public function admin_form(&$qa_content) { $saved = false; $error = false; if (qa_clicked(self::RESET_BTN)) { if (qa_check_form_security_code('donut/admin_options', qa_post_text('code'))) { if (donut_reset_all_options()) { $saved = true; qa_opt('donut_defaults_set_ok', 1); } } else { $error = qa_lang_html('admin/form_security_expired'); } } $form = array('ok' => $saved ? donut_lang('options_reset') : null, 'fields' => array('simple_note' => array('type' => 'static', 'label' => donut_lang('admin_notes'), 'error' => $error)), 'buttons' => array(array('label' => qa_lang_html('admin/reset_options_button'), 'tags' => 'NAME="' . self::RESET_BTN . '"')), 'hidden' => array('code' => qa_get_form_security_code('donut/admin_options'))); return $form; }
createQuestion($title, $content, $areaclass, $conclass, $tags); $topath = qa_get('to'); if (isset($topath)) { qa_redirect_raw("/" . $topath); } else { qa_redirect_raw('/'); } } } } else { qa_redirect_raw('/view/question.php'); } } if ($doanswer) { if (!qa_get_logged_in_userid()) { if (!qa_check_form_security_code('answer', qa_post_text('code')) || strtolower($_SESSION['VerifyCode']) != strtolower(qa_post_text('captcha'))) { $errors['page'] = '验证码错误,请重试'; qa_redirect_raw('/questiondetail/' . $_POST['question'] . '.html?error=' . urlencode($errors['page'])); } else { $parentid = $_POST['question']; $content = $_POST['content']; createAnswer($parentid, $content); $topath = qa_get('to'); if (isset($topath)) { qa_redirect_raw("/" . $topath); } else { qa_redirect_raw('/'); } } } }
if (!qa_admin_check_privileges($qa_content)) { return $qa_content; } // Process user actions $securityexpired = false; $recalculate = false; $optionnames = qa_db_points_option_names(); if (qa_clicked('doshowdefaults')) { $options = array(); foreach ($optionnames as $optionname) { $options[$optionname] = qa_default_option($optionname); } } else { if (qa_clicked('docancel')) { } elseif (qa_clicked('dosaverecalc')) { if (!qa_check_form_security_code('admin/points', qa_post_text('code'))) { $securityexpired = true; } else { foreach ($optionnames as $optionname) { qa_set_option($optionname, (int) qa_post_text('option_' . $optionname)); } if (!qa_post_text('has_js')) { qa_redirect('admin/recalc', array('dorecalcpoints' => 1)); } else { $recalculate = true; } } } $options = qa_get_options($optionnames); } // Prepare content for theme
function qa_page_q_edit_c_submit($comment, $question, $parent, &$in, &$errors) { $commentid = $comment['postid']; $prefix = 'c' . $commentid . '_'; $in = array(); if ($comment['isbyuser']) { $in['name'] = qa_post_text($prefix . 'name'); $in['notify'] = qa_post_text($prefix . 'notify') ? true : false; $in['email'] = qa_post_text($prefix . 'email'); } if (!qa_user_post_permit_error('permit_edit_silent', $comment)) { $in['silent'] = qa_post_text($prefix . 'silent'); } qa_get_post_content($prefix . 'editor', $prefix . 'content', $in['editor'], $in['content'], $in['format'], $in['text']); // here the $in array only contains values for parts of the form that were displayed, so those are only ones checked by filters $errors = array(); if (!qa_check_form_security_code('edit-' . $commentid, qa_post_text($prefix . 'code'))) { $errors['content'] = qa_lang_html('misc/form_security_again'); } else { $in['queued'] = qa_opt('moderate_edited_again') && qa_user_moderation_reason(qa_user_level_for_post($comment)); $filtermodules = qa_load_modules_with('filter', 'filter_comment'); foreach ($filtermodules as $filtermodule) { $oldin = $in; $filtermodule->filter_comment($in, $errors, $question, $parent, $comment); qa_update_post_text($in, $oldin); } if (empty($errors)) { $userid = qa_get_logged_in_userid(); $handle = qa_get_logged_in_handle(); $cookieid = qa_cookie_get(); if (!isset($in['silent'])) { $in['silent'] = false; } $setnotify = $comment['isbyuser'] ? qa_combine_notify_email($comment['userid'], $in['notify'], $in['email']) : $comment['notify']; qa_comment_set_content($comment, $in['content'], $in['format'], $in['text'], $setnotify, $userid, $handle, $cookieid, $question, $parent, @$in['name'], $in['queued'], $in['silent']); return true; } } return false; }
GNU General Public License for more details. More about this license: http://www.question2answer.org/license.php */ require_once QA_INCLUDE_DIR . 'qa-app-users.php'; require_once QA_INCLUDE_DIR . 'qa-app-cookies.php'; require_once QA_INCLUDE_DIR . 'qa-app-votes.php'; require_once QA_INCLUDE_DIR . 'qa-app-format.php'; require_once QA_INCLUDE_DIR . 'qa-app-options.php'; require_once QA_INCLUDE_DIR . 'qa-db-selects.php'; $postid = qa_post_text('postid'); $vote = qa_post_text('vote'); $code = qa_post_text('code'); $userid = qa_get_logged_in_userid(); $cookieid = qa_cookie_get(); if (!qa_check_form_security_code('vote', $code)) { $voteerror = qa_lang_html('misc/form_security_reload'); } else { $post = qa_db_select_with_pending(qa_db_full_post_selectspec($userid, $postid)); $voteerror = qa_vote_error_html($post, $vote, $userid, qa_request()); } if ($voteerror === false) { qa_vote_set($post, $userid, qa_get_logged_in_handle(), $cookieid, $vote); $post = qa_db_select_with_pending(qa_db_full_post_selectspec($userid, $postid)); $fields = qa_post_html_fields($post, $userid, $cookieid, array(), null, array('voteview' => qa_get_vote_view($post, true))); $themeclass = qa_load_theme_class(qa_get_site_theme(), 'voting', null, null); echo "QA_AJAX_RESPONSE\n1\n"; $themeclass->voting_inner_html($fields); } else { echo "QA_AJAX_RESPONSE\n0\n" . $voteerror; }
