function awec_post_process_events(&$events, &$out)
{
global $ec_today, $ec_tomorrow, $locale, $awec_settings;
$count = 0;
$current = 'others';
$path_event = INFUSIONS . 'aw_ecal_panel/view_event.php?id=';
$path_birthday = INFUSIONS . 'aw_ecal_panel/birthday.php?id=';
$show_details = $awec_settings['show_today_in_panel'] ? true : false;
foreach ($events as $year => $y_data) {
ksort($y_data, SORT_NUMERIC);
foreach ($y_data as $month => $m_data) {
ksort($m_data, SORT_NUMERIC);
$today_month = $ec_today['mon'] == $month && $ec_today['year'] == $year;
$tomorrow_month = $ec_tomorrow['mon'] == $month && $ec_tomorrow['year'] == $year;
foreach ($m_data as $mday => $d_data) {
if ($today_month && $ec_today['mday'] == $mday) {
$current = 'today';
} else {
if ($tomorrow_month && $ec_tomorrow['mday'] == $mday) {
$current = 'tomorrow';
} else {
$current = 'others';
}
}
foreach ($d_data as $ev) {
$item = '';
if ($current != 'others') {
if ($ev['start_time']) {
$item .= $ev['start_time'];
if ($ev['end_time']) {
$item .= '-' . $ev['end_time'];
}
$item .= ' ';
}
} else {
$item .= ec_format_fucking_date($year, $month, $mday) . ' ';
}
if ($ev['is_birthday']) {
$path = $path_birthday . $ev['user_id'];
} else {
$path = $path_event . $ev['ev_id'];
}
$item .= '<a href="' . $path . '">' . $ev['ev_title'] . '</a>';
if ($show_details && $current == 'today') {
$body = parseubb($ev['ev_body']);
$body = explode(stripinput(AWEC_BREAK), $body);
if (count($body) > 1) {
$body[0] .= ' <a href="' . $path . '">' . $locale['EC207'] . '</a>';
}
$item .= '<br /><span class="small2">' . $body[0] . '</span>';
}
$out[$current][] = $item;
++$count;
}
}
}
}
return $count;
}
function gp_content()
{
global $gp_content;
if (!empty($gp_content)) {
eval(stripinput($gp_content) . "();");
} else {
include LAYOUT_DIR . "content.php";
}
}
function form_datepicker($title, $input_name, $input_id, $input_value, $array = FALSE)
{
if (!defined('DATEPICKER')) {
define('DATEPICKER', TRUE);
add_to_head("<link href='" . DYNAMICS . "assets/datepicker/css/datepicker3.css' rel='stylesheet' />");
add_to_head("<script src='" . DYNAMICS . "assets/datepicker/js/bootstrap-datepicker.js'></script>");
}
$title2 = isset($title) && !empty($title) ? stripinput($title) : ucfirst(strtolower(str_replace("_", " ", $input_name)));
$input_name = isset($input_name) && !empty($input_name) ? stripinput($input_name) : "";
$input_id = isset($input_id) && !empty($input_id) ? stripinput($input_id) : "";
if ($input_value && strstr($input_value, "-")) {
// then this is date.
$input_value = $input_value;
} else {
$input_value = $input_value ? date("d-m-Y", $input_value) : '';
}
if (!is_array($array)) {
$placeholder = "";
$date_format = "dd-mm-yyyy";
$width = "250px";
$required = 0;
$safemode = 0;
$deactivate = 0;
$icon = '';
$inline = 0;
$error_text = '';
$class = '';
} else {
$icon = array_key_exists('icon', $array) ? $array['icon'] : "";
$placeholder = array_key_exists("placeholder", $array) ? $array['placeholder'] : "";
$width = array_key_exists("width", $array) ? $array['width'] : "250px";
$date_format = array_key_exists("date_format", $array) ? $array['date_format'] : "dd-mm-yyyy";
$class = array_key_exists('class', $array) ? $array['class'] : "";
$error_text = array_key_exists("error_text", $array) ? $array['error_text'] : "";
$required = array_key_exists('required', $array) && $array['required'] == 1 ? 1 : 0;
$safemode = array_key_exists('safemode', $array) && $array['safemode'] == 1 ? 1 : 0;
$deactivate = array_key_exists('deactivate', $array) && $array['deactivate'] == 1 ? 1 : 0;
$inline = array_key_exists("inline", $array) ? 1 : 0;
}
$html = "<div id='{$input_id}-field' class='form-group m-b-0 {$class} " . ($icon ? 'has-feedback' : '') . "'>\n";
$html .= $title ? "<label class='control-label " . ($inline ? "col-sm-3 col-md-3 col-lg-3" : '') . "' for='{$input_id}'>{$title} " . ($required == 1 ? "<span class='required'>*</span>" : '') . "</label>\n" : '';
$html .= $inline ? "<div class='col-sm-9 col-md-9 col-lg-9'>\n" : "";
$html .= "<div class='input-group date' " . ($width ? "style='width:{$width};'" : '') . ">\n";
$html .= "<input type='text' name='" . $input_name . "' id='" . $input_id . "' value='" . $input_value . "' class='form-control textbox' placeholder='{$placeholder}' />\n";
$html .= $icon ? "<div class='form-control-feedback'><i class='glyphicon {$icon}'></i></div>\n" : '';
$html .= "<span class='input-group-addon'><i class='entypo calendar'></i></span>\n";
$html .= "</div>\n";
$html .= "<div id='{$input_id}-help' style='display:inline-block !important;'></div>";
$html .= $inline ? "</div>\n" : "";
$html .= "</div>\n";
// Generate Defender Strings
$html .= "<input type='hidden' name='def[{$input_name}]' value='[type=date],[title={$title2}],[id={$input_id}],[required={$required}],[safemode={$safemode}]" . ($error_text ? ",[error_text={$error_text}]" : '') . "' readonly />";
if ($deactivate !== 1) {
add_to_jquery("\n \$('#{$input_id}-field .input-group.date').datepicker({\n format: '" . $date_format . "',\n todayBtn: 'linked',\n autoclose: true,\n todayHighlight: true\n });\n ");
}
return $html;
}
private function _authenticate($inputUserName, $inputPassword, $remember)
{
global $locale, $settings;
$inputUserName = preg_replace(array("/\\=/", "/\\#/", "/\\sOR\\s/"), "", stripinput($inputUserName));
$result = dbquery("SELECT * FROM " . DB_USERS . " WHERE user_name='" . $inputUserName . "' LIMIT 1");
if (dbrows($result) == 1) {
$user = dbarray($result);
require_once CLASSES . "PasswordAuth.class.php";
// Initialize password auth
