function bm_save_book()
{
# create a backup if necessary
if (isset($_POST['current-slug'])) {
$file = $_POST['current-slug'] . '.xml';
@rename(BMBOOKPATH . $file, BMBACKUPPATH . $file);
}
# empty titles are not allowed
if (empty($_POST['book-title'])) {
$_POST['book-title'] = '[No Title]';
}
# set initial slug and filename
if (!empty($_POST['book-slug'])) {
$slug = bm_create_slug($_POST['book-slug']);
} else {
$slug = bm_create_slug($_POST['book-title']);
}
$file = BMBOOKPATH . "{$slug}.xml";
# do not overwrite other books
if (file_exists($file)) {
$count = 1;
$file = BMBOOKPATH . "{$slug}-{$count}.xml";
while (file_exists($file)) {
$file = BMBOOKPATH . "{$slug}-" . ++$count . '.xml';
}
$slug = basename($file, '.xml');
}
# create undo target if there's a backup available
if (isset($_POST['current-slug'])) {
$backup = $slug . ':' . $_POST['current-slug'];
}
# collect $_POST data
$title = safe_slash_html($_POST['book-title']);
$timestamp = strtotime($_POST['book-date'] . ' ' . $_POST['book-time']);
$date = $timestamp ? date('r', $timestamp) : date('r');
$tags = str_replace(array(' ', ',,'), array('', ','), safe_slash_html($_POST['book-tags']));
$private = isset($_POST['book-private']) ? 'Y' : '';
$content = safe_slash_html($_POST['book-content']);
# create xml object
$xml = new SimpleXMLExtended('<?xml version="1.0" encoding="UTF-8"?><item></item>');
$obj = $xml->addChild('title');
$obj->addCData($title);
$obj = $xml->addChild('date');
$obj->addCData($date);
$obj = $xml->addChild('tags');
$obj->addCData($tags);
$obj = $xml->addChild('private');
$obj->addCData($private);
$obj = $xml->addChild('content');
$obj->addCData($content);
# write data to file
if (@XMLsave($xml, $file) && bm_update_cache()) {
bm_display_message(i18n_r('books_manager/SUCCESS_SAVE'), false, @$backup);
} else {
bm_display_message(i18n_r('books_manager/SUCCESS_SAVE'), false, @$backup);
}
}
if (isset($_POST['post-parent'])) {
$parent = $_POST['post-parent'];
}
if (isset($_POST['post-menu'])) {
$menu = safe_slash_html($_POST['post-menu']);
}
if (isset($_POST['post-menu-enable'])) {
$menuStatus = "Y";
} else {
$menuStatus = "";
}
if (isset($_POST['post-private'])) {
$private = safe_slash_html($_POST['post-private']);
}
if (isset($_POST['post-content'])) {
$content = safe_slash_html($_POST['post-content']);
}
if (isset($_POST['post-menu-order'])) {
if (is_numeric($_POST['post-menu-order'])) {
$menuOrder = $_POST['post-menu-order'];
} else {
$menuOrder = "0";
}
}
//check to make sure we dont overwrite any good files upon create
if (file_exists($file) && $url != $_POST['existing-url']) {
$count = "1";
$file = GSDATAPAGESPATH . $url . "-" . $count . ".xml";
while (file_exists($file)) {
$count++;
$file = GSDATAPAGESPATH . $url . "-" . $count . ".xml";
function nm_save_post()
{
# create a backup if necessary
if (isset($_POST['current-slug'])) {
$file = $_POST['current-slug'] . '.xml';
if (dirname(realpath(NMPOSTPATH . $file)) != realpath(NMPOSTPATH)) {
die('');
}
// path traversal
@nm_rename_file(NMPOSTPATH . $file, NMBACKUPPATH . $file);
}
# empty titles are not allowed
if (empty($_POST['post-title']) || trim($_POST['post-title']) == '') {
$_POST['post-title'] = '[No Title]';
}
# set initial slug and filename
if (!empty($_POST['post-slug'])) {
$slug = nm_create_slug($_POST['post-slug']);
} else {
$slug = nm_create_slug($_POST['post-title']);
if ($slug == '') {
$slug = 'post';
}
}
$file = NMPOSTPATH . $slug . '.xml';
# do not overwrite other posts
if (file_exists($file)) {
$count = 1;
$file = NMPOSTPATH . $slug . '-' . $count . '.xml';
while (file_exists($file)) {
$file = NMPOSTPATH . $slug . '-' . ++$count . '.xml';
}
$slug = basename($file, '.xml');
}
# create undo target if there's a backup available
if (isset($_POST['current-slug'])) {
$backup = $slug . ':' . $_POST['current-slug'];
}
# collect $_POST data
$title = safe_slash_html($_POST['post-title']);
$timestamp = strtotime($_POST['post-date'] . ' ' . $_POST['post-time']);
$date = $timestamp ? date('r', $timestamp) : date('r');
$tags = nm_lowercase_tags(trim(preg_replace(array('/\\s+/', '/\\s*,\\s*/', '/,+/'), array(' ', ',', ','), safe_slash_html(trim($_POST['post-tags']))), ','));
$private = isset($_POST['post-private']) ? 'Y' : '';
$image = safe_slash_html($_POST['post-image']);
