function onSubmit($vals) { loader_import('siteforum.Post'); loader_import('siteforum.Filters'); loader_import('siteforum.Topic'); $p = new SiteForum_Post(); if (!session_admin()) { $notice = 'no'; } else { if ($vals['notice'] == 'Make this post a notice.') { $notice = 'yes'; } else { $notice = 'no'; } } $t = new SiteForum_Topic(); $topic = $t->get($vals['topic']); if (!($res = $p->add(array('user_id' => session_username(), 'topic_id' => $vals['topic'], 'post_id' => $vals['post'], 'ts' => date('Y-m-d H:i:s'), 'subject' => $vals['subject'], 'body' => $vals['body'], 'sig' => db_shift('select sig from sitellite_user where username = ?', session_username()), 'notice' => $notice, 'sitellite_access' => $topic->sitellite_access, 'sitellite_status' => $topic->sitellite_status)))) { page_title(intl_get('Database Error')); echo '<p>' . intl_get('An error occurred. Please try again later.') . '</p>'; echo '<p>' . intl_get('Error Message') . ': ' . $p->error . '</p>'; return; } $vals['id'] = $res; if (!empty($vals['post'])) { $p->touch($vals['post']); } if ($vals['subscribe'] == 'Subscribe me to this forum thread.') { if (!$vals['post']) { $vals['post'] = $res; } db_execute('insert into siteforum_subscribe (id, post_id, user_id) values (null, ?, ?)', $vals['post'], session_username()); } $ae = appconf('admin_email'); if ($ae) { @mail($ae, intl_get('Forum Posting Notice'), template_simple('post_email.spt', $vals), 'From: ' . appconf('forum_name') . '@' . site_domain()); } $exempt = explode(',', $ae); $res = db_fetch_array('select distinct u.email, u.username from sitellite_user u, siteforum_subscribe s where s.user_id = u.username and s.post_id = ?', $vals['post']); foreach ($res as $row) { if (in_array($row->email, $exempt)) { continue; } $vals['user_id'] = $row->username; @mail($row->email, intl_get('Forum Posting Notice'), template_simple('post_email_subscriber.spt', $vals), 'From: ' . appconf('forum_name') . '@' . site_domain()); } page_title(intl_get('Message Posted')); echo template_simple('post_submitted.spt', $vals); }
function SitewikiEditForm() { parent::MailForm(__FILE__); $level = 0; if (session_valid()) { $level++; } if (session_admin()) { $level++; } global $cgi; $res = db_fetch('select * from sitewiki_page where id = ?', $cgi->page); if (!$res) { $this->widgets['submit_button']->buttons[1]->extra = 'onclick="window.location.href = \'' . site_prefix() . '/index/sitewiki-edit-form?page=' . $cgi->page . '&unlock=1&ret=' . urlencode($_SERVER['HTTP_REFERER']) . '\'; return false"'; if ($level >= appconf('default_edit_level')) { $this->new_page = true; } else { echo template_simple('not_visible.spt'); $this->editable = false; return; } $this->widgets['view_level']->setValue(appconf('default_view_level')); $this->widgets['edit_level']->setValue(appconf('default_edit_level')); } else { $this->widgets['submit_button']->buttons[1]->extra = 'onclick="window.location.href = \'' . site_prefix() . '/index/sitewiki-edit-form?page=' . $cgi->page . '&unlock=1\'; return false"'; if ($level < $res->edit_level) { echo template_simple('not_visible.spt'); $this->editable = false; return; } else { $this->widgets['body']->setValue($res->body); $this->widgets['view_level']->setValue($res->view_level); $this->widgets['edit_level']->setValue($res->edit_level); } } if (!appconf('security_test')) { unset($this->widgets['security_test']); } if (!session_valid()) { unset($this->widgets['files']); unset($this->widgets['file_1']); unset($this->widgets['file_2']); unset($this->widgets['file_3']); } }
