/**
* @todo document this
*/
function disallow()
{
ACTIONLOG::add(WARNING, _ACTIONLOG_DISALLOWED . serverVar('REQUEST_URI'));
$this->error(_ERROR_DISALLOWED);
}
function event_InitSkinParse($data)
{
global $blogid, $CONF, $manager;
$feedurl = array('rss1.xml', 'index.rdf', 'rss2.xml', 'atom.xml');
$reqPaths = explode('/', serverVar('PATH_INFO'));
$reqPath = end($reqPaths);
$feeds = in_array($reqPath, $feedurl, true);
if (!$feeds) {
return;
} else {
$p_info = trim(serverVar('PATH_INFO'), '/');
$path_arr = explode('/', $p_info);
switch (end($path_arr)) {
case 'rss1.xml':
case 'index.rdf':
$skinName = 'feeds/rss10';
break;
case 'rss2.xml':
$skinName = 'feeds/rss20';
break;
case 'atom.xml':
$skinName = 'feeds/atom';
break;
}
if (SKIN::exists($skinName)) {
$skin =& SKIN::createFromName($skinName);
$data['skin']->SKIN($skin->getID());
$skinData =& $data['skin'];
$pageType = $data['type'];
if (!$CONF['DisableSite']) {
ob_start();
$skinID = $skinData->id;
$contents = $this->getSkinContent($pageType, $skinID);
$actions = SKIN::getAllowedActionsForType($pageType);
$dataArray = array('skin' => &$skinData, 'type' => $pageType, 'contents' => &$contents);
$manager->notify('PreSkinParse', $dataArray);
PARSER::setProperty('IncludeMode', SKIN::getIncludeMode());
PARSER::setProperty('IncludePrefix', SKIN::getIncludePrefix());
$handler = new ACTIONS($pageType, $skinData);
$parser = new PARSER($actions, $handler);
$handler->setParser($parser);
$handler->setSkin($skinData);
$parser->parse($contents);
$dataArray = array('skin' => &$skinData, 'type' => $pageType);
$manager->notify('PostSkinParse', $dataArray);
$feed = ob_get_contents();
ob_end_clean();
$eTag = '"' . md5($feed) . '"';
header('Etag: ' . $eTag);
if ($eTag == serverVar('HTTP_IF_NONE_MATCH')) {
header('HTTP/1.0 304 Not Modified');
header('Content-Length: 0');
} else {
if (extension_loaded('mbstring')) {
$feed = mb_convert_encoding($feed, 'UTF-8', _CHARSET);
$charset = 'UTF-8';
} else {
$charset = _CHARSET;
}
header('Content-Type: application/xml; charset=' . $charset);
header('Generator: Nucleus CMS ' . $nucleus['version']);
// dump feed
echo $feed;
}
} else {
echo '<' . '?xml version="1.0" encoding="ISO-8859-1"?' . '>';
?>
<rss version="2.0">
<channel>
<title><?php
echo $this->hsc($CONF['SiteName'], ENT_QUOTES);
?>
</title>
<link><?php
echo $this->hsc($CONF['IndexURL'], ENT_QUOTES);
?>
</link>
<description></description>
<docs>http://backend.userland.com/rss</docs>
</channel>
</rss>
<?php
}
}
exit;
}
}
function disallow()
{
ACTIONLOG::add(WARNING, _ACTIONLOG_DISALLOWED . serverVar('REQUEST_URI'));
$msg = array(0, _CURL_ERROR_DISALLOWED, '***', _DISALLOWED_MSG);
$this->error($msg);
}
* @version $Id: atom.php 1131 2011-02-01 06:19:31Z sakamocchi $
* $NucleusJP: atom.php,v 1.6 2006/07/12 07:11:45 kimitake Exp $
*/
header('Pragma: no-cache');
$CONF = array();
$CONF['Self'] = 'atom.php';
include './config.php';
if (!$CONF['DisableSite']) {
// get feed into $feed
ob_start();
selectSkin('feeds/atom');
selector();
$feed = ob_get_contents();
ob_end_clean();
// create ETAG (hash of feed)
// (HTTP_IF_NONE_MATCH has quotes around it)
$eTag = '"' . md5($feed) . '"';
header('Etag: ' . $eTag);
// compare Etag to what we got
if ($eTag == serverVar('HTTP_IF_NONE_MATCH')) {
header('HTTP/1.0 304 Not Modified');
header('Content-Length: 0');
} else {
if (strtolower(_CHARSET) != 'utf-8') {
$feed = mb_convert_encoding($feed, "UTF-8", _CHARSET);
}
header("Content-Type: application/xml");
// dump feed
echo $feed;
}
}
/**
* Adds a new comment to the database
* @param string $timestamp
* @param array $comment
* @return mixed
*/
function addComment($timestamp, $comment)
{
global $CONF, $member, $manager;
$blogid = getBlogIDFromItemID($this->itemid);
$settings =& $manager->getBlog($blogid);
$settings->readSettings();
// begin if: comments disabled
if (!$settings->commentsEnabled()) {
return _ERROR_COMMENTS_DISABLED;
}
// end if
// begin if: public cannot comment
if (!$settings->isPublic() && !$member->isLoggedIn()) {
return _ERROR_COMMENTS_NONPUBLIC;
}
// end if
// begin if: comment uses a protected member name
if ($CONF['ProtectMemNames'] && !$member->isLoggedIn() && MEMBER::isNameProtected($comment['user'])) {
return _ERROR_COMMENTS_MEMBERNICK;
}
// end if
// begin if: email required, but missing (doesn't apply to members)
if ($settings->emailRequired() && strlen($comment['email']) == 0 && !$member->isLoggedIn()) {
return _ERROR_EMAIL_REQUIRED;
}
// end if
## Note usage of mb_strlen() vs strlen() below ##
// begin if: commenter's name is too long
if (mb_strlen($comment['user']) > 40) {
return _ERROR_USER_TOO_LONG;
}
// end if
// begin if: commenter's email is too long