} list($useraccount, $userprofile) = qa_db_select_with_pending(qa_db_user_account_selectspec($userid, true), qa_db_user_profile_selectspec($userid, true)); qa_report_event('u_save', $userid, $useraccount['handle'], qa_cookie_get()); if (empty($errors)) { qa_redirect('account', array('state' => 'profile-saved')); } qa_logged_in_user_flush(); } } // Process change password if clicked if (qa_clicked('dochangepassword')) { require_once QA_INCLUDE_DIR . 'qa-app-users-edit.php'; $inoldpassword = qa_post_text('oldpassword'); $innewpassword1 = qa_post_text('newpassword1'); $innewpassword2 = qa_post_text('newpassword2'); if (!qa_check_form_security_code('password', qa_post_text('code'))) { $errors['page'] = qa_lang_html('misc/form_security_again'); } else { $errors = array(); if ($haspassword && strtolower(qa_db_calc_passcheck($inoldpassword, $useraccount['passsalt'])) != strtolower($useraccount['passcheck'])) { $errors['oldpassword'] = qa_lang('users/password_wrong'); } $useraccount['password'] = $inoldpassword; $errors = $errors + qa_password_validate($innewpassword1, $useraccount); // array union if ($innewpassword1 != $innewpassword2) { $errors['newpassword2'] = qa_lang('users/password_mismatch'); } if (empty($errors)) { qa_db_user_set_password($userid, $innewpassword1); qa_db_user_set($userid, 'sessioncode', '');
$wallposterrorhtml = qa_wall_error_html($loginuserid, $useraccount['userid'], $useraccount['flags']); foreach ($usermessages as $message) { if ($message['deleteable'] && qa_clicked('m' . $message['messageid'] . '_dodelete')) { if (!qa_check_form_security_code('wall-' . $useraccount['handle'], qa_post_text('code'))) { $errors['page'] = qa_lang_html('misc/form_security_again'); } else { qa_wall_delete_post($loginuserid, qa_get_logged_in_handle(), qa_cookie_get(), $message); qa_redirect(qa_request(), $_GET); } } } if (qa_clicked('dowallpost')) { $inmessage = qa_post_text('message'); if (!strlen($inmessage)) { $errors['message'] = qa_lang('profile/post_wall_empty'); } elseif (!qa_check_form_security_code('wall-' . $useraccount['handle'], qa_post_text('code'))) { $errors['message'] = qa_lang_html('misc/form_security_again'); } elseif (!$wallposterrorhtml) { qa_wall_add_post($loginuserid, qa_get_logged_in_handle(), qa_cookie_get(), $useraccount['userid'], $useraccount['handle'], $inmessage, ''); qa_redirect(qa_request()); } } // Prepare content for theme $qa_content = qa_content_prepare(); $qa_content['title'] = qa_lang_html_sub('profile/wall_for_x', $userhtml); $qa_content['error'] = @$errors['page']; $qa_content['script_rel'][] = 'qa-content/qa-user.js?' . QA_VERSION; $qa_content['message_list'] = array('tags' => 'id="wallmessages"', 'form' => array('tags' => 'name="wallpost" method="post" action="' . qa_self_html() . '"', 'style' => 'tall', 'hidden' => array('qa_click' => '', 'handle' => qa_html($useraccount['handle']), 'start' => qa_html($start), 'code' => qa_get_form_security_code('wall-' . $useraccount['handle']))), 'messages' => array()); if ($start == 0) { // only allow posting on first page if ($wallposterrorhtml) {
return include QA_INCLUDE_DIR . 'qa-page-not-found.php'; } // Find recently (hidden, queued or not) questions, answers, comments and edits for this IP $userid = qa_get_logged_in_userid(); list($qs, $qs_queued, $qs_hidden, $a_qs, $a_queued_qs, $a_hidden_qs, $c_qs, $c_queued_qs, $c_hidden_qs, $edit_qs) = qa_db_select_with_pending(qa_db_qs_selectspec($userid, 'created', 0, null, $ip, false), qa_db_qs_selectspec($userid, 'created', 0, null, $ip, 'Q_QUEUED'), qa_db_qs_selectspec($userid, 'created', 0, null, $ip, 'Q_HIDDEN', true), qa_db_recent_a_qs_selectspec($userid, 0, null, $ip, false), qa_db_recent_a_qs_selectspec($userid, 0, null, $ip, 'A_QUEUED'), qa_db_recent_a_qs_selectspec($userid, 0, null, $ip, 'A_HIDDEN', true), qa_db_recent_c_qs_selectspec($userid, 0, null, $ip, false), qa_db_recent_c_qs_selectspec($userid, 0, null, $ip, 'C_QUEUED'), qa_db_recent_c_qs_selectspec($userid, 0, null, $ip, 'C_HIDDEN', true), qa_db_recent_edit_qs_selectspec($userid, 0, null, $ip, false)); // Check we have permission to view this page, and whether we can block or unblock IPs if (qa_user_maximum_permit_error('permit_anon_view_ips')) { $qa_content = qa_content_prepare(); $qa_content['error'] = qa_lang_html('users/no_permission'); return $qa_content; } $blockable = qa_user_level_maximum() >= QA_USER_LEVEL_MODERATOR; // allow moderator in one category to block across all categories // Perform blocking or unblocking operations as appropriate if (qa_clicked('doblock') || qa_clicked('dounblock') || qa_clicked('dohideall')) { if (!qa_check_form_security_code('ip-' . $ip, qa_post_text('code'))) { $pageerror = qa_lang_html('misc/form_security_again'); } elseif ($blockable) { if (qa_clicked('doblock')) { $oldblocked = qa_opt('block_ips_write'); qa_set_option('block_ips_write', (strlen($oldblocked) ? $oldblocked . ' , ' : '') . $ip); qa_report_event('ip_block', $userid, qa_get_logged_in_handle(), qa_cookie_get(), array('ip' => $ip)); qa_redirect(qa_request()); } if (qa_clicked('dounblock')) { require_once QA_INCLUDE_DIR . 'qa-app-limits.php'; $blockipclauses = qa_block_ips_explode(qa_opt('block_ips_write')); foreach ($blockipclauses as $key => $blockipclause) { if (qa_block_ip_match($ip, $blockipclause)) { unset($blockipclauses[$key]); }
exit; } require_once QA_INCLUDE_DIR . 'app/admin.php'; require_once QA_INCLUDE_DIR . 'app/recalc.php'; // Check we have administrative privileges if (!qa_admin_check_privileges($qa_content)) { return $qa_content; } // Find out the operation $allowstates = array('dorecountposts', 'doreindexcontent', 'dorecalcpoints', 'dorefillevents', 'dorecalccategories', 'dodeletehidden', 'doblobstodisk', 'doblobstodb'); $recalcnow = false; foreach ($allowstates as $allowstate) { if (qa_post_text($allowstate) || qa_get($allowstate)) { $state = $allowstate; $code = qa_post_text('code'); if (isset($code) && qa_check_form_security_code('admin/recalc', $code)) { $recalcnow = true; } } } if ($recalcnow) { ?> <html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> </head> <body> <tt> <?php
function qa_check_page_clicks() { if (qa_to_override(__FUNCTION__)) { $args = func_get_args(); return qa_call_override(__FUNCTION__, $args); } global $qa_page_error_html; if (qa_is_http_post()) { foreach ($_POST as $field => $value) { if (strpos($field, 'vote_') === 0) { // voting... @(list($dummy, $postid, $vote, $anchor) = explode('_', $field)); if (isset($postid) && isset($vote)) { if (!qa_check_form_security_code('vote', qa_post_text('code'))) { $qa_page_error_html = qa_lang_html('misc/form_security_again'); } else { require_once QA_INCLUDE_DIR . 'app/votes.php'; require_once QA_INCLUDE_DIR . 'db/selects.php'; $userid = qa_get_logged_in_userid(); $post = qa_db_select_with_pending(qa_db_full_post_selectspec($userid, $postid)); $qa_page_error_html = qa_vote_error_html($post, $vote, $userid, qa_request()); if (!$qa_page_error_html) { qa_vote_set($post, $userid, qa_get_logged_in_handle(), qa_cookie_get(), $vote); qa_redirect(qa_request(), $_GET, null, null, $anchor); } break; } } } elseif (strpos($field, 'favorite_') === 0) { // favorites... @(list($dummy, $entitytype, $entityid, $favorite) = explode('_', $field)); if (isset($entitytype) && isset($entityid) && isset($favorite)) { if (!qa_check_form_security_code('favorite-' . $entitytype . '-' . $entityid, qa_post_text('code'))) { $qa_page_error_html = qa_lang_html('misc/form_security_again'); } else { require_once QA_INCLUDE_DIR . 'app/favorites.php'; qa_user_favorite_set(qa_get_logged_in_userid(), qa_get_logged_in_handle(), qa_cookie_get(), $entitytype, $entityid, $favorite); qa_redirect(qa_request(), $_GET); } } } elseif (strpos($field, 'notice_') === 0) { // notices... @(list($dummy, $noticeid) = explode('_', $field)); if (isset($noticeid)) { if (!qa_check_form_security_code('notice-' . $noticeid, qa_post_text('code'))) { $qa_page_error_html = qa_lang_html('misc/form_security_again'); } else { if ($noticeid == 'visitor') { setcookie('qa_noticed', 1, time() + 86400 * 3650, '/', QA_COOKIE_DOMAIN); } elseif ($noticeid == 'welcome') { require_once QA_INCLUDE_DIR . 'db/users.php'; qa_db_user_set_flag(qa_get_logged_in_userid(), QA_USER_FLAGS_WELCOME_NOTICE, false); } else { require_once QA_INCLUDE_DIR . 'db/notices.php'; qa_db_usernotice_delete(qa_get_logged_in_userid(), $noticeid); } qa_redirect(qa_request(), $_GET); } } } } } }
return $qa_content; } // Process submitted form if (qa_clicked('doregister')) { require_once QA_INCLUDE_DIR . 'app/limits.php'; if (qa_user_limits_remaining(QA_LIMIT_REGISTRATIONS)) { require_once QA_INCLUDE_DIR . 'app/users-edit.php'; $inemail = qa_post_text('email'); $inpassword = qa_post_text('password'); $inhandle = qa_post_text('handle'); $interms = (int) qa_post_text('terms'); $inprofile = array(); foreach ($userfields as $userfield) { $inprofile[$userfield['fieldid']] = qa_post_text('field_' . $userfield['fieldid']); } if (!qa_check_form_security_code('register', qa_post_text('code'))) { $pageerror = qa_lang_html('misc/form_security_again'); } else { // core validation $errors = array_merge(qa_handle_email_filter($inhandle, $inemail), qa_password_validate($inpassword)); // T&Cs validation if ($show_terms && !$interms) { $errors['terms'] = qa_lang_html('users/terms_not_accepted'); } // filter module validation if (count($inprofile)) { $filtermodules = qa_load_modules_with('filter', 'filter_profile'); foreach ($filtermodules as $filtermodule) { $filtermodule->filter_profile($inprofile, $errors, null, null); } }
