Example #1
0
function discuss_save()
{
    extract(doSlash(gpsa(array('email', 'name', 'web', 'message', 'discussid', 'ip', 'visible', 'parentid'))));
    safe_update("txp_discuss", "email   = '{$email}',\n\t\t\t name    = '{$name}',\n\t\t\t web     = '{$web}',\n\t\t\t message = '{$message}',\n\t\t\t visible = '{$visible}'", "discussid = {$discussid}");
    update_comments_count($parentid);
    discuss_list(messenger('message', $discussid, 'updated'));
}
Example #2
0
function tree_rebuild($table, $parent, $left, $where = '1=1', $sortby = 'name')
{
    $right = $left + 1;
    $result = safe_column("id", $table, "parent='" . doSlash($parent) . "' and {$where} order by {$sortby}");
    foreach ($result as $row) {
        $right = tree_rebuild($table, $row, $right, $where, $sortby);
    }
    safe_update($table, "lft={$left}, rgt={$right}", "id='{$parent}' and {$where}");
    return $right + 1;
}
Example #3
0
function mentionInsert($array)
{
    extract(doSlash($array));
    $chk = fetch('article_id', 'txp_log_mention', 'refpage', $refpage);
    if (!$chk) {
        safe_insert("txp_log_mention", "article_id = '{$id}', \n\t\t\t\trefpage    = '{$refpage}', \n\t\t\t\treftitle   = '{$reftitle}', \n\t\t\t\texcerpt    = '{$excerpt}', \n\t\t\t\tcount      = 1");
    } else {
        safe_update("textpattern", "count=count+1", "refpage='{$refpage}'");
    }
}
Example #4
0
function section_save()
{
    $in = psa(array('name', 'page', 'css', 'is_default', 'on_frontpage', 'in_rss', 'searchable', 'old_name'));
    extract(doSlash($in));
    if ($is_default) {
        safe_update("txp_section", "is_default=0", "name!='{$old_name}'");
    }
    safe_update("txp_section", "name         = '{$name}',\n\t\t\tpage         = '{$page}',\n\t\t\tcss          = '{$css}',\n\t\t\tis_default   = '{$is_default}',\n\t\t\ton_frontpage = '{$on_frontpage}',\n\t\t\tin_rss       = '{$in_rss}',\n\t\t\tsearchable   = '{$searchable}'", "name = '{$old_name}'");
    safe_update("textpattern", "Section='{$name}'", "Section='{$old_name}'");
    section_list(messenger('section', $name, 'updated'));
}
Example #5
0
function txp_validate($user, $password)
{
    $safe_user = strtr(addslashes($user), array('_' => '\\_', '%' => '\\%'));
    $r = safe_field("name", "txp_users", "name = '{$safe_user}'\n\t\t\t\t\t\t\tand pass = password(lower('{$password}')) and privs > 0");
    if ($r) {
        // update the last access time
        safe_update("txp_users", "last_access = now()", "name = '{$safe_user}'");
        return true;
    }
    return false;
}
Example #6
0
function doTxpValidate()
{
    global $logout, $txpcfg, $txp_user;
    $p_userid = ps('p_userid');
    $p_password = ps('p_password');
    $logout = gps('logout');
    $stay = ps('stay');
    if ($logout) {
        setcookie('txp_login', '', time() - 3600);
    }
    if (!empty($_COOKIE['txp_login']) and !$logout) {
        @(list($c_userid, $cookie_hash) = split(',', cs('txp_login')));
        $nonce = safe_field('nonce', 'txp_users', "name='" . doSlash($c_userid) . "'");
        if ($nonce && $nonce === md5($c_userid . pack('H*', $cookie_hash))) {
            // cookie is good, create $txp_user
            $txp_user = $c_userid;
            return '';
        } else {
            // something's gone wrong
            $txp_user = '';
            setcookie('txp_login', '', time() - 3600);
            return gTxt('bad_cookie');
        }
    } elseif ($p_userid and $p_password) {
        sleep(3);
        // should grind dictionary attacks to a halt
        if (txp_validate($p_userid, $p_password)) {
            $cookie_hash = md5(uniqid(rand()));
            safe_update('txp_users', "nonce = '" . doSlash(md5($p_userid . pack('H*', $cookie_hash))) . "'", "name = '" . doSlash($p_userid) . "'");
            if ($stay) {
                setcookie('txp_login', $p_userid . ',' . $cookie_hash, time() + 3600 * 24 * 365);
                // expires in 1 year
                if (cs('txp_nostay')) {
                    setcookie('txp_nostay', '', time() - 3600);
                }
            } else {
                setcookie('txp_login', $p_userid . ',' . $cookie_hash);
                setcookie('txp_nostay', '1', time() + 3600 * 24 * 365);
                // remember nostay for 1 year
            }
            $txp_user = $p_userid;
            // login is good, create $txp_user
            return '';
        } else {
            $txp_user = '';
            return gTxt('could_not_log_in');
