' . $id . '_' . $i . '" onclick="rateIt(' . $id . ', ' . $i . ');">' . RATEN_SYMBOL . '</a>'; } else { $rate .= '<a href="#" id="' . $id . '_' . $i . '" onclick="rateIt(' . $id . ', ' . $i . ');">' . RATEY_SYMBOL . '</a>'; } } return $rate; }
function showRow($title = "", $description = "", $field = "") { global $i; if ($i % 2 == 0 and $title != "") { $bg = "bgcolor=#F7F6F4"; } else { $bg = ""; } echo proc_tpl("options/syscon.row", array('bg' => $bg, 'title' => $title, 'field' => $field, 'description' => $description)); $i++; }
} elseif ($action == "dosaverss") { if (strpos($rss_news_include_url, 'http://') === false) { msg("error", lang('Error!'), lang("The URL where you include your news must start with <b>http://</b>")); } $handler = fopen(SERVDIR . "/cdata/rss_config.php", "w") or msg("error", lang('Error!'), "Can not open file ./cdata/rss_config.php"); fwrite($handler, "<?PHP \n\n//RSS Configurations (Auto Generated file)\n\n"); fwrite($handler, "\$rss_news_include_url = \"" . htmlspecialchars($rss_news_include_url) . "\";\n\n"); fwrite($handler, "\$rss_title = \"" . htmlspecialchars($rss_title) . "\";\n\n"); fwrite($handler, "\$rss_encoding = \"" . htmlspecialchars($rss_encoding) . "\";\n\n"); fwrite($handler, "\$rss_language = \"" . htmlspecialchars($rss_language) . "\";\n\n"); fwrite($handler, "?>"); fclose($handler); msg("wizard", lang("RSS Configuration Saved"), lang("The configurations were saved successfully") . ".<br><br><input onClick=\"document.location='{$PHP_SELF}?mod=wizards&action=customizerss';\" type=button value='Proceed With RSS Customization >>'>"); } elseif ($action == "customizerss") { echoheader("wizard", lang("RSS Customization"), make_breadcrumbs('main/options=options/wizards=Choose Wizards/wizards:rss=Rss Setup/wizards:rss_step2=Configuration/Complete')); // Detect the categories (if any) $cat_lines = file(SERVDIR . "/cdata/category.db.php"); if (count($cat_lines) > 0) { $cat_options .= '<select style="" id=categories multiple size=5>' . "\n"; foreach ($cat_lines as $single_line) { $cat_arr = explode("|", $single_line); $cat_options .= "<option value=\"{$cat_arr['0']}\">(ID:{$cat_arr['0']}) {$cat_arr['1']}</option>\n"; } $cat_options .= "</select><br><label for=allcategories><input onclick=\"if(this.checked){getElementById('categories').style.display='none';}else{getElementById('categories').style.display='';}\" type=checkbox id=allcategories value=yes>" . lang('Or show from all Categories') . "</label>"; } else { $cat_options = lang("You do not have any categories") . ". <input type=hidden id=categories><input type=hidden id=allcategories>"; } // Show the HTML echo proc_tpl('wizard/customizerss', array('config_http_script_dir' => $config_http_script_dir, 'cat_options' => $cat_options)); echofooter(); }
if ($action == "quickadd") { die_stat(false, str_replace('%1', $add_ip, lang('The IP %1 is now banned from commenting'))); } } elseif ($action == "remove") { if (empty($remove_ip)) { msg("error", lang('Error!'), lang("The IP or nick cannot be blank"), '#GOBACK'); } user_remove_ban($remove_ip); } // ******************************************************************************** // List all IP // ******************************************************************************** echoheader("options", lang("Blocking IP / Nickname"), make_breadcrumbs('main/options=options/Block IP or nickname')); $c = 0; $iplist = array(); // read all lines $ips = fopen(SERVDIR . '/cdata/ipban.db.php', 'r'); while (!feof($ips)) { $dip = explode('|', fgets($ips)); if (empty($dip[0])) { continue; } if (substr($dip[0], 0, 2) == '<' . '?') { continue; } $e = $dip[2] ? format_date($dip[2], 'since-short') : 'never'; $iplist[] = array('ip' => $dip[0], 'bg' => $c++ % 2 ? 'bgcolor="#F7F8FF"' : '', 'times' => $dip[1], 'expire' => $e); } fclose($ips); echo proc_tpl('ipban/index'); echofooter();