// Check we're not using single-sign on integration and that we're not logged in if (QA_FINAL_EXTERNAL_USERS) { qa_fatal_error('User login is handled by external code'); } if (qa_is_logged_in()) { qa_redirect(''); } // Process incoming form if (qa_clicked('doreset')) { require_once QA_INCLUDE_DIR . 'qa-app-users-edit.php'; require_once QA_INCLUDE_DIR . 'qa-db-users.php'; $inemailhandle = qa_post_text('emailhandle'); $incode = trim(qa_post_text('code')); // trim to prevent passing in blank values to match uninitiated DB rows $errors = array(); if (!qa_check_form_security_code('reset', qa_post_text('formcode'))) { $errors['page'] = qa_lang_html('misc/form_security_again'); } else { if (qa_opt('allow_login_email_only') || strpos($inemailhandle, '@') !== false) { // handles can't contain @ symbols $matchusers = qa_db_user_find_by_email($inemailhandle); } else { $matchusers = qa_db_user_find_by_handle($inemailhandle); } if (count($matchusers) == 1) { // if match more than one (should be impossible), consider it a non-match require_once QA_INCLUDE_DIR . 'qa-db-selects.php'; $inuserid = $matchusers[0]; $userinfo = qa_db_select_with_pending(qa_db_user_account_selectspec($inuserid, true)); // strlen() check is vital otherwise we can reset code for most users by entering the empty string if (strlen($incode) && strtolower(trim($userinfo['emailcode'])) == strtolower($incode)) {
function cs_ajax_delete_featured_image() { $args = strip_tags($_REQUEST['args']); $args = explode('_', $args); print_r($args); if (qa_get_logged_in_level() > QA_USER_LEVEL_ADMIN && isset($args) && qa_check_form_security_code('delete-image', $args[0])) { require_once QA_INCLUDE_DIR . 'qa-db-metas.php'; $img = qa_db_postmeta_get($args[1], 'featured_image'); if (!empty($img)) { $thumb_img = preg_replace('/(\\.[^.]+)$/', sprintf('%s$1', '_s'), $img); $thumb = Q_THEME_DIR . '/uploads/' . $thumb_img; $big_img = Q_THEME_DIR . '/uploads/' . $img; qa_db_postmeta_clear($args[1], 'featured_image'); if (file_exists($big_img)) { unlink($big_img); } if (file_exists($thumb)) { unlink($thumb); } } } die; }
Description: Server-side response to Ajax single clicks on posts in admin section This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. More about this license: http://www.question2answer.org/license.php */ require_once QA_INCLUDE_DIR . 'qa-app-admin.php'; require_once QA_INCLUDE_DIR . 'qa-app-users.php'; require_once QA_INCLUDE_DIR . 'qa-app-cookies.php'; $entityid = qa_post_text('entityid'); $action = qa_post_text('action'); if (!qa_check_form_security_code('admin/click', qa_post_text('code'))) { echo "QA_AJAX_RESPONSE\n0\n" . qa_lang('misc/form_security_reload'); } elseif (qa_admin_single_click($entityid, $action)) { // permission check happens in here echo "QA_AJAX_RESPONSE\n1\n"; } else { echo "QA_AJAX_RESPONSE\n0\n" . qa_lang('main/general_error'); } /* Omit PHP closing tag to help avoid accidental output */
This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. More about this license: http://www.question2answer.org/license.php */ require_once QA_INCLUDE_DIR . 'app/users.php'; require_once QA_INCLUDE_DIR . 'app/recalc.php'; if (qa_get_logged_in_level() >= QA_USER_LEVEL_ADMIN) { if (!qa_check_form_security_code('admin/recalc', qa_post_text('code'))) { $state = ''; $message = qa_lang('misc/form_security_reload'); } else { $state = qa_post_text('state'); $stoptime = time() + 3; while (qa_recalc_perform_step($state) && time() < $stoptime) { } $message = qa_recalc_get_message($state); } } else { $state = ''; $message = qa_lang('admin/no_privileges'); } echo "QA_AJAX_RESPONSE\n1\n" . $state . "\n" . qa_html($message); /*
function ra_installed_plugin() { $tables = qa_db_list_tables_lc(); $moduletypes = qa_list_module_types(); $pluginfiles = glob(QA_PLUGIN_DIR . '*/qa-plugin.php'); foreach ($moduletypes as $type) { $modules = qa_load_modules_with($type, 'init_queries'); foreach ($modules as $name => $module) { $queries = $module->init_queries($tables); if (!empty($queries)) { if (qa_is_http_post()) { qa_redirect('install'); } else { $qa_content['error'] = strtr(qa_lang_html('admin/module_x_database_init'), array('^1' => qa_html($name), '^2' => qa_html($type), '^3' => '<a href="' . qa_path_html('install') . '">', '^4' => '</a>')); } } } } if (qa_is_http_post() && !qa_check_form_security_code('admin/plugins', qa_post_text('qa_form_security_code'))) { $qa_content['error'] = qa_lang_html('misc/form_security_reload'); $showpluginforms = false; } else { $showpluginforms = true; } $plugin = array(); if (count($pluginfiles)) { foreach ($pluginfiles as $pluginindex => $pluginfile) { $plugindirectory = dirname($pluginfile) . '/'; $hash = qa_admin_plugin_directory_hash($plugindirectory); $showthisform = $showpluginforms && qa_get('show') == $hash; $contents = file_get_contents($pluginfile); $metadata = qa_admin_addon_metadata($contents, array('name' => 'Plugin Name', 'uri' => 'Plugin URI', 'description' => 'Plugin Description', 'version' => 'Plugin Version', 'date' => 'Plugin Date', 'author' => 'Plugin Author', 'author_uri' => 'Plugin Author URI', 'license' => 'Plugin License', 'min_q2a' => 'Plugin Minimum Question2Answer Version', 'min_php' => 'Plugin Minimum PHP Version', 'update' => 'Plugin Update Check URI')); if (strlen(@$metadata['name'])) { $namehtml = qa_html($metadata['name']); } else { $namehtml = qa_lang_html('admin/unnamed_plugin'); } $plugin_name = $namehtml; if (strlen(@$metadata['uri'])) { $plugin_uri = qa_html($metadata['uri']); } if (strlen(@$metadata['version'])) { $plugin_version = qa_html($metadata['version']); } if (strlen(@$metadata['author'])) { $plugin_author = qa_html($metadata['author']); if (strlen(@$metadata['author_uri'])) { $plugin_author_url = qa_html($metadata['author_uri']); } } if (strlen(@$metadata['version']) && strlen(@$metadata['update'])) { $elementid = 'version_check_' . md5($plugindirectory); $plugin_update = '(<span id="' . $elementid . '"></span>)'; $qa_content['script_onloads'][] = array("qa_version_check(" . qa_js($metadata['update']) . ", 'Plugin Version', " . qa_js($metadata['version'], true) . ", 'Plugin URI', " . qa_js($elementid) . ");"); } if (strlen(@$metadata['description'])) { $plugin_description = qa_html($metadata['description']); } //if (isset($pluginoptionmodules[$plugindirectory])) $plugin_option = qa_admin_plugin_options_path($plugindirectory); if (qa_qa_version_below(@$metadata['min_q2a'])) { $plugin_error = qa_lang_html_sub('admin/requires_q2a_version', qa_html($metadata['min_q2a'])); } elseif (qa_php_version_below(@$metadata['min_php'])) { $plugin_error = qa_lang_html_sub('admin/requires_php_version', qa_html($metadata['min_php'])); } $plugin[] = array('tags' => 'id="' . qa_html($hash) . '"', 'name' => @$plugin_name, 'uri' => @$plugin_uri, 'version' => @$plugin_version, 'author' => @$plugin_author, 'author_url' => @$plugin_author_url, 'update' => @$plugin_update, 'description' => @$plugin_description, 'path' => @$plugindirectory, 'option' => @$plugin_option, 'error' => @$plugin_error, 'fields' => array(array('type' => 'custom'))); } } return $plugin; }
as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. More about this license: http://www.question2answer.org/license.php */ require_once QA_INCLUDE_DIR . 'qa-app-messages.php'; require_once QA_INCLUDE_DIR . 'qa-app-users.php'; require_once QA_INCLUDE_DIR . 'qa-app-cookies.php'; require_once QA_INCLUDE_DIR . 'qa-db-selects.php'; $tohandle = qa_post_text('handle'); $start = (int) qa_post_text('start'); $usermessages = qa_db_select_with_pending(qa_db_recent_messages_selectspec(null, null, $tohandle, false, null, $start)); $usermessages = qa_wall_posts_add_rules($usermessages, $start); foreach ($usermessages as $message) { if (qa_clicked('m' . $message['messageid'] . '_dodelete') && $message['deleteable']) { if (qa_check_form_security_code('wall-' . $tohandle, qa_post_text('code'))) { qa_wall_delete_post(qa_get_logged_in_userid(), qa_get_logged_in_handle(), qa_cookie_get(), $message); echo "QA_AJAX_RESPONSE\n1\n"; return; } } } echo "QA_AJAX_RESPONSE\n0\n"; /* Omit PHP closing tag to help avoid accidental output */
$oldpoints = qa_post_text('edit'); if (!isset($oldpoints)) { $oldpoints = qa_get('edit'); } $pointstitle = qa_get_points_to_titles(); // Check admin privileges (do late to allow one DB query) if (!qa_admin_check_privileges($qa_content)) { return $qa_content; } // Process saving an old or new user title $securityexpired = false; if (qa_clicked('docancel')) { qa_redirect('admin/users'); } elseif (qa_clicked('dosavetitle')) { require_once QA_INCLUDE_DIR . 'util/string.php'; if (!qa_check_form_security_code('admin/usertitles', qa_post_text('code'))) { $securityexpired = true; } else { if (qa_post_text('dodelete')) { unset($pointstitle[$oldpoints]); } else { $intitle = qa_post_text('title'); $inpoints = qa_post_text('points'); $errors = array(); // Verify the title and points are legitimate if (!strlen($intitle)) { $errors['title'] = qa_lang('main/field_required'); } if (!is_numeric($inpoints)) { $errors['points'] = qa_lang('main/field_required'); } else {
modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. More about this license: http://www.question2answer.org/license.php */ require_once QA_INCLUDE_DIR . 'qa-app-users.php'; require_once QA_INCLUDE_DIR . 'qa-db-notices.php'; require_once QA_INCLUDE_DIR . 'qa-db-users.php'; $noticeid = qa_post_text('noticeid'); if (!qa_check_form_security_code('notice-' . $noticeid, qa_post_text('code'))) { echo "QA_AJAX_RESPONSE\n0\n" . qa_lang('misc/form_security_reload'); } else { if ($noticeid == 'visitor') { setcookie('qa_noticed', 1, time() + 86400 * 3650, '/', QA_COOKIE_DOMAIN); } else { $userid = qa_get_logged_in_userid(); if ($noticeid == 'welcome') { qa_db_user_set_flag($userid, QA_USER_FLAGS_WELCOME_NOTICE, false); } else { qa_db_usernotice_delete($userid, $noticeid); } } echo "QA_AJAX_RESPONSE\n1"; } /*
function qa_admin_check_clicks() { if (qa_is_http_post()) { foreach ($_POST as $field => $value) { if (strpos($field, 'admin_') === 0) { @(list($dummy, $entityid, $action) = explode('_', $field)); if (strlen($entityid) && strlen($action)) { if (!qa_check_form_security_code('admin/click', qa_post_text('code'))) { return qa_lang_html('misc/form_security_again'); } elseif (qa_admin_single_click($entityid, $action)) { qa_redirect(qa_request()); } } } } } return null; }
case false: break; default: $errorhtml = qa_lang_html('users/no_permission'); break; } if (isset($errorhtml)) { $qa_content = qa_content_prepare(); $qa_content['error'] = $errorhtml; return $qa_content; } // Process sending a message to user $messagesent = qa_get_state() == 'message-sent'; if (qa_post_text('domessage')) { $inmessage = qa_post_text('message'); if (!qa_check_form_security_code('message-' . $handle, qa_post_text('code'))) { $pageerror = qa_lang_html('misc/form_security_again'); } else { if (empty($inmessage)) { $errors['message'] = qa_lang('misc/message_empty'); } if (empty($errors)) { require_once QA_INCLUDE_DIR . 'qa-db-messages.php'; require_once QA_INCLUDE_DIR . 'qa-app-emails.php'; if (qa_opt('show_message_history')) { $messageid = qa_db_message_create($loginuserid, $toaccount['userid'], $inmessage, '', false); } else { $messageid = null; } $fromhandle = qa_get_logged_in_handle(); $canreply = !(qa_get_logged_in_flags() & QA_USER_FLAGS_NO_MESSAGES);
qa_redirect(qa_request(), array('edit' => $editcategory['categoryid'])); } elseif (isset($editcategory['categoryid'])) { qa_redirect(qa_request()); } else { qa_redirect(qa_request(), array('edit' => @$editcategory['parentid'])); } } elseif (qa_clicked('dosetmissing')) { if (!qa_check_form_security_code('admin/categories', qa_post_text('code'))) { $securityexpired = true; } else { $inreassign = qa_get_category_field_value('reassign'); qa_db_category_reassign($editcategory['categoryid'], $inreassign); qa_redirect(qa_request(), array('recalc' => 1, 'edit' => $editcategory['categoryid'])); } } elseif (qa_clicked('dosavecategory')) { if (!qa_check_form_security_code('admin/categories', qa_post_text('code'))) { $securityexpired = true; } elseif (qa_post_text('dodelete')) { if (!$hassubcategory) { $inreassign = qa_get_category_field_value('reassign'); qa_db_category_reassign($editcategory['categoryid'], $inreassign); qa_db_category_delete($editcategory['categoryid']); qa_redirect(qa_request(), array('recalc' => 1, 'edit' => $editcategory['parentid'])); } } else { require_once QA_INCLUDE_DIR . 'util/string.php'; $inname = qa_post_text('name'); $incontent = qa_post_text('content'); $inparentid = $setparent ? qa_get_category_field_value('parent') : $editcategory['parentid']; $inposition = qa_post_text('position'); $errors = array();
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. More about this license: http://www.question2answer.org/license.php */ require_once QA_INCLUDE_DIR . 'app/messages.php'; require_once QA_INCLUDE_DIR . 'app/users.php'; require_once QA_INCLUDE_DIR . 'app/cookies.php'; require_once QA_INCLUDE_DIR . 'db/selects.php'; $message = qa_post_text('message'); $tohandle = qa_post_text('handle'); $morelink = qa_post_text('morelink'); $touseraccount = qa_db_select_with_pending(qa_db_user_account_selectspec($tohandle, false)); $loginuserid = qa_get_logged_in_userid(); $errorhtml = qa_wall_error_html($loginuserid, $touseraccount['userid'], $touseraccount['flags']); if ($errorhtml || !strlen($message) || !qa_check_form_security_code('wall-' . $tohandle, qa_post_text('code'))) { echo "QA_AJAX_RESPONSE\n0"; } else { $messageid = qa_wall_add_post($loginuserid, qa_get_logged_in_handle(), qa_cookie_get(), $touseraccount['userid'], $touseraccount['handle'], $message, ''); $touseraccount['wallposts']++; // won't have been updated $usermessages = qa_db_select_with_pending(qa_db_recent_messages_selectspec(null, null, $touseraccount['userid'], true, qa_opt('page_size_wall'))); $usermessages = qa_wall_posts_add_rules($usermessages, 0); $themeclass = qa_load_theme_class(qa_get_site_theme(), 'wall', null, null); echo "QA_AJAX_RESPONSE\n1\n"; echo 'm' . $messageid . "\n"; // element in list to be revealed foreach ($usermessages as $message) { $themeclass->message_item(qa_wall_post_view($message)); } if ($morelink && $touseraccount['wallposts'] > count($usermessages)) {
