function help_invoke_main()
{
$section = REQ('section');
$path = SKIN . '/help/sections/';
$scan = scan_dir($path);
$result = array();
foreach ($scan as $id) {
$id = str_replace('.tpl', '', $id);
if (!$section || $section && $section == $id) {
$result[$id] = proc_tpl("help/sections/{$id}");
}
}
cn_assign('help_sections', $result);
if ($section) {
echo exec_tpl('window', "style=help/style.css", "title=HELP - {$section}", 'content=' . exec_tpl('help/main'));
} else {
echoheader('-@help/style.css', 'Help section');
echo exec_tpl('help/main');
echofooter();
}
}
function rating_bar($id, $value = '1/1', $from = 1, $to = 5)
{
global $_CACHE, $config_http_script_dir, $config_use_rater;
if ($config_use_rater == 0) {
return false;
}
// only 1 times
if (empty($_CACHE['use_script_rater'])) {
$rate = proc_tpl('rater', array('cutepath' => $config_http_script_dir));
} else {
$rate = false;
}
// increase rater
$_CACHE['use_script_rater']++;
// average ratings
list($cr, $ur) = explode('/', $value);
if ($ur == 0) {
$ur = 1;
}
$value = $cr / $ur;
for ($i = $from; $i <= $to; $i++) {
if ($value < $i) {
$rate .= '<a href="#" id="' . $id . '_' . $i . '" onclick="rateIt(' . $id . ', ' . $i . ');">' . RATEN_SYMBOL . '</a>';
} else {
$rate .= '<a href="#" id="' . $id . '_' . $i . '" onclick="rateIt(' . $id . ', ' . $i . ');">' . RATEY_SYMBOL . '</a>';
}
}
return $rate;
}
function showRow($title = "", $description = "", $field = "")
{
global $i;
if ($i % 2 == 0 and $title != "") {
$bg = "bgcolor=#F7F6F4";
} else {
$bg = "";
}
echo proc_tpl("options/syscon.row", array('bg' => $bg, 'title' => $title, 'field' => $field, 'description' => $description));
$i++;
}
} elseif ($action == "dosaverss") {
if (strpos($rss_news_include_url, 'http://') === false) {
msg("error", lang('Error!'), lang("The URL where you include your news must start with <b>http://</b>"));
}
$handler = fopen(SERVDIR . "/cdata/rss_config.php", "w") or msg("error", lang('Error!'), "Can not open file ./cdata/rss_config.php");
fwrite($handler, "<?PHP \n\n//RSS Configurations (Auto Generated file)\n\n");
fwrite($handler, "\$rss_news_include_url = \"" . htmlspecialchars($rss_news_include_url) . "\";\n\n");
fwrite($handler, "\$rss_title = \"" . htmlspecialchars($rss_title) . "\";\n\n");
fwrite($handler, "\$rss_encoding = \"" . htmlspecialchars($rss_encoding) . "\";\n\n");
fwrite($handler, "\$rss_language = \"" . htmlspecialchars($rss_language) . "\";\n\n");
fwrite($handler, "?>");
fclose($handler);
msg("wizard", lang("RSS Configuration Saved"), lang("The configurations were saved successfully") . ".<br><br><input onClick=\"document.location='{$PHP_SELF}?mod=wizards&action=customizerss';\" type=button value='Proceed With RSS Customization >>'>");
} elseif ($action == "customizerss") {
echoheader("wizard", lang("RSS Customization"), make_breadcrumbs('main/options=options/wizards=Choose Wizards/wizards:rss=Rss Setup/wizards:rss_step2=Configuration/Complete'));
// Detect the categories (if any)
$cat_lines = file(SERVDIR . "/cdata/category.db.php");
if (count($cat_lines) > 0) {
$cat_options .= '<select style="" id=categories multiple size=5>' . "\n";
foreach ($cat_lines as $single_line) {
$cat_arr = explode("|", $single_line);
$cat_options .= "<option value=\"{$cat_arr['0']}\">(ID:{$cat_arr['0']}) {$cat_arr['1']}</option>\n";
}
$cat_options .= "</select><br><label for=allcategories><input onclick=\"if(this.checked){getElementById('categories').style.display='none';}else{getElementById('categories').style.display='';}\" type=checkbox id=allcategories value=yes>" . lang('Or show from all Categories') . "</label>";
} else {
$cat_options = lang("You do not have any categories") . ". <input type=hidden id=categories><input type=hidden id=allcategories>";
}
// Show the HTML
echo proc_tpl('wizard/customizerss', array('config_http_script_dir' => $config_http_script_dir, 'cat_options' => $cat_options));
echofooter();
}
if ($action == "quickadd") {
die_stat(false, str_replace('%1', $add_ip, lang('The IP %1 is now banned from commenting')));
}
} elseif ($action == "remove") {
if (empty($remove_ip)) {
msg("error", lang('Error!'), lang("The IP or nick cannot be blank"), '#GOBACK');
}
user_remove_ban($remove_ip);
}
// ********************************************************************************
// List all IP
// ********************************************************************************
echoheader("options", lang("Blocking IP / Nickname"), make_breadcrumbs('main/options=options/Block IP or nickname'));
$c = 0;
$iplist = array();
// read all lines
$ips = fopen(SERVDIR . '/cdata/ipban.db.php', 'r');
while (!feof($ips)) {