} $files_arch = array(); // check for bad _GET and _POST $user_post_query = cute_query_string($QUERY_STRING, array("archives", "start_from", "archive", "subaction", "id", "cnshow", "ucat", "dosearch", "story", "title", "user", "from_date_day", "from_date_month", "from_date_year", "to_date_day", "to_date_month", "to_date_year"), "post"); $date_from = mktime(0, 0, 0, intval($from_date_month), intval($from_date_day), intval($from_date_year)); $date_to = mktime(0, 0, 0, intval($to_date_month), intval($to_date_day), intval($to_date_year)); if (empty($search_form_hide) || isset($search_form_hide) && empty($dosearch)) { // Make parameters ----------------------------------------------------------------------------------------------------- list($day_from, $month_from, $year_from) = make_postponed_date($date_from); list($day_to, $month_to, $year_to) = make_postponed_date($date_to); $selected_search_arch = empty($archives) ? false : "checked='checked'"; $story = htmlspecialchars(urldecode($story)); $title = htmlspecialchars(urldecode($title)); $author = htmlspecialchars(urldecode($author)); $hide = ($title or $author or !empty($archives)) ? false : true; echo proc_tpl('search'); } // Do Search ------------------------------------------------------------------------------------------------------- if ($dosearch == "yes") { $mc_start = microtime(true); // In active news anyway $listing = array(time() => '/cdata/news.txt'); // Also, search in archive if present (sort it) if (!empty($archives)) { $dir = read_dir(SERVDIR . '/cdata/archives'); foreach ($dir as $vs) { if (preg_match('~(\\d+)\\.news\\.arch$~i', $vs, $c)) { $listing[$c[1]] = $vs; } } }
} } else { unlink($_FILES[$current_image]['tmp_name']); $img_result .= "<br><span style='color:red;'>{$image_name} ->This type of file is not allowed!</span>"; } } } // out html head image content $CSRF = CSRFMake(); if ($action == "quick") { echo proc_tpl('images/quick.up', array('area' => $area, 'CKEditorFuncNum' => $CKEditorFuncNum, 'config_http_script_dir' => $config_http_script_dir), array('WYSYWIG' => $wysiwyg && $_REQUEST['CKEditorFuncNum'])); } else { echoheader("images", "Manage Images", make_breadcrumbs('main/options=options/Manage Images')); } // Add the JS for multiply image upload. echo proc_tpl('images/multi', array(), array('QUICK' => $action == "quick" && $wysiwyg == false ? 1 : 0)); $i = 0; $img_dir = opendir(SERVDIR . "/uploads"); while ($file = readdir($img_dir)) { //Yes we'll store them in array for sorting $images_in_dir[] = $file; } natcasesort($images_in_dir); reset($images_in_dir); foreach ($images_in_dir as $file) { $img_name_arr = explode(".", $file); $img_type = end($img_name_arr); if ((in_array($img_type, $allowed_extensions) or in_array(strtolower($img_type), $allowed_extensions)) and $file != ".." and $file != "." and is_file(SERVDIR . "/uploads/" . $file)) { $i++; $this_size = filesize(SERVDIR . "/uploads/" . $file); $total_size += $this_size;
echoheader("options", "Categories", make_breadcrumbs('main/options=options/Manage Categories')); $count_categories = 0; $all_cats = hook('read_categories', file(SERVDIR . "/cdata/category.db.php")); foreach ($all_cats as $cat_line) { if ($i++ % 2 != 0) { $bg = "bgcolor=#F7F6F4"; } else { $bg = ""; } $cat_arr = explode("|", $cat_line); $cat_arr[1] = stripslashes(preg_replace(array("'\"'", "'\\''"), array(""", "'"), $cat_arr[1])); $cat_help_names[] = $cat_arr[1]; $cat_help_ids[] = $cat_arr[0]; $result .= "<tr><td {$bg}> <b>{$cat_arr['0']}</b></td><td {$bg} >{$cat_arr['1']}</td> <td {$bg} align=center>"; if ($cat_arr[2] != "") { $result .= "<img border=0 src=\"{$cat_arr['2']}\" high=40 width=40 alt=\"{$cat_arr['2']}\">"; } else { $result .= "---"; } $result .= "</td><td {$bg} align=center>"; $result .= $cat_arr[3] == "" || $cat_arr[3] == "0" ? "<span title='" . lang('Everyone can Write') . "'>---</span>" : ""; $result .= $cat_arr[3] == "1" ? lang("Only Admin") : ""; $result .= $cat_arr[3] == "2" ? lang("Only Editors & Admin") : ""; $result .= "</td> <td {$bg} align=center>\n <a href=\"{$PHP_SELF}?mod=categories&action=edit&catid={$cat_arr['0']}\">[" . lang('edit') . "]</a>\n <a href=\"{$PHP_SELF}?mod=categories&action=remove&catid={$cat_arr['0']}\">[" . lang('delete') . "]</a></td> </tr>"; $count_categories++; } if ($count_categories == 0) { $result = "<tr><td colspan='5'><p><br><b>" . lang("You haven't defined any categories yet") . "</b><br>" . lang("categories are optional and you can write your news without having categories") . "<br></p></td></tr>"; } echo proc_tpl('category/index', array('result' => $result, 'CSRF' => $CSRF)); echofooter();