if (mb_strlen($comment['email']) > 100) {
return _ERROR_EMAIL_TOO_LONG;
}
// end if
// begin if: commenter's url is too long
if (mb_strlen($comment['userid']) > 100) {
return _ERROR_URL_TOO_LONG;
}
// end if
$comment['timestamp'] = $timestamp;
$comment['host'] = gethostbyaddr(serverVar('REMOTE_ADDR'));
$comment['ip'] = serverVar('REMOTE_ADDR');
// begin if: member is logged in, use that data
if ($member->isLoggedIn()) {
$comment['memberid'] = $member->getID();
$comment['user'] = '';
$comment['userid'] = '';
$comment['email'] = '';
} else {
$comment['memberid'] = 0;
}
// spam check
$continue = FALSE;
$plugins = array();
if (isset($manager->subscriptions['ValidateForm'])) {
$plugins = array_merge($plugins, $manager->subscriptions['ValidateForm']);
}
if (isset($manager->subscriptions['PreAddComment'])) {
$plugins = array_merge($plugins, $manager->subscriptions['PreAddComment']);
}
if (isset($manager->subscriptions['PostAddComment'])) {
$plugins = array_merge($plugins, $manager->subscriptions['PostAddComment']);
}
$plugins = array_unique($plugins);
while (list(, $plugin) = each($plugins)) {
$p = $manager->getPlugin($plugin);
$continue = $continue || $p->supportsFeature('handleSpam');
}
$spamcheck = array('type' => 'comment', 'body' => $comment['body'], 'id' => $comment['itemid'], 'live' => TRUE, 'return' => $continue);
// begin if: member logged in
if ($member->isLoggedIn()) {
$spamcheck['author'] = $member->displayname;
$spamcheck['email'] = $member->email;
} else {
$spamcheck['author'] = $comment['user'];
$spamcheck['email'] = $comment['email'];
$spamcheck['url'] = $comment['userid'];
}
// end if
$manager->notify('SpamCheck', array('spamcheck' => &$spamcheck));
if (!$continue && isset($spamcheck['result']) && $spamcheck['result'] == TRUE) {
return _ERROR_COMMENTS_SPAM;
}
// isValidComment returns either "1" or an error message
$isvalid = $this->isValidComment($comment, $spamcheck);
if ($isvalid != 1) {
return $isvalid;
}
// begin if: send email to notification address
if ($settings->getNotifyAddress() && $settings->notifyOnComment()) {
$mailto_msg = _NOTIFY_NC_MSG . ' ' . $this->itemid . "\n";
// $mailto_msg .= $CONF['IndexURL'] . 'index.php?itemid=' . $this->itemid . "\n\n";
$temp = parse_url($CONF['Self']);
if ($temp['scheme']) {
$mailto_msg .= createItemLink($this->itemid) . "\n\n";
} else {
$tempurl = $settings->getURL();
if (substr($tempurl, -1) == '/' || substr($tempurl, -4) == '.php') {
$mailto_msg .= $tempurl . '?itemid=' . $this->itemid . "\n\n";
} else {
$mailto_msg .= $tempurl . '/?itemid=' . $this->itemid . "\n\n";
}
}
if ($comment['memberid'] == 0) {
$mailto_msg .= _NOTIFY_USER . ' ' . $comment['user'] . "\n";
$mailto_msg .= _NOTIFY_USERID . ' ' . $comment['userid'] . "\n";
} else {
$mailto_msg .= _NOTIFY_MEMBER . ' ' . $member->getDisplayName() . ' (ID=' . $member->getID() . ")\n";
}
$mailto_msg .= _NOTIFY_HOST . ' ' . $comment['host'] . "\n";
$mailto_msg .= _NOTIFY_COMMENT . "\n " . $comment['body'] . "\n";
$mailto_msg .= getMailFooter();
$item =& $manager->getItem($this->itemid, 0, 0);
$mailto_title = _NOTIFY_NC_TITLE . ' ' . strip_tags($item['title']) . ' (' . $this->itemid . ')';
$frommail = $member->getNotifyFromMailAddress($comment['email']);
$notify =& new NOTIFICATION($settings->getNotifyAddress());
$notify->notify($mailto_title, $mailto_msg, $frommail);
}
$comment = COMMENT::prepare($comment);
$manager->notify('PreAddComment', array('comment' => &$comment, 'spamcheck' => &$spamcheck));
$name = sql_real_escape_string($comment['user']);
$url = sql_real_escape_string($comment['userid']);
$email = sql_real_escape_string($comment['email']);
$body = sql_real_escape_string($comment['body']);
$host = sql_real_escape_string($comment['host']);
$ip = sql_real_escape_string($comment['ip']);
$memberid = intval($comment['memberid']);
$timestamp = date('Y-m-d H:i:s', $comment['timestamp']);
$itemid = $this->itemid;
$qSql = 'SELECT COUNT(*) AS result ' . 'FROM ' . sql_table('comment') . ' WHERE ' . 'cmail = "' . $url . '"' . ' AND cmember = "' . $memberid . '"' . ' AND cbody = "' . $body . '"' . ' AND citem = "' . $itemid . '"' . ' AND cblog = "' . $blogid . '"';
$result = (int) quickQuery($qSql);
if ($result > 0) {
return _ERROR_BADACTION;
}
$query = 'INSERT INTO ' . sql_table('comment') . ' (CUSER, CMAIL, CEMAIL, CMEMBER, CBODY, CITEM, CTIME, CHOST, CIP, CBLOG) ' . "VALUES ('{$name}', '{$url}', '{$email}', {$memberid}, '{$body}', {$itemid}, '{$timestamp}', '{$host}', '{$ip}', '{$blogid}')";
sql_query($query);
// post add comment
$commentid = sql_insert_id();
$manager->notify('PostAddComment', array('comment' => &$comment, 'commentid' => &$commentid, 'spamcheck' => &$spamcheck));
// succeeded !