        }
    } else {
        $txp_user = '';
        return gTxt('login_to_textpattern');
    }
}
function jmd_sitemap($event, $step)
{
    global $prefs;
    $sitemap = new JMD_Sitemap();
    // Generate sitemap
    if ($step == ('create' || 'edit' || 'update')) {
        $excluded = gps('exclude');
        if ($excluded) {
            $excluded = serialize($excluded);
            $prefs['jmd_sitemap_exclude'] = $excluded;
            safe_update("txp_prefs", "val = '{$excluded}'", "name = 'jmd_sitemap_exclude'");
        }
        $sitemap->writeSitemap();
    }
    // Extensions tab
    if ($event == 'jmd_sitemap') {
        pageTop('jmd_sitemap', $step ? _jmd_sitemap_gtxt('sitemap_updated') : '');
        echo '<div id="jmd_sitemap" style="width: 350px; margin: 0 auto">';
        // File errors
        if (file_exists($sitemap->filename)) {
            if (!is_writable($sitemap->filename)) {
                $fileError = _jmd_sitemap_gtxt('error_not_writable');
            }
        } else {
            $fileError = _jmd_sitemap_gtxt('error_doesnt_exist');
        }
        if (isset($fileError)) {
            echo tag($sitemap->filename . ' ' . $fileError, 'p', ' class="not-ok"');
        }
        $out = '<label for="exclude">' . _jmd_sitemap_gtxt('exclude_sections') . ':</label><br/>
            <select id="exclude" name="exclude[]" multiple="multiple"
                size="5" style="width: 150px; margin: 3px 0 10px">';
        // Exclude sections
        $exclude = $prefs['jmd_sitemap_exclude'];
        $exclude = unserialize($exclude);
        $sections = safe_column("name", "txp_section", "name != 'default'");
        foreach ($sections as $section) {
            $out .= '<option name="' . $section . '"';
            // Select excluded
            if (in_array($section, $exclude)) {
                $out .= ' selected="selected"';
            }
            $out .= ">{$section}</option>";
        }
        $out .= '</select><br/>';
        echo form($out . tag(_jmd_sitemap_gtxt('update_sitemap'), 'button') . eInput('jmd_sitemap') . sInput('update'));
        echo '</div><!--//jmd_sitemap-->';
    }
}
Example #8
0
function reset_author_pass($name)
{
    $email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'");
    $new_pass = doSlash(generate_password(6));
    $rs = safe_update('txp_users', "pass = password(lower('{$new_pass}'))", "name = '" . doSlash($name) . "'");
    if ($rs) {
        if (send_new_password($new_pass, $email, $name)) {
            return gTxt('password_sent_to') . ' ' . $email;
        } else {
            return gTxt('could_not_mail') . ' ' . $email;
        }
    } else {
        return gTxt('could_not_update_author') . ' ' . htmlspecialchars($name);
    }
}
function reset_author_pass($name)
{
    $email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'");
    $new_pass = generate_password(PASSWORD_LENGTH);
    $hash = doSlash(txp_hash_password($new_pass));
    $rs = safe_update('txp_users', "pass = '******'", "name = '" . doSlash($name) . "'");
    if ($rs) {
        if (send_new_password($new_pass, $email, $name)) {
            return gTxt('password_sent_to') . ' ' . $email;
        } else {
            return gTxt('could_not_mail') . ' ' . $email;
        }
    } else {
        return gTxt('could_not_update_author') . ' ' . txpspecialchars($name);
    }
}
Example #10
0
function txp_validate($user, $password)
{
    $safe_user = addslashes($user);
    $r = safe_field("name", "txp_users", "name = '{$safe_user}'\n\t\t\tand (pass = password(lower('" . doSlash($password) . "')) or pass = password('" . doSlash($password) . "')) and privs > 0");
    if ($r) {
        // update the last access time
        safe_update("txp_users", "last_access = now()", "name = '{$safe_user}'");
        return true;
    } else {
        // try old_password mysql hash
        $r_old = safe_field("name", "txp_users", "name = '{$safe_user}'\n\t\t\t\tand (pass = old_password(lower('" . doSlash($password) . "')) or pass = old_password('" . doSlash($password) . "')) and privs > 0");
        if ($r_old) {
            safe_update("txp_users", "last_access = now()", "name = '{$safe_user}'");
            return true;
        }
    }
    return false;
}
Example #11
0
function section_del($id)
{
    $s = safe_row('*', 'txp_section', "id='" . doSlash($id) . "'");
    // can't delete the default section
    if (!$s or empty($s['parent'])) {
        return false;