$dip = explode('|', fgets($ips));
if (empty($dip[0])) {
continue;
}
if (substr($dip[0], 0, 2) == '<' . '?') {
continue;
}
$e = $dip[2] ? format_date($dip[2], 'since-short') : 'never';
$iplist[] = array('ip' => $dip[0], 'bg' => $c++ % 2 ? 'bgcolor="#F7F8FF"' : '', 'times' => $dip[1], 'expire' => $e);
}
fclose($ips);
echo proc_tpl('ipban/index');
echofooter();
}
$files_arch = array();
// check for bad _GET and _POST
$user_post_query = cute_query_string($QUERY_STRING, array("archives", "start_from", "archive", "subaction", "id", "cnshow", "ucat", "dosearch", "story", "title", "user", "from_date_day", "from_date_month", "from_date_year", "to_date_day", "to_date_month", "to_date_year"), "post");
$date_from = mktime(0, 0, 0, intval($from_date_month), intval($from_date_day), intval($from_date_year));
$date_to = mktime(0, 0, 0, intval($to_date_month), intval($to_date_day), intval($to_date_year));
if (empty($search_form_hide) || isset($search_form_hide) && empty($dosearch)) {
// Make parameters -----------------------------------------------------------------------------------------------------
list($day_from, $month_from, $year_from) = make_postponed_date($date_from);
list($day_to, $month_to, $year_to) = make_postponed_date($date_to);
$selected_search_arch = empty($archives) ? false : "checked='checked'";
$story = htmlspecialchars(urldecode($story));
$title = htmlspecialchars(urldecode($title));
$author = htmlspecialchars(urldecode($author));
$hide = ($title or $author or !empty($archives)) ? false : true;
echo proc_tpl('search');
}
// Do Search -------------------------------------------------------------------------------------------------------
if ($dosearch == "yes") {
$mc_start = microtime(true);
// In active news anyway
$listing = array(time() => '/cdata/news.txt');
// Also, search in archive if present (sort it)
if (!empty($archives)) {
$dir = read_dir(SERVDIR . '/cdata/archives');
foreach ($dir as $vs) {
if (preg_match('~(\\d+)\\.news\\.arch$~i', $vs, $c)) {
$listing[$c[1]] = $vs;
}
}
}
}
} else {
unlink($_FILES[$current_image]['tmp_name']);
$img_result .= "<br><span style='color:red;'>{$image_name} ->This type of file is not allowed!</span>";
}
}
}
// out html head image content
$CSRF = CSRFMake();
if ($action == "quick") {
echo proc_tpl('images/quick.up', array('area' => $area, 'CKEditorFuncNum' => $CKEditorFuncNum, 'config_http_script_dir' => $config_http_script_dir), array('WYSYWIG' => $wysiwyg && $_REQUEST['CKEditorFuncNum']));
} else {
echoheader("images", "Manage Images", make_breadcrumbs('main/options=options/Manage Images'));
}
// Add the JS for multiply image upload.
echo proc_tpl('images/multi', array(), array('QUICK' => $action == "quick" && $wysiwyg == false ? 1 : 0));
$i = 0;
$img_dir = opendir(SERVDIR . "/uploads");
while ($file = readdir($img_dir)) {
//Yes we'll store them in array for sorting
$images_in_dir[] = $file;
}
natcasesort($images_in_dir);
reset($images_in_dir);
foreach ($images_in_dir as $file) {
$img_name_arr = explode(".", $file);
$img_type = end($img_name_arr);
if ((in_array($img_type, $allowed_extensions) or in_array(strtolower($img_type), $allowed_extensions)) and $file != ".." and $file != "." and is_file(SERVDIR . "/uploads/" . $file)) {
$i++;
$this_size = filesize(SERVDIR . "/uploads/" . $file);
$total_size += $this_size;
echoheader("options", "Categories", make_breadcrumbs('main/options=options/Manage Categories'));
$count_categories = 0;
$all_cats = hook('read_categories', file(SERVDIR . "/cdata/category.db.php"));
foreach ($all_cats as $cat_line) {
if ($i++ % 2 != 0) {
$bg = "bgcolor=#F7F6F4";
} else {
$bg = "";
}
$cat_arr = explode("|", $cat_line);
$cat_arr[1] = stripslashes(preg_replace(array("'\"'", "'\\''"), array(""", "'"), $cat_arr[1]));
$cat_help_names[] = $cat_arr[1];
$cat_help_ids[] = $cat_arr[0];
$result .= "<tr><td {$bg}> <b>{$cat_arr['0']}</b></td><td {$bg} >{$cat_arr['1']}</td> <td {$bg} align=center>";
if ($cat_arr[2] != "") {
$result .= "<img border=0 src=\"{$cat_arr['2']}\" high=40 width=40 alt=\"{$cat_arr['2']}\">";
} else {
$result .= "---";
}
$result .= "</td><td {$bg} align=center>";
$result .= $cat_arr[3] == "" || $cat_arr[3] == "0" ? "<span title='" . lang('Everyone can Write') . "'>---</span>" : "";
$result .= $cat_arr[3] == "1" ? lang("Only Admin") : "";
$result .= $cat_arr[3] == "2" ? lang("Only Editors & Admin") : "";
$result .= "</td> <td {$bg} align=center>\n <a href=\"{$PHP_SELF}?mod=categories&action=edit&catid={$cat_arr['0']}\">[" . lang('edit') . "]</a>\n <a href=\"{$PHP_SELF}?mod=categories&action=remove&catid={$cat_arr['0']}\">[" . lang('delete') . "]</a></td> </tr>";
$count_categories++;
}