$content = safe_slash_html($_POST['post-content']);
if (defined('NMSAVEAUTHOR') && NMSAVEAUTHOR) {
if (isset($_POST['author'])) {
$author = safe_slash_html($_POST['author']);
} else {
global $USR;
$author = $USR ? $USR : '';
}
}
# create xml object
$xml = new SimpleXMLExtended('<?xml version="1.0" encoding="UTF-8"?><item></item>');
$obj = $xml->addChild('title');
$obj->addCData($title);
$obj = $xml->addChild('date');
$obj->addCData($date);
$obj = $xml->addChild('tags');
$obj->addCData($tags);
$obj = $xml->addChild('private');
$obj->addCData($private);
$obj = $xml->addChild('image');
$obj->addCData($image);
$obj = $xml->addChild('content');
$obj->addCData($content);
if (isset($author)) {
$obj = $xml->addChild('author');
$obj->addCData($author);
}
# write data to file
if (@XMLsave($xml, $file) && nm_update_cache()) {
nm_generate_sitemap();
nm_display_message(i18n_r('news_manager/SUCCESS_SAVE'), false, @$backup);
} else {
nm_display_message(i18n_r('news_manager/ERROR_SAVE'), true);
}
}
public function page_save()
{
if ($this->auth()) {
$id = (string) $this->xml->data->slug;
$thisfile = GSDATAPAGESPATH . $id . '.xml';
if (file_exists($thisfile)) {
$page = getXML($thisfile);
$page->content = safe_slash_html($this->xml->data->content);
$page->title = safe_slash_html($this->xml->data->title);
$page->pubDate = date('r');
$bakfile = GSBACKUPSPATH . "pages/" . $id . ".bak.xml";
copy($thisfile, $bakfile);
$status = XMLsave($page, $thisfile);
if ($status) {
touch($thisfile);
$wrapper = array('status' => 'success', 'message' => 'page_save ok', 'response' => $page);
} else {
$wrapper = array('status' => 'error', 'message' => 'There was an error saving your page');
}
return json_encode($wrapper);
} else {
$error = array('status' => 'error', 'message' => sprintf(i18n_r('API_ERR_NOPAGE'), $id));
return json_encode($error);
}
}
}
/**
* Saves a post submitted from the admin panel
*
* @param $post_data the post data (eg: 'XML_FIELD_NAME => $POSTDATA')
* @todo clean up this method... Not happy about it's messiness!
* @return bool
*/
public function savePost($post_data, $auto_import = false)
{
if ($post_data['slug'] != '') {
$slug = $this->blog_create_slug($post_data['slug']);
} else {
$slug = $this->blog_create_slug($post_data['title']);
}
$file = BLOGPOSTSFOLDER . "{$slug}.xml";
if ($post_data['current_slug'] == '' || $post_data['current_slug'] != $post_data['slug']) {
# delete old post file
if ($post_data['current_slug'] != '') {
unlink(BLOGPOSTSFOLDER . $post_data['current_slug'] . '.xml');
}
# do not overwrite existing files
if (file_exists($file) && $auto_import == false) {
$count = 0;
while (file_exists($file)) {
$file = BLOGPOSTSFOLDER . "{$slug}-" . ++$count . '.xml';
$slug .= "-{$count}";
}
}
} else {
unlink(BLOGPOSTSFOLDER . $post_data['current_slug'] . '.xml');
}
if ($post_data['date'] != '') {
$date = $post_data['date'];
} else {
$date = date('m/d/Y h:i:s a', time());
}
if ($post_data['tags'] != '') {
$tags = str_replace(array(' ', ',,'), array('', ','), $post_data['tags']);
} else {
$tags = '';
}
$xml = new SimpleXMLExtended('<?xml version="1.0"?><item></item>');
foreach ($post_data as $key => $value) {
if ($key == 'current_slug' || $key == 'time') {
} elseif ($key == 'slug') {
$node = $xml->addChild($key);
$node->addCData($slug);
} elseif ($key == 'title') {
$title = safe_slash_html($value);
$node = $xml->addChild($key);
$node->addCData($title);
} elseif ($key == 'date') {
$node = $xml->addChild($key);
$node->addCData($date);
} elseif ($key == 'content') {
$content = safe_slash_html($value);
$node = $xml->addChild($key);
$node->addCData($content);
} elseif ($key == 'tags') {
$node = $xml->addChild($key);
$node->addCData($tags);
} else {
$node = $xml->addChild($key);
$node->addCData($value);
}
}
$tags = str_replace(array(' ', ',,'), array('', ','), safe_slash_html($post_data['tags']));
if (!XMLsave($xml, $file)) {
return false;
} else {
$this->createPostsCache();
if (function_exists('i18n_search_index_item')) {
i18n_search_index_item($slug, 'en', $post_data['date'], $post_data['date'], $post_data['tags'], $post_data['title'], $post_data['content']);
}
return true;
}
}
* You should have received a full copy of the LICENSE AGREEMENT along with
* Codefuture Image Hosting Script. If not, see http://codefuture.co.uk/projects/imagehost/license/.