} // add user user_add($member_db); make_crypt_salt(); // Run Once if (!file_exists(SERVDIR . '/cdata/installed.mark')) { fclose(fopen(SERVDIR . '/cdata/installed.mark', 'w')); relocation("http://www.cutephp.com/thanks.php?referer=" . urlencode(base64_encode('http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF']))); } else { msg('info', 'Notification', lang('You have successfully installed Cutenews! Refresh page to login.')); } } } if (empty($is_loged_in)) { echoheader("user", lang("Please Login")); echo proc_tpl('login_window', array('lastusername' => htmlspecialchars($username)), array('ALLOW_REG' => $config_allow_registration == "1" ? 1 : 0)); echofooter(); } elseif ($is_loged_in) { // User banned if ('blocked' == user_getban($member_db[UDB_NAME], true)) { $_SESS['user'] = false; send_cookie(); msg('error', lang('Error!'), lang('You\'re banned!')); } // ******************************************************************************** // Include System Module // ******************************************************************************** //name of mod //access $system_modules = array('addnews' => 'user', 'editnews' => 'user', 'main' => 'user', 'options' => 'user', 'images' => 'user', 'editusers' => 'admin', 'editcomments' => 'admin', 'tools' => 'admin', 'ipban' => 'admin', 'about' => 'user', 'categories' => 'admin', 'massactions' => 'user', 'help' => 'user', 'debug' => 'admin', 'wizards' => 'admin', 'update' => 'user', 'rating' => 'user'); list($system_modules, $mod, $stop) = hook('system_modules_expand', array($system_modules, $mod, false)); // Plugin tells us: don't show anything, stop
$img_result .= "<br><span style='color:red;'>{$image_name} ->This type of file is not allowed!</span>"; } else { // Image is OK, upload it copy($image, SERVDIR . "/uploads/" . $image_name) or $img_result .= "<br><span style='color: red;'>{$image_name} -> Couldn't copy image to server</span><br />Check if file_uploads is allowed in the php.ini file of your server"; if (file_exists(SERVDIR . "/uploads/" . $image_name)) { $img_result .= "<br><span style='color: green;'>{$image_name} -> Image was uploaded</span>"; if ($action == "quick") { $img_result .= " <a title=\"Insert this image in the {$my_area}\" href=\"javascript:insertimage('{$image_name}');\">[insert it]</a>"; } } // if file is uploaded succesfully } } } // Add the JS for multiply image upload. echo proc_tpl('images/multi', array('CSRF' => $CSRF, 'img_result' => $img_result, 'wysiwyg' => $wysiwyg, 'CKEditorFuncNum' => $CKEditorFuncNum, 'area' => $area, 'action' => $action), array('QUICK' => $action == "quick" && $wysiwyg == false ? 1 : 0)); $i = 0; $img_dir = opendir(SERVDIR . "/uploads"); while ($file = readdir($img_dir)) { //Yes we'll store them in array for sorting $images_in_dir[] = $file; } natcasesort($images_in_dir); reset($images_in_dir); foreach ($images_in_dir as $file) { $img_name_arr = explode(".", $file); $img_type = end($img_name_arr); if ((in_array($img_type, $allowed_extensions) or in_array(strtolower($img_type), $allowed_extensions)) and $file != ".." and $file != "." and is_file(SERVDIR . "/uploads/" . $file)) { $i++; $this_size = filesize(SERVDIR . "/uploads/" . $file); $total_size += $this_size;
<?php if (!defined('INIT_INSTANCE')) { die('Access restricted'); } /* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Load the specified section in PopUp Window ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */ if (isset($section)) { $section = preg_replace('~[^a-z0-9_]~i', '', $section); $help_section = proc_tpl('help/sections/' . $section); echo proc_tpl('help/index'); } else { echoheader("question", "Help Documentation"); echo "<style type=\"text/css\">\n <!--\n .code {\n font-family : Andale Mono, Courier;\n border: 1px solid #BBCDDB;\n margin:10px;\n padding:4px;\n background:#FBFFFF;\n }\n h1 {\n background-color : #EAF0F4;\n border : #000000 1px solid;\n color : #000000;\n font-family : Tahoma, Verdana, Arial, Helvetica, sans-serif;\n font-size : 15px;\n font-weight : bold;\n padding-bottom : 5px;\n padding-left : 10px;\n padding-right : 10px;\n padding-top : 5px;\n text-decoration : none;\n }\n td.r { font-weight: bold; text-align: right; }\n -->\n </style>"; $help_section = false; $sections = read_dir(SERVDIR . SKIN . '/help/sections'); foreach ($sections as $v) { $help_section .= proc_tpl(str_replace('.tpl', '', str_replace(SKIN . '/', '', $v))); } echo $help_section; echofooter(); }