if ($count_categories == 0) {
$result = "<tr><td colspan='5'><p><br><b>" . lang("You haven't defined any categories yet") . "</b><br>" . lang("categories are optional and you can write your news without having categories") . "<br></p></td></tr>";
}
echo proc_tpl('category/index', array('result' => $result, 'CSRF' => $CSRF));
echofooter();
}
// add user
user_add($member_db);
make_crypt_salt();
// Run Once
if (!file_exists(SERVDIR . '/cdata/installed.mark')) {
fclose(fopen(SERVDIR . '/cdata/installed.mark', 'w'));
relocation("http://www.cutephp.com/thanks.php?referer=" . urlencode(base64_encode('http://' . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'])));
} else {
msg('info', 'Notification', lang('You have successfully installed Cutenews! Refresh page to login.'));
}
}
}
if (empty($is_loged_in)) {
echoheader("user", lang("Please Login"));
echo proc_tpl('login_window', array('lastusername' => htmlspecialchars($username)), array('ALLOW_REG' => $config_allow_registration == "1" ? 1 : 0));
echofooter();
} elseif ($is_loged_in) {
// User banned
if ('blocked' == user_getban($member_db[UDB_NAME], true)) {
$_SESS['user'] = false;
send_cookie();
msg('error', lang('Error!'), lang('You\'re banned!'));
}
// ********************************************************************************
// Include System Module
// ********************************************************************************
//name of mod //access
$system_modules = array('addnews' => 'user', 'editnews' => 'user', 'main' => 'user', 'options' => 'user', 'images' => 'user', 'editusers' => 'admin', 'editcomments' => 'admin', 'tools' => 'admin', 'ipban' => 'admin', 'about' => 'user', 'categories' => 'admin', 'massactions' => 'user', 'help' => 'user', 'debug' => 'admin', 'wizards' => 'admin', 'update' => 'user', 'rating' => 'user');
list($system_modules, $mod, $stop) = hook('system_modules_expand', array($system_modules, $mod, false));
// Plugin tells us: don't show anything, stop
$img_result .= "<br><span style='color:red;'>{$image_name} ->This type of file is not allowed!</span>";
} else {
// Image is OK, upload it
copy($image, SERVDIR . "/uploads/" . $image_name) or $img_result .= "<br><span style='color: red;'>{$image_name} -> Couldn't copy image to server</span><br />Check if file_uploads is allowed in the php.ini file of your server";
if (file_exists(SERVDIR . "/uploads/" . $image_name)) {
$img_result .= "<br><span style='color: green;'>{$image_name} -> Image was uploaded</span>";
if ($action == "quick") {
$img_result .= " <a title=\"Insert this image in the {$my_area}\" href=\"javascript:insertimage('{$image_name}');\">[insert it]</a>";
}
}
// if file is uploaded succesfully
}
}
}
// Add the JS for multiply image upload.
echo proc_tpl('images/multi', array('CSRF' => $CSRF, 'img_result' => $img_result, 'wysiwyg' => $wysiwyg, 'CKEditorFuncNum' => $CKEditorFuncNum, 'area' => $area, 'action' => $action), array('QUICK' => $action == "quick" && $wysiwyg == false ? 1 : 0));
$i = 0;
$img_dir = opendir(SERVDIR . "/uploads");
while ($file = readdir($img_dir)) {
//Yes we'll store them in array for sorting
$images_in_dir[] = $file;
}
natcasesort($images_in_dir);
reset($images_in_dir);
foreach ($images_in_dir as $file) {
$img_name_arr = explode(".", $file);
$img_type = end($img_name_arr);
if ((in_array($img_type, $allowed_extensions) or in_array(strtolower($img_type), $allowed_extensions)) and $file != ".." and $file != "." and is_file(SERVDIR . "/uploads/" . $file)) {
$i++;
$this_size = filesize(SERVDIR . "/uploads/" . $file);
$total_size += $this_size;
<?php
if (!defined('INIT_INSTANCE')) {
die('Access restricted');
}
/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Load the specified section in PopUp Window
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ */
if (isset($section)) {
$section = preg_replace('~[^a-z0-9_]~i', '', $section);
$help_section = proc_tpl('help/sections/' . $section);
echo proc_tpl('help/index');
} else {
echoheader("question", "Help Documentation");
echo "<style type=\"text/css\">\n <!--\n .code {\n font-family : Andale Mono, Courier;\n border: 1px solid #BBCDDB;\n margin:10px;\n padding:4px;\n background:#FBFFFF;\n }\n h1 {\n background-color : #EAF0F4;\n border : #000000 1px solid;\n color : #000000;\n font-family : Tahoma, Verdana, Arial, Helvetica, sans-serif;\n font-size : 15px;\n font-weight : bold;\n padding-bottom : 5px;\n padding-left : 10px;\n padding-right : 10px;\n padding-top : 5px;\n text-decoration : none;\n }\n td.r { font-weight: bold; text-align: right; }\n -->\n </style>";
$help_section = false;
$sections = read_dir(SERVDIR . SKIN . '/help/sections');