$passAuth = new PasswordAuth();
$passAuth->currentAlgo = $user["user_algo"];
$passAuth->currentSalt = $user["user_salt"];
$passAuth->currentPasswordHash = $user["user_password"];
$passAuth->inputPassword = $inputPassword;
// Check if input password is valid
if ($passAuth->isValidCurrentPassword(true)) {
if ($settings['multiple_logins'] != 1) {
$user['user_algo'] = $passAuth->getNewAlgo();
$user['user_salt'] = $passAuth->getNewSalt();
$user['user_password'] = $passAuth->getNewHash();
$result = dbquery("UPDATE " . DB_USERS . "\n\t\t\t\t\t\tSET user_algo='" . $user['user_algo'] . "', user_salt='" . $user['user_salt'] . "', user_password='******'user_password'] . "'\n\t\t\t\t\t\tWHERE user_id='" . $user['user_id'] . "'");
}
if ($user['user_status'] == 0 && $user['user_actiontime'] == 0) {
Authenticate::setUserCookie($user['user_id'], $user['user_salt'], $user['user_algo'], $remember, true);
Authenticate::_setUserTheme($user);
$this->_userData = $user;
} else {
require_once INCLUDES . "suspend_include.php";
require_once INCLUDES . "sendmail_include.php";
if ($user['user_status'] == 3 && $user['user_actiontime'] < time() || $user['user_status'] == 7) {
$result = dbquery("UPDATE " . DB_USERS . " SET user_status='0', user_actiontime='0' WHERE user_id='" . $user['user_id'] . "'");
if ($user['user_status'] == 3) {
$subject = $locale['global_453'];
$message = $locale['global_455'];
unsuspend_log($user['user_id'], 3, $locale['global_450'], true);
} else {
$subject = $locale['global_454'];
$message = $locale['global_452'];
}
$message = str_replace("USER_NAME", $user['user_name'], $message);
sendemail($user['user_name'], $user['user_email'], $settings['siteusername'], $settings['siteemail'], $subject, $message);
} else {
redirect(Authenticate::getRedirectUrl(4, $user['user_status'], $user['user_id']));
}
}
} else {
redirect(Authenticate::getRedirectUrl(1));
}
} else {
redirect(Authenticate::getRedirectUrl(1));
}
}
function new_warning_post($post_or_userid, $subject, $message, $points, $KIND)
{
global $userdata, $settings, $locale;
if ($KIND == "Forum") {
$new_warning_sql = dbquery("SELECT post_id, thread_id, forum_id, post_author FROM " . DB_POSTS . " WHERE post_id='" . $post_or_userid . "'");
}
if ($KIND == "Other" || dbrows($new_warning_sql) != 0) {
if ($KIND == "Forum") {
$post_warn_data = dbarray($new_warning_sql);
$warnuser_id = $post_warn_data['post_author'];
$post = $post_or_userid;
$threadid = $post_warn_data['thread_id'];
$forumid = $post_warn_data['forum_id'];
} else {
$warnuser_id = $post_or_userid;
$post = "0";
$threadid = "0";
$forumid = "0";
}
$insertdate = date("U");
$sql = dbquery("INSERT INTO " . DB_WARNING . "\r\n\t\t(warn_kind, user_id, post_id, thread_id, forum_id, warn_subject, warn_message, warn_point, warn_admin, warn_datestamp)\r\n\t\tVALUES\r\n\t\t(" . _db($KIND) . ", " . _db($warnuser_id) . ", " . _db($post) . ", " . _db($threadid) . ", " . _db($forumid) . ", " . _db($subject) . ", " . _db($message) . ",\r\n\t\t" . _db($points) . ", " . _db($userdata['user_id']) . ", " . _db($insertdate) . ");");
// We need to send a PM to the warned user
if ($settings['warning_set_send_pm'] == 1) {
$pn_subject = stripinput(trim($locale['WARN210']));
if ($KIND == "Forum") {
$in = $locale['WARN211'] . " [url=" . $settings['siteurl'] . "forum/viewthread.php?thread_id=" . $post_warn_data['thread_id'] . "&pid=" . $post_warn_data['post_id'] . "#post_" . $post_warn_data['post_id'] . "]" . GetPostTitle($post_warn_data['thread_id']) . "[/url]\n";
} else {
$in = '';
}
$warning_subject = dbarray(dbquery("SELECT warn_subject FROM " . DB_WARNING_CATALOG . " WHERE warn_id='" . $subject . "'"));
$data_w = dbarray(dbquery("SELECT warn_length FROM " . DB_WARNING_CATALOG . " WHERE warn_id='" . (int) $subject . "'"));
$warning_length = $insertdate + $data_w['warn_length'] * 86400;
$pn_messages = stripinput(trim($in . $locale['WARN212'] . " " . $warning_subject['warn_subject'] . "\r\n\t\t\t\t\t\t\t\t\t" . $locale['WARN213'] . " " . $message . "\r\n\t\t\t\t\t\t\t\t\t" . $locale['WARN214'] . date($locale['WARN215'], $warning_length) . $locale['WARN216']));
if ($settings['warning_set_pm_from'] == 0) {
$pn_from = $userdata['user_id'];
} else {
$pn_from = $settings['warning_set_pm_from'];
}
$result = dbquery("INSERT INTO " . DB_MESSAGES . " (message_to, message_from, message_subject, message_message, message_smileys, message_read, message_datestamp, message_folder) VALUES ('" . $warnuser_id . "','" . $pn_from . "','" . $pn_subject . "','" . $pn_messages . "','y','0','" . $insertdate . "','0')");
}
// We need to send a PM to an Admin if User has more than 100 points
if (show_warning_points($warnuser_id) >= 100) {
$pn_subject = stripinput(trim($locale['WARN217']));
$pn_messages = stripinput(trim("The member reached the limit:\n [url=" . $settings['siteurl'] . "warning.php?lookup=" . $warnuser_id . "]" . $locale['WARN218'] . "[/url]\n You should take some actions and suspend/bann this member!"));
$result = dbquery("INSERT INTO " . DB_MESSAGES . " (message_to, message_from, message_subject, message_message, message_smileys, message_read, message_datestamp, message_folder) VALUES ('" . $settings['warning_set_pm_to'] . "','" . "0" . "','" . $pn_subject . "','" . $pn_messages . "','y','0','" . $insertdate . "','0')");
}
return true;
} else {
return false;
}
}
function filter_show($row_start_key = false, $items_per_page_key = false)
{
if (isset($_GET[$row_start_key]) || isset($_GET[$items_per_page_key])) {
$condition = '';
if ($_GET[$items_per_page_key]) {
// WHEN show is available we set to rowstat, and show items.