    }
    # FIXME: move articles to the parent section first?
    # what if the parent is 'default'?
    $res = safe_delete('txp_section', "id='" . doSlash($id) . "'");
    if ($res and $s['rgt'] - $s['lft'] > 1) {
        // section has children, so reconnect them to the parent
        safe_update('txp_section', "parent='" . $s['parent'] . "'", "parent='" . $s['id'] . "'");
        // children might have to inherit from the new parent
        section_resolve_inheritance($s['parent']);
    }
    return $res;
}
Example #12
0
function txp_validate($user, $password)
{
    $safe_user = doSlash($user);
    $passwords = array();
    $passwords[] = "password(lower('" . doSlash($password) . "'))";
    $passwords[] = "password('" . doSlash($password) . "')";
    if (version_compare(mysql_get_server_info(), '4.1.0', '>=')) {
        $passwords[] = "old_password(lower('" . doSlash($password) . "'))";
        $passwords[] = "old_password('" . doSlash($password) . "')";
    }
    $r = safe_field("name", "txp_users", "name = '{$safe_user}' and (pass = "******") and privs > 0");
    if ($r) {
        // update the last access time
        safe_update("txp_users", "last_access = now()", "name = '{$safe_user}'");
        return true;
    }
    return false;
}
Example #13
0
function change_pass()
{
    global $txp_user;
    $message = '';
    $themail = fetch('email', 'txp_users', 'name', $txp_user);
    if (!empty($_POST["new_pass"])) {
        $NewPass = $_POST["new_pass"];
        $rs = safe_update("txp_users", "pass = password(lower('{$NewPass}'))", "name='{$txp_user}'");
        if ($rs) {
            $message .= gTxt('password_changed');
            if ($_POST['mailpassword'] == 1) {
                send_new_password($NewPass, $themail);
                $message .= sp . gTxt('and_mailed_to') . sp . $themail;
            }
            $message .= ".";
        } else {
            echo comment(mysql_error());
        }
        admin($message);
    }
}
Example #14
0
function change_pass()
{
    global $txp_user;
    extract(doSlash(psa(array('new_pass', 'mail_password'))));
    if (empty($new_pass)) {
        admin(gTxt('password_required'));
        return;
    }
    $rs = safe_update('txp_users', "pass = password(lower('{$new_pass}'))", "name = '" . doSlash($txp_user) . "'");
    if ($rs) {
        $message = gTxt('password_changed');
        if ($mail_password) {
            $email = fetch('email', 'txp_users', 'name', $txp_user);
            send_new_password($new_pass, $email, $txp_user);
            $message .= sp . gTxt('and_mailed_to') . sp . $email;
        } else {
            echo comment(mysql_error());
        }
        $message .= '.';
        admin($message);
    }
}
function rss_admin_editlink($event, $step)
{
    global $rss_ae_cookie;
    include txpath . '/include/txp_prefs.php';
    if (!isset($rss_ae_cookie)) {
        $rss_ae_cookie = "rss_article_edit";
        $rs = safe_insert('txp_prefs', "name='rss_ae_cookie', val='{$rss_ae_cookie}', prefs_id='1'");
    }
    if (gps("add")) {
        safe_update("txp_prefs", "val = '" . addslashes(ps('rss_ae_cookie')) . "'", "name = 'rss_ae_cookie' and prefs_id ='1'");
        setcookie($rss_ae_cookie, $rss_ae_cookie, time() + 31536000, "/");
        header("Location: index.php?event=editlink");
    } else {
        if (gps("rem")) {
            safe_update("txp_prefs", "val = '" . addslashes(ps('rss_ae_cookie')) . "'", "name = 'rss_ae_cookie' and prefs_id ='1'");
            setcookie($rss_ae_cookie, $rss_ae_cookie, time() - 3600, "/");
            header("Location: index.php?event=editlink");
        }
    }
    pagetop("Edit Link");
    $aeset = isset($_COOKIE[$rss_ae_cookie]) ? "" : " not";
    $tdaStyle = ' style="text-align:right;vertical-align:middle"';
    echo form(startTable("list") . tr(tdcs(hed("Add/Remove Public Site Article Edit Link", 1), 2)) . tr(tda(graf('Cookie ' . $rss_ae_cookie . ' is' . $aeset . ' set.', ' align="center"'), ' colspan="2"')) . tr(tda(gTxt('Cookie Name:'), ' style="text-align:right;vertical-align:middle"') . tda(text_input("rss_ae_cookie", $rss_ae_cookie, '20'), ' ')) . tr(tda(graf(fInput("submit", "add", gTxt("Add Edit Link"), "publish") . fInput("submit", "rem", gTxt("Remove Edit Link"), "publish") . eInput("editlink"), ' align="center"'), ' colspan="2"')) . endTable());
}
Example #16
0
/**
 * Processes the selected import tool action.
 *
 * Basically does the importing.
 */
function start_import()
{
    global $event, $vars;
    extract(psa($vars));
    $insert_into_section = $import_section;
    $insert_with_status = $import_status;
    $default_comment_invite = $import_comments_invite;
    include_once txpath . '/include/import/import_' . $import_tool . '.php';
    $ini_time = ini_get('max_execution_time');
    @ini_set('max_execution_time', 300 + intval($ini_time));
    switch ($import_tool) {
        case 'mtdb':
            $out = doImportMTDB($importdblogin, $importdb, $importdbpass, $importdbhost, $import_blog_id, $insert_into_section, $insert_with_status, $default_comment_invite);
            rebuild_tree('root', 1, 'article');
            break;
        case 'mt':
            $file = check_import_file();
            if (!empty($file)) {
                $out = doImportMT($file, $insert_into_section, $insert_with_status, $import_comments_invite);
                // Rebuilding category tree.