foreach ($sections as $v) {
$help_section .= proc_tpl(str_replace('.tpl', '', str_replace(SKIN . '/', '', $v)));
}
echo $help_section;
echofooter();
}
$tpl = 'index_cke';
} else {
$tpl = 'index';
}
list($_dateD, $_dateM, $_dateY, $_dateH, $_dateI) = make_postponed_date($postpone_date);
// Add hooks for modify ckeditor
$CKEDITOR_Settings = hook('CKEDITOR_Settings', false);
$CKEDITOR_SetsName = hook('CKEDITOR_SetsName', 'settings');
$Using_HTML = $options['use_html'];
$Using_Avat = $config_use_avatar == 'yes' ? 1 : 0;
$Unapproved = $source == 'unapproved' ? 1 : 0;
// Remove "Approve" button from editor
if ($member_db[UDB_ACL] == ACL_LEVEL_JOURNALIST) {
$Unapproved = 0;
}
echo proc_tpl('editnews/editnews/' . $tpl, array('id' => intval($id), 'item_db1' => $item_db[NEW_USER], 'item_db2' => $item_db[NEW_TITLE], 'item_db3' => $item_db[NEW_SHORT], 'item_db4' => $item_db[NEW_FULL], 'item_db5' => $item_db[NEW_AVATAR], 'short_story_smiles' => insertSmilies($short_story_id, 4, true, $use_wysiwyg), 'full_story_smiles' => insertSmilies($full_story_id, 4, true, $use_wysiwyg), 'dated' => $_dateD, 'datem' => $_dateM, 'datey' => $_dateY, 'dateh' => $_dateH, 'datei' => $_dateI));
echofooter();
} elseif ($action == 'move') {
$id = intval($id);
if (preg_match('~^[0-9]*$~', trim($source))) {
$src = "archives/{$source}.news.arch";
} elseif ($source) {
$src = $source . '_news.txt';
} else {
$src = 'news.txt';
}
// Only for present file
if (!file_exists(SERVDIR . '/cdata/' . $src)) {
$src = 'news.txt';
}
$dbpath = SERVDIR . '/cdata/' . $src;
function login_guest($keep_data = NULL, $username = NULL)
{
global $_SESS;
cn_extrn_init();
// Logout
if (isset($_GET['widget_personal_logout'])) {
$_SESSION = array();
}
// Send new data
$_SESSION['.CSRF'] = md5(mt_rand());
if (!member_get()) {
// Widget's login form
echo proc_tpl('widgets/personal_login_form', "CSRF=" . $_SESSION['.CSRF'], 'KEEP=' . base64_encode(serialize($keep_data)), 'MSG=' . cn_front_msg_show('login', 'widget_personal_msg'), 'username='******'rememberme=' . (isset($_POST['cn_remember_me']) && !empty($_POST['cn_remember_me']) ? 'checked' : ''));
}
}
}
if (!$selected_news) {
msg("error", lang('Error!'), lang("You have not specified any articles"), "#GOBACK");
}
// --------
$the_selected_news = array();
list($news_file) = detect_source($source);
$news = file($news_file);
if (preg_match_all("~^(" . join('|', $selected_news) . ")\\|.*\$~m", join('', $news), $this, PREG_SET_ORDER)) {
foreach ($this as $the) {
$item = explode('|', $the[0]);
$the_selected_news[] = array('id' => $item[NEW_ID], 'date' => date('d-m-Y H:i:s', $item[NEW_ID]), 'title' => htmlspecialchars($item[NEW_TITLE]));
}
}
$CSRF = CSRFMake();
$msg = proc_tpl('mass/chdate', array('source' => $source));
msg('info', lang('Change Date'), $msg);
} elseif ($action == 'dochangedate') {
CSRFCheck();
list($news_file, $comm_file) = detect_source($source);
$db_news_file = file($news_file);
$db_comm_file = file($comm_file);
// Sort by ascending
foreach ($dates as $id => $date) {
$dates[$id] = strtotime($date);
}
asort($dates);
foreach ($dates as $id => $date) {
if ($date <= time() + $config_date_adjust * 60) {
// Don't touch this news: only change date
$db_news_file = preg_replace("~^" . intval($id) . "\\|~m", $date . '|', $db_news_file);
}
echo proc_tpl('editusers/user', array('CSRF' => $CSRF, 'user_arr[2]' => $user_arr[2], 'user_arr[4]' => $user_arr[4], 'user_arr[5]' => $user_arr[5], 'user_arr[6]' => $user_arr[6], 'user_date' => date("r", $user_arr[0]), 'edit_level' => $edit_level, 'last_login' => empty($user_arr[UDB_LAST]) ? lang('never') : date('r', $user_arr[UDB_LAST]), 'id' => $id));
} elseif ($action == "doedituser") {
CSRFCheck();
list($id, $editemail, $editpassword, $editlevel) = GET('id,editemail,editpassword,editlevel');
if (empty($id)) {
die(lang("This is not a valid user"));
}
if (false === ($the_user = user_search($id))) {
die(lang("This is not a valid user"));
}
if (check_email($editemail) == false) {
die(lang("Invalid email"));
}
// In case if email already exists, and email not eq. --> error
$find_email = user_search($editemail, 'email');
if ($find_email && $find_email[UDB_EMAIL] != $the_user[UDB_EMAIL]) {
die(lang("User with this email already exists"));
}
// Change password if present
if (!empty($editpassword)) {
$hmet = hash_generate($editpassword);
$the_user[UDB_PASS] = $hmet[count($hmet) - 1];
send_cookie();
}
// Change user level anywhere
$the_user[UDB_EMAIL] = $editemail;
$the_user[UDB_ACL] = $editlevel;
user_update($id, $the_user);
echo proc_tpl('editusers/doedituser/saved');
}
fwrite($w, '$conf_rw_' . substr($i, 5) . ' = "' . str_replace('"', '\\"', $v) . "\";\n");