*
*
* ABOUT THIS PAGE -----
* Used For: Admin ADs page
* Last edited: 19/12/2012
*
*************************************************************************************************************/
if (isset($_POST['changeads'])) {
$makeFile = '<?php if(!defined(\'cfih\') or !cfih) exit("Direct access not permitted.");
$ads[\'header\'] = \'' . safe_slash_html($_POST['ad1']) . '\';
$ads[\'index\'] = "' . safe_slash_html($_POST['ad2']) . '";
$ads[\'thumb\'] = "' . safe_slash_html($_POST['ad3']) . '";
$ads[\'gallery\'] = "' . safe_slash_html($_POST['ad4']) . '";
$ads[\'footer\'] = "' . safe_slash_html($_POST['ad5']) . '";';
if ($fp = fopen(CFDATAPATH . 'ads.php', 'w+')) {
fwrite($fp, $makeFile);
fclose($fp);
} else {
user_feedback('error', 'Error: Saving file', 'admin_ads_saving_file');
}
}
// page settings
$page['id'] = 'ads';
$page['title'] = _T("admin_ad_page_title");
$page['description'] = '';
$page['tipsy'] = true;
require CFADMINPATH . 'admin_page_header.php';
?>
<!-- admin settings -->
$data['menuStatus'] = "Y";
} else {
$menuStatus = "";
}
if (isset($_POST['post-menu-order'])) {
$data['menuOrder'] = is_numeric($_POST['post-menu-order']) ? $_POST['post-menu-order'] : "0";
}
if (isset($_POST['post-private'])) {
$data['private'] = safe_slash_html($_POST['post-private']);
}
// meta
if (isset($_POST['post-metak'])) {
$data['meta'] = $metak = safe_slash_html($_POST['post-metak']);
}
if (isset($_POST['post-metad'])) {
$data['metad'] = safe_slash_html($_POST['post-metad']);
}
//robots
if (isset($_POST['post-metar-noindex'])) {
$data['metarNoIndex'] = 1;
} else {
$data['metarNoIndex'] = 0;
}
if (isset($_POST['post-metar-nofollow'])) {
$data['metarNoFollow'] = 1;
} else {
$data['metarNoFollow'] = 0;
}
if (isset($_POST['post-metar-noarchive'])) {
$data['metarNoArchive'] = 1;
} else {
function addComponentItem($xml, $title, $value, $active, $slug = null)
{
if ($title != null && !empty($title)) {
if ($slug == null || _id($slug) == '') {
$slug = to7bit($title, 'UTF-8');
$slug = clean_url($slug);
}
$title = safe_slash_html($title);
$value = safe_slash_html($value);
$disabled = $active;
if (!is_object($xml)) {
$xml = new SimpleXMLExtended('<?xml version="1.0" encoding="UTF-8"?><item></item>');
}
# create the body of components.xml file
$component = $xml->addChild('item');
$c_note = $component->addChild('title');
$c_note->addCData($title);
$component->addChild('slug', $slug);
$c_note = $component->addChild('value');
$c_note->addCData($value);
$c_note = $component->addChild('disabled');
$c_note->addCData($disabled);
}
// debugLog(var_dump($component->asXML()));
return $xml;
}
# start creation of top of components.xml file
$xml = new SimpleXMLExtended('<?xml version="1.0" encoding="UTF-8"?><channel></channel>');
if (count($ids) != 0) {
$ct = 0;
$coArray = array();
foreach ($ids as $id) {
if ($title[$ct] != null) {
if ($slug[$ct] == null) {
$slug_tmp = to7bit($title[$ct], 'UTF-8');
$slug[$ct] = clean_url($slug_tmp);
$slug_tmp = '';
}
$coArray[$ct]['id'] = $ids[$ct];
$coArray[$ct]['slug'] = $slug[$ct];