qa_set_option('avatar_default_show', 1); } if (strlen($oldblobid)) { qa_delete_blob($oldblobid); } } else { $errors['avatar_default_show'] = qa_lang_sub('main/image_not_read', implode(', ', qa_gd_image_formats())); } } } } } // Mailings management if ($adminsection == 'mailing') { if (qa_clicked('domailingtest') || qa_clicked('domailingstart') || qa_clicked('domailingresume') || qa_clicked('domailingcancel')) { if (!qa_check_form_security_code('admin/' . $adminsection, qa_post_text('code'))) { $securityexpired = true; } else { if (qa_clicked('domailingtest')) { $email = qa_get_logged_in_email(); if (qa_mailing_send_one(qa_get_logged_in_userid(), qa_get_logged_in_handle(), $email, qa_get_logged_in_user_field('emailcode'))) { $formokhtml = qa_lang_html_sub('admin/test_sent_to_x', qa_html($email)); } else { $formokhtml = qa_lang_html('main/general_error'); } } if (qa_clicked('domailingstart')) { qa_mailing_start(); $startmailing = true; } if (qa_clicked('domailingresume')) {
function qa_page_q_add_c_submit($question, $parent, $commentsfollows, $usecaptcha, &$in, &$errors) { $parentid = $parent['postid']; $prefix = 'c' . $parentid . '_'; $in = array('name' => qa_post_text($prefix . 'name'), 'notify' => qa_post_text($prefix . 'notify') !== null, 'email' => qa_post_text($prefix . 'email'), 'queued' => qa_user_moderation_reason(qa_user_level_for_post($parent)) !== false); qa_get_post_content($prefix . 'editor', $prefix . 'content', $in['editor'], $in['content'], $in['format'], $in['text']); $errors = array(); if (!qa_check_form_security_code('comment-' . $parent['postid'], qa_post_text($prefix . 'code'))) { $errors['content'] = qa_lang_html('misc/form_security_again'); } else { $filtermodules = qa_load_modules_with('filter', 'filter_comment'); foreach ($filtermodules as $filtermodule) { $oldin = $in; $filtermodule->filter_comment($in, $errors, $question, $parent, null); qa_update_post_text($in, $oldin); } if ($usecaptcha) { qa_captcha_validate_post($errors); } if (empty($errors)) { $testwords = implode(' ', qa_string_to_words($in['content'])); foreach ($commentsfollows as $comment) { if ($comment['basetype'] == 'C' && $comment['parentid'] == $parentid && !$comment['hidden']) { if (implode(' ', qa_string_to_words($comment['content'])) == $testwords) { $errors['content'] = qa_lang_html('question/duplicate_content'); } } } } if (empty($errors)) { $userid = qa_get_logged_in_userid(); $handle = qa_get_logged_in_handle(); $cookieid = isset($userid) ? qa_cookie_get() : qa_cookie_get_create(); // create a new cookie if necessary $commentid = qa_comment_create($userid, $handle, $cookieid, $in['content'], $in['format'], $in['text'], $in['notify'], $in['email'], $question, $parent, $commentsfollows, $in['queued'], $in['name']); return $commentid; } } return null; }
$qa_content['script_rel'][] = 'qa-content/qa-admin.js?' . QA_VERSION; $pluginfiles = glob(QA_PLUGIN_DIR . '*/qa-plugin.php'); foreach ($moduletypes as $type) { $modules = qa_load_modules_with($type, 'init_queries'); foreach ($modules as $name => $module) { $queries = $module->init_queries($tables); if (!empty($queries)) { if (qa_is_http_post()) { qa_redirect('install'); } else { $qa_content['error'] = strtr(qa_lang_html('admin/module_x_database_init'), array('^1' => qa_html($name), '^2' => qa_html($type), '^3' => '<a href="' . qa_path_html('install') . '">', '^4' => '</a>')); } } } } if (qa_is_http_post() && !qa_check_form_security_code('admin/plugins', qa_post_text('qa_form_security_code'))) { $qa_content['error'] = qa_lang_html('misc/form_security_reload'); $showpluginforms = false; } else { $showpluginforms = true; } if (count($pluginfiles)) { foreach ($pluginfiles as $pluginindex => $pluginfile) { $plugindirectory = dirname($pluginfile) . '/'; $hash = qa_admin_plugin_directory_hash($plugindirectory); $showthisform = $showpluginforms && qa_get('show') == $hash; $contents = file_get_contents($pluginfile); $metadata = qa_admin_addon_metadata($contents, array('name' => 'Plugin Name', 'uri' => 'Plugin URI', 'description' => 'Plugin Description', 'version' => 'Plugin Version', 'date' => 'Plugin Date', 'author' => 'Plugin Author', 'author_uri' => 'Plugin Author URI', 'license' => 'Plugin License', 'min_q2a' => 'Plugin Minimum Question2Answer Version', 'min_php' => 'Plugin Minimum PHP Version', 'update' => 'Plugin Update Check URI')); if (strlen(@$metadata['name'])) { $namehtml = qa_html($metadata['name']); } else {