}
}
flock($w, LOCK_UN);
fclose($w);
$saved_ok = getpart('saved_ok');
}
// Read data from datatable
if (file_exists(SERVDIR . '/cdata/conf_rw.php')) {
include SERVDIR . '/cdata/conf_rw.php';
}
// Default values -----------------
set_default_val_for_rewrite();
hook('insert_additional_rewrites');
// Try to update htaccess
if ($update_htaccess == 'Y') {
$w = fopen($conf_rw_htaccess, 'w');
flock($w, LOCK_EX);
fwrite($w, "RewriteEngine ON\n");
fwrite($w, "RewriteCond %{REQUEST_FILENAME} !-d\n");
fwrite($w, "RewriteCond %{REQUEST_FILENAME} !-f\n");
fwrite($w, "RewriteRule ^(.*)\$ /cn_friendly_url.php?rew=\$1&%{QUERY_STRING}[L]\n");
flock($w, LOCK_UN);
fclose($w);
}
// view template
echoheader('home', lang('URL Rewrite Manager'), make_breadcrumbs('main=main/options:options=options/tools:rewrite=Rewrite Manager', true));
echo proc_tpl('tools/rewrites/index');
echofooter();
}
hook('tools_additional_actions');
echo $prev_next_msg;
}
$username = $usermail = false;
$template_form = str_replace("{config_http_script_dir}", $config_http_script_dir, $template_form);
//----------------------------------
// Check if the remember script exists
//----------------------------------
if (!empty($_SESS['user'])) {
$captcha_enabled = false;
$member_db = user_search($_SESS['user']);
}
$template_form = str_replace('{username}', isset($member_db[UDB_NAME]) ? $member_db[UDB_NAME] : false, $template_form);
$template_form = str_replace('{usermail}', isset($member_db[UDB_EMAIL]) ? $member_db[UDB_EMAIL] : false, $template_form);
// Remember and Forget for unregistered only
$remember_user = '';
$remember_form = getpart('remember_me');
if ($member_db) {
$remember_form = getpart('logged_as_member');
$remember_user = getpart('logger_as_membersp', htmlspecialchars($member_db[UDB_NAME]), htmlspecialchars($member_db[UDB_EMAIL]));
} elseif ($_COOKIE['CNname']) {
$remember_form = getpart('forget_me');
}
$gduse = function_exists('imagecreatetruecolor') ? 0 : 1;
$captcha_form = $config_use_captcha && $captcha_enabled ? proc_tpl('captcha_comments') : false;
$smilies_form = proc_tpl('remember_js') . insertSmilies('short', false);
$template_form = str_replace("{smilies}", $smilies_form, $template_form);
$template_form = str_replace('{remember_me}', $remember_form, $template_form);
$template_form = hook('comment_template_form', $template_form);
$remember_js = read_tpl('remember') . $remember_user;
echo proc_tpl('comment_form');
return TRUE;
$fs = 0;
foreach ($filesize as $i => $v) {
if (file_exists(SERVDIR . $i)) {
$fs_t = filesize(SERVDIR . $i);
} else {
$fs_t = 0;
}
$msgs['fs'][] = array($v, formatsize($fs_t, $v));
$fs += $fs_t;
}
if (function_exists('disk_free_space') && function_exists('disk_total_space')) {
$msgs['fs'][] = array('Free disk space', formatsize(disk_free_space(SERVDIR)));
$factor = (int) (100 * (1 - disk_free_space('/') / disk_total_space('/')));
if ($factor > 100) {
$factor = 100;
}
if ($factor < 0) {
$factor = 0;
}
} else {
$factor = false;
}
$msgs['fs'][] = array("<a title='" . lang('View all Active News (Edit News)') . "' href='{$PHP_SELF}?mod=editnews&action=list'>" . lang('Active News') . "</a>", $stats_news);
$msgs['fs'][] = array(lang("Active Comments"), $count_comments);
$msgs['fs'][] = array("<a title='" . lang('View all Postponed Articles') . "' href='{$PHP_SELF}?mod=editnews&action=list&source=postponed'>" . lang('Postponed News') . "</a>", $count_postponed_news);
$msgs['fs'][] = array("<a title='" . lang('View all Unapproved Articles') . "' href='{$PHP_SELF}?mod=editnews&action=list&source=unapproved'>" . lang('Unapproved News') . "</a>", $count_unapproved_news);
$msgs['fs'][] = array("<a title='" . lang('View all Archives (Archive Manager)') . "' href='{$PHP_SELF}?mod=tools&action=archive'>" . lang('Archives') . "</a>", $stats_archives);
$msgs['fs'][] = array("<a title='" . lang('View all Users (Add/Edit Users)') . "' href='{$PHP_SELF}?mod=editusers&action=list'>" . lang('Users') . "</a>", $stats_users);
echo proc_tpl('main/syscheck', array('fs' => $msgs['fs'], 'free' => $factor));
echofooter();
hook('destroy_main');
if (!copy(OLDDIR . $fn, $path)) {
$fail[] = array('Cannot copy the file', OLDDIR . $fn, $path);
}
if (!chmod($path, 0666)) {
$fail[] = array('Cannot change file mode', $path);
}
}
}
}
//migrate skins
$skins_dir = array();
if (is_dir(OLDDIR . '/skins')) {
$skins_dir = read_dir(OLDDIR . '/skins', array(), true, OLDDIR);
} else {
$fail[] = array('Folder not found', OLDDIR . '/skins');
}
foreach ($skins_dir as $resourse) {
if (stripos($resourse, '/skins/images/') !== false || preg_match('/(?<!default|compact|simple)\\.skin\\.php$/i', $resourse) > 0) {