$condition = " LIMIT ";
$condition .= isset($_GET[$row_start_key]) && isnum($_GET[$row_start_key]) ? stripinput($_GET[$row_start_key]) : 0;
if (isset($_GET[$items_per_page_key]) && isnum($_GET[$items_per_page_key])) {
$condition .= "," . stripinput($_GET[$items_per_page_key]);
}
}
return $condition;
}
}
function form_badge($title, $array = false)
{
if (!is_array($array)) {
$class = "";
$icon = "";
} else {
$class = array_key_exists('class', $array) ? $array['class'] : "";
$icon = array_key_exists('icon', $array) ? "<i class='" . $array['icon'] . "'></i>" : "";
}
if (isset($title) && $title !== "") {
$title = stripinput($title);
} else {
$title = "";
}
return "<span class='badge {$class}'>{$icon} {$title}</span>\n";
}
function stripinput_fix($text)
{
if (!is_array($text)) {
if (QUOTES_GPC) {
$text = stripslashes($text);
}
$search = array("&", "\"", "'", "\\", '\\"', "\\'", "<", ">", " ");
$replace = array("&", """, "'", "\", """, "'", "<", ">", " ");
$text = str_replace($search, $replace, $text);
} else {
while (list($key, $value) = each($text)) {
$text[$key] = stripinput($value);
}
}
return $text;
}
/**
* Given a matching URL, fetch Sitelinks data
* @param string $url - url to match (link_url) column
* @param string $key - column data to output, blank for all
* @return array|bool
*/
public static function get_current_SiteLinks($url = "", $key = NULL)
{
$url = stripinput($url);
static $data = array();
if (empty($data)) {
if (!$url) {
$pathinfo = pathinfo($_SERVER['PHP_SELF']);
$url = FUSION_FILELINK;
}
$result = dbquery("SELECT * FROM " . DB_SITE_LINKS . " WHERE link_url='" . $url . "' AND link_language='" . LANGUAGE . "'");
if (dbrows($result) > 0) {
$data = dbarray($result);
}
}
return $key === NULL ? (array) $data : (isset($data[$key]) ? $data[$key] : NULL);
}
/**
* Given a matching URL, fetch Sitelinks data
* @param string $url - url to match (link_url) column
* @param string $column - column data to output, blank for all
* @return array|bool
*/
public static function get_current_SiteLinks($url = "", $key = NULL)
{
$url = stripinput($url);
static $data = array();
if (empty($data)) {
if (!$url) {
$pathinfo = pathinfo($_SERVER['PHP_SELF']);
$url = str_replace(fusion_get_settings("site_path"), "", $pathinfo['dirname']) . '/' . $pathinfo['basename'];
}
$result = dbquery("SELECT * FROM " . DB_SITE_LINKS . " WHERE link_url='" . $url . "' AND link_language='" . LANGUAGE . "'");
if (dbrows($result) > 0) {
$data = dbarray($result);
}
}
return $key === NULL ? $data : (isset($data[$key]) ? $data[$key] : NULL);
}
function __construct()
{
// Save some memory.. (since we don't use these anyway.)
unset($GLOBALS['HTTP_COOKIE_VARS'], $GLOBALS['HTTP_ENV_VARS'], $GLOBALS['HTTP_GET_VARS']);
unset($GLOBALS['HTTP_POST_VARS'], $GLOBALS['HTTP_SERVER_VARS'], $GLOBALS['HTTP_POST_FILES']);
unset($GLOBALS['_FILES'], $GLOBALS['_ENV']);
// Filter. No any html/js/non_uft code
foreach ($_COOKIE as $numop => $valo) {
$_COOKIE[$numop] = stripinput($valo);
}
foreach ($_POST as $numop => $valo) {
$_POST[$numop] = stripinput($valo);
}
foreach ($_GET as $numop => $valo) {
$_GET[$numop] = stripinput($valo);
}
foreach ($_REQUEST as $numop => $valo) {
$_REQUEST[$numop] = stripinput($valo);
}
// Prevent any possible XSS attacks via $_GET.
foreach ($_GET as $check_url) {
if (eregi("<[^>]*script*\"?[^>]*>", $check_url) || eregi("<[^>]*object*\"?[^>]*>", $check_url) || eregi("<[^>]*iframe*\"?[^>]*>", $check_url) || eregi("<[^>]*applet*\"?[^>]*>", $check_url) || eregi("<[^>]*meta*\"?[^>]*>", $check_url) || eregi("<[^>]*style*\"?[^>]*>", $check_url) || eregi("<[^>]*form*\"?[^>]*>", $check_url) || eregi("\\([^>]*\"?[^)]*\\)", $check_url) || eregi("\"", $check_url)) {
//die ('XSS attack filtred');
die;
}
}
// Some PHP defaults. For stable work on different systems.
ini_set('precision', 14);
ini_set('serialize_precision', 14);
/*
if(!iCONSOLE) {
$_SERVER['HTTP_ACCEPT_ENCODING'] = isset($_SERVER['HTTP_ACCEPT_ENCODING']) ? $_SERVER['HTTP_ACCEPT_ENCODING'] : '';
// enable Gzip compression
if(substr_count($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip')) ob_start(array('ob_gzhandler',9));
// no caching hint
//header("Expires: Mon, 01 Jan 2000 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");// HTTP/1.1
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");// HTTP/1.0
}
*/
}
function setError($error_level, $error_message, $error_file, $error_line, $error_context)
{
global $userdata, $_errorHandler;
$showError = true;
$result = dbquery("SELECT error_id, error_status FROM " . DB_ERRORS . "\n\t\tWHERE error_level='" . intval($error_level) . "' AND error_file='" . stripinput($error_file) . "'\n\t\tAND error_line='" . intval($error_line) . "' AND error_status!='1'\n\t\tORDER BY error_timestamp DESC LIMIT 1");
if (dbrows($result) == 0) {
$result = dbquery("INSERT INTO " . DB_ERRORS . " (\n\t\t\t\terror_level, error_message, error_file, error_line, error_page,\n\t\t\t\terror_user_level, error_user_ip, error_user_ip_type, error_status, error_timestamp\n\t\t\t) VALUES (\n\t\t\t\t'" . intval($error_level) . "', '" . stripinput($error_message) . "',\n\t\t\t\t'" . stripinput($error_file) . "', '" . intval($error_line) . "',\n\t\t\t\t'" . TRUE_PHP_SELF . "', '" . $userdata['user_level'] . "', '" . USER_IP . "', '" . USER_IP_TYPE . "',\n\t\t\t\t'0', '" . time() . "'\n\t\t\t)");
$errorId = mysql_insert_id();
} else {
$data = dbarray($result);
$errorId = $data['error_id'];
if ($data['error_status'] == 2) {
$showError = false;
}
}
if ($showError) {
$_errorHandler[] = array("id" => $errorId, "level" => $error_level, "file" => $error_file, "line" => $error_line);
}
}
private function _isValidEMailAddress($email)
{
$email = stripinput(trim(preg_replace("/ +/i", "", $email)));
if (preg_match("/^[-0-9A-Z_\\.]{1,50}@([-0-9A-Z_\\.]+\\.){1,50}([0-9A-Z]){2,4}\$/i", $email)) {
$check = dbcount("(user_id)", DB_USERS, "user_email='" . $email . "'");
if ($check > 0) {
$this->_userEMail = $email;
return TRUE;
} else {
// e-mail adress is not found
$this->_error = 1;
return FALSE;
}
} else {
// no valid e-mail adress
$this->_error = 2;
return FALSE;
}
}
/**
* Button Groups
* @param $input_name
* @param string $label
* @param $input_value
* @param array $options
* @return string
*/
function form_btngroup($input_name, $label = "", $input_value, array $options = array())
{
global $defender, $locale;
$title = $label ? stripinput($label) : ucfirst(strtolower(str_replace("_", " ", $input_name)));
$input_value = isset($input_value) && !empty($input_value) ? stripinput($input_value) : "";
$default_options = array('options' => array($locale['disable'], $locale['enable']), 'input_id' => $input_name, 'class' => "btn-default", 'icon' => "", "multiple" => FALSE, "delimiter" => ",", 'deactivate' => FALSE, 'error_text' => "", 'inline' => FALSE, 'safemode' => FALSE, 'required' => FALSE, 'callback_check' => '');
$options += $default_options;
$error_class = "";
if ($defender->inputHasError($input_name)) {
$error_class = "has-error ";
if (!empty($options['error_text'])) {
$new_error_text = $defender->getErrorText($input_name);
if (!empty($new_error_text)) {
$options['error_text'] = $new_error_text;
}
addNotice("danger", "<strong>{$title}</strong> - " . $options['error_text']);
}
}
$html = "<div id='" . $options['input_id'] . "-field' class='form-group " . $error_class . "clearfix'>\n";
$html .= $label ? "<label class='control-label " . ($options['inline'] ? "col-xs-12 col-sm-3 col-md-3 col-lg-3 p-l-0" : 'col-xs-12 col-sm-12 col-md-12 col-lg-12 p-l-0') . "' for='" . $options['input_id'] . "'>{$label} " . ($options['required'] == 1 ? "<span class='required'>*</span>" : '') . "</label>\n" : '';
$html .= $options['inline'] ? "<div class='col-xs-12 col-sm-9 col-md-9 col-lg-9'>\n" : '';
$html .= "<div class='btn-group' id='" . $options['input_id'] . "'>";
$i = 1;
if (!empty($options['options']) && is_array($options['options'])) {
foreach ($options['options'] as $arr => $v) {
$active = '';
if ($input_value == $arr) {
$active = "active";
}
$html .= "<button type='button' data-value='{$arr}' class='btn " . $options['class'] . " " . (count($options['options']) == $i ? 'last-child' : '') . " {$active}'>" . $v . "</button>\n";
$i++;
}
}
$html .= "</div>\n";
$html .= "<input name='{$input_name}' type='hidden' id='" . $options['input_id'] . "-text' value='{$input_value}' />\n";
$html .= $defender->inputHasError($input_name) ? "<div id='" . $options['input_id'] . "-help' class='label label-danger p-5 display-inline-block'>" . $options['error_text'] . "</div>" : "";
$html .= $options['inline'] ? "</div>\n" : '';
$html .= "</div>\n";
$input_name = $options['multiple'] ? str_replace("[]", "", $input_name) : $input_name;
$defender->add_field_session(array('input_name' => $input_name, 'title' => trim($title, '[]'), 'id' => $options['input_id'], 'type' => 'dropdown', 'required' => $options['required'], 'callback_check' => $options['callback_check'], 'safemode' => $options['safemode'], 'error_text' => $options['error_text'], 'delimiter' => $options['delimiter']));
add_to_jquery("\n\t\$('#" . $options['input_id'] . " button').bind('click', function(e){\n\t\t\$('#" . $options['input_id'] . " button').removeClass('active');\n\t\t\$(this).toggleClass('active');\n\t\tvalue = \$(this).data('value');\n\t\t\$('#" . $options['input_id'] . "-text').val(value);\n\t});\n\t");
return $html;
}
function form_colorpicker($input_name, $label = '', $input_value = '', array $options = array())
{
global $defender, $locale;
if (!defined("COLORPICKER")) {
define("COLORPICKER", TRUE);
add_to_head("<link href='" . DYNAMICS . "assets/colorpick/css/bootstrap-colorpicker.css' rel='stylesheet' media='screen' />");
add_to_head("<script src='" . DYNAMICS . "assets/colorpick/js/bootstrap-colorpicker.js'></script>");
}
$title = $label ? stripinput($label) : ucfirst(strtolower(str_replace("_", " ", $input_name)));
$input_name = stripinput($input_name);
$input_value = stripinput($input_value);
$default_options = array('input_id' => $input_name, 'required' => FALSE, 'placeholder' => '', 'deactivate' => FALSE, 'width' => '250px', 'class' => '', 'inline' => FALSE, 'error_text' => $locale['error_input_default'], 'safemode' => FALSE, 'icon' => "", "tip" => "", 'format' => 'hex');
$options += $default_options;
if (!$options['width']) {
$options['width'] = $default_options['width'];
}
$input_id = $options['input_id'] ?: $default_options['input_id'];
$error_class = "";
if ($defender->inputHasError($input_name)) {
$error_class = "has-error ";
if (!empty($options['error_text'])) {
$new_error_text = $defender->getErrorText($input_name);
if (!empty($new_error_text)) {
$options['error_text'] = $new_error_text;
}
addNotice("danger", "<strong>{$title}</strong> - " . $options['error_text']);
}
}
$html = "<div id='{$input_id}-field' class='form-group clearfix m-b-10 " . $error_class . $options['class'] . " '>\n";
$html .= $label ? "<label class='control-label " . ($options['inline'] ? "col-xs-12 col-sm-3 col-md-3 col-lg-3" : '') . "' for='{$input_id}'>{$label} " . ($options['required'] ? "<span class='required'>*</span>" : '') . "\n\t" . ($options['tip'] ? "<i class='pointer fa fa-question-circle' title='" . $options['tip'] . "'></i>" : '') . "\n\t</label>\n" : '';
$html .= $options['inline'] ? "<div class='col-xs-12 col-sm-9 col-md-9 col-lg-9'>\n" : "<br/>\n";
$html .= "<div id='{$input_id}' style='width: " . $options['width'] . "' class='input-group colorpicker-component bscp colorpicker-element m-b-10' data-color='{$input_value}' data-color-format='" . $options['format'] . "'>";
$html .= "<input type='text' name='{$input_name}' class='form-control " . $options['class'] . "' id='" . $input_id . "' value='{$input_value}' data-color-format='" . $options['format'] . "' placeholder='" . $options['placeholder'] . "' " . ($options['deactivate'] ? "readonly" : "") . ">";
$html .= "<span id='{$input_id}-cp' class='input-group-addon'>";
$html .= "<i style='background: rgba(255,255,255,1);'></i>";
$html .= "</span></div>";
$html .= $options['inline'] ? "</div>\n" : "";
$html .= "</div>\n";
$defender->add_field_session(array('input_name' => $input_name, 'type' => 'color', 'title' => $title, 'id' => $input_id, 'required' => $options['required'], 'safemode' => $options['safemode'], 'error_text' => $options['error_text']));
add_to_jquery("\$('#{$input_id}').colorpicker({ format : '" . $options['format'] . "' });");
return $html;
}
static function get_css($path)
{
$file = isset($path) && $path ? file($path) : print_p('no file');
$init = 0;
$css_token = array();
foreach ($file as $arr => $value) {
$value = stripinput($value);
if (preg_match('@Marker@si', $value)) {
$init = 1;
}
if ($init > 0) {
if ($init > 1) {
$css_token = strtok($value, "{}");
$css[] = str_replace(':before', '', $css_token);
}
$init++;
}
}
return $css;
}
function send_pm($to_id, $subject, $body, $smilies)
{
global $locale, $userdata, $settings;
if (iMEMBER) {
$from_id = $userdata['user_id'];
} else {
$from_id = 0;
}
if (!$to_id || $from_id == $to_id) {
return true;
}
// get user
$res = dbquery("SELECT user_name, user_email\n\t\tFROM " . DB_USERS . "\n\t\tWHERE user_id='" . $to_id . "'");
if (!dbrows($res)) {
return false;
}
$data = dbarray($res);
// send pm
$ok = dbquery("INSERT INTO " . DB_MESSAGES . "\n\t\tSET\n\t\tmessage_to='" . $to_id . "',\n\t\tmessage_from='" . $from_id . "',\n\t\tmessage_subject='" . stripinput($subject) . "',\n\t\tmessage_message='" . stripinput($body) . "',\n\t\tmessage_smileys='" . ($smilies ? '1' : '0') . "',\n\t\tmessage_read='0',\n\t\tmessage_datestamp='" . time() . "'");
// FIXME: inform about NEW PM!
/*FIXME
// send mail
require_once(INCLUDES."sendmail_include.php");
$type = "plain";
$body = $subject;
$body .= "\n\n";
$body .= stripinput($locale['PDP902']['body'][$pm_type]);
$body .= "\n\n";
$body .= $locale['PDP026'].": ".$settings['siteurl']
."infusions/pro_download_panel/download.php"
."?did=".$this->id;
$body .= "\n\n";
sendemail($data['user_name'], $data['user_email'],
$settings['siteusername'],
$settings['siteemail'],
$subject, strip_tags(nl2br(parseubb($body))), $type);
*/
return true;
}
/**
* @param $input_name
* @param string $label
* @param string $input_value
* @param array $options
* @return string
*/
function form_hidden($input_name, $label = "", $input_value = "", array $options = array())
{
global $defender;
$title = $label ? stripinput($label) : ucfirst(strtolower(str_replace("_", " ", $input_name)));
$html = '';
$default_options = array("input_id" => $input_name, "show_title" => FALSE, "width" => "100%", "class" => "", "inline" => FALSE, "required" => FALSE, "placeholder" => "", "deactivate" => FALSE, "delimiter" => ",", "error_text" => "");
$options += $default_options;
if ($options['show_title']) {
$html .= "<div id='" . $options['input_id'] . "-field' class='form-group m-b-0 " . $options['class'] . " '>\n";
$html .= $label ? "<label class='control-label " . ($options['inline'] ? "col-xs-12 col-sm-3 col-md-3 col-lg-3" : '') . "' for='" . $options['input_id'] . "'>{$title} " . ($options['required'] ? "<span class='required'>*</span>" : '') . "</label>\n" : '';
$html .= $options['inline'] ? "<div class='col-xs-12 col-sm-9 col-md-9 col-lg-9'>\n" : '';
}
$html .= "<input type='hidden' name='{$input_name}' id='" . $options['input_id'] . "' value='{$input_value}' " . ($options['width'] ? "style='width:" . $options['width'] . "'" : '') . " " . ($options['show_title'] ? "" : "readonly") . " />\n";
if ($options['show_title']) {
$html .= "<div id='" . $options['input_id'] . "-help'></div>";
$html .= $options['inline'] ? "</div>\n" : "";
$html .= "</div>\n";
}
$defender->add_field_session(array('input_name' => $input_name, 'title' => trim($title, '[]'), 'type' => 'textbox', 'id' => $options['input_id'], 'required' => $options['required'], 'safemode' => '0', "delimiter" => $options['delimiter'], 'error_text' => $options['error_text']));
return $html;
}
function form_photosize($title, $input_name, $input_id, $input_value_width, $input_value_height, $array = false)
{
$title = isset($title) && !empty($title) ? $title : "";
$title2 = isset($title) && !empty($title) ? $title : ucfirst(strtolower(str_replace("_", " ", $input_name)));
$input_name = isset($input_name) && !empty($input_name) ? stripinput($input_name) : "";
$input_id = isset($input_id) && !empty($input_id) ? stripinput($input_id) : "";
if (!is_array($array)) {
$inline = '';
$placeholder = 'px';
$deactivate = '';
$required = 0;
$error_text = '';
} else {
$inline = array_key_exists('rowstart', $array) ? 1 : 0;
$placeholder = array_key_exists('placeholder', $array) ? $array['placeholder'] : 'px';
$deactivate = array_key_exists('deactivate', $array) ? $array['deactivate'] : "";
$class = array_key_exists('class', $array) ? "class='" . $array['class'] . "'" : "";
$required = array_key_exists('required', $array) && $array['required'] == 1 ? 1 : 0;
$deactivate = '';
$error_text = array_key_exists("error_text", $array) ? $array['error_text'] : "";
}
$html = "<div id='{$input_id}-field' class='form-group m-b-0 has-feedback'>\n";
$html .= $title ? "<label class='control-label " . ($inline ? "col-xs-3 col-sm-3 col-md-3 col-lg-3" : '') . "' for='{$input_id}'>{$title} " . ($required == 1 ? "<span class='required'>*</span>" : '') . "</label>\n" : '';
$html .= $inline ? "<div class='col-xs-9 col-sm-9 col-md-9 col-lg-9'>\n" : "<div class='col-xs-12 col-sm-12 col-md-12 col-lg-12 p-l-0 form-horizontal'>\n";
$html .= "<div class='form-group m-b-0 has-feedback col-sm-6 col-md-6 col-lg-6 m-r-10'>";
$html .= "<input type='text' class='form-control input-sm {$class}' name='" . $input_name . "_w' id='" . $input_id . "' value='{$input_value_width}' placeholder='width (" . $placeholder . ")' " . ($deactivate == "1" && isnum($deactivate) ? "readonly" : "") . ">\n";
$html .= "<div class='form-control-feedback'><i class='glyphicon glyphicon-resize-horizontal'></i></div>\n";
$html .= "<div id='{$input_id}-help' style='display:inline-block !important;'></div>";
$html .= "</div>\n";
$html .= "<div class='form-group m-b-0 has-feedback col-sm-6 col-md-6 col-lg-6'>";
$html .= "<input type='text' class='form-control input-sm {$class}' name='" . $input_name . "_h' id='" . $input_id . "' value='{$input_value_height}' placeholder='height (" . $placeholder . ")' " . ($deactivate == "1" && isnum($deactivate) ? "readonly" : "") . ">\n";
$html .= "<div class='form-control-feedback'><i class='glyphicon glyphicon-resize-vertical'></i></div>\n";
$html .= "<div id='{$input_id}-help' style='display:inline-block !important;'></div>";
$html .= "</div>\n";
$html .= "</div></div>\n";
$html .= "<input type='hidden' name='def['" . $input_name . "_w']' value='[type=text],[title={$title2}],[id={$input_id}],[required={$required}],[safemode=0]" . ($error_text ? ",[error_text={$error_text}]" : '') . "' readonly />";
$html .= "<input type='hidden' name='def['" . $input_name . "_h']' value='[type=text],[title={$title2}],[id={$input_id}],[required={$required}],[safemode=0]" . ($error_text ? ",[error_text={$error_text}]" : '') . "' readonly />";
return $html;
}
function form_alert($title, $text, $array = false)
{
// <a href="#" class="alert-link">...</a>
if (isset($title) && $title !== "") {
$title = stripinput($title);
} else {
$title = "";
}
//if (isset($text) && ($text !=="")) { $text = stripinput($text); } else { $text = ""; }
if (!is_array($array)) {
$class = '';
$dismiss = '';
} else {
$class = array_key_exists('class', $array) ? $array['class'] : "";
$dismiss = array_key_exists('dismiss', $array) ? $array['dismiss'] : "";
}
if ($dismiss == "1") {
$html = "<div class='alert alert-dismissable {$class}'><button type='button' class='close' data-dismiss='alert' aria-hidden='true'>×</button><strong>{$title}</strong> {$text}</div>";
} else {
$html = "<div class='alert {$class}'><strong>{$title}</strong> {$text}</div>";
}
add_to_jquery("\n \$('div.alert a').addClass('alert-link');\n ");
return $html;
}
for ($i = 0; $i < count($file_list); $i++) {
echo $file_list[$i];
}
echo "</select> <input type='submit' name='infuse' value='" . $locale['401'] . "' class='button' />\n";
if (isset($_GET['error'])) {
echo "<br /><br />\n" . ($_GET['error'] == 1 ? $locale['402'] : $locale['403']) . "<br /><br />\n";
}
echo "<br /><br />\n" . $locale['413'] . " <span style='color:red;'>" . $locale['414'] . "</span> ::\n";
echo "<span style='color:green;'>" . $locale['415'] . "</span> ::\n";
echo "<span style='color:blue;'>" . $locale['416'] . "</span>\n";
echo "</form>\n</div>\n";
closetable();
}
if (isset($_POST['infuse']) && isset($_POST['infusion'])) {
$error = "";
$infusion = stripinput($_POST['infusion']);
if (file_exists(INFUSIONS . $infusion . "/infusion.php")) {
include INFUSIONS . $infusion . "/infusion.php";
$result = dbquery("SELECT * FROM " . DB_INFUSIONS . " WHERE inf_folder='" . $inf_folder . "'");
if (dbrows($result)) {
$data = dbarray($result);
if ($inf_version > $data['inf_version']) {
if (isset($inf_altertable) && is_array($inf_altertable) && count($inf_altertable)) {
for ($i = 1; $i < count($inf_altertable) + 1; $i++) {
$result = dbquery("ALTER TABLE " . $inf_altertable[$i]);
}
}
$result2 = dbquery("UPDATE " . DB_INFUSIONS . " SET inf_version='" . $inf_version . "' WHERE inf_id='" . $data['inf_id'] . "'");
}
} else {
if (isset($inf_adminpanel) && is_array($inf_adminpanel) && count($inf_adminpanel)) {
} else {
$error .= "· " . $recaptcha_error . "<br />\n";
}
} else {
#$log['question_rec'] = $_POST["recaptcha_challenge_field"];
$log['response_rec'] = $_POST["recaptcha_response_field"];
}
} else {
$error .= "· " . $locale['554'] . "<br />\n";
}
}
// <-
// Pimped: Registration Questions
if ($settings['registration_question']) {
$secure_re = isset($_POST['user_secure_question']) ? stripinput(trim($_POST['user_secure_question'])) : "";
$secure_id = isset($_POST['user_secure_id']) ? stripinput(trim($_POST['user_secure_id'])) : "";
if ($secure_re == "" || $secure_id == "" || !isnum($secure_id)) {
$error .= "· " . $locale['412'] . "<br />\n";
} else {
$sec_result = dbquery("SELECT question, response FROM " . DB_REGISTRATION . " WHERE id=" . (int) $secure_id . "");
if (dbrows($sec_result)) {
$sec_data = dbarray($sec_result);
if (strtolower($sec_data['response']) != strtolower($secure_re)) {
$error .= "· " . $locale['413'] . "<br />\n";
} else {
$log['question_qu'] = $sec_data['question'];
$log['response_qu'] = $secure_re;
}
unset($sec_data);
} else {
$error .= "· " . $locale['414'] . "<br />\n";
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['thumbs_per_page']) ? $_POST['thumbs_per_page'] : "12") . "' WHERE settings_name='thumbs_per_page'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['photo_watermark']) ? $_POST['photo_watermark'] : "0") . "' WHERE settings_name='photo_watermark'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['photo_watermark_save']) ? $_POST['photo_watermark_save'] : "0") . "' WHERE settings_name='photo_watermark_save'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . stripinput($_POST['photo_watermark_image']) . "' WHERE settings_name='photo_watermark_image'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['photo_watermark_text']) ? $_POST['photo_watermark_text'] : "0") . "' WHERE settings_name='photo_watermark_text'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (preg_match("/^([0-9A-F]){6}\$/i", $_POST['photo_watermark_text_color1']) ? $_POST['photo_watermark_text_color1'] : "FF6600") . "' WHERE settings_name='photo_watermark_text_color1'");
if (!$result) {
$error = 1;
}
$result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (preg_match("/^([0-9A-F]){6}\$/i", $_POST['photo_watermark_text_color2']) ? $_POST['photo_watermark_text_color2'] : "FFFF00") . "' WHERE settings_name='photo_watermark_text_color2'");
if (!$result) {
$error = 1;
}
$message = $locale['512'];
}
if ($message) {
echo "<div id='close-message'><div class='admin-message'>" . $message . "</div></div>\n";
}
}
$result = dbcount("(weblink_cat_id)", DB_WEBLINK_CATS);
if (!empty($result)) {
if (isset($_GET['action']) && $_GET['action'] == "delete" && (isset($_GET['weblink_id']) && isnum($_GET['weblink_id']))) {
$result = dbquery("DELETE FROM " . DB_WEBLINKS . " WHERE weblink_id='" . $_GET['weblink_id'] . "'");
redirect(FUSION_SELF . $aidlink . "&weblink_cat_id=" . $_GET['weblink_cat_id'] . "&status=del");
}
if (isset($_POST['save_link'])) {
$weblink_name = stripinput($_POST['weblink_name']);
$weblink_description = addslash($_POST['weblink_description']);
$weblink_url = stripinput($_POST['weblink_url']);
$weblink_cat = intval($_POST['weblink_cat']);
if ($weblink_name) {
if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['weblink_id']) && isnum($_GET['weblink_id']))) {
$weblink_datestamp = isset($_POST['update_datestamp']) ? ", weblink_datestamp='" . time() . "'" : "";
$result = dbquery("UPDATE " . DB_WEBLINKS . " SET weblink_name='{$weblink_name}', weblink_description='{$weblink_description}', weblink_url='{$weblink_url}', weblink_cat='{$weblink_cat}'" . $weblink_datestamp . " WHERE weblink_id='" . $_GET['weblink_id'] . "'");
redirect(FUSION_SELF . $aidlink . "&weblink_cat_id={$weblink_cat}&status=su");
} else {
$result = dbquery("INSERT INTO " . DB_WEBLINKS . " (weblink_name, weblink_description, weblink_url, weblink_cat, weblink_datestamp, weblink_count) VALUES ('{$weblink_name}', '{$weblink_description}', '{$weblink_url}', '{$weblink_cat}', '" . time() . "', '0')");
redirect(FUSION_SELF . $aidlink . "&weblink_cat_id={$weblink_cat}&status=sn");
}
} else {
redirect(FUSION_SELF . $aidlink);
}
}
if (isset($_GET['action']) && $_GET['action'] == "edit" && (isset($_GET['weblink_id']) && isnum($_GET['weblink_id']))) {
$poll_title = $data['poll_title'];
$poll_option = array();
for ($i = 0; $i <= 9; $i++) {
if ($data["poll_opt_" . $i]) {
$poll_option[$i] = $data["poll_opt_" . $i];
}
}
$opt_count = count($poll_option);
$poll_started = $data['poll_started'];
$_GET['poll_ended'] = $data['poll_ended'];
}
if (isset($_POST['addoption'])) {
$poll_title = stripinput($_POST['poll_title']);
if (isset($_POST['poll_option']) && is_array($_POST['poll_option'])) {
foreach ($_POST['poll_option'] as $key => $value) {
$poll_option[$key] = stripinput($_POST['poll_option'][$key]);
}
$opt_count = $_POST['opt_count'] != 10 ? count($poll_option) + 1 : $_POST['opt_count'];
} else {
$poll_option[0] = "";
$opt_count = 1;
}
}
$i = 0;
$opt = 1;
$poll_title = isset($poll_title) ? $poll_title : "";
$opt_count = isset($opt_count) ? $opt_count : 2;
if (isset($poll_id)) {
$poll_ended = isset($poll_ended) ? $poll_ended : 0;
}
opentable(isset($_GET['poll_id']) ? $locale['401'] : $locale['400']);
echo "<table cellpadding='0' cellspacing='1' width='450' class='tbl-border center'>\n";
$i = 0;
$users = "";
while ($data = dbarray($result)) {
$row_color = $i % 2 == 0 ? "tbl1" : "tbl2";
$i++;
$users .= "<tr>\n<td class='{$row_color}'><label><input type='radio' name='user_id' value='" . $data['user_id'] . "' /> " . $data['user_name'] . "</label></td>\n</tr>";
}
if ($i > 0) {
echo "<tr>\n<td class='tbl2'><strong>" . $locale['413'] . "</strong></td>\n</tr>\n";
echo $users . "<tr>\n<td align='center' class='tbl'>\n";
echo "<label><input type='checkbox' name='all_rights' value='1' /> " . $locale['415'] . "</label><span style='color:red;font-weight:bold;margin-left:5px;'>*</span><br />\n";
if ($userdata['user_level'] == 103) {
echo "<label><input type='checkbox' name='make_super' value='1' /> " . $locale['416'] . "</label><span style='color:red;font-weight:bold;margin-left:5px;'>*</span><br />\n";
}
if (!check_admin_pass(isset($_POST['admin_password']) ? stripinput($_POST['admin_password']) : "")) {
echo $locale['447'] . " <input type='password' name='admin_password' class='textbox' style='width:150px;' autocomplete='off' /><br /><br />\n";
}
echo "<br />\n<input type='submit' name='add_admin' value='" . $locale['417'] . "' class='button' onclick=\"return confirm('" . $locale['461'] . "');\" />\n";
echo "</td>\n</tr>\n";
echo "<tr>\n<td class='tbl' style='font-weight:bold;text-align:left; color:black !important; background-color:#FFDBDB;'><span style='color:red;font-weight:bold;margin-right:5px;'>*</span>" . $locale['462'] . "</td>\n</tr>\n";
} else {
echo "<tr>\n<td align='center' class='tbl'>" . $locale['418'] . "<br /><br />\n";
echo "<a href='" . FUSION_SELF . $aidlink . "'>" . $locale['419'] . "</a>\n</td>\n</tr>\n";
}
echo "</table>\n</form>\n";
} else {
echo "<table cellpadding='0' cellspacing='1' width='450' class='tbl-border center'>\n";
echo "<tr>\n<td align='center' class='tbl'>" . $locale['418'] . "<br /><br />\n";
echo "<a href='" . FUSION_SELF . $aidlink . "'>" . $locale['419'] . "</a>\n</td>\n</tr>\n</table>\n";
}
* @package Kitto_Kitto_Kitto
* @subpackage Board
* @version 1.0.0
**/
$ERRORS = array();
$max_items_per_page = 15;
// Handle the page ID for slicing and dicing the inventory up.
$page_id = stripinput($_REQUEST['page']);
if ($page_id == null || $page_id <= 0) {
$page_id = 1;
}
// Where do we slice the record set?
$start = ($page_id - 1) * $max_items_per_page;
$end = ($page_id - 1) * $max_items_per_page + $max_items_per_page;
// Load the board.
$thread_id = stripinput($_REQUEST['thread_id']);
$thread = new BoardThread($db);
$thread = $thread->findOneByBoardThreadId($thread_id);
if ($thread == null) {
$ERRORS[] = 'Invalid thread specified.';
} else {
// Load the board info.
$board = new Board($db);
$board = $board->findOneByBoardId($thread->getBoardId());
if ($board == null) {
$ERRORS[] = 'Invalid board.';
} else {
if ($board->hasAccess($User) == false) {
$ERRORS[] = 'Invalid board.';
}
}
| at www.gnu.org/licenses/agpl.html. Removal of this
| copyright header is strictly prohibited without
| written permission from the original author(s).
+--------------------------------------------------------*/
require_once "maincore.php";
require_once THEMES . "templates/header.php";
include LOCALE . LOCALESET . "search.php";
add_to_title($locale['global_202']);
if (!isset($_GET['rowstart']) || !isnum($_GET['rowstart'])) {
$_GET['rowstart'] = 0;
}
if (isset($_GET['stext'])) {
if (is_array($_GET['stext'])) {
redirect(FUSION_SELF);
} else {
$_GET['stext'] = urlencode(stripinput($_GET['stext']));
}
} else {
$_GET['stext'] = "";
}
if (isset($_GET['method'])) {
$_GET['method'] = $_GET['method'] == "OR" || $_GET['method'] == "AND" ? $_GET['method'] : "OR";
}
if (!isset($_GET['method'])) {
$_GET['method'] = "OR";
}
if (isset($_GET['datelimit'])) {
$_GET['datelimit'] = isnum($_GET['datelimit']) ? $_GET['datelimit'] : 0;
}
if (!isset($_GET['datelimit'])) {
$_GET['datelimit'] = 0;
$result = dbquery("UPDATE " . DB_ARTICLES . " SET article_cat='" . intval($_POST['article_cat']) . "', article_subject='{$subject}', article_snippet='{$body}', article_article='{$body2}', article_draft='{$draft}', article_breaks='{$breaks}', article_allow_comments='{$comments}', article_allow_ratings='{$ratings}' WHERE article_id='" . $_POST['article_id'] . "'");
redirect(FUSION_SELF . $aidlink . "&status=su");
} elseif (!defined("FUSION_NULL")) {
$result = dbquery("INSERT INTO " . DB_ARTICLES . " (article_cat, article_subject, article_snippet, article_article, article_draft, article_breaks, article_name, article_datestamp, article_reads, article_allow_comments, article_allow_ratings) VALUES ('" . intval($_POST['article_cat']) . "', '{$subject}', '{$body}', '{$body2}', '{$draft}', '{$breaks}', '" . $userdata['user_id'] . "', '" . time() . "', '0', '{$comments}', '{$ratings}')");
redirect(FUSION_SELF . $aidlink . "&status=sn");
}
} else {
if (isset($_POST['delete']) && (isset($_POST['article_id']) && isnum($_POST['article_id']))) {
$result = dbquery("DELETE FROM " . DB_ARTICLES . " WHERE article_id='" . $_POST['article_id'] . "'");
$result = dbquery("DELETE FROM " . DB_COMMENTS . " WHERE comment_item_id='" . $_POST['article_id'] . "' and comment_type='A'");
$result = dbquery("DELETE FROM " . DB_RATINGS . " WHERE rating_item_id='" . $_POST['article_id'] . "' and rating_type='A'");
redirect(FUSION_SELF . $aidlink . "&status=del");
} else {
if (isset($_POST['preview'])) {
$article_cat = $_POST['article_cat'];
$subject = stripinput($_POST['subject']);
$body = phpentities(stripslash($_POST['body']));
$body2 = phpentities(stripslash($_POST['body2']));
$bodypreview = str_replace("src='" . str_replace("../", "", IMAGES_A), "src='" . IMAGES_A, stripslash($_POST['body']));
$body2preview = str_replace("src='" . str_replace("../", "", IMAGES_A), "src='" . IMAGES_A, stripslash($_POST['body2']));
$draft = isset($_POST['article_draft']) ? " checked='checked'" : "";
if (isset($_POST['line_breaks'])) {
$breaks = " checked='checked'";
$bodypreview = nl2br($bodypreview);
$body2preview = nl2br($body2preview);
} else {
$breaks = "";
}
$comments = isset($_POST['article_comments']) ? " checked='checked'" : "";
$ratings = isset($_POST['article_ratings']) ? " checked='checked'" : "";
opentable($subject);
if (dbrows($result)) {
$data = dbarray($result);
$submit_criteria = unserialize($data['submit_criteria']);
$download_title = stripinput($_POST['download_title']);
$download_description = stripinput($_POST['download_description']);
$download_description_short = stripinput($_POST['download_description_short']);
$download_cat = isnum($_POST['download_cat']) ? $_POST['download_cat'] : "0";
$download_allow_comments = isset($_POST['download_allow_comments']) && isnum($_POST['download_allow_comments']) ? $_POST['download_allow_comments'] : "0";
$download_allow_ratings = isset($_POST['download_allow_ratings']) && isnum($_POST['download_allow_ratings']) ? $_POST['download_allow_ratings'] : "0";
$download_url = isset($_POST['download_url']) ? stripinput($_POST['download_url']) : "";
$download_os = stripinput($_POST['download_os']);
$download_license = stripinput($_POST['download_license']);
$download_copyright = stripinput($_POST['download_copyright']);
$download_homepage = stripinput($_POST['download_homepage']);
$download_version = stripinput($_POST['download_version']);
$download_filesize = stripinput($_POST['download_filesize']);
$download_file = isset($submit_criteria['download_file']) && file_exists(DOWNLOADS . "submissions/" . $submit_criteria['download_file']) ? $submit_criteria['download_file'] : "";
$download_image = isset($submit_criteria['download_image']) && file_exists(DOWNLOADS . "submissions/images/" . $submit_criteria['download_image']) ? $submit_criteria['download_image'] : "";
$download_image_thumb = isset($submit_criteria['download_image_thumb']) && file_exists(DOWNLOADS . "submissions/images/" . $submit_criteria['download_image_thumb']) ? $submit_criteria['download_image_thumb'] : "";
if (isset($_POST['del_image'])) {
if (file_exists(DOWNLOADS . "submissions/images/" . $download_image)) {
@unlink(DOWNLOADS . "submissions/images/" . $download_image);
$download_image = "";
}
if (file_exists(DOWNLOADS . "submissions/images/" . $download_image_thumb)) {
@unlink(DOWNLOADS . "submissions/images/" . $download_image_thumb);
$download_image_thumb = "";
}
}
if ($download_file) {
$dest = DOWNLOADS;