$coArray[$ct]['title'] = safe_slash_html($title[$ct]);
$coArray[$ct]['value'] = safe_slash_html($value[$ct]);
}
$ct++;
}
$ids = subval_sort($coArray, 'title');
$count = 0;
foreach ($ids as $comp) {
# create the body of components.xml file
$components = $xml->addChild('item');
$c_note = $components->addChild('title');
$c_note->addCData($comp['title']);
$components->addChild('slug', $comp['slug']);
$c_note = $components->addChild('value');
$c_note->addCData($comp['value']);
$count++;
}
public function add($field, $value)
{
if (isset($field) && isset($value) && isset($this->_entry)) {
$cdata = $this->_entry->addChild(htmlentities($field, ENT_QUOTES));
$cdata->addCData(safe_slash_html($value));
}
}
/**
* Process settings form. Saves to xml file
*
* @return void
*/
public function processSettings()
{
$this->Storage = $_POST['storage'];
$this->LoginCss = safe_slash_html($_POST['post-login-container']);
$this->Email = $_POST['post-from-email'];
$this->WelcomeCss = safe_slash_html($_POST['post-welcome-box']);
$this->ProtectedMessage = safe_slash_html($_POST['post-protected-message']);
$this->RegisterCss = safe_slash_html($_POST['post-register-box']);
$this->DB_Host = $_POST['db_host'];
$this->DB_User = $_POST['db_user'];
$this->DB_Pass = $_POST['db_pass'];
$this->DB_Name = $_POST['db_name'];
$this->DB_Table_Name = $_POST['db_table_name'];
$this->Errors = $_POST['errors'];
# create xml file
if (file_exists(FeulFile)) {
unlink(FeulFile);
}
$xml = new SimpleXMLElement('<item></item>');
$xml->addChild('storage', $this->Storage);
$xml->addChild('email', $this->Email);
$xml->addChild('db_host', $this->DB_Host);
$xml->addChild('db_user', $this->DB_User);
$xml->addChild('db_pass', $this->DB_Pass);
$xml->addChild('db_name', $this->DB_Name);
$xml->addChild('db_table_name', $this->DB_Table_Name);
$xml->addChild('storage', $this->Storage);
$xml->addChild('errors', $this->Errors);
$xml->addChild('logincontainer', $this->LoginCss);
$xml->addChild('welcomebox', $this->WelcomeCss);
$xml->addChild('protectedmessage', $this->ProtectedMessage);
$xml->addChild('registerbox', $this->RegisterCss);
if (!XMLsave($xml, FeulFile)) {
return false;
} else {
return true;
}
}
$menuStatus = "Y";
} else {
$menuStatus = "";
}
if (isset($_POST['post-menu-order'])) {
$menuOrder = is_numeric($_POST['post-menu-order']) ? $_POST['post-menu-order'] : "0";
}
if (isset($_POST['post-private'])) {
$private = safe_slash_html($_POST['post-private']);
}
// meta
if (isset($_POST['post-metak'])) {
$meta = $metak = safe_slash_html($_POST['post-metak']);
}
if (isset($_POST['post-metad'])) {
$metad = safe_slash_html($_POST['post-metad']);
}
//robots
if (isset($_POST['post-metar-noindex'])) {
$metarNoIndex = 1;
} else {
$metarNoIndex = 0;
}
if (isset($_POST['post-metar-nofollow'])) {
$metarNoFollow = 1;
} else {
$metarNoFollow = 0;
}
if (isset($_POST['post-metar-noarchive'])) {
$metarNoArchive = 1;
} else {
public function add($field, $value, $unique = true)
{
if (isset($field) && isset($value) && isset($this->_entry)) {
if ($unique) {
$this->remove($field);
}
// allow dups ?