if (!copy(OLDDIR . $resourse, SERVDIR . $resourse)) {
$fail[] = array('Cannot copy the file', OLDDIR . $resourse, SERVDIR . $resourse);
}
}
}
// Place .htaccess to cdata section
$w = fopen(SERVDIR . '/cdata/.htaccess', 'w');
fwrite($w, "Deny From All");
chmod(SERVDIR . '/cdata/.htaccess', 0644);
fclose($w);
$found_problems = proc_tpl('install/problemlist');
msg('info', lang('Migration success'), lang("Congrats! You migrated to Cutenews " . VERSION) . " | <a href='index.php'>Login</a> " . $found_problems);
}
foreach ($cat_lines as $single_line) {
$cat_arr = explode("|", $single_line);
$_cat_html .= '<option ' . ($category == $cat_arr[0] ? ' selected ' : '') . ' value="' . $cat_arr[0] . '">' . $cat_arr[1] . '</option>';
}
// new style
$i = 0;
foreach ($cat_lines as $single_line) {
$i++;
$cat_arr = explode("|", $single_line);
$cat_id = $cat_arr[0];
$cat_name = $cat_arr[1];
$_multi_cat_html .= "<td style='font-size:10px;' valign=top><label for='cat" . $cat_id . "'><input " . ($category == $cat_id ? " checked " : '') . " style='background-color:transparent;border:0px;' type=checkbox name='category[]' id='cat" . $cat_id . "' value='" . $cat_id . "'>" . $cat_name . "</label></td>";
if ($i % 4 == 0) {
$_multi_cat_html .= '<tr>';
}
}
}
// ON/OFF CKEditor
$tpl = $use_wysiwyg ? 'index_cke' : 'index';
list($_dateD, $_dateM, $_dateY, $_dateH, $_dateI) = make_postponed_date();
// Add hooks for modify ckeditor
$CKEDITOR_Settings = hook('CKEDITOR_Settings', false);
$CKEDITOR_SetsName = hook('CKEDITOR_SetsName', 'settings');
// Edit news not replace fields
$title = htmlspecialchars($_POST['title']);
$short_story = htmlspecialchars($_POST['short_story']);
$full_story = htmlspecialchars($_POST['full_story']);
$UseAvatar = $config_use_avatar == 'yes' ? 1 : 0;
echo proc_tpl('addnews/' . $tpl, array('member_db8' => $member_db[UDB_AVATAR], 'cat_html' => $_cat_html, 'multi_cat_html' => $_multi_cat_html, 'insertsmiles' => insertSmilies($short_story_id, 4, true, $use_wysiwyg), 'insertsmiles_full' => insertSmilies($full_story_id, 4, true, $use_wysiwyg), 'dated' => $_dateD, 'datem' => $_dateM, 'datey' => $_dateY, 'dateh' => $_dateH, 'datei' => $_dateI));
echofooter();
}
$fs = 0;
foreach ($filesize as $i => $v) {
if (file_exists(SERVDIR . $i)) {
$fs_t = filesize(SERVDIR . $i);
} else {
$fs_t = 0;
}
$msgs['fs'][] = array($v, formatsize($fs_t, $v));
$fs += $fs_t;
}
if (function_exists('disk_free_space') && function_exists('disk_total_space')) {
$msgs['fs'][] = array('Free disk space', formatsize(disk_free_space(SERVDIR)));
$factor = (int) (100 * (1 - disk_free_space('/') / disk_total_space('/')));
if ($factor > 100) {
$factor = 100;
}
if ($factor < 0) {
$factor = 0;
}
} else {
$factor = false;
}
$msgs['fs'][] = array("<a title='" . lang('View all Active News (Edit News)') . "' href='{$PHP_SELF}?mod=editnews&action=list'>" . lang('Active News') . "</a>", $stats_news);
$msgs['fs'][] = array(lang("Active Comments"), $count_comments);
$msgs['fs'][] = array("<a title='" . lang('View all Postponed Articles') . "' href='{$PHP_SELF}?mod=editnews&action=list&source=postponed'>" . lang('Postponed News') . "</a>", $count_postponed_news);
$msgs['fs'][] = array("<a title='" . lang('View all Unapproved Articles') . "' href='{$PHP_SELF}?mod=editnews&action=list&source=unapproved'>" . lang('Unapproved News') . "</a>", $count_unapproved_news);
$msgs['fs'][] = array("<a title='" . lang('View all Archives (Archive Manager)') . "' href='{$PHP_SELF}?mod=tools&action=archive'>" . lang('Archives') . "</a>", $stats_archives);
$msgs['fs'][] = array("<a title='" . lang('View all Users (Add/Edit Users)') . "' href='{$PHP_SELF}?mod=editusers&action=list'>" . lang('Users') . "</a>", $stats_users);
echo proc_tpl('main/syscheck', array('exists' => $msgs['e'], 'x' => $msgs['x'], 'r' => $msgs['r'], 'w' => $msgs['w'], 'fs' => $msgs['fs'], 'free' => $factor), array('FREE' => $factor, 'SHOW' => $SHOW));
echofooter();
hook('destroy_main');
function syscon($config_name, $title, $options = null)
{
global $counter;
list($title, $desc) = explode('|', $title, 2);
list($config_name, $opt) = explode('=', $config_name, 2);
$out = '';
$var = getoption($config_name);
// Is digits or empty - INPUT
if (!is_array($options)) {
$opt = $opt ? $opt : 40;
if ($options == ':text:') {
list($cols, $rows) = explode('/', $opt);
$out = '<textarea cols="' . $cols . '" rows="' . $rows . '" name="save_con[' . $config_name . ']">' . htmlspecialchars($var) . '</textarea>';
} elseif ($options == 'Y/N') {
$checked = $var ? 'checked="checked"' : '';
$out = '<input type="checkbox" name="save_con[' . $config_name . ']" value="1" ' . $checked . ' />';