$tpl = 'index_cke'; } else { $tpl = 'index'; } list($_dateD, $_dateM, $_dateY, $_dateH, $_dateI) = make_postponed_date($postpone_date); // Add hooks for modify ckeditor $CKEDITOR_Settings = hook('CKEDITOR_Settings', false); $CKEDITOR_SetsName = hook('CKEDITOR_SetsName', 'settings'); $Using_HTML = $options['use_html']; $Using_Avat = $config_use_avatar == 'yes' ? 1 : 0; $Unapproved = $source == 'unapproved' ? 1 : 0; // Remove "Approve" button from editor if ($member_db[UDB_ACL] == ACL_LEVEL_JOURNALIST) { $Unapproved = 0; } echo proc_tpl('editnews/editnews/' . $tpl, array('id' => intval($id), 'item_db1' => $item_db[NEW_USER], 'item_db2' => $item_db[NEW_TITLE], 'item_db3' => $item_db[NEW_SHORT], 'item_db4' => $item_db[NEW_FULL], 'item_db5' => $item_db[NEW_AVATAR], 'short_story_smiles' => insertSmilies($short_story_id, 4, true, $use_wysiwyg), 'full_story_smiles' => insertSmilies($full_story_id, 4, true, $use_wysiwyg), 'dated' => $_dateD, 'datem' => $_dateM, 'datey' => $_dateY, 'dateh' => $_dateH, 'datei' => $_dateI)); echofooter(); } elseif ($action == 'move') { $id = intval($id); if (preg_match('~^[0-9]*$~', trim($source))) { $src = "archives/{$source}.news.arch"; } elseif ($source) { $src = $source . '_news.txt'; } else { $src = 'news.txt'; } // Only for present file if (!file_exists(SERVDIR . '/cdata/' . $src)) { $src = 'news.txt'; } $dbpath = SERVDIR . '/cdata/' . $src;
function login_guest($keep_data = NULL, $username = NULL) { global $_SESS; cn_extrn_init(); // Logout if (isset($_GET['widget_personal_logout'])) { $_SESSION = array(); } // Send new data $_SESSION['.CSRF'] = md5(mt_rand()); if (!member_get()) { // Widget's login form echo proc_tpl('widgets/personal_login_form', "CSRF=" . $_SESSION['.CSRF'], 'KEEP=' . base64_encode(serialize($keep_data)), 'MSG=' . cn_front_msg_show('login', 'widget_personal_msg'), 'username='******'rememberme=' . (isset($_POST['cn_remember_me']) && !empty($_POST['cn_remember_me']) ? 'checked' : '')); } }
} if (!$selected_news) { msg("error", lang('Error!'), lang("You have not specified any articles"), "#GOBACK"); } // -------- $the_selected_news = array(); list($news_file) = detect_source($source); $news = file($news_file); if (preg_match_all("~^(" . join('|', $selected_news) . ")\\|.*\$~m", join('', $news), $this, PREG_SET_ORDER)) { foreach ($this as $the) { $item = explode('|', $the[0]); $the_selected_news[] = array('id' => $item[NEW_ID], 'date' => date('d-m-Y H:i:s', $item[NEW_ID]), 'title' => htmlspecialchars($item[NEW_TITLE])); } } $CSRF = CSRFMake(); $msg = proc_tpl('mass/chdate', array('source' => $source)); msg('info', lang('Change Date'), $msg); } elseif ($action == 'dochangedate') { CSRFCheck(); list($news_file, $comm_file) = detect_source($source); $db_news_file = file($news_file); $db_comm_file = file($comm_file); // Sort by ascending foreach ($dates as $id => $date) { $dates[$id] = strtotime($date); } asort($dates); foreach ($dates as $id => $date) { if ($date <= time() + $config_date_adjust * 60) { // Don't touch this news: only change date $db_news_file = preg_replace("~^" . intval($id) . "\\|~m", $date . '|', $db_news_file);
} echo proc_tpl('editusers/user', array('CSRF' => $CSRF, 'user_arr[2]' => $user_arr[2], 'user_arr[4]' => $user_arr[4], 'user_arr[5]' => $user_arr[5], 'user_arr[6]' => $user_arr[6], 'user_date' => date("r", $user_arr[0]), 'edit_level' => $edit_level, 'last_login' => empty($user_arr[UDB_LAST]) ? lang('never') : date('r', $user_arr[UDB_LAST]), 'id' => $id)); } elseif ($action == "doedituser") { CSRFCheck(); list($id, $editemail, $editpassword, $editlevel) = GET('id,editemail,editpassword,editlevel'); if (empty($id)) { die(lang("This is not a valid user")); } if (false === ($the_user = user_search($id))) { die(lang("This is not a valid user")); } if (check_email($editemail) == false) { die(lang("Invalid email")); } // In case if email already exists, and email not eq. --> error $find_email = user_search($editemail, 'email'); if ($find_email && $find_email[UDB_EMAIL] != $the_user[UDB_EMAIL]) { die(lang("User with this email already exists")); } // Change password if present if (!empty($editpassword)) { $hmet = hash_generate($editpassword); $the_user[UDB_PASS] = $hmet[count($hmet) - 1]; send_cookie(); } // Change user level anywhere $the_user[UDB_EMAIL] = $editemail; $the_user[UDB_ACL] = $editlevel; user_update($id, $the_user); echo proc_tpl('editusers/doedituser/saved'); }
fwrite($w, '$conf_rw_' . substr($i, 5) . ' = "' . str_replace('"', '\\"', $v) . "\";\n"); } } flock($w, LOCK_UN); fclose($w); $saved_ok = getpart('saved_ok'); } // Read data from datatable if (file_exists(SERVDIR . '/cdata/conf_rw.php')) { include SERVDIR . '/cdata/conf_rw.php'; } // Default values ----------------- set_default_val_for_rewrite(); hook('insert_additional_rewrites'); // Try to update htaccess if ($update_htaccess == 'Y') { $w = fopen($conf_rw_htaccess, 'w'); flock($w, LOCK_EX); fwrite($w, "RewriteEngine ON\n"); fwrite($w, "RewriteCond %{REQUEST_FILENAME} !-d\n"); fwrite($w, "RewriteCond %{REQUEST_FILENAME} !-f\n"); fwrite($w, "RewriteRule ^(.*)\$ /cn_friendly_url.php?rew=\$1&%{QUERY_STRING}[L]\n"); flock($w, LOCK_UN); fclose($w); } // view template echoheader('home', lang('URL Rewrite Manager'), make_breadcrumbs('main=main/options:options=options/tools:rewrite=Rewrite Manager', true)); echo proc_tpl('tools/rewrites/index'); echofooter(); } hook('tools_additional_actions');