                rebuild_tree('root', 1, 'article');
            } else {
                $out = 'Import file not found';
            }
            break;
        case 'b2':
            $out = doImportB2($importdblogin, $importdb, $importdbpass, $importdbhost, $insert_into_section, $insert_with_status, $default_comment_invite);
            break;
        case 'wp':
            $out = doImportWP($importdblogin, $importdb, $importdbpass, $importdbhost, $wpdbprefix, $insert_into_section, $insert_with_status, $default_comment_invite, $wpdbcharset);
            rebuild_tree('root', 1, 'article');
            break;
        case 'blogger':
            $file = check_import_file();
            if (!empty($file)) {
                $out = doImportBLOGGER($file, $insert_into_section, $insert_with_status, $import_comments_invite);
            } else {
                $out = gTxt('import_file_not_found');
            }
            break;
    }
    $out = tag('max_execution_time = ' . ini_get('max_execution_time'), 'p', ' class="highlight"') . $out;
    pagetop(gTxt('txp_import'));
    $content = '<div id="' . $event . '_container" class="txp-container">';
    $content .= startTable('', '', 'txp-list');
    $content .= tr(tdcs(hed(gTxt('txp_import'), 2), 2));
    $content .= tr(td($out));
    $content .= endTable();
    $content .= '</div>';
    echo $content;
    $rs = safe_rows_start('parentid, count(*) as thecount', 'txp_discuss', 'visible=1 group by parentid');
    if (numRows($rs) > 0) {
        while ($a = nextRow($rs)) {
            safe_update('textpattern', "comments_count=" . $a['thecount'], "ID=" . $a['parentid']);
        }
    }
}
function customer_update($event, $step)
{
    global $txp_user, $vars, $txpcfg, $prefs;
    extract($prefs);
    extract(doSlash($_REQUEST));
    $RealName = $billing_firstname . " " . $billing_lastname;
    $user_id = assert_int($user_id);
    if (!isset($shipping_same_as_billing)) {
        $shipping_same_as_billing = 0;
    } else {
        $shipping_same_as_billing = 1;
    }
    if (!function_exists("generate_password")) {
        require_once txpath . '/include/txp_admin.php';
    }
    if (!function_exists("is_valid_email")) {
        require_once txpath . '/lib/txplib_misc.php';
    }
    if ($name && is_valid_email($email)) {
        $password = doSlash(generate_password(6));
        $nonce = doSlash(md5(uniqid(rand(), true)));
        $rs = safe_update('txp_users', "\r\n\t\t\t\tprivs\t\t = 0,\r\n\t\t\t\tname\t\t = '{$name}',\r\n\t\t\t\temail\t\t = '{$email}',\r\n\t\t\t\tRealName = '{$RealName}',\r\n\t\t\t\tbilling_company = '{$billing_company}',\r\n\t\t\t\tbilling_address1 = '{$billing_address1}',\r\n\t\t\t\tbilling_address2 = '{$billing_address2}',\r\n\t\t\t\tbilling_city = '{$billing_city}',\r\n\t\t\t\tbilling_state = '{$billing_state}',\r\n\t\t\t\tbilling_zip = '{$billing_zip}',\r\n\t\t\t\tbilling_country = '{$billing_country}',\r\n\t\t\t\tbilling_fax = '{$billing_fax}',\r\n\t\t\t\tbilling_phone = '{$billing_phone}',\r\n\t\t\t\tshipping_same_as_billing = {$shipping_same_as_billing},\r\n\t\t\t\tshipping_company = '{$shipping_company}',\r\n\t\t\t\tshipping_address1 = '{$shipping_address1}',\r\n\t\t\t\tshipping_address2 = '{$shipping_address2}',\r\n\t\t\t\tshipping_city = '{$shipping_city}',\r\n\t\t\t\tshipping_state = '{$shipping_state}',\r\n\t\t\t\tshipping_zip = '{$shipping_zip}',\r\n\t\t\t\tshipping_country = '{$shipping_country}',\r\n\t\t\t\tshipping_fax = '{$shipping_fax}',\r\n\t\t\t\tshipping_phone = '{$shipping_phone}',\r\n\t\t\t\tshipping_firstname = '{$shipping_firstname}',\r\n\t\t\t\tshipping_lastname = '{$shipping_lastname}',\r\n\t\t\t\tbilling_firstname = '{$billing_firstname}',\r\n\t\t\t\tbilling_lastname = '{$billing_lastname}'", "user_id = {$user_id}");
        if ($rs) {
            customers_list('', '', "customer updated");
        } else {
            customers_list("There was an error trying to update customer");
        }
    }
}
Example #18
0
 /**
  * Removes a thumbnail.