function _eventsInRange($start, $end = false, $cat = '', $aud = '', $user = '', $fields = '*', $limit = false) { if (session_admin()) { $append = session_allowed_sql(); } else { $append = session_approved_sql(); } if (!empty($user)) { $usr = '******' . db_quote($user); } else { $usr = '******'; } if (!empty($cat)) { $cat = ' and category = ' . db_quote($cat); } else { $cat = ' '; } if (!empty($aud)) { $aud = ' and audience like ' . db_quote('%' . $aud . '%'); } else { $aud = ' '; } if ($limit !== false) { $lim = ' limit ' . $limit; } else { $lim = ' '; } $start = db_quote($start); $sql = 'select ' . $fields . ' from siteevent_event where ('; if ($end) { $end = db_quote($end); $sql .= sprintf('(recurring = "no" and date >= %s and date <= %s and until_date = "0000-00-00") or ', $start, $end); $sql .= sprintf('(recurring != "no" and date <= %s and until_date = "0000-00-00") or ', $end); $sql .= sprintf('(date <= %s and until_date >= %s)', $end, $start); } else { $sql .= sprintf('(recurring = "no" and date >= %s and until_date = "0000-00-00") or ', $start); // not recurring, starts after $start $sql .= sprintf('(recurring != "no" and until_date = "0000-00-00") or '); // no end recurring date $sql .= sprintf('(until_date >= %s)', $start); // ends after $start } $sql .= ') ' . $usr . $cat . $aud . ' and ' . $append . ' order by date asc, time asc, until_date asc, until_time asc' . $lim; return db_fetch_array($sql); }
function getTopics() { if (session_admin()) { $perms = session_allowed_sql(); } else { $perms = session_approved_sql(); } $list = db_fetch_array('select * from siteforum_topic where ' . $perms . ' order by name asc'); foreach (array_keys($list) as $k) { $list[$k]->threads = db_shift('select count(*) from siteforum_post where topic_id = ? and post_id = ""', $list[$k]->id); $list[$k]->posts = db_shift('select count(*) from siteforum_post where topic_id = ?', $list[$k]->id); $obj = db_single('select ts, user_id, id from siteforum_post where topic_id = ? order by ts desc limit 1', $list[$k]->id); $list[$k]->last_post = $obj->ts; $list[$k]->last_post_user = $obj->user_id; $list[$k]->last_post_id = $obj->id; $list[$k]->last_post_user_public = db_shift('select public from sitellite_user where username = ?', $obj->user_id); } return $list; }
function getLatest($limit = 5, $topic = false) { if (session_admin()) { $perms = session_allowed_sql(); } else { $perms = session_approved_sql(); } if ($topic) { $list = db_fetch_array('select id, topic_id, user_id, ts, subject from siteforum_post where topic_id = ? and ' . $perms . ' order by ts desc limit ' . $limit, $topic); } else { $list = db_fetch_array('select id, topic_id, user_id, ts, subject from siteforum_post where ' . $perms . ' order by ts desc limit ' . $limit); } if (!$list) { return array(); } loader_import('siteforum.Topic'); $t = new SiteForum_Topic(); foreach (array_keys($list) as $k) { $list[$k]->topic_name = $t->getTitle($list[$k]->topic_id); $list[$k]->user_public = db_shift('select public from sitellite_user where username = ?', $list[$k]->user_id); } return $list; }
<?php if (!session_admin() || !isset($parameters['id'])) { header('Location: ' . site_prefix() . '/index/digger-app'); exit; } db_execute('delete from digger_comments where id = ?', $parameters['id']); header('Location: ' . site_prefix() . '/index/digger-comments-action/id.' . $parameters['story']); exit;
<?php if (!session_admin() && session_role() != 'member') { header('Location: ' . site_prefix() . '/index/ihome'); exit; } class SiteblogEditForm extends MailForm { function SiteblogEditForm() { parent::MailForm(); global $cgi; $refer = $_SERVER['HTTP_REFERER']; $this->parseSettings('inc/app/siteblog/forms/edit/settings.php'); $this->widgets['refer']->setValue($refer); //if add is true, we're creating a blog post, otherwise we're editing a blog post $add = isset($cgi->_key) && !empty($cgi->_key) ? false : true; $this->widgets['status']->setValues(array('Live', 'Not Live')); $cats = db_pairs('select id, title from siteblog_category where status = "on"'); if ($add) { page_title('Adding a Blog Post'); $this->widgets['author']->setValue(session_username()); unset($this->widgets['icategory']); $this->widgets['category']->setValues($cats); } else { loader_import('cms.Versioning.Rex'); $rex = new Rex('siteblog_post'); $document = $rex->getCurrent($cgi->_key); page_title('Editing a Blog Post'); //populate fields $this->widgets['subject']->setValue($document->subject);