echo $prev_next_msg; } $username = $usermail = false; $template_form = str_replace("{config_http_script_dir}", $config_http_script_dir, $template_form); //---------------------------------- // Check if the remember script exists //---------------------------------- if (!empty($_SESS['user'])) { $captcha_enabled = false; $member_db = user_search($_SESS['user']); } $template_form = str_replace('{username}', isset($member_db[UDB_NAME]) ? $member_db[UDB_NAME] : false, $template_form); $template_form = str_replace('{usermail}', isset($member_db[UDB_EMAIL]) ? $member_db[UDB_EMAIL] : false, $template_form); // Remember and Forget for unregistered only $remember_user = ''; $remember_form = getpart('remember_me'); if ($member_db) { $remember_form = getpart('logged_as_member'); $remember_user = getpart('logger_as_membersp', htmlspecialchars($member_db[UDB_NAME]), htmlspecialchars($member_db[UDB_EMAIL])); } elseif ($_COOKIE['CNname']) { $remember_form = getpart('forget_me'); } $gduse = function_exists('imagecreatetruecolor') ? 0 : 1; $captcha_form = $config_use_captcha && $captcha_enabled ? proc_tpl('captcha_comments') : false; $smilies_form = proc_tpl('remember_js') . insertSmilies('short', false); $template_form = str_replace("{smilies}", $smilies_form, $template_form); $template_form = str_replace('{remember_me}', $remember_form, $template_form); $template_form = hook('comment_template_form', $template_form); $remember_js = read_tpl('remember') . $remember_user; echo proc_tpl('comment_form'); return TRUE;
$fs = 0; foreach ($filesize as $i => $v) { if (file_exists(SERVDIR . $i)) { $fs_t = filesize(SERVDIR . $i); } else { $fs_t = 0; } $msgs['fs'][] = array($v, formatsize($fs_t, $v)); $fs += $fs_t; } if (function_exists('disk_free_space') && function_exists('disk_total_space')) { $msgs['fs'][] = array('Free disk space', formatsize(disk_free_space(SERVDIR))); $factor = (int) (100 * (1 - disk_free_space('/') / disk_total_space('/'))); if ($factor > 100) { $factor = 100; } if ($factor < 0) { $factor = 0; } } else { $factor = false; } $msgs['fs'][] = array("<a title='" . lang('View all Active News (Edit News)') . "' href='{$PHP_SELF}?mod=editnews&action=list'>" . lang('Active News') . "</a>", $stats_news); $msgs['fs'][] = array(lang("Active Comments"), $count_comments); $msgs['fs'][] = array("<a title='" . lang('View all Postponed Articles') . "' href='{$PHP_SELF}?mod=editnews&action=list&source=postponed'>" . lang('Postponed News') . "</a>", $count_postponed_news); $msgs['fs'][] = array("<a title='" . lang('View all Unapproved Articles') . "' href='{$PHP_SELF}?mod=editnews&action=list&source=unapproved'>" . lang('Unapproved News') . "</a>", $count_unapproved_news); $msgs['fs'][] = array("<a title='" . lang('View all Archives (Archive Manager)') . "' href='{$PHP_SELF}?mod=tools&action=archive'>" . lang('Archives') . "</a>", $stats_archives); $msgs['fs'][] = array("<a title='" . lang('View all Users (Add/Edit Users)') . "' href='{$PHP_SELF}?mod=editusers&action=list'>" . lang('Users') . "</a>", $stats_users); echo proc_tpl('main/syscheck', array('fs' => $msgs['fs'], 'free' => $factor)); echofooter(); hook('destroy_main');
if (!copy(OLDDIR . $fn, $path)) { $fail[] = array('Cannot copy the file', OLDDIR . $fn, $path); } if (!chmod($path, 0666)) { $fail[] = array('Cannot change file mode', $path); } } } } //migrate skins $skins_dir = array(); if (is_dir(OLDDIR . '/skins')) { $skins_dir = read_dir(OLDDIR . '/skins', array(), true, OLDDIR); } else { $fail[] = array('Folder not found', OLDDIR . '/skins'); } foreach ($skins_dir as $resourse) { if (stripos($resourse, '/skins/images/') !== false || preg_match('/(?<!default|compact|simple)\\.skin\\.php$/i', $resourse) > 0) { if (!copy(OLDDIR . $resourse, SERVDIR . $resourse)) { $fail[] = array('Cannot copy the file', OLDDIR . $resourse, SERVDIR . $resourse); } } } // Place .htaccess to cdata section $w = fopen(SERVDIR . '/cdata/.htaccess', 'w'); fwrite($w, "Deny From All"); chmod(SERVDIR . '/cdata/.htaccess', 0644); fclose($w); $found_problems = proc_tpl('install/problemlist'); msg('info', lang('Migration success'), lang("Congrats! You migrated to Cutenews " . VERSION) . " | <a href='index.php'>Login</a> " . $found_problems); }