} elseif ($options == 'y/n') {
$out = '<input type="radio" name="save_con[' . $config_name . ']" value="no" ' . ($var == 'no' ? 'checked="checked"' : '') . ' /> No ';
$out .= '<input type="radio" name="save_con[' . $config_name . ']" value="yes" ' . ($var != 'no' ? 'checked="checked"' : '') . ' /> Yes';
} else {
$out = '<input type="text" class="cn" name="save_con[' . $config_name . ']" value="' . $var . '" size="' . $opt . '" />';
}
} elseif (is_array($options)) {
$out = '<select name="save_con[' . $config_name . ']">';
foreach ($options as $key => $value) {
if ($var == $key) {
$selected = ' selected="selected" ';
} else {
$selected = '';
}
$out .= '<option value="' . $key . '"' . $selected . '>' . htmlspecialchars($value) . '</option>';
}
$out .= '</select>';
}
// --- make line ---
if ($counter++ % 2 == 0) {
$bg = "bgcolor=#F7F6F4";
} else {
$bg = "";
}
return proc_tpl("options/syscon.row", array('bg' => $bg, 'title' => lang($title), 'field' => $out, 'description' => lang($desc)));
}
<?php
if (!defined('INIT_INSTANCE')) {
die('Access restricted');
}
// ********************************************************************************
// CuteCode
// ********************************************************************************
if ($action == "cutecode") {
$read = proc_tpl('about/cutecode', array('target' => $target));
echo $read;
} else {
echoheader("question", lang("Help/About"));
if (function_exists("md5")) {
$functions_md5 = md5(join('', file(SERVDIR . "/core/core.php")));
} else {
$functions_md5 = "MD5NotSupported";
}
// Try license key
if (file_exists(SERVDIR . "/cdata/reg.php")) {
include SERVDIR . "/cdata/reg.php";
}
$read = proc_tpl('about/index', array('config_version_name' => $config_version_name, 'config_version_id' => $config_version_id, 'config_http_script_dir' => $config_http_script_dir, 'functions_md5' => $functions_md5, 'reg_site_key' => $reg_site_key), array('REG' => file_exists(SERVDIR . '/cdata/reg.php')));
echo $read;
echofooter();
}
return FALSE;
}
if ($name && empty($user_member) == false) {
$is_member = true;
// Check stored password in cookies
if ($CNpass and $user_member[UDB_PASS] == $CNpass) {
$password = true;
}
if (!empty($_SESS['user']) && $_SESS['user'] == $name) {
$is_member = true;
} elseif (empty($password)) {
$comments = preg_replace(array("'\"'", "'\\''", "''"), array(""", "'", ""), $comments);
$name = replace_comment("add", preg_replace("/\n/", "", $name));
$mail = replace_comment("add", preg_replace("/\n/", "", $mail));
$remcheck = $CNremember == '1' ? ' checked="checked" ' : '';
echo proc_tpl('enter_passcode');
return FALSE;
} else {
$gen = hash_generate($password);
// password ok?
if (in_array($user_member[UDB_PASS], $gen) || $CNpass && $user_member[UDB_PASS] == $CNpass) {
// if check remember password -> echo this script
if (empty($CNrememberPass) == false) {
$name = htmlspecialchars($name);
if (empty($mail)) {
$mail = htmlspecialchars($user_member[UDB_EMAIL]);
}
echo read_tpl('remember') . '<script type="text/javascript">CNRememberPass("' . $user_member[UDB_PASS] . '", "' . $name . '", "' . $mail . '")</script>';
}
// hide email
$mail = $user_member[UDB_CBYEMAIL] ? false : $user_member[UDB_EMAIL];
foreach ($all_comments as $comment_line) {
$comment_line_arr = explode("|>|", $comment_line);
if ($comment_line_arr[0] == $newsid) {
$comment_arr = explode("||", $comment_line_arr[1]);
foreach ($comment_arr as $single_comment) {
$single_arr = explode("|", $single_comment);
if ($comid == $single_arr[0]) {
break;
}
}
}
}
$single_arr[4] = str_replace("<br />", "\n", $single_arr[4]);
$comdate = date("D, d F Y h:i:s", $single_arr[0]);
$CSRF = CSRFMake();
echo proc_tpl('editcomments', array('newsid' => htmlspecialchars($newsid), 'comid' => htmlspecialchars($comid), 'comdate' => $comdate, 'source' => htmlspecialchars($source), 'single_arr[1]' => htmlspecialchars($single_arr[1]), 'single_arr[2]' => htmlspecialchars($single_arr[2]), 'single_arr[3]' => htmlspecialchars($single_arr[3]), 'single_arr[4]' => htmlspecialchars($single_arr[4]), 'CSRF' => $CSRF));
} elseif ($action == "doeditcomment") {
if (empty($poster) and empty($deletecomment)) {
echo lang("The poster cannot be blank");
die;
}
// CSRF check only for saving comments
if (empty($deletecomment)) {
CSRFCheck();
}
if (empty($mail)) {
$mail = lang("none");
}
if (empty($poster)) {
$poster = lang("Anonymous");
}
$symbol_count++;
if ($symbol_count == $word_count) {
$result .= ' ';
$symbol_count = 0;
$new_word = true;
}
}
return $result;
}
if ($action == 'update') {
$need_update = false;
$last_version_file = fopen("http://cutephp.com/cutenews/latest_version.php", "r");