return TRUE;
}
function getNoDecodeQuery($q)
{
// Get urlencoded TAGs
global $CONF, $manager;
// FancyURL
if ($CONF['URLMode'] == 'pathinfo') {
$urlq = serverVar('REQUEST_URI');
$tempq = explode($q . '/', $urlq, 2);
if ($this->maURL) {
//($manager->pluginInstalled('NP_MagicalURL2') || $manager->pluginInstalled('NP_Magical')) {
$tempq = explode($q . '_', $urlq, 2);
}
// if ($tempq[1]) {
if (!empty($tempq[1])) {
$tagq = explode('/', $tempq[1]);
if ($this->maURL) {
//($manager->pluginInstalled('NP_MagicalURL2') || $manager->pluginInstalled('NP_Magical')) {
$tagq = explode('_', $tempq[1]);
}
$str = preg_replace('|[^a-z0-9-~+_.#;,:@%]|i', '', $tagq[0]);
return $str;
}
} else {
// NormalURL
$urlq = serverVar('QUERY_STRING');
$urlq = str_replace('?', '', $urlq);
$urlq = explode('&', $urlq);
$qCnt = count($urlq);
for ($i = 0; $i < $qCnt; $i++) {
$tempq = explode('=', $urlq[$i]);
if ($tempq[0] == $q) {
$str = preg_replace('|[^a-z0-9-~+_.#;,:@%]|i', '', $tempq[1]);
return $str;
}
}
}
return FALSE;
}
function showInstallForm()
{
// 0. pre check if all necessary files exist
doCheckFiles();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="application/xhtml+xml; charset=UTF-8" />
<title><?php
echo _TITLE;
?>
</title>
<style type="text/css"><!--
@import url('../nucleus/documentation/styles/manual.css');
--></style>
<script type="text/javascript"><!--
var submitcount = 0;
// function to make sure the submit button only gets pressed once
function checkSubmit() {
if (submitcount == 0) {
submitcount++;
return true;
} else {
return false;
}
}
--></script>
</head>
<body>
<div style="text-align:center"><img src="../nucleus/styles/logo.gif" alt="<?php
echo _ALT_NUCLEUS_CMS_LOGO;
?>
" /></div> <!-- Nucleus logo -->
<form method="post" action="index.php">
<h1><?php
echo _HEADER1;
?>
</h1>
<?php
echo _TEXT1;
?>
<h1><?php
echo _HEADER1_2;
?>
</h1>
<?php
echo _TEXT1_2;
?>
<fieldset>
<legend><?php
echo _TEXT1_2_TAB_HEAD;
?>
</legend>
<table>
<tr>
<td><?php
echo _TEXT1_2_TAB_FIELD1;
?>
</td>
<td>
<select name="charset" tabindex="10000">
<option value="utf8" selected="selected">UTF-8</option>
<option value="ujis" >EUC-JP</option>
</select>
</td>
</tr>
</table>
</fieldset>
<h1><?php
echo _HEADER2;
?>
</h1>
<?php
echo _TEXT2;
?>
<ul>
<li>PHP:
<?php
echo phpversion();
?>
</li>
<li>MySQL:
<?php
// Turn on output buffer
// Needed to repress the output of the sql function that are
// not part of php (in this case the @ operator doesn't work)
ob_start();
// note: this piece of code is taken from phpMyAdmin
$conn = sql_connect_args('localhost', '', '');
$result = @sql_query('SELECT VERSION() AS version', $conn);
if ($result != FALSE && sql_num_rows($result) > 0) {
$row = sql_fetch_array($result);
$match = explode('.', $row['version']);
} else {
$result = @sql_query('SHOW VARIABLES LIKE \'version\'', $conn);
if ($result != FALSE && @sql_num_rows($result) > 0) {
$row = sql_fetch_row($result);
$match = explode('.', $row[1]);
} else {
$output = function_exists('shell_exec') ? @shell_exec('mysql -V') : '0.0.0';
preg_match('#[0-9]+\\.[0-9]+\\.[0-9]+#', $output, $version);
$match = explode('.', $version[0]);
if ($match[0] == '') {
$match[0] = '0';
$match[1] = '0';
$match[2] = '0';
}
}
}
@sql_disconnect($conn);
//End and clean output buffer
ob_end_clean();
$mySqlVersion = implode($match, '.');
$minVersion = '3.23';
if (version_compare($mySqlVersion, '0.0.0', '==')) {
echo _NOTIFICATION1;
} else {
echo $mySqlVersion;
}
if (version_compare($mySqlVersion, $minVersion, '<')) {
echo ' <span class="warning" style="display:block">' . sprintf(_TEXT2_WARN1, $minVersion) . '</span>';
}
?>
</li>
</ul>
<?php
if (phpversion() < '5.0.0') {
echo ' <p class="deprecated">' . _TEXT2_WARN2 . '</p>';
?>
</form>
</body>
</html>
<?php
exit;
}
// tell people how they can have their config file filled out automatically
if (@file_exists('../config.php') && @(!is_writable('../config.php'))) {
?>
<h1><?php
echo _HEADER3;
?>
</h1>
<?php
echo _TEXT3;
}
?>