  *
  * @return bool TRUE on success
  */
 public function delete()
 {
     if (!isset($this->m_ext)) {
         return false;
     }
     if (unlink(IMPATH . $this->m_id . 't' . $this->m_ext)) {
         safe_update('txp_image', "thumbnail = 0", "id = " . $this->m_id);
         return true;
     }
     return false;
 }
Example #19
0
<?php

/*
$HeadURL: https://textpattern.googlecode.com/svn/releases/4.4.0/source/textpattern/update/_to_4.0.6.php $
$LastChangedRevision: 3047 $
*/
if (!defined('TXP_UPDATE')) {
    exit("Nothing here. You can't access this file directly.");
}
# replace deprecated tags with functionally equivalent, valid tags
$tags = array('sitename' => 'site_name', 'request_uri' => 'page_url', 'id' => 'page_url type="id"', 's' => 'page_url type="s"', 'c' => 'page_url type="c"', 'q' => 'page_url type="q"', 'pg' => 'page_url type="pg"');
foreach ($tags as $search => $replace) {
    foreach (array(' ', '/') as $end) {
        safe_update('txp_page', "user_html = REPLACE(user_html, '<txp:" . $search . $end . "', '<txp:" . $replace . ' ' . trim($end) . "')", '1=1');
        safe_update('txp_form', "Form = REPLACE(Form, '<txp:" . $search . $end . "', '<txp:" . $replace . ' ' . trim($end) . "')", '1=1');
    }
}
Example #20
0
function rebuild_tree($parent, $left, $type)
{
    $right = $left + 1;
    $parent = doSlash($parent);
    $result = safe_column("name", "txp_category", "parent='{$parent}' and type='{$type}' order by name");
    foreach ($result as $row) {
        $right = rebuild_tree($row, $right, $type);
    }
    safe_update("txp_category", "lft={$left}, rgt={$right}", "name='{$parent}' and type='{$type}'");
    return $right + 1;
}
Example #21
0
function install_textpack($textpack, $add_new_langs = false)
{
    global $prefs;
    $textpack = explode(n, $textpack);
    if (empty($textpack)) {
        return 0;
    }
    // presume site language equals textpack language
    $language = get_pref('language', 'en-gb');
    $installed_langs = safe_column('lang', 'txp_lang', "1 = 1 group by lang");
    $doit = true;
    $done = 0;
    foreach ($textpack as $line) {
        $line = trim($line);
        // A line starting with #, not followed by @ is a simple comment
        if (preg_match('/^#[^@]/', $line, $m)) {
            continue;
        }
        // A line matching "#@language xx-xx" establishes the designated language for all subsequent lines
        if (preg_match('/^#@language\\s+(.+)$/', $line, $m)) {
            $language = doSlash($m[1]);
            // May this Textpack introduce texts for this language?
            $doit = $add_new_langs || in_array($language, $installed_langs);
            continue;
        }
        // A line matching "#@event_name" establishes the event value for all subsequent lines
        if (preg_match('/^#@([a-zA-Z0-9_-]+)$/', $line, $m)) {
            $event = doSlash($m[1]);
            continue;
        }
        // Data lines match a "name => value" pattern. Some white space allowed.
        if ($doit && preg_match('/^(\\w+)\\s*=>\\s*(.+)$/', $line, $m)) {
            if (!empty($m[1]) && !empty($m[2])) {
                $name = doSlash($m[1]);
                $value = doSlash($m[2]);
                $where = "lang='{$language}' AND name='{$name}'";
                // Store text; do *not* tamper with last modification date from RPC but use a well-known date in the past
                if (safe_count('txp_lang', $where)) {
                    safe_update('txp_lang', "lastmod='2005-08-14', data='{$value}', event='{$event}'", $where);
                } else {
                    safe_insert('txp_lang', "lastmod='2005-08-14', data='{$value}', event='{$event}', lang='{$language}', name='{$name}'");
                }
                ++$done;
            }
        }
    }
    return $done;
}
Example #22
0
function delete_declaration($css)
{
    $thedec = gps('declaration');
    $name = gps('name');
    $i = 0;
    foreach ($css as $a => $b) {
        $cursel = $i++;
        $ii = 0;
        foreach ($b as $c => $d) {
            $curdec = $ii++;
            if ($cursel . '-' . $curdec != $thedec) {
                $out[$a][$c] = $d;
            }
        }
    }
    $css = base64_encode(css_format($out));
    safe_update("txp_css", "css='" . doSlash($css) . "'", "name='" . doSlash($name) . "'");
    // update site last mod time
    update_lastmod();
    return parseCSS(base64_decode(fetch('css', 'txp_css', 'name', $name)));
}
Example #23
0
/**
 * Writes a new language string to the database.
 *
 * The language is taken from a 'lang_code' HTTP POST or GET parameter.
 *
 * The '$value' argument takes a string as an array. This array consists of keys
 * 'name', 'event', 'data', 'uLastmod'.