foreach ($cat_lines as $single_line) { $cat_arr = explode("|", $single_line); $_cat_html .= '<option ' . ($category == $cat_arr[0] ? ' selected ' : '') . ' value="' . $cat_arr[0] . '">' . $cat_arr[1] . '</option>'; } // new style $i = 0; foreach ($cat_lines as $single_line) { $i++; $cat_arr = explode("|", $single_line); $cat_id = $cat_arr[0]; $cat_name = $cat_arr[1]; $_multi_cat_html .= "<td style='font-size:10px;' valign=top><label for='cat" . $cat_id . "'><input " . ($category == $cat_id ? " checked " : '') . " style='background-color:transparent;border:0px;' type=checkbox name='category[]' id='cat" . $cat_id . "' value='" . $cat_id . "'>" . $cat_name . "</label></td>"; if ($i % 4 == 0) { $_multi_cat_html .= '<tr>'; } } } // ON/OFF CKEditor $tpl = $use_wysiwyg ? 'index_cke' : 'index'; list($_dateD, $_dateM, $_dateY, $_dateH, $_dateI) = make_postponed_date(); // Add hooks for modify ckeditor $CKEDITOR_Settings = hook('CKEDITOR_Settings', false); $CKEDITOR_SetsName = hook('CKEDITOR_SetsName', 'settings'); // Edit news not replace fields $title = htmlspecialchars($_POST['title']); $short_story = htmlspecialchars($_POST['short_story']); $full_story = htmlspecialchars($_POST['full_story']); $UseAvatar = $config_use_avatar == 'yes' ? 1 : 0; echo proc_tpl('addnews/' . $tpl, array('member_db8' => $member_db[UDB_AVATAR], 'cat_html' => $_cat_html, 'multi_cat_html' => $_multi_cat_html, 'insertsmiles' => insertSmilies($short_story_id, 4, true, $use_wysiwyg), 'insertsmiles_full' => insertSmilies($full_story_id, 4, true, $use_wysiwyg), 'dated' => $_dateD, 'datem' => $_dateM, 'datey' => $_dateY, 'dateh' => $_dateH, 'datei' => $_dateI)); echofooter(); }
$fs = 0; foreach ($filesize as $i => $v) { if (file_exists(SERVDIR . $i)) { $fs_t = filesize(SERVDIR . $i); } else { $fs_t = 0; } $msgs['fs'][] = array($v, formatsize($fs_t, $v)); $fs += $fs_t; } if (function_exists('disk_free_space') && function_exists('disk_total_space')) { $msgs['fs'][] = array('Free disk space', formatsize(disk_free_space(SERVDIR))); $factor = (int) (100 * (1 - disk_free_space('/') / disk_total_space('/'))); if ($factor > 100) { $factor = 100; } if ($factor < 0) { $factor = 0; } } else { $factor = false; } $msgs['fs'][] = array("<a title='" . lang('View all Active News (Edit News)') . "' href='{$PHP_SELF}?mod=editnews&action=list'>" . lang('Active News') . "</a>", $stats_news); $msgs['fs'][] = array(lang("Active Comments"), $count_comments); $msgs['fs'][] = array("<a title='" . lang('View all Postponed Articles') . "' href='{$PHP_SELF}?mod=editnews&action=list&source=postponed'>" . lang('Postponed News') . "</a>", $count_postponed_news); $msgs['fs'][] = array("<a title='" . lang('View all Unapproved Articles') . "' href='{$PHP_SELF}?mod=editnews&action=list&source=unapproved'>" . lang('Unapproved News') . "</a>", $count_unapproved_news); $msgs['fs'][] = array("<a title='" . lang('View all Archives (Archive Manager)') . "' href='{$PHP_SELF}?mod=tools&action=archive'>" . lang('Archives') . "</a>", $stats_archives); $msgs['fs'][] = array("<a title='" . lang('View all Users (Add/Edit Users)') . "' href='{$PHP_SELF}?mod=editusers&action=list'>" . lang('Users') . "</a>", $stats_users); echo proc_tpl('main/syscheck', array('exists' => $msgs['e'], 'x' => $msgs['x'], 'r' => $msgs['r'], 'w' => $msgs['w'], 'fs' => $msgs['fs'], 'free' => $factor), array('FREE' => $factor, 'SHOW' => $SHOW)); echofooter(); hook('destroy_main');
function syscon($config_name, $title, $options = null) { global $counter; list($title, $desc) = explode('|', $title, 2); list($config_name, $opt) = explode('=', $config_name, 2); $out = ''; $var = getoption($config_name); // Is digits or empty - INPUT if (!is_array($options)) { $opt = $opt ? $opt : 40; if ($options == ':text:') { list($cols, $rows) = explode('/', $opt); $out = '<textarea cols="' . $cols . '" rows="' . $rows . '" name="save_con[' . $config_name . ']">' . htmlspecialchars($var) . '</textarea>'; } elseif ($options == 'Y/N') { $checked = $var ? 'checked="checked"' : ''; $out = '<input type="checkbox" name="save_con[' . $config_name . ']" value="1" ' . $checked . ' />'; } elseif ($options == 'y/n') { $out = '<input type="radio" name="save_con[' . $config_name . ']" value="no" ' . ($var == 'no' ? 'checked="checked"' : '') . ' /> No '; $out .= '<input type="radio" name="save_con[' . $config_name . ']" value="yes" ' . ($var != 'no' ? 