<h1><?php
echo _HEADER4;
?>
</h1>
<?php
echo _TEXT4;
?>
<fieldset>
<legend><?php
echo _TEXT4_TAB_HEAD;
?>
</legend>
<table>
<tr>
<td><label for="if_mySQL_host"><?php
echo _TEXT4_TAB_FIELD1;
?>
:</label></td>
<td><input id="if_mySQL_host" name="mySQL_host" value="DUMMY_DB_HOST" tabindex="10010" /></td>
</tr>
<tr>
<td><label for="if_mySQL_user"><?php
echo _TEXT4_TAB_FIELD2;
?>
:</label></td>
<td><input id="if_mySQL_user" name="mySQL_user" value="DUMMY_PROJECT_NAME" tabindex="10020" /></td>
</tr>
<tr>
<td><label for="if_mySQL_password"><?php
echo _TEXT4_TAB_FIELD3;
?>
:</label></td>
<td><input id="if_mySQL_password" name="mySQL_password" value="DUMMY_DB_PASSWORD" type="password" tabindex="10030" /></td>
</tr>
<tr>
<td><label for="if_mySQL_database"><?php
echo _TEXT4_TAB_FIELD4;
?>
:</label></td>
<td><input id="if_mySQL_database" name="mySQL_database" value="DUMMY_PROJECT_NAME" tabindex="10040" /> (<input name="mySQL_create" value="1" type="checkbox" id="mySQL_create" tabindex="10050" /><label for="mySQL_create"><?php
echo _TEXT4_TAB_FIELD4_ADD;
?>
</label>)</td>
</tr>
</table>
</fieldset>
<fieldset>
<legend><?php
echo _TEXT4_TAB2_HEAD;
?>
</legend>
<table>
<tr>
<td><input name="mySQL_usePrefix" value="1" type="checkbox" id="mySQL_usePrefix" tabindex="10060" /><label for="mySQL_usePrefix"><?php
echo _TEXT4_TAB2_FIELD;
?>
:</label></td>
<td><input name="mySQL_tablePrefix" value="" tabindex="10070" /></td>
</tr>
</table>
<?php
echo _TEXT4_TAB2_ADD;
?>
</fieldset>
<h1><?php
echo _HEADER5;
?>
</h1>
<?php
echo _TEXT5;
?>
<?php
// no need to this all! dirname(__FILE__) is all we need -- moraes
/*
// discover full path
$fullPath = serverVar('PATH_TRANSLATED');
if ($fullPath == '') {
$fullPath = serverVar('SCRIPT_FILENAME');
}
$basePath = str_replace('install.php', '', $fullPath);
$basePath = replaceDoubleBackslash($basePath);
$basePath = replaceDoubleBackslash($basePath);
// add slash at end if necessary
if (!endsWithSlash($basePath) ) {
$basePath .= '/';
}
*/
$basePath = str_replace('install', '', dirname(__FILE__));
?>
<fieldset>
<legend><?php
echo _TEXT5_TAB_HEAD;
?>
</legend>
<table>
<tr>
<td><label for="if_IndexURL"><?php
echo _TEXT5_TAB_FIELD1;
?>
:</label></td>
<td><input id="if_IndexURL" name="IndexURL" size="60" value="<?php
$url = 'http://' . serverVar('HTTP_HOST') . serverVar('PHP_SELF');
$url = str_replace('install/index.php', '', $url);
$url = replaceDoubleBackslash($url);
// add slash at end if necessary
if (!endsWithSlash($url)) {
$url .= '/';
}
echo $url;
?>
" tabindex="10080" /></td>
</tr>
<tr>
<td><label for="if_AdminURL"><?php
echo _TEXT5_TAB_FIELD2;
?>
:</label></td>
<td><input id="if_AdminURL" name="AdminURL" size="60" value="<?php
if ($url) {
echo $url . 'nucleus/';
}
?>
" tabindex="10090" /></td>
</tr>
<tr>
<td><label for="if_AdminPath"><?php
echo _TEXT5_TAB_FIELD3;
?>
:</label></td>
<td><input id="if_AdminPath" name="AdminPath" size="60" value="<?php
if ($basePath) {
echo $basePath . 'nucleus/';
}
?>
" tabindex="10100" /></td>
</tr>
<tr>
<td><label for="if_MediaURL"><?php
echo _TEXT5_TAB_FIELD4;
?>
:</label></td>
<td><input id="if_MediaURL" name="MediaURL" size="60" value="<?php
if ($url) {
echo $url . 'media/';
}
?>
" tabindex="10110" /></td>
</tr>
<tr>
<td><label for="if_MediaPath"><?php
echo _TEXT5_TAB_FIELD5;
?>
:</label></td>
<td><input id="if_MediaPath" name="MediaPath" size="60" value="<?php
if ($basePath) {
echo $basePath . 'media/';
}
?>
" tabindex="10120" /></td>
</tr>
<tr>
<td><label for="if_SkinsURL"><?php
echo _TEXT5_TAB_FIELD6;
?>
:</label></td>
<td><input id="if_SkinsURL" name="SkinsURL" size="60" value="<?php
if ($url) {
echo $url . 'skins/';
}
?>
" tabindex="10130" />
<br />(<?php
echo _TEXT5_TAB_FIELD7_2;
?>
)
</td>
</tr>
<tr>
<td><label for="if_SkinsPath"><?php
echo _TEXT5_TAB_FIELD7;
?>
:</label></td>
<td><input id="if_SkinsPath" name="SkinsPath" size="60" value="<?php
if ($basePath) {
echo $basePath . 'skins/';
}
?>
" tabindex="10140" />
<br />(<?php