<?php if (!session_admin()) { header('Location: ' . site_prefix() . '/index/news-app'); exit; } class NewsCommentEditForm extends MailForm { function NewsCommentEditForm() { parent::MailForm(); $this->parseSettings('inc/app/news/forms/comment/edit/settings.php'); page_title(intl_get('Editing Comment')); loader_import('news.Comment'); $c = new NewsComment(); global $cgi; $comment = $c->get($cgi->id); $this->widgets['subject']->setValue($comment->subject); $this->widgets['user_id']->setValue($comment->user_id); $this->widgets['body']->setValue($comment->body); $this->widgets['story_id']->setValue($comment->story_id); page_add_script(' function news_cancel (f) { window.location.href = "' . site_prefix() . '/index/news-app/story.' . $cgi->story_id . '"; return false; } '); $this->widgets['submit_button']->buttons[1]->extra = 'onclick="return news_cancel (this.form)"'; } function onSubmit($vals) {
<?php if (session_admin()) { $acl = session_allowed_sql(); } else { $acl = session_approved_sql(); } $res = db_fetch_array('select name, display_title, extension, description from sitellite_filesystem where path = ? and ' . $acl . ' order by name asc', $parameters['path']); $valid = appconf('valid'); foreach (array_keys($res) as $k) { if (!in_array(strtolower($res[$k]->extension), $valid)) { unset($res[$k]); } } if ($parameters['title']) { if ($box['context'] == 'action') { page_title($parameters['title']); } else { echo '<h2>' . $parameters['title'] . '</h2>'; } } page_add_script(site_prefix() . '/js/rollover.js'); template_simple_register('results', $res); template_simple_register('first', array_shift($res)); echo template_simple('slideshow.spt', array('path' => $parameters['path'], 'total' => count($res) + 1, 'desc' => $parameters['descriptions'], 'delay' => $parameters['delay']));
echo "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n" . "<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n" . "The requested URL " . $PHP_SELF . " was not found on this server.<p>\n<hr>\n" . $_SERVER['SERVER_SIGNATURE'] . "</body></html>"; exit; } // END KEEPOUT CHECKING global $session, $site; if (isset($parameters['template'])) { page_template($parameters['template']); } if (!empty($parameters['username'])) { sleep(2); } if ($session->valid) { if (!empty($parameters['goto'])) { header('Location: ' . $site->url . '/index/' . $parameters['goto']); exit; } elseif (session_admin()) { header('Location: ' . $site->url . '/index/cms-app'); exit; } else { page_title(intl_get('Members')); echo template_simple('user/login/home.spt', $parameters); } } else { switch ($box['context']) { case 'action': if (!empty($parameters['username'])) { if (!empty($parameters['invalid'])) { header('Location: ' . $site->url . '/index/' . $parameters['invalid']); exit; } else { page_title(intl_get('Invalid Password'));
/** * Checks recursively in the form directory and parent directories * until it checks $formPath finally for an access.php file. It then * parses that file as an INI file and determines whether the form is * accessible by the current user. If a template is specified in the * access.php file, that template name is returned on success, otherwise * a boolean true value is returned on success. False is always returned * if the user is not allowed. * * @access public * @param string $name * @param string $context * @return mixed * */ function formAllowed($name, $context = 'normal') { $app = $this->getApp($name); $name = $this->removeApp($name, $app); if (session_admin() && session_is_resource('app_' . $app) && !session_allowed('app_' . $app, 'rw', 'resource')) { return false; } if (isset($this->applications[$app]) && !$this->applications[$app]) { // app is disabled return false; } $dir = $this->prefix . '/' . $app . '/' . $this->formPath . '/' . $name; while ($dir != $this->prefix . '/' . $app . '/' . $this->formPath) { if (@file_exists($dir . '/access.php')) { $access = parse_ini_file($dir . '/access.php'); $this->formAccess = $access; if (!session_allowed($access['sitellite_access'], 'r', 'access')) { if (isset($access['sitellite_goto'])) { header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']); exit; } return false; } elseif (!session_allowed($access['sitellite_status'], 'r', 'status')) { if (isset($access['sitellite_goto'])) { header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']); exit; } return false; } elseif ($context == 'action' && !