'checked="checked"' : '') . ' /> Yes'; } else { $out = '<input type="text" class="cn" name="save_con[' . $config_name . ']" value="' . $var . '" size="' . $opt . '" />'; } } elseif (is_array($options)) { $out = '<select name="save_con[' . $config_name . ']">'; foreach ($options as $key => $value) { if ($var == $key) { $selected = ' selected="selected" '; } else { $selected = ''; } $out .= '<option value="' . $key . '"' . $selected . '>' . htmlspecialchars($value) . '</option>'; } $out .= '</select>'; } // --- make line --- if ($counter++ % 2 == 0) { $bg = "bgcolor=#F7F6F4"; } else { $bg = ""; } return proc_tpl("options/syscon.row", array('bg' => $bg, 'title' => lang($title), 'field' => $out, 'description' => lang($desc))); }
<?php if (!defined('INIT_INSTANCE')) { die('Access restricted'); } // ******************************************************************************** // CuteCode // ******************************************************************************** if ($action == "cutecode") { $read = proc_tpl('about/cutecode', array('target' => $target)); echo $read; } else { echoheader("question", lang("Help/About")); if (function_exists("md5")) { $functions_md5 = md5(join('', file(SERVDIR . "/core/core.php"))); } else { $functions_md5 = "MD5NotSupported"; } // Try license key if (file_exists(SERVDIR . "/cdata/reg.php")) { include SERVDIR . "/cdata/reg.php"; } $read = proc_tpl('about/index', array('config_version_name' => $config_version_name, 'config_version_id' => $config_version_id, 'config_http_script_dir' => $config_http_script_dir, 'functions_md5' => $functions_md5, 'reg_site_key' => $reg_site_key), array('REG' => file_exists(SERVDIR . '/cdata/reg.php'))); echo $read; echofooter(); }
return FALSE; } if ($name && empty($user_member) == false) { $is_member = true; // Check stored password in cookies if ($CNpass and $user_member[UDB_PASS] == $CNpass) { $password = true; } if (!empty($_SESS['user']) && $_SESS['user'] == $name) { $is_member = true; } elseif (empty($password)) { $comments = preg_replace(array("'\"'", "'\\''", "''"), array(""", "'", ""), $comments); $name = replace_comment("add", preg_replace("/\n/", "", $name)); $mail = replace_comment("add", preg_replace("/\n/", "", $mail)); $remcheck = $CNremember == '1' ? ' checked="checked" ' : ''; echo proc_tpl('enter_passcode'); return FALSE; } else { $gen = hash_generate($password); // password ok? if (in_array($user_member[UDB_PASS], $gen) || $CNpass && $user_member[UDB_PASS] == $CNpass) { // if check remember password -> echo this script if (empty($CNrememberPass) == false) { $name = htmlspecialchars($name); if (empty($mail)) { $mail = htmlspecialchars($user_member[UDB_EMAIL]); } echo read_tpl('remember') . '<script type="text/javascript">CNRememberPass("' . $user_member[UDB_PASS] . '", "' . $name . '", "' . $mail . '")</script>'; } // hide email $mail = $user_member[UDB_CBYEMAIL] ? false : $user_member[UDB_EMAIL];
foreach ($all_comments as $comment_line) { $comment_line_arr = explode("|>|", $comment_line); if ($comment_line_arr[0] == $newsid) { $comment_arr = explode("||", $comment_line_arr[1]); foreach ($comment_arr as $single_comment) { $single_arr = explode("|", $single_comment); if ($comid == $single_arr[0]) { break; } } } } $single_arr[4] = str_replace("<br />", "\n", $single_arr[4]); $comdate = date("D, d F Y h:i:s", $single_arr[0]); $CSRF = CSRFMake(); echo proc_tpl('editcomments', array('newsid' => htmlspecialchars($newsid), 'comid' => htmlspecialchars($comid), 'comdate' => $comdate, 'source' => htmlspecialchars($source), 'single_arr[1]' => htmlspecialchars($single_arr[1]), 'single_arr[2]' => htmlspecialchars($single_arr[2]), 'single_arr[3]' => htmlspecialchars($single_arr[3]), 'single_arr[4]' => htmlspecialchars($single_arr[4]), 'CSRF' => $CSRF)); } elseif ($action == "doeditcomment") { if (empty($poster) and empty($deletecomment)) { echo lang("The poster cannot be blank"); die; } // CSRF check only for saving comments if (empty($deletecomment)) { CSRFCheck(); } if (empty($mail)) { $mail = lang("none"); } if (empty($poster)) { $poster = lang("Anonymous"); }
