function upgrade_pre($var)
{
$sql = e107::getDb();
if (!$sql->isTable('forum_t')) {
return false;
// e107::getSingleton('e107plugin')->refresh('forum');
} else {
e107::getRedirect()->go(e_PLUGIN_ABS . 'forum/forum_update.php');
//Redirect upgrade to customized upgrade routine
}
//header('Location: '.e_PLUGIN.'forum/forum_update.php');
}
function __construct()
{
$this->checkPaths();
$this->checkTimezone();
$this->checkWritable();
$this->checkHtmlarea();
$this->checkIncompatiblePlugins();
$this->checkFileTypes();
$this->checkSuspiciousFiles();
$this->checkDeprecated();
if ($this->refresh == true) {
e107::getRedirect()->go(e_SELF);
}
}
public function actionLogin()
{
$allow = true;
$session = e107::getSession();
if ($session->get('HAuthError')) {
$allow = false;
$session->set('HAuthError', null);
}
if ($allow && vartrue($_GET['provider'])) {
require_once e_HANDLER . "user_handler.php";
$provider = new e_user_provider($_GET['provider']);
try {
$provider->login($this->backUrl);
// redirect to test page is expected, if true - redirect to SITEURL
} catch (Exception $e) {
e107::getMessage()->addError('[' . $e->getCode() . ']' . $e->getMessage(), 'default', true);
}
}
e107::getRedirect()->redirect(true === $this->backUrl ? SITEURL : $this->backUrl);
}
public function actionLogin()
{
//echo 'Login controller';
// FIXME - pref for default XUP - e.g. Facebook, use it when GET is empty
if (vartrue($_GET['provider'])) {
require_once e_HANDLER . "user_handler.php";
$provider = new e_user_provider($_GET['provider']);
//$provider->setBackUrl(e107::getUrl()->create('system/xup/endpoint', array(), array('full' => true)));
try {
$provider->login($this->backUrl);
// redirect to test page is expected, if true - redirect to SITEURL
} catch (Exception $e) {
e107::getMessage()->addError('[' . $e->getCode() . ']' . $e->getMessage());
// print_a($provider->getUserProfile());
// echo '<br /><br /><a href="'.e107::getUrl()->create($this->backUrl).'">Test page</a>';
return;
}
// print_a($provider->getUserProfile());
//return;
}
e107::getRedirect()->redirect(e107::getUrl()->create($this->backUrl));
}
if (strpos($row['user_perms'], '0') === 0) {
$class_list[] = e_UC_MAINADMIN;
}
}
$class_list[] = e_UC_MEMBER;
$class_list[] = e_UC_PUBLIC;
$user_logging_opts = array_flip(explode(',', varset($pref['user_audit_opts'], '')));
if (isset($user_logging_opts[USER_AUDIT_LOGIN]) && in_array(varset($pref['user_audit_class'], ''), $class_list)) {
// Need to note in user audit trail
e107::getAdminLog()->user_audit(USER_AUDIT_LOGIN, '', $user_id, $user_name);
}
$edata_li = array("user_id" => $row['user_id'], "user_name" => $row['user_name'], 'class_list' => implode(',', $class_list), 'user_admin' => $row['user_admin']);
// Fix - set cookie before login trigger
session_set(e_COOKIE, $cookieval, time() + 3600 * 24 * 30);
e107::getEvent()->trigger("login", $edata_li);
e107::getRedirect()->redirect(e_ADMIN_ABS . 'admin.php');
//echo "<script type='text/javascript'>document.location.href='admin.php'</script>\n";
}
}
$e_sub_cat = 'logout';
if (ADMIN == FALSE) {
define("e_IFRAME", TRUE);
}
if (!defset('NO_HEADER')) {
require_once e_ADMIN . "header.php";
}
if (ADMIN == FALSE) {
// Needs help from Deso, Vesko and Stoev! :-)
e107::css('inline', "\n\t\t\n\t\t\tbody \t\t\t\t{ \ttext-align: left; font-size:15px; line-height:1.5em; font-weight:normal; font-family:Arial, Helvetica, sans-serif; background:#081D28 url(" . e_IMAGE . "logo_template_large.png) no-repeat 50% 40px; }\n\t\t\ta\t\t\t\t\t{ \tcolor:#F6931E; text-decoration:none; }\n\t\t\ta:hover\t\t\t\t{ \tcolor:silver; text-decoration:none; }\n\t\t\t.bold\t\t\t\t{ \tfont-weight:bold; }\n\t\t\t.field\t\t\t\t{ \ttext-align:center;padding:5px }\n\t\t\t.field input\t\t{\tpadding:5px; \n\t\t\t\t\t\t\t\t\tborder-width:1px;\t\t\t\t\t\t\t\n \t\t\t\t\t\t\t\tborder-style:solid;\n \t\t\t\t\t\t\t\tborder-color:#aaa #c8c8c8 #c8c8c8 #aaa;\n\t\t\t\t\t\t\t\t\tbackground:#fff;\n\t\t\t\t\t\t\t\t\tfont:16px arial, helvetica, sans-serif;\n\t\t\t\t\t\t\t\t\t-moz-border-radius: 4px;\n\t\t\t\t\t\t\t\t\t-webkit-border-radius: 4px;\n\t\t\t\t\t\t\t\t\tborder-radius: 4px;\n\t\t\t\t\t\t\t\t\t-moz-box-shadow: 1px 1px 2px #999 inset;\n\t\t\t\t\t\t\t\t\t-webkit-box-shadow: 1px 1px 2px #999 inset;\n\t\t\t\t\t\t\t\t\tbox-shadow: 1px 1px 2px #999 inset;\n\t\t\t\t\t\t\t\t}\n\t\t\t\n\t\t\t.field input:focus\t{\n\t\t\t\t\t\t\t\t\tborder:1px solid #F6931E;\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\n\t\t\t.field input:hover\t{\n\t\t\t\t\t\t\t\t\tborder:1px solid #F6931E;\n\t\t\t\t\t\t\t\t}\n\t\t\t\n\t\t\t#login-admin \t\t{\n\t\t\t\t\t\t\t\t\tmargin-left:auto;\n\t\t\t\t\t\t\t\t\tmargin-right:auto;\n\t\t\t\t\t\t\t\t\tmargin-top:12%;\n\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\twidth:400px; \n\t\t\t\t\t\t\t\t\t/*\t\n\t\t\t\t\t\t\t\t\tpadding: 10px 20px 0 20px;\n\t\t\t\t\t\t\t\t\t-moz-border-radius:5px;\n\t\t\t\t\t\t\t\t\t-webkit-border-radius:5px;\n\t\t\t\t\t\t\t\t\tborder-radius:5px;\n\t\t\t\t\t\t\t\t\t-moz-box-shadow:5px 5px 20px #000000;\n\t\t\t\t\t\t\t\t\t-webkit-box-shadow:5px 5px 20px #000000;\n\t\t\t\t\t\t\t\t\tbox-shadow:5px 5px 20px #000000;\t\n\t\t\t\t\t\t\t\t\tbackground-color: #FEFEFE;\n\t\t\t\t\t\t\t\t\t*/\n\t\t\t\t\t\t\t\t}\n\t\t\t\n\t\t\t#login-admin label \t{ \tdisplay: none; text-align: right\t}\n\t\t\t\t\n\t\t\t\n\t\t\t.admin-submit \t\t{ \ttext-align: center; \tpadding:20px;\t}\n\t\t\t\n\t\t\t.submit\t\t\t\t{ }\n\t\t\t\n\t\t\n\t\t\t.placeholder \t\t{\tcolor: #bbb; font-style:italic\t}\n\t\n\t\t\t::-webkit-input-placeholder { font-style:italic;\tcolor: #bbb; \t}\n\t\t\n\t\t\t:-moz-placeholder \t{ font-style:italic;\tcolor: #bbb; \t\t}\n\t\t\t\n\t\t\th2\t\t\t\t\t{ text-align: center; color: #FAAD3D; }\n\t\t\t\n\t\t\t#username\t\t\t{background: url(" . e_IMAGE . "admin_images/admins_16.png) no-repeat scroll 7px 7px; padding-left:30px; }\n\t\t\t\t \n\t\t\t#userpass\t\t\t{background: url(" . e_IMAGE . "admin_images/lock_16.png) no-repeat scroll 7px 7px; padding-left:30px; }\n\t\t\t\n\t\t\tinput[disabled] \t{\tcolor: silver;\t}\n\t\t\tbutton[disabled] span\t{\tcolor: silver;\t}\n\t\t\n\t\t");
$obj = new auth();
$obj->authform();
}
//$newsfrom = (!is_numeric($action) || !e_QUERY ? 0 : ($action ? $action : e_QUERY));
// Usually the first query parameter is the action.
// For any of the 'list' modes (inc month, day), the action being second is a legacy situation
// .... which can hopefully go sometime
//SecretR: Gone, gone...
if (is_numeric($action) && isset($tmp[1]) && ($tmp[1] == 'list' || $tmp[1] == 'month' || $tmp[1] == 'day')) {
$action = $tmp[1];
$sub_action = varset($tmp[0], '');
}
if ($action == 'all' || $action == 'cat') {
$sub_action = intval(varset($tmp[1], 0));
}
if ($action == 'extend' && empty($sub_action)) {
$defaultUrl = e107::getUrl()->create('news/list/items');
e107::getRedirect()->go($defaultUrl, null, 301);
exit;
}
/*
Variables Used:
$action - the basic display format/filter
$sub_action - category number or news item number
$newsfrom - first item number in list (default 0) - derived from nextprev
$order - sets the listing order for 'list' format
*/
$ix = new news();
$nobody_regexp = "'(^|,)(" . str_replace(",", "|", e_UC_NOBODY) . ")(,|\$)'";
// URL settings (nextprev)
$newsUrlparms = array('page' => '--FROM--');
if ($sub_action) {
switch ($action) {
function init()
{
global $forum;
$e107 = e107::getInstance();
$this->threadId = (int) varset($_GET['id']);
$this->perPage = varset($_GET['perpage']) ? (int) $_GET['perpage'] : $forum->prefs->get('postspage');
$this->page = varset($_GET['p']) ? (int) $_GET['p'] : 1;
if (!$this->threadId && e_QUERY) {
list($id, $page) = explode(".", e_QUERY);
$this->threadId = intval($id);
$this->page = intval($page);
}
//If threadId doesn't exist, or not given, redirect to main forum page
if (!$this->threadId || !($this->threadInfo = $forum->threadGet($this->threadId))) {
if (E107_DEBUG_LEVEL > 0) {
e107::getMessage()->addError("Thread not found or query error: " . __METHOD__ . ' Line: ' . __LINE__);
return;
// exit;
}
$url = e107::url('forum', 'index', 'full');
e107::getRedirect()->go($url);
// header('Location:' . $e107->url->create('forum/forum/main', array(), 'encode=0&full=1'));
exit;
}
//If not permitted to view forum, redirect to main forum page
if (!$forum->checkPerm($this->threadInfo['thread_forum_id'], 'view')) {
if (E107_DEBUG_LEVEL > 0) {
echo __METHOD__ . ' Line: ' . __LINE__;
exit;
}
$url = e107::url('forum', 'index', 'full');
e107::getRedirect()->go($url);
// header('Location:' . $e107->url->create('forum/forum/main', array(), 'encode=0&full=1'));
exit;
}
$totalPosts = $this->threadInfo['thread_total_replies'];
// + 1; // add 1 for the original post . ie. not a reply.
$this->pages = ceil($totalPosts / $this->perPage);
$this->noInc = false;
}
function pluginXml()
{
//TODO Plugin.xml Form Fields. .
$data = array('main' => array('name', 'lang', 'version', 'date', 'compatibility'), 'author' => array('name', 'url'), 'summary' => array('summary'), 'description' => array('description'), 'keywords' => array('one', 'two'), 'category' => array('category'), 'copyright' => array('copyright'));
// Load old plugin.php file if it exists;
$legacyFile = e_PLUGIN . $this->pluginName . "/plugin.php";
if (file_exists($legacyFile)) {
$eplug_name = $eplug_author = $eplug_url = $eplug_description = "";
$eplug_tables = array();
require_once $legacyFile;
$mes = e107::getMessage();
$mes->addInfo("Loading plugin.php file");
$defaults = array("main-name" => $eplug_name, "author-name" => $eplug_author, "author-url" => $eplug_url, "description-description" => $eplug_description, "summary-summary" => $eplug_description);
if (count($eplug_tables) && !file_exists(e_PLUGIN . $this->pluginName . "/" . $this->pluginName . "_sql.php")) {
$cont = '';
foreach ($eplug_tables as $tab) {
if (strpos($tab, "INSERT INTO") !== FALSE) {
continue;
}
$cont .= "\n" . str_replace("\t", " ", $tab);
}
if (file_put_contents(e_PLUGIN . $this->pluginName . "/" . $this->pluginName . "_sql.php", $cont)) {
$info = str_replace('[x]', $this->pluginName . "_sql.php", EPL_ADLAN_132);
$mes->addInfo($info, 'default', true);
$red = e107::getRedirect();
$red->redirect(e_REQUEST_URL, true);
// $red->redirect(e_SELF."?mode=create&newplugin=".$this->pluginName."&createFiles=1&step=2",true);
} else {
$msg = str_replace('[x]', $this->pluginName . "_sql.php", EPL_ADLAN_133) . "<br />";
$msg .= str_replace(array('[x]', '[y]'), array($this->pluginName . "_sql.php", $cont), EPL_ADLAN_134);
$mes->addWarning($msg);
}
}
}
$existingXml = e_PLUGIN . $this->pluginName . "/plugin.xml";
if (file_exists($existingXml)) {
$p = e107::getXml()->loadXMLfile($existingXml, true);
// print_a($p);
$defaults = array("main-name" => varset($p['@attributes']['name']), "author-name" => varset($p['author']['@attributes']['name']), "author-url" => varset($p['author']['@attributes']['url']), "description-description" => varset($p['description']), "summary-summary" => varset($p['summary'], $p['description']), "category-category" => varset($p['category']), "keywords-one" => varset($p['keywords']['word'][0]), "keywords-two" => varset($p['keywords']['word'][1]));
unset($p);
}
$text = "<table class='table adminform'>";
foreach ($data as $key => $val) {
$text .= "<tr><td>{$key}</td><td>\n\t\t\t\t<div class='controls'>";
foreach ($val as $type) {
$nm = $key . '-' . $type;
$name = "xml[{$nm}]";
$size = count($val) == 1 ? 'span7 col-md-7' : 'span2 col-md-2';
$text .= "<div class='{$size}'>" . $this->xmlInput($name, $key . "-" . $type, vartrue($defaults[$nm])) . "</div>";
}
$text .= "</div></td></tr>";
}
$text .= "</table>";
return $text;
}
e107::redirect();
}
if ($adminEdit && $message) {
$mes->addSuccess($message);
}
if (isset($USERSETTINGS_MESSAGE)) {
$message = str_replace("{MESSAGE}", $message, $USERSETTINGS_MESSAGE);
} elseif (!deftrue('BOOTSTRAP