as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. More about this license: http://www.question2answer.org/license.php */ require_once QA_INCLUDE_DIR . 'qa-app-users.php'; require_once QA_INCLUDE_DIR . 'qa-app-cookies.php'; require_once QA_INCLUDE_DIR . 'qa-app-favorites.php'; require_once QA_INCLUDE_DIR . 'qa-app-format.php'; $entitytype = qa_post_text('entitytype'); $entityid = qa_post_text('entityid'); $setfavorite = qa_post_text('favorite'); $userid = qa_get_logged_in_userid(); if (!qa_check_form_security_code('favorite-' . $entitytype . '-' . $entityid, qa_post_text('code'))) { echo "QA_AJAX_RESPONSE\n0\n" . qa_lang('misc/form_security_reload'); } elseif (isset($userid)) { $cookieid = qa_cookie_get(); qa_user_favorite_set($userid, qa_get_logged_in_handle(), $cookieid, $entitytype, $entityid, $setfavorite); $favoriteform = qa_favorite_form($entitytype, $entityid, $setfavorite, qa_lang($setfavorite ? 'main/remove_favorites' : 'main/add_favorites')); $themeclass = qa_load_theme_class(qa_get_site_theme(), 'ajax-favorite', null, null); echo "QA_AJAX_RESPONSE\n1\n"; $themeclass->favorite_inner_html($favoriteform); } /* Omit PHP closing tag to help avoid accidental output */
$inmessage = qa_post_text('message'); if (!strlen($inmessage)) { $errors['message'] = qa_lang('profile/post_wall_empty'); } elseif (!qa_check_form_security_code('wall-' . $useraccount['handle'], qa_post_text('code'))) { $errors['message'] = qa_lang_html('misc/form_security_again'); } elseif (!$wallposterrorhtml) { qa_wall_add_post($loginuserid, qa_get_logged_in_handle(), qa_cookie_get(), $userid, $useraccount['handle'], $inmessage, ''); qa_redirect(qa_request(), null, null, null, 'wall'); } } } // Process bonus setting button if ($loginlevel >= QA_USER_LEVEL_ADMIN && qa_clicked('dosetbonus')) { require_once QA_INCLUDE_DIR . 'qa-db-points.php'; $inbonus = (int) qa_post_text('bonus'); if (!qa_check_form_security_code('user-activity-' . $handle, qa_post_text('code'))) { $errors['page'] = qa_lang_html('misc/form_security_again'); } else { qa_db_points_set_bonus($userid, $inbonus); qa_db_points_update_ifuser($userid, null); qa_redirect(qa_request(), null, null, null, 'activity'); } } // Prepare content for theme $qa_content = qa_content_prepare(); $qa_content['title'] = qa_lang_html_sub('profile/user_x', $userhtml); $qa_content['error'] = @$errors['page']; if (isset($loginuserid) && !QA_FINAL_EXTERNAL_USERS) { $favoritemap = qa_get_favorite_non_qs_map(); $favorite = @$favoritemap['user'][$useraccount['userid']]; $qa_content['favorite'] = qa_favorite_form(QA_ENTITY_USER, $useraccount['userid'], $favorite, qa_lang_sub($favorite ? 'main/remove_x_favorites' : 'users/add_user_x_favorites', $handle));
$in['extra'] = qa_opt('extra_field_active') ? qa_post_text('extra') : null; if (qa_using_tags()) { $in['tags'] = qa_get_tags_field_value('tags'); } if (qa_clicked('doask')) { require_once QA_INCLUDE_DIR . 'qa-app-post-create.php'; require_once QA_INCLUDE_DIR . 'qa-util-string.php'; $categoryids = array_keys(qa_category_path($categories, @$in['categoryid'])); $userlevel = qa_user_level_for_categories($categoryids); $in['name'] = qa_post_text('name'); $in['notify'] = qa_post_text('notify') ? true : false; $in['email'] = qa_post_text('email'); $in['queued'] = qa_user_moderation_reason($userlevel) ? true : false; qa_get_post_content('editor', 'content', $in['editor'], $in['content'], $in['format'], $in['text']); $errors = array(); if (!qa_check_form_security_code('ask', qa_post_text('code'))) { $errors['page'] = qa_lang_html('misc/form_security_again'); } else { $filtermodules = qa_load_modules_with('filter', 'filter_question'); foreach ($filtermodules as $filtermodule) { $oldin = $in; $filtermodule->filter_question($in, $errors, null); qa_update_post_text($in, $oldin); } if (qa_using_categories() && count($categories) && !qa_opt('allow_no_category') && !isset($in['categoryid'])) { $errors['categoryid'] = qa_lang_html('question/category_required'); } elseif (qa_user_permit_error('permit_post_q', null, $userlevel)) { $errors['categoryid'] = qa_lang_html('question/category_ask_not_allowed'); } if ($captchareason) { require_once 'qa-app-captcha.php';
GNU General Public License for more details. More about this license: http://www.question2answer.org/license.php */ require_once QA_INCLUDE_DIR . 'app/messages.php'; require_once QA_INCLUDE_DIR . 'app/users.php'; require_once QA_INCLUDE_DIR . 'app/cookies.php'; require_once QA_INCLUDE_DIR . 'db/selects.php'; $loginUserId = qa_get_logged_in_userid(); $loginUserHandle = qa_get_logged_in_handle(); $fromhandle = qa_post_text('handle'); $start = (int) qa_post_text('start'); $box = qa_post_text('box'); $pagesize = qa_opt('page_size_pms'); if (!isset($loginUserId) || $loginUserHandle !== $fromhandle || !in_array($box, array('inbox', 'outbox'))) { echo "QA_AJAX_RESPONSE\n0\n"; return; } $func = 'qa_db_messages_' . $box . '_selectspec'; $pmSpec = $func('private', $loginUserId, true, $start, $pagesize); $userMessages = qa_db_select_with_pending($pmSpec); foreach ($userMessages as $message) { if (qa_clicked('m' . $message['messageid'] . '_dodelete')) { if (qa_check_form_security_code('pm-' . $fromhandle, qa_post_text('code'))) { qa_pm_delete($loginUserId, qa_get_logged_in_handle(), qa_cookie_get(), $message, $box); echo "QA_AJAX_RESPONSE\n1\n"; return; } } } echo "QA_AJAX_RESPONSE\n0\n";