$cdata = $this->_entry->addChild(htmlentities($field, ENT_QUOTES));
return $cdata->addCData(safe_slash_html($value));
}
}
public function processImSettings()
{
$category_file = getXML(ITEMDATAFILE);
//Page URL
if (isset($_POST['page-url'])) {
$file_url = $_POST['page-url'];
} elseif (isset($category_file->item->pageurl)) {
$file_url = $category_file->item->pageurl;
} else {
$file_url = ITEMSLISTPAGE;
}
//Item Title
if (isset($_POST['item-title'])) {
$file_title = $_POST['item-title'];
} elseif (isset($category_file->item->title)) {
$file_title = $category_file->item->title;
} else {
$file_title = IMTITLE;
}
//Details Page
if (isset($_POST['detailspage'])) {
$file_page_details = $_POST['detailspage'];
} elseif (isset($category_file->item->detailspage)) {
$file_page_details = $category_file->item->detailspage;
} else {
$file_page_details = ITEMPAGE;
}
//Results Page
if (isset($_POST['resultspage'])) {
$file_results_page = safe_slash_html($_POST['resultspage']);
} elseif (isset($category_file->item->resultspage)) {
$file_results_page = $category_file->item->resultspage;
} else {
$file_results_page = '
<style>
.m_pic {
width:160px;
float:left;
border:1px solid white;
padding:1px;margin-top:0px;
}
.thatable tr td h2 {
margin:5px;
font-size:15px;
margin-toP:6px;
margin-top:0px;
padding-top:0px;
}
.thetable {
margin-bottom:30px;
}
.thetable td h2{
font-size:17px;
}
</style>
<table width="100%" class="thetable">
<tr>
<td class="resize_img" width="175" valign="top">
<div><img src="<?php echo $SITEURL; ?>/data/uploads/items/<?php echo $data->image1; ?>" class="m_pic"/></div>
</td>
<td valign="top">
<h2 style=""><?php echo $data->title; ?> - <span class="title_development"><?php echo $data->category; ?></span> - <a href="<?php echo $url; ?>" style="font-size:13px;">View Details</a></h2>
<p style="margin:0px;margin-left:4px;text-align:left;">
</p>
<p style="margin:0px;margin-left:4px;text-align:left;">
<?php echo $content; ?>.. <a href="<?php echo $url; ?>">Read more</a>
</p>
</td>
</tr>
</table>
';
}
if (file_exists(ITEMDATAFILE)) {
$category_file = getXML(ITEMDATAFILE);
}
$xml = new SimpleXMLExtended('<?xml version="1.0" encoding="UTF-8"?><channel></channel>');
$item_xml = $xml->addChild('item');
//Set Title Variable And And Write To XML FIle
$item_xml->addChild('title', $file_title);
//Set Page URL Variable And Write To XML FIle
$item_xml->addChild('pageurl', $file_url);
//Set Details Page And Write To XML File
$item_xml->addChild('detailspage', $file_page_details);
//Set Results Page Coding And Write To XML File
$note = $item_xml->addChild('resultspage');
$note->addCData($file_results_page);
//Add Categories
$category = $xml->addChild('categories');
if (file_exists(ITEMDATAFILE)) {
foreach ($category_file->categories->category as $the_fed) {
$category_uri = $the_fed;
if ($category_uri == $_GET['deletecategory']) {
} else {
$category->addChild('category', $category_uri);
}
}
}
if (isset($_POST['new_category']) && $_POST['new_category'] != "") {
$category->addChild('category', $_POST['new_category']);
}
//Save XML File
XMLsave($xml, ITEMDATAFILE);
}
if (isset($_POST['post-menu-enable'])) {
$menuStatus = "Y";
} else {
$menuStatus = "";
}
if (isset($_POST['post-private'])) {
$private = safe_slash_html($_POST['post-private']);
}
if (isset($_POST['post-content'])) {
$content = safe_slash_html($_POST['post-content']);
}
if (isset($_POST['post-intro'])) {
$intro = safe_slash_html($_POST['post-intro']);
}
if (isset($_POST['post-fotos'])) {
$fotos = safe_slash_html($_POST['post-fotos']);
}
if (isset($_POST['post-menu-order'])) {
if (is_numeric($_POST['post-menu-order'])) {
$menuOrder = $_POST['post-menu-order'];
} else {
$menuOrder = "0";
}
}
//check to make sure we dont overwrite any good files upon create
if (file_exists($file) && $url != $_POST['existing-url']) {
$count = "1";
$file = CONTENTPATH . $url . "-" . $count . ".xml";
while (file_exists($file)) {
$count++;
$file = CONTENTPATH . $url . "-" . $count . ".xml";