echo _TEXT5_TAB_FIELD7_2;
?>
)
</td>
</tr>
<tr>
<td><label for="if_PluginURL"><?php
echo _TEXT5_TAB_FIELD8;
?>
:</label></td>
<td><input id="if_PluginURL" name="PluginURL" size="60" value="<?php
if ($url) {
echo $url . 'nucleus/plugins/';
}
?>
" tabindex="10150" /></td>
</tr>
<tr>
<td><label for="if_ActionURL"><?php
echo _TEXT5_TAB_FIELD9;
?>
:</label></td>
<td><input id="if_ActionURL" name="ActionURL" size="60" value="<?php
if ($url) {
echo $url . 'action.php';
}
?>
" tabindex="10160" />
<br />(<?php
echo _TEXT5_TAB_FIELD9_2;
?>
)
</td>
</tr>
</table>
</fieldset>
<?php
echo _TEXT5_2;
?>
<h1><?php
echo _HEADER6;
?>
</h1>
<?php
echo _TEXT6;
?>
<fieldset>
<legend><?php
echo _TEXT6_TAB_HEAD;
?>
</legend>
<table>
<tr>
<td><label for="if_User_name"><?php
echo _TEXT6_TAB_FIELD1;
?>
:</label></td>
<td><input id="if_User_name" name="User_name" value="" tabindex="10170" /> <small>(<?php
echo _TEXT6_TAB_FIELD1_2;
?>
)</small></td>
</tr>
<tr>
<td><label for="if_User_realname"><?php
echo _TEXT6_TAB_FIELD2;
?>
:</label></td>
<td><input id="if_User_realname" name="User_realname" value="" tabindex="10180" /></td>
</tr>
<tr>
<td><label for="if_User_password"><?php
echo _TEXT6_TAB_FIELD3;
?>
:</label></td>
<td><input id="if_User_password" name="User_password" type="password" value="" tabindex="10190" /></td>
</tr>
<tr>
<td><label for="if_User_password2"><?php
echo _TEXT6_TAB_FIELD4;
?>
:</label></td>
<td><input id="if_User_password2" name="User_password2" type="password" value="" tabindex="10200" /></td>
</tr>
<tr>
<td><label for="if_User_email"><?php
echo _TEXT6_TAB_FIELD5;
?>
:</label></td>
<td><input id="if_User_email" name="User_email" value="" tabindex="10210" /> <small>(<?php
echo _TEXT6_TAB_FIELD5_2;
?>
)</small></td>
</tr>
</table>
</fieldset>
<h1><?php
echo _HEADER7;
?>
</h1>
<?php
echo _TEXT7;
?>
<fieldset>
<legend><?php
echo _TEXT7_TAB_HEAD;
?>
</legend>
<table>
<tr>
<td><label for="if_Blog_name"><?php
echo _TEXT7_TAB_FIELD1;
?>
:</label></td>
<td><input id="if_Blog_name" name="Blog_name" size="60" value="My Nucleus CMS" tabindex="10220" /></td>
</tr>
<tr>
<td><label for="if_Blog_shortname"><?php
echo _TEXT7_TAB_FIELD2;
?>
:</label></td>
<td><input id="if_Blog_shortname" name="Blog_shortname" value="mynucleuscms" tabindex="10230" /> <small>(<?php
echo _TEXT7_TAB_FIELD2_2;
?>
)</small></td>
</tr>
</table>
</fieldset>
<h1><?php
echo _HEADER8;
?>
</h1>
<fieldset>
<legend><?php
echo _TEXT8_TAB_HEADER;
?>
</legend>
<table>
<tr>
<td><input name="Weblog_ping" value="1" type="checkbox" id="Weblog_ping" tabindex="10240" /><label for="Weblog_ping"><?php
echo _TEXT8_TAB_FIELD1;
?>
</label></td>
</tr>
</table>
</fieldset>
<h1><?php
echo _HEADER9;
?>
</h1>
<?php
echo _TEXT9;
?>
<p>
<input name="action" value="go" type="hidden" />
<input type="submit" value="<?php
echo _BUTTON1;
?>
" onclick="return checkSubmit();" tabindex="10250" />
</p>
</form>
</body>
</html>
<?php
}
function saveIP()
{
$query = 'INSERT INTO ' . sql_table('karma') . ' (itemid, ip) VALUES (' . $this->itemid . ",'" . sql_real_escape_string(serverVar('REMOTE_ADDR')) . "')";
sql_query($query);
}
function doTemplateVar(&$item, $input)
{
$itemid = $item->itemid;
$remote_ip = serverVar('REMOTE_ADDR');
$timespan = $this->getOption('timespan') * 3600;
$now = $_SERVER['REQUEST_TIME'];
// get the current Views count
$query = sprintf('SELECT views FROM %s WHERE id=%s', sql_table('plugin_views'), $itemid);
$result = sql_query($query);
$total = sql_num_rows($result);
$row = sql_fetch_object($result);
$views = intval($row->views);
// Only do count updates if "skipcount" is not set
if ($input != 'skipcount') {
// This takes care of previous items
if ($total == 0) {
//$views = 0;
sql_query(sprintf("INSERT INTO %s (id, views) VALUES('%s', '1')", sql_table('plugin_views'), $itemid));
}
// Check the views_log table to see if this IP has a viewtime for this item
$param = array(sql_table('plugin_views_log'), $remote_ip, $itemid);