 *
 * @param array $value  The string
 * @param int   $key    Not used
 */
function install_lang_key(&$value, $key)
{
    extract(gpsa(array('lang_code', 'updating')));
    $exists = safe_field("name", 'txp_lang', "name = '" . doSlash($value['name']) . "' AND lang = '" . doSlash($lang_code) . "'");
    $q = "name = '" . doSlash($value['name']) . "',\n        event = '" . doSlash($value['event']) . "',\n        data = '" . doSlash($value['data']) . "',\n        lastmod = '" . doSlash(strftime('%Y%m%d%H%M%S', $value['uLastmod'])) . "'";
    if ($exists !== false) {
        $value['ok'] = safe_update('txp_lang', $q, "owner = '" . doSlash(TEXTPATTERN_LANG_OWNER_SYSTEM) . "' AND lang = '" . doSlash($lang_code) . "' AND name = '" . doSlash($value['name']) . "'");
    } else {
        $value['ok'] = safe_insert('txp_lang', "{$q}, lang = '" . doSlash($lang_code) . "'");
    }
}
Example #24
0
function article_save()
{
    global $txp_user, $vars, $txpcfg, $prefs;
    extract($prefs);
    $incoming = psa($vars);
    $oldArticle = safe_row('Status, url_title, Title, unix_timestamp(LastMod) as sLastMod, LastModID', 'textpattern', 'ID = ' . (int) $incoming['ID']);
    if (!($oldArticle['Status'] >= 4 and has_privs('article.edit.published') or $oldArticle['Status'] >= 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own.published') or $oldArticle['Status'] < 4 and has_privs('article.edit') or $oldArticle['Status'] < 4 and $incoming['AuthorID'] == $txp_user and has_privs('article.edit.own'))) {
        // Not allowed, you silly rabbit, you shouldn't even be here.
        // Show default editing screen.
        article_edit();
        return;
    }
    if ($oldArticle['sLastMod'] != $incoming['sLastMod']) {
        article_edit(gTxt('concurrent_edit_by', array('{author}' => htmlspecialchars($oldArticle['LastModID']))), TRUE);
        return;
    }
    $incoming = textile_main_fields($incoming, $use_textile);
    extract(doSlash($incoming));
    extract(array_map('assert_int', psa(array('ID', 'Status', 'textile_body', 'textile_excerpt'))));
    $Annotate = (int) $Annotate;
    if (!has_privs('article.publish') && $Status >= 4) {
        $Status = 3;
    }
    if ($reset_time) {
        $whenposted = "Posted=now()";
        $when_ts = time();
    } else {
        $when = $when_ts = strtotime($year . '-' . $month . '-' . $day . ' ' . $hour . ':' . $minute . ':' . $second) - tz_offset();
        $whenposted = "Posted=from_unixtime({$when})";
    }
    if (empty($exp_year)) {
        $expires = 0;
        $whenexpires = "Expires=" . NULLDATETIME;
    } else {
        if (empty($exp_month)) {
            $exp_month = 1;
        }
        if (empty($exp_day)) {
            $exp_day = 1;
        }
        if (empty($exp_hour)) {
            $exp_hour = 0;
        }
        if (empty($exp_minute)) {
            $exp_minute = 0;
        }
        if (empty($exp_second)) {
            $exp_second = 0;
        }
        $expires = strtotime($exp_year . '-' . $exp_month . '-' . $exp_day . ' ' . $exp_hour . ':' . $exp_minute . ':' . $exp_second) - tz_offset();
        $whenexpires = "Expires=from_unixtime({$expires})";
    }
    if ($expires) {
        if ($expires <= $when_ts) {
            article_edit(gTxt('article_expires_before_postdate'));
            return;
        }
    }
    //Auto-Update custom-titles according to Title, as long as unpublished and NOT customized
    if (empty($url_title) || $oldArticle['Status'] < 4 && $oldArticle['url_title'] == $url_title && $oldArticle['url_title'] == stripSpace($oldArticle['Title'], 1) && $oldArticle['Title'] != $Title) {
        $url_title = stripSpace($Title_plain, 1);
    }
    $Keywords = doSlash(trim(preg_replace('/( ?[\\r\\n\\t,])+ ?/s', ',', preg_replace('/ +/', ' ', ps('Keywords'))), ', '));
    safe_update("textpattern", "Title           = '{$Title}',\n\t\t\tBody            = '{$Body}',\n\t\t\tBody_html       = '{$Body_html}',\n\t\t\tExcerpt         = '{$Excerpt}',\n\t\t\tExcerpt_html    = '{$Excerpt_html}',\n\t\t\tKeywords        = '{$Keywords}',\n\t\t\tImage           = '{$Image}',\n\t\t\tStatus          =  {$Status},\n\t\t\tLastMod         =  now(),\n\t\t\tLastModID       = '{$txp_user}',\n\t\t\tSection         = '{$Section}',\n\t\t\tCategory1       = '{$Category1}',\n\t\t\tCategory2       = '{$Category2}',\n\t\t\tAnnotate        =  {$Annotate},\n\t\t\ttextile_body    =  {$textile_body},\n\t\t\ttextile_excerpt =  {$textile_excerpt},\n\t\t\toverride_form   = '{$override_form}',\n\t\t\turl_title       = '{$url_title}',\n\t\t\tAnnotateInvite  = '{$AnnotateInvite}',\n\t\t\tcustom_1        = '{$custom_1}',\n\t\t\tcustom_2        = '{$custom_2}',\n\t\t\tcustom_3        = '{$custom_3}',\n\t\t\tcustom_4        = '{$custom_4}',\n\t\t\tcustom_5        = '{$custom_5}',\n\t\t\tcustom_6        = '{$custom_6}',\n\t\t\tcustom_7        = '{$custom_7}',\n\t\t\tcustom_8        = '{$custom_8}',\n\t\t\tcustom_9        = '{$custom_9}',\n\t\t\tcustom_10       = '{$custom_10}',\n\t\t\t{$whenposted},\n\t\t\t{$whenexpires}", "ID = {$ID}");