$access['sitellite_action']) { if (isset($access['sitellite_goto'])) { header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']); exit; } return false; } elseif ($context != 'normal' && isset($access['sitellite_' . $context]) && !$access['sitellite_' . $context]) { return false; // } elseif ($context == 'inline' && ! $access['sitellite_inline']) { // return false; } else { if (isset($access['sitellite_template_set'])) { page_template_set($access['sitellite_template_set']); } if (isset($access['sitellite_template'])) { return $access['sitellite_template']; } else { return true; } } } $dir = preg_split('/\\//', $dir); array_pop($dir); $dir = join('/', $dir); } // check for a global access.php file if (@file_exists($this->prefix . '/' . $app . '/' . $this->formPath . '/access.php')) { $access = parse_ini_file($this->prefix . '/' . $app . '/' . $this->formPath . '/access.php'); $this->formAccess = $access; if (!session_allowed($access['sitellite_access'], 'r', 'access')) { if (isset($access['sitellite_goto'])) { header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']); exit; } return false; } elseif (!session_allowed($access['sitellite_status'], 'r', 'status')) { if (isset($access['sitellite_goto'])) { header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']); exit; } return false; } elseif ($context == 'action' && !$access['sitellite_action']) { if (isset($access['sitellite_goto'])) { header('Location: ' . site_prefix() . '/index/' . $access['sitellite_goto']); exit; } return false; } elseif ($context == 'inline' && !$access['sitellite_inline']) { return false; } else { if (isset($access['sitellite_template_set'])) { page_template_set($access['sitellite_template_set']); } if (isset($access['sitellite_template'])) { return $access['sitellite_template']; } else { return true; } } } // no access.php found at all, revert to logical defaults if ($context == 'action') { return false; } return true; }
<?php // your app begins here global $cgi; if (!empty($cgi->username) && session_admin()) { header('Location: ' . site_prefix() . '/index/cms-app?forward=' . urlencode($_SERVER['HTTP_REFERER'])); exit; } elseif (!session_valid()) { $action = 'login'; } elseif (!empty($cgi->username) && $cgi->remember_me == 'yes') { $duration = appconf('remember_login'); if ($duration) { // convert duration to seconds $duration = $duration * 86400; // set "sitemember_remember" cookie global $cookie; $cookie->set('sitemember_remember', $duration, $duration, '/', site_domain(), site_secure()); // adjust cookie session_change_timeout($duration); // adjust expires value session_user_edit(session_username(), array('expires' => date('Y-m-d H:i:s', time() + $duration))); } $action = 'home'; } else { $action = 'home'; } if (session_valid() && !empty($parameters['goto'])) { header('Location: ' . $parameters['goto']); exit; } list($type, $call) = split(':', appconf($action), 2);
/** * Checks for an $external property of the document object, which if found * is understood to represent an external document that this object is * actually an alias of, and so it will forward the request on to that * document. */ function isExternal() { if (!empty($this->external)) { global $intl; if ($intl->negotiation == 'url') { $intl_prefix = '/' . $intl->language; } else { $intl_prefix = ''; } if (conf('Site', 'remove_index')) { $index = '/'; } else { $index = '/index/'; } if (session_admin()) { if (!preg_match('|^[a-zA-Z0-9]+://|', $this->external)) { if (strpos($this->external, '/') === 0) { if (site_secure() && cgi_is_https()) { $ext = 'https://' . site_domain() . $this->external; } else { $ext = 'http://' . site_domain() . $this->external; } } else { if (site_secure() && cgi_is_https()) { $ext = 'https://' . site_domain() . site_prefix() . $intl_prefix . $index . $this->external; } else { $ext = 'http://' . site_domain() . site_prefix() . $intl_prefix . $index . $this->external; } } } else { $ext = $this->external; } $this->body = '<p>' . intl_get('This page is a placeholder for the following external