ob_start();
fpassthru($last_version_file);
list($last_version, $last_version_name) = explode('|', ob_get_clean());
if ($last_version > $config_version_id) {
$need_update = true;
}
if ($need_update) {
$update_key = base64_encode(create_random_string(50, 7));
$update_temp = fopen(SERVDIR . '/cdata/update_temp.php', "w");
fwrite($update_temp, "<?php\n\$update_key='" . $update_key . "';\n?>");
fclose($update_temp);
setcookie('update', $update_key, time() + 60 * 60, '/');
echoheader('info', lang("Update status"), make_breadcrumbs('main/options=options/Update Status'));
echo proc_tpl('update/status');
echofooter();
} else {
msg('info', lang('Update status'), lang('No update: your revision is the latest one'));
}
}
<?php
require_once 'core/init.php';
// plugin tells us: he is fork, stop
if (hook('fork_rss', false)) {
return;
}
$rss = getoption('#rss');
if (empty($rss)) {
die(proc_tpl('help/manual/rss'));
}
$config_http_script_dir = getoption('http_script_dir');
$rss_encoding = $rss['encoding'];
$rss_news_include_url = $rss['news_include_url'];
$rss_title = $rss['title'];
$rss_language = $rss['language'];
// -------
header("Content-type: text/xml", true);
echo "<?xml version=\"1.0\" encoding=\"{$rss_encoding}\" ?>\r\n<?xml-stylesheet type=\"text/css\" href=\"{$config_http_script_dir}/skins/rss_style.css\" ?>\r\n<rss version=\"2.0\" xmlns:atom=\"http://www.w3.org/2005/Atom\">\r\n<channel>\r\n<title>{$rss_title}</title>\r\n<link>{$rss_news_include_url}</link>\r\n<language>{$rss_language}</language>\r\n<description></description>\r\n<!-- <docs>This is an RSS 2.0 file intended to be viewed in a newsreader or syndicated to another site. For more information on RSS check: http://www.feedburner.com/fb/a/aboutrss</docs> -->\r\n<generator>CuteNews</generator>\r\n<atom:link href=\"" . $config_http_script_dir . "/rss.php\" rel=\"self\" type=\"application/rss+xml\" />";
// ---------------------------------------------------------------------------------------------------------------------
if (isset($_GET['number'])) {
$number = intval($_GET['number']);
} else {
$number = 15;
}
if (isset($_GET['only_active']) && $_GET['only_active']) {
$only_active = $_GET['only_active'];
} else {
$only_active = true;
}
$template = 'rss';
}
if (!$selected_news) {
msg("error", lang('Error!'), lang("You have not specified any articles"), "#GOBACK");
}
// --------
$the_selected_news = array();
list($news_file) = detect_source($source);
$news = file($news_file);
if (preg_match_all("~^(" . join('|', $selected_news) . ")\\|.*\$~m", join('', $news), $this, PREG_SET_ORDER)) {
foreach ($this as $the) {
$item = explode('|', $the[0]);
$the_selected_news[] = array('id' => $item[NEW_ID], 'date' => date('d-m-Y H:i:s', $item[NEW_ID]), 'title' => htmlspecialchars($item[NEW_TITLE]));
}
}
$CSRF = CSRFMake();
$msg = proc_tpl('mass/chdate');
msg('info', lang('Change Date'), $msg);
} elseif ($action == 'dochangedate') {
CSRFCheck();
list($news_file, $comm_file) = detect_source($source);
$db_news_file = file($news_file);
$db_comm_file = file($comm_file);
// Sort by ascending
foreach ($dates as $id => $date) {
$dates[$id] = strtotime($date);
}
asort($dates);
foreach ($dates as $id => $date) {
if ($date <= time()) {
// Don't touch this news: only change date
$db_news_file = preg_replace("~^" . intval($id) . "\\|~m", $date . '|', $db_news_file);
$user_arr = user_search($the_email, 'email');
$user = $user_arr[UDB_NAME];
} else {
add_to_log(':anonym:', 'Validate "s" parameter: invalid request');
msg("error", lang('Error!'), lang("Validation is broken"), '#GOBACK');
}
// Generate
srand(time());
$salt = "abcdefghjkmnpqrstuvwxyz0123456789-ABCDEFGHIJKLMNOPQRSTUVWXYZ";
for ($i = 0; $i < 9; $i++) {
$new_pass .= $salt[rand(0, strlen($salt) - 1)];
}
// Save new password
$hmet = hash_generate($new_pass);
$user_arr[UDB_PASS] = $hmet[count($hmet) - 1];
print_r($new_pass);
print_R($hmet);
user_update($user, $user_arr);
$message = str_replace(array('%1', '%2'), array($user, $new_pass), lang("Hi %1,\nYour new password for CuteNews is\n\n %2\n\nplease after you login change this password."));
send_mail($user_arr[UDB_EMAIL], lang("Your New Password for CuteNews"), $message);
add_to_log($user, lang('New password received'));
msg("info", lang("Password Sent"), str_replace('%1', $user, lang("The new password for <b>%1</b> was sent to the email.")));
} else {
if ($config_allow_registration != "1") {
msg("error", lang('Error!'), lang("User registration is Disabled"), '#GOBACK');
}
echoheader("user", lang("User Registration"));
echo proc_tpl('register/reg', array('result' => $result));
echofooter();
}
exec_time();