    if ($Status >= 4) {
        if ($oldArticle['Status'] < 4) {
            do_pings();
        }
        update_lastmod();
    }
    article_edit(get_status_message($Status) . check_url_title($url_title));
}
Example #25
0
function form_save()
{
    global $vars, $step, $essential_forms;
    extract(doSlash(gpsa($vars)));
    $name = doSlash(trim(preg_replace('/[<>&"\']/', '', gps('name'))));
    if (!$name) {
        $step = 'form_create';
        $message = gTxt('form_name_invalid');
        return form_edit(array($message, E_ERROR));
    }
    if (!in_array($type, array('article', 'category', 'comment', 'file', 'link', 'misc', 'section'))) {
        $step = 'form_create';
        $message = gTxt('form_type_missing');
        return form_edit(array($message, E_ERROR));
    }
    if ($savenew) {
        $exists = safe_field('name', 'txp_form', "name = '{$name}'");
        if ($exists) {
            $step = 'form_create';
            $message = gTxt('form_already_exists', array('{name}' => $name));
            return form_edit(array($message, E_ERROR));
        }
        safe_insert('txp_form', "Form = '{$Form}', type = '{$type}', name = '{$name}'");
        update_lastmod();
        $message = gTxt('form_created', array('{name}' => $name));
        return form_edit($message);
    }
    safe_update('txp_form', "Form = '{$Form}', type = '{$type}', name = '{$name}'", "name = '{$oldname}'");
    update_lastmod();
    $message = gTxt('form_updated', array('{name}' => $name));
    form_edit($message);
}
Example #26
0
function plugin_multi_edit()
{
    $selected = ps('selected');
    $method = ps('edit_method');
    if (!$selected or !is_array($selected)) {
        return plugin_list();
    }
    $where = "name IN ('" . join("','", doSlash($selected)) . "')";
    switch ($method) {
        case 'delete':
            foreach ($selected as $name) {
                if (safe_field('flags', 'txp_plugin', "name ='" . doSlash($name) . "'") & PLUGIN_LIFECYCLE_NOTIFY) {
                    load_plugin($name, true);
                    callback_event("plugin_lifecycle.{$name}", 'disabled');
                    callback_event("plugin_lifecycle.{$name}", 'deleted');
                }
            }
            safe_delete('txp_plugin', $where);
            break;
        case 'changestatus':
            foreach ($selected as $name) {
                if (safe_field('flags', 'txp_plugin', "name ='" . doSlash($name) . "'") & PLUGIN_LIFECYCLE_NOTIFY) {
                    $status = safe_field('status', 'txp_plugin', "name ='" . doSlash($name) . "'");
                    load_plugin($name, true);
                    // NB: won't show returned messages anywhere due to potentially overwhelming verbiage.
                    callback_event("plugin_lifecycle.{$name}", $status ? 'disabled' : 'enabled');
                }
            }
            safe_update('txp_plugin', 'status = (1-status)', $where);
            break;
        case 'changeorder':
            $order = min(max(intval(ps('order')), 1), 9);
            safe_update('txp_plugin', 'load_order = ' . $order, $where);
            break;
    }
    $message = gTxt('plugin_' . ($method == 'delete' ? 'deleted' : 'updated'), array('{name}' => join(', ', $selected)));
    plugin_list($message);
}
Example #27
0
if (!in_array('flags', $cols)) {
    safe_alter('txp_plugin', "ADD flags SMALLINT UNSIGNED NOT NULL DEFAULT 0");
}
// Default theme.
if (!safe_field('name', 'txp_prefs', "name = 'theme_name'")) {
    safe_insert('txp_prefs', "prefs_id = 1, name = 'theme_name', val = 'classic', type = '1', event = 'admin', html = 'themename', position = '160'");
}
safe_alter('txp_plugin', 'CHANGE code code MEDIUMTEXT NOT NULL, CHANGE code_restore code_restore MEDIUMTEXT NOT NULL');
safe_alter('txp_prefs', 'CHANGE val val TEXT NOT NULL');
// Add author column to files and links,
// Boldy assuming that the publisher in charge of updating this site is the author of any existing content items.
foreach (array('txp_file', 'txp_link') as $table) {
    $cols = getThings('describe `' . PFX . $table . '`');
    if (!in_array('author', $cols)) {
        safe_alter($table, "ADD author varchar(255) NOT NULL default '', ADD INDEX author_idx (author)");
        safe_update($table, "author='" . doSlash($txp_user) . "'", '1=1');
    }
}
// Add indices on author columns.