$result = sql_query(vsprintf("SELECT viewtime FROM %s WHERE ip='%s' AND itemid=%s", $param));
// No views from this IP in the past X hours, so update the Views count
if (sql_num_rows($result) == 0) {
$views++;
$this->_updateViewsCount($itemid, $views);
$this->_addViewsLog($itemid, $remote_ip, $now);
} else {
$viewtime = sql_result($result, 0, 'viewtime');
// It's been longer than X hours, so recount
if ($now - $timespan > $viewtime) {
$views++;
$this->_updateViewsCount($itemid, $views);
$this->_updateViewsLog($itemid, $remote_ip, $now);
}
}
}
// Clear logs that are more than X hours old
$time = $now - $timespan;
sql_query(sprintf('DELETE FROM %s WHERE (viewtime < %s)', sql_table('plugin_views_log'), $time));
if ($this->getOption('silent') == 'no') {
echo $views;
}
}
function doSkinVar($skinType, $type = 'cloud', $sort = 'alp', $maxtags = -1, $blogid = "current")
{
global $blog, $manager, $CONF;
if (!$blog) {
echo "<!-- TechnoratiTags fatal error: no blog object?? -->";
//ACTIONLOG::add(WARNING, 'TechnoratiTags Error:' . serverVar("REQUEST_URI"));
}
if ($type == 'tagsearch') {
if ($CONF['URLMode'] == 'pathinfo') {
$uri = serverVar('REQUEST_URI');
$temp = explode('/', $uri);
$i = array_search('tags', $temp);
$i++;
if (function_exists('mb_convert_encoding')) {
$tag = mb_convert_encoding($temp[$i], _CHARSET, _CHARSET);
$tag = rawurldecode($tag);
} else {
// This will not work for UTF-8 tag..... not something
// we can fix unless we bundle mb_convert_encoding()
$tag = urlencode($temp[$i]);
}
if ($blog->getId() != 1) {
$i = array_search('blogid', $temp);
$i++;
$blogid = $temp[$i];
}
} else {
$tag = str_replace(' ', '+', RequestVar('tag'));
if (function_exists('mb_convert_encoding')) {
$tag = mb_convert_encoding($tag, _CHARSET, _CHARSET);
$tag = rawurldecode($tag);
} else {
// This will not work for UTF-8 tag..... not something
// we can fix unless we bundle mb_convert_encoding()
$tag = urlencode($tag);
}
}
if ($tag == '') {
return;
}
if ($this->getOption('PlusSwitch') == 'yes') {
$displayed_tag = str_replace('+', ' ', $tag);
} else {
$displayed_tag = $tag;
}
echo "<div class=\"contenttitle\"><h2>" . $this->getOption('SearchTitleText') . " " . $displayed_tag . "</h2></div>";
// **** need better than tags like %% ??? *****
$query = "select t.itemid, i.ititle from " . $this->tablename . " as t, " . sql_table('item') . " as i where tags like \"%" . $tag . "%\" and t.itemid = i.inumber and i.idraft != 1 ";
if (is_numeric($blogid)) {
$query .= " and i.iblog = " . $blogid;
} else {
$query .= " and i.iblog = " . $blog->getID();
}
// else for "all", which has not i.iblog=xyz
$query .= " order by i.itime desc";
// else for "all" or anything we will show tagged posts from all blogs....
// it's a feature, not a bug..... I could have choke it here...
$res = sql_query($query);
echo "<br /><br /><ul>";
while ($row = sql_fetch_object($res)) {
$link = createItemLink($row->itemid);
echo "<li><a href=\"" . $link . "\">" . $row->ititle . "</a></li>";
}
echo "</ul>";
} else {
if ($type == 'cloud' || $type == 'dcloud' || $type == 'localcloud') {
if ($blogid == "current") {
$blogid = $blog->getID();
} else {
if (is_numeric($blogid)) {
// $blogid provided by user
} else {
$blogid = 0;
}
}
// get all tags and counts
$tags = $this->getAllTags($blogid);
// Show only top x tags override from skinvar
arsort($tags);
if ($maxtags > 0) {
$tags = array_slice($tags, 0, $maxtags, true);
}
// spread tags amount 4 levels of formating in the tag cloud
$newtags = $tags;
$total = sizeof($newtags);
$pcnt = 0;
$diff = $total / 4;
$l = $diff;
$m = 2 * $diff;
$s = 3 * $diff;
foreach ($newtags as $curtag => $curtagcount) {
if ($pcnt < $l) {
$newtags[$curtag] = 3;
} else {
if ($pcnt < $m) {
$newtags[$curtag] = 2;
} else {
if ($pcnt < $s) {
$newtags[$curtag] = 1;
} else {
$newtags[$curtag] = 0;
}
}
}
$pcnt++;
}
if ($sort == 'alp') {
ksort($newtags);
}
// for debug count
$tc = 0;
$sc = 0;
$mc = 0;
$lc = 0;
// cant figure out a good way to fit this in, or even if we want to.