resource') . ':</p><p><a href="' . $ext . '">' . $ext . '</a></p>'; return false; } if (!preg_match('|^[a-zA-Z0-9]+://|', $this->external)) { if (strpos($this->external, '/') === 0) { if (site_secure() && cgi_is_https()) { header('Location: https://' . site_domain() . $this->external); } else { header('Location: http://' . site_domain() . $this->external); } } else { if (site_secure() && cgi_is_https()) { header('Location: https://' . site_domain() . site_prefix() . $intl_prefix . $index . $this->external); } else { header('Location: http://' . site_domain() . site_prefix() . $intl_prefix . $index . $this->external); } } } else { header('Location: ' . $this->external); } exit; } }
<?php global $cgi; foreach ($parameters as $k => $p) { $cgi->{$k} = $p; } loader_import('cms.Versioning.Rex'); $rex = new Rex('siteblog_post'); loader_import('siteblog.Filters'); page_add_style('/inc/app/siteblog/html/post.css'); if (session_admin() || session_role() == 'member') { if (!empty($cgi->category)) { echo template_simple('buttons.spt', array('category_only' => true, 'blog' => $cgi->category)); } else { echo template_simple('buttons.spt', array('category_only' => false)); } } if (!empty($cgi->template)) { $template = $cgi->template; } else { $template = 'post.spt'; } if (!empty($cgi->maxlen)) { $maxlen = $cgi->maxlen; } else { $maxlen = false; } $tproperties = db_fetch_array('select * from siteblog_category'); foreach ($tproperties as $t) { $properties[$t->id] = array('poster_visible' => $t->poster_visible, 'comments' => $t->comments); }
$start = $d; } if ($item->recurring == 'daily' && $yy == '0000' || $yy . '-' . $mm > $cal->year . '-' . $cal->month) { $end = date('t', mktime(5, 0, 0, $cal->month, 1, $cal->year)); } elseif ($yy != '0000') { $end = $dd; } else { $end = $d; } for ($i = $start; $i <= $end; $i++) { $cal->addLink($i, $title, site_prefix() . '/index/siteevent-details-action/id.' . $item->id . '/title.' . siteevent_filter_link_title($item->title), $priority, $alt, $item->time); } break; } } if (false && session_admin()) { echo loader_box('cms/buttons/add', array('collection' => 'siteevent_event', 'float' => true)); echo '<br clear="all" />'; echo template_simple('users.spt', array('list' => db_fetch_array('select * from siteevent_category order by name asc'), 'current' => $parameters['category'], 'user_list' => db_fetch_array('select sitellite_owner, count(*) as total from siteevent_event where ' . session_allowed_sql() . ' group by sitellite_owner asc'), 'current_user' => $parameters['user'], 'simplecal' => $parameters['simplecal'])); } else { echo template_simple('categories.spt', array('list' => db_fetch_array('select * from siteevent_category order by name asc'), 'current' => $parameters['category'], 'alist' => db_fetch_array('select * from siteevent_audience order by name asc'), 'audience' => $parameters['audience'], 'simplecal' => $parameters['simplecal'], 'view' => $parameters['view'])); } echo $cal->render(); echo '<p>'; if (appconf('ical_links')) { if (!empty($parameters['category'])) { $cat = '?category=' . $parameters['category']; } else { $cat = ''; } echo '<a href="' . site_prefix() . '/index/siteevent-ical-action' . $cat . '">' . intl_get('Subscribe (iCalendar)') . '</a> ';
/** * Returns a single object with the specified $id. * * @access public * @param mixed * @return object */ function &get($id) { if ($this->usePermissions) { if (session_admin()) { $and = ' and ' . session_allowed_sql(); } else { $and = ' and ' . session_approved_sql(); } } else { $and = ''; } $res = db_fetch('SELECT * FROM ' . $this->table . ' WHERE ' . $this->pkey . ' = ?' . $and . $this->_end(), $id); if (!$res) { $this->error = db_error(); return false; } if ($this->multilingual && intl_lang() != intl_default_lang()) { loader_import('multilingual.Translation'); $tr = new Translation($this->table, intl_lang()); if (session_admin()) { $translated = $tr->get($res->{$this->pkey}); } else { $translated = $tr->get($res->{$this->pkey}, true); } if ($translated) { foreach ($translated->data as $key => $value) { $res->{$key} = $value; } } } return $res; }