foreach (array('textpattern' => 'AuthorID', 'txp_image' => 'author') as $table => $col) {
    $has_idx = 0;
    $rs = getRows('show index from `' . PFX . $table . '`');
    foreach ($rs as $row) {
        if ($row['Key_name'] == 'author_idx') {
            $has_idx = 1;
        }
    }
    if (!$has_idx) {
        safe_query('ALTER IGNORE TABLE `' . PFX . $table . '` ADD INDEX author_idx(' . $col . ')');
    }
}
Example #28
0
safe_query("alter ignore table " . safe_pfx('txp_category') . " modify parent INT not null");
$types = safe_column('distinct type', 'txp_category', '1=1');
foreach ($types as $type) {
    $root = safe_field('id', 'txp_category', "type='" . doSlash($type) . "' and name='root' and parent=0");
    if (!$root) {
        $root = safe_insert('txp_category', "name='root', type='" . doSlash($type) . "', parent=0");
    }
    safe_update('txp_category', "parent='" . $root . "'", "type='" . doSlash($type) . "' and parent=0 and id != '" . $root . "'");
    tree_rebuild_full('txp_category', "type='" . doSlash($type) . "'");
}
// index on form type
safe_upgrade_index('txp_form', 'type_idx', '', 'type');
// dropdown ui for certain prefs
safe_upgrade_table('txp_prefs', array('choices' => 'varchar(64)'));
safe_update('txp_prefs', "html='checkbox'", "html='yesnoradio'");
safe_update('txp_prefs', "html='text'", "html='text_input'");
safe_update('txp_prefs', "choices='commentmode', html='select'", "html='commentmode'");
safe_update('txp_prefs', "choices='logging', html='select'", "html='logging'");
safe_update('txp_prefs', "choices='production_stati', html='radio'", "html='prod_levels'");
safe_update('txp_prefs', "choices='gmtoffsets', html='select'", "html='gmtoffset_select'");
safe_update('txp_prefs', "choices='weeks', html='select'", "html='weeks'");
safe_update('txp_prefs', "choices='languages', html='select'", "html='languages'");
safe_update('txp_prefs', "choices='permlinkmodes', html='radio'", "html='permlinkmodes'");
safe_update('txp_prefs', "choices='dateformats', html='select'", "html='dateformats'");
// change previous Textile prefs into matching markup class names from classMarkup.php
$use_textile = safe_field('val', 'txp_prefs', "name='use_textile'");
$markups = array('txprawxhtml', 'txptextile', 'txpnl2br');
if (!empty($markups[$use_textile])) {
    safe_insert('txp_prefs', "prefs_id = 1, event='publish', name = 'markup_default', val = '{$markups[$use_textile]}', type = '0', html='select', choices='markups'");
    safe_delete('txp_prefs', "name='use_textile'");
}
 private function setEntry($update = NULL)
 {
     $html = file_get_contents($this->uri);
     $eventsStart = strpos($html, '<h2>Events</h2>');
     $firstPos = strpos($html, '<li>', $eventsStart);
     $lastPos = strpos($html, '</ul>', $firstPos);
     $events = substr($html, $firstPos, $lastPos - $firstPos);
     // Fix relative links
     $events = str_replace("/wiki/", $this->rootUri, $events);
     if ($update === NULL) {
         safe_insert("jmd_wiki_events", "title='{$this->day}', last_mod='{$this->currentDate}', contents='" . doSlash($events) . "'");
     } else {
         safe_update("jmd_wiki_events", "last_mod='{$this->currentDate}', contents='" . doSlash($events) . "'", "title='{$this->day}'");
     }
     return $events;
 }
Example #30
0
     $backup_obj->database = $pixieconfig['db'];
     $backup_obj->tables = array();
     $backup_obj->drop_tables = true;
     $backup_obj->struct_only = false;
     $backup_obj->comments = true;
     $backup_obj->backup_dir = '../files/sqlbackups/';
     $backup_obj->fname_format = 'd_m_Y-H-i-s';
     $filename = date("d_m_Y-H-i-s") . ".sql.gz";
     $task = MSB_SAVE;
     $use_gzip = true;
     if (!$backup_obj->Execute($task, '', $use_gzip)) {
         $message = $backup_obj->error;
     } else {
         $messageok = $lang['backup_ok'];
         logme($lang['backup_ok'], "no", "save");
         safe_update("pixie_settings", "last_backup = '{$filename}'", "settings_id = '1'");
         $prefs = get_prefs();
         extract($prefs);
     }
 }
 if (isset($del)) {
     if (file_exists("../files/sqlbackups/" . $del)) {
         $current = safe_field('last_backup', 'pixie_settings', "settings_id='1'");
         if ($current != $del) {
             $delk = file_delete("../files/sqlbackups/" . $del);
         } else {
             $unable = "yes";
         }
     }
     if ($delk) {
         $messageok = $lang['backup_delete_ok'] . " {$del}.";