$separator = $this->getOption('TagSeparator');
foreach ($newtags as $curtag => $level) {
$count = "";
if ($level == 3) {
echo "<span class=\"largeT\">";
$lc++;
} else {
if ($level == 2) {
echo "<span class=\"mediumT\">";
$mc++;
} else {
if ($level == 1) {
echo "<span class=\"smallT\">";
$sc++;
} else {
echo "<span class=\"tinyT\">";
$tc++;
}
}
}
if ($this->getOption('ShowCount') == "yes") {
$count = " [" . $tags[$curtag] . "]";
}
if ($this->getOption('PlusSwitch') == 'yes') {
$displayed_tag = str_replace('+', ' ', $curtag);
} else {
$displayed_tag = $curtag;
}
$style = 'background: none;padding: 0px; margin: 0px; text-decoration: none;';
if ($type == 'cloud') {
echo sprintf('<a href="%s/%s" title="Find tag %s on Technorati" style="%s">%s</a>', $this->technoratiurl, $curtag, $curtag, $style, $displayed_tag, $count);
} elseif ($type == 'dcloud') {
echo sprintf('<a href="%s/%s" title="Find tag %s on del.icio.us" style="%s">%s</a>', $this->deliciousurl, $curtag, $curtag, $style, $displayed_tag, $count);
} else {
if ($CONF['URLMode'] == 'pathinfo') {
$link = $blog->getURL();
$link .= '/tags/' . $curtag;
} else {
$self = rtrim(str_replace('index.php', '', $CONF['Self']), '/') . '/';
if ($self === '/') {
$self = './';
}
$link = "{$self}tags.php?tag={$curtag}";
if ($blog->getId() != 1) {
$link .= "&blogid=" . $blog->getId();
}
}
echo "<a href=\"" . $link . "\" style=\"{$style}\">" . $displayed_tag . $count . "</a>";
}
echo "</span>\n";
// finish it off
}
echo '<!-- ' . $tc . '-' . $sc . '-' . $mc . '-' . $lc . ' -->';
}
}
}
function sanitizeRequestUri()
{
$request_uri = serverVar('SCRIPT_NAME');
foreach ($_GET as $name => $val) {
// when magic quotes off, need to use stripslashes
if (!get_magic_quotes_gpc()) {
$val = addslashes($val);
}
list($val, $tmp) = explode('\\', $val);
$request_uri .= sprintf("?%s=%s", $name, $val);
}
$_SERVER['REQUEST_URI'] = $request_uri;
}
/**
* Check ticket when not checked in plugin's admin page
* to avoid CSRF.
* Also avoid the access to plugin/index.php by guest user.
*/
function ticketForPlugin()
{
global $CONF, $DIR_PLUGINS, $member, $ticketforplugin;
/* initialize */
$ticketforplugin = array();
$ticketforplugin['ticket'] = FALSE;
/* Check if using plugin's php file. */
if ($p_translated = serverVar('PATH_TRANSLATED')) {
if (!file_exists($p_translated)) {
$p_translated = '';
}
}
if (!$p_translated) {
$p_translated = serverVar('SCRIPT_FILENAME');
if (!file_exists($p_translated)) {
header("HTTP/1.0 404 Not Found");
exit('');
}
}
$p_translated = str_replace('\\', '/', $p_translated);
$d_plugins = str_replace('\\', '/', $DIR_PLUGINS);
if (strpos($p_translated, $d_plugins) !== 0) {
return;
// This isn't plugin php file.
}
/* Solve the plugin php file or admin directory */
$phppath = substr($p_translated, strlen($d_plugins));
$phppath = preg_replace('#^/#', '', $phppath);
// Remove the first "/" if exists.
$path = preg_replace('#^NP_(.*)\\.php$#', '$1', $phppath);
// Remove the first "NP_" and the last ".php" if exists.
$path = preg_replace('#^([^/]*)/(.*)$#', '$1', $path);
// Remove the "/" and beyond.
/* Solve the plugin name. */
$plugins = array();
$query = 'SELECT `pfile` FROM ' . sql_table('plugin');
$res = sql_query($query);
while ($row = sql_fetch_row($res)) {
$name = substr($row[0], 3);
$plugins[strtolower($name)] = $name;
}
sql_free_result($res);
if ($plugins[$path]) {
$plugin_name = $plugins[$path];
} else {
if (in_array($path, $plugins)) {
$plugin_name = $path;
} else {
header("HTTP/1.0 404 Not Found");
exit('');
}
}
/* Return if not index.php */
if ($phppath != strtolower($plugin_name) . '/' && $phppath != strtolower($plugin_name) . '/index.php') {
return;
}
/* Exit if not logged in. */
if (!$member->isLoggedIn()) {
exit(_GFUNCTIONS_YOU_AERNT_LOGGEDIN);
}
global $manager, $DIR_LIBS, $DIR_LANG, $HTTP_GET_VARS, $HTTP_POST_VARS;
/* Check if this feature is needed (ie, if "$manager->checkTicket()" is not included in the script). */
if (!($p_translated = serverVar('PATH_TRANSLATED'))) {
$p_translated = serverVar('SCRIPT_FILENAME');
}
if ($file = @file($p_translated)) {
$prevline = '';
foreach ($file as $line) {
if (preg_match('/[\\$]manager([\\s]*)[\\-]>([\\s]*)checkTicket([\\s]*)[\\(]/i', $prevline . $line)) {
return;
}
$prevline = $line;
}
}
/* Show a form if not valid ticket */
if ((strstr(serverVar('REQUEST_URI'), '?') || serverVar('QUERY_STRING') || strtoupper(serverVar('REQUEST_METHOD')) == 'POST') && !$manager->checkTicket()) {
if (!class_exists('PluginAdmin')) {
$language = getLanguageName();
# replaced ereg_replace() below with preg_replace(). ereg* functions are deprecated in PHP 5.3.0
# original ereg_replace: ereg_replace( '[\\|/]', '', $language) . '.php')
# important note that '\' must be matched with '\\\\' in preg* expressions
include $DIR_LANG . preg_replace('#[\\\\|/]#', '', $language) . '.php';
include $DIR_LIBS . 'PLUGINADMIN.php';
}
$oPluginAdmin = new PluginAdmin($plugin_name);
$oPluginAdmin->start();
echo '<p>' . _ERROR_BADTICKET . "</p>\n";
/* Show the form to confirm action */
// PHP 4.0.x support
$get = isset($_GET) ? $_GET : $HTTP_GET_VARS;
$post = isset($_POST) ? $_POST : $HTTP_POST_VARS;
// Resolve URI and QUERY_STRING
if ($uri = serverVar('REQUEST_URI')) {
list($uri, $qstring) = explode('?', $uri);
} else {
if (!($uri = serverVar('PHP_SELF'))) {
$uri = serverVar('SCRIPT_NAME');
}
$qstring = serverVar('QUERY_STRING');
}
if ($qstring) {
$qstring = '?' . $qstring;
}
echo '<p>' . _SETTINGS_UPDATE . ' : ' . _QMENU_PLUGINS . ' <span style="color:red;">' . htmlspecialchars($plugin_name) . "</span> ?</p>\n";
switch (strtoupper(serverVar('REQUEST_METHOD'))) {
case 'POST':
echo '<form method="POST" action="' . htmlspecialchars($uri . $qstring) . '">';
$manager->addTicketHidden();
_addInputTags($post);
break;
case 'GET':
echo '<form method="GET" action="' . htmlspecialchars($uri) . '">';
$manager->addTicketHidden();
_addInputTags($get);
default:
break;
}
echo '<input type="submit" value="' . _YES . '" /> ';
echo '<input type="button" value="' . _NO . '" onclick="history.back(); return false;" />';
echo "</form>\n";
$oPluginAdmin->end();
exit;
}
/* Create new ticket */
$ticket = $manager->addTicketToUrl('');
$ticketforplugin['ticket'] = substr($ticket, strpos($ticket, 'ticket=') + 7);
}
/**
* Parse skinvar referer
*/
function parse_referer()
{
echo htmlspecialchars(serverVar('HTTP_REFERER'), ENT_QUOTES);
}
function _skinfiles_download()
{
global $pluginUrl, $manager;
$file = _skinfiles_basename(trim(requestVar('file')));
$directory = dirname(trim(requestVar('file')));
$directory = sfExpandDirectory($directory);
if (sfValidPath($directory) && file_exists($directory . $file) && is_file($directory . $file) && is_readable($directory . $file)) {
if (strstr(serverVar('HTTP_USER_AGENT'), "MSIE")) {
$name = preg_replace('/\\./', '%2e', $file, substr_count($file, '.') - 1);
} else {
$name = $file;
}
if ($fp = @fopen($directory . $file, 'r')) {
header("Cache-Control: ");
// leave blank to avoid IE errors
header("Pragma: ");
// leave blank to avoid IE errors
header("Content-type: application/octet-stream");
header('Content-Disposition: attachment; filename="' . $name . '"');
header("Content-length: " . (string) filesize($directory . $file));
sleep(1);
fpassthru($fp);
fclose($fp);
} else {
echo _SKINFILES_ERR_DOWNLOAD_FILE1;
}
} else {
echo _SKINFILES_ERR_DOWNLOAD_FILE2;
}
exit;
}
/**
* Checks if an IP or IP range is banned
*/
function checkban($blogid)
{
// check if banned
$ban = BAN::isBanned($blogid, serverVar('REMOTE_ADDR'));
if ($ban != 0) {
doError(_ERROR_BANNED1 . $ban->iprange . _ERROR_BANNED2 . $ban->message . _ERROR_BANNED3);
}
}
// create the admin area page
$oPluginAdmin = new PluginAdmin('BadBehavior');
$oPluginAdmin->start($newhead);
if ($member->isLoggedIn() && $member->canLogin()) {
$admin = 1;
} else {
echo 'You are not logged in.';
$oPluginAdmin->end();
exit;
}
global $CONF, $manager;
// $manager->checkTicket();
$action_url = $CONF['ActionURL'];
$thispage = $CONF['PluginURL'] . "badbehavior/index.php";
$adminpage = $CONF['AdminURL'];
$thisquerystring = serverVar('QUERY_STRING');
$toplink = '<p class="center"><a href="' . $thispage . '?' . $thisquerystring . '#sitop" alt="Return to Top of Page">-top-</a></p>' . "\n";
$showlist = strtolower(trim(requestVar('showlist')));
if (!in_array($showlist, array('stats', 'admin', 'logs'))) {
$showlist = 'stats';
}
$tname = stringStripTags(trim(requestVar('tname')));
$fname = stringStripTags(trim(requestVar('fname')));
$oname = stringStripTags(trim(requestVar('oname')));
$iname = stringStripTags(trim(requestVar('iname')));
$iname = preg_replace('|[^a-z0-9.,_/-]|i', '_', $iname);
// make sure bad behavior is loaded
if (!defined('BB2_CORE')) {
//echo "loading necessary bad behavior libraries...";
global $DIR_PLUGINS;
$homepath = $DIR_PLUGINS . '/badbehavior/';