$symbol_count++; if ($symbol_count == $word_count) { $result .= ' '; $symbol_count = 0; $new_word = true; } } return $result; } if ($action == 'update') { $need_update = false; $last_version_file = fopen("http://cutephp.com/cutenews/latest_version.php", "r"); ob_start(); fpassthru($last_version_file); list($last_version, $last_version_name) = explode('|', ob_get_clean()); if ($last_version > $config_version_id) { $need_update = true; } if ($need_update) { $update_key = base64_encode(create_random_string(50, 7)); $update_temp = fopen(SERVDIR . '/cdata/update_temp.php', "w"); fwrite($update_temp, "<?php\n\$update_key='" . $update_key . "';\n?>"); fclose($update_temp); setcookie('update', $update_key, time() + 60 * 60, '/'); echoheader('info', lang("Update status"), make_breadcrumbs('main/options=options/Update Status')); echo proc_tpl('update/status'); echofooter(); } else { msg('info', lang('Update status'), lang('No update: your revision is the latest one')); } }
<?php require_once 'core/init.php'; // plugin tells us: he is fork, stop if (hook('fork_rss', false)) { return; } $rss = getoption('#rss'); if (empty($rss)) { die(proc_tpl('help/manual/rss')); } $config_http_script_dir = getoption('http_script_dir'); $rss_encoding = $rss['encoding']; $rss_news_include_url = $rss['news_include_url']; $rss_title = $rss['title']; $rss_language = $rss['language']; // ------- header("Content-type: text/xml", true); echo "<?xml version=\"1.0\" encoding=\"{$rss_encoding}\" ?>\r\n<?xml-stylesheet type=\"text/css\" href=\"{$config_http_script_dir}/skins/rss_style.css\" ?>\r\n<rss version=\"2.0\" xmlns:atom=\"http://www.w3.org/2005/Atom\">\r\n<channel>\r\n<title>{$rss_title}</title>\r\n<link>{$rss_news_include_url}</link>\r\n<language>{$rss_language}</language>\r\n<description></description>\r\n<!-- <docs>This is an RSS 2.0 file intended to be viewed in a newsreader or syndicated to another site. For more information on RSS check: http://www.feedburner.com/fb/a/aboutrss</docs> -->\r\n<generator>CuteNews</generator>\r\n<atom:link href=\"" . $config_http_script_dir . "/rss.php\" rel=\"self\" type=\"application/rss+xml\" />"; // --------------------------------------------------------------------------------------------------------------------- if (isset($_GET['number'])) { $number = intval($_GET['number']); } else { $number = 15; } if (isset($_GET['only_active']) && $_GET['only_active']) { $only_active = $_GET['only_active']; } else { $only_active = true; } $template = 'rss';
} if (!$selected_news) { msg("error", lang('Error!'), lang("You have not specified any articles"), "#GOBACK"); } // -------- $the_selected_news = array(); list($news_file) = detect_source($source); $news = file($news_file); if (preg_match_all("~^(" . join('|', $selected_news) . ")\\|.*\$~m", join('', $news), $this, PREG_SET_ORDER)) { foreach ($this as $the) { $item = explode('|', $the[0]); $the_selected_news[] = array('id' => $item[NEW_ID], 'date' => date('d-m-Y H:i:s', $item[NEW_ID]), 'title' => htmlspecialchars($item[NEW_TITLE])); } } $CSRF = CSRFMake(); $msg = proc_tpl('mass/chdate'); msg('info', lang('Change Date'), $msg); } elseif ($action == 'dochangedate') { CSRFCheck(); list($news_file, $comm_file) = detect_source($source); $db_news_file = file($news_file); $db_comm_file = file($comm_file); // Sort by ascending foreach ($dates as $id => $date) { $dates[$id] = strtotime($date); } asort($dates); foreach ($dates as $id => $date) { if ($date <= time()) { // Don't touch this news: only change date $db_news_file = preg_replace("~^" . intval($id) . "\\|~m", $date . '|', $db_news_file);
$user_arr = user_search($the_email, 'email'); $user = $user_arr[UDB_NAME]; } else { add_to_log(':anonym:', 'Validate "s" parameter: invalid request'); msg("error", lang('Error!'), lang("Validation is broken"), '#GOBACK'); } // Generate srand(time()); $salt = "abcdefghjkmnpqrstuvwxyz0123456789-ABCDEFGHIJKLMNOPQRSTUVWXYZ"; for ($i = 0; $i < 9; $i++) { $new_pass .= $salt[rand(0, strlen($salt) - 1)]; } // Save new password $hmet = hash_generate($new_pass); $user_arr[UDB_PASS] = $hmet[count($hmet) - 1]; print_r($new_pass); print_R($hmet); user_update($user, $user_arr); $message = str_replace(array('%1', '%2'), array($user, $new_pass), lang("Hi %1,\nYour new password for CuteNews is\n\n %2\n\nplease after you login change this password.")); send_mail($user_arr[UDB_EMAIL], lang("Your New Password for CuteNews"), $message); add_to_log($user, lang('New password received')); msg("info", lang("Password Sent"), str_replace('%1', $user, lang("The new password for <b>%1</b> was sent to the email."))); } else { if ($config_allow_registration != "1") { msg("error", lang('Error!'), lang("User registration is Disabled"), '#GOBACK'); } echoheader("user", lang("User Registration")); echo proc_tpl('register/reg', array('result' => $result)); echofooter(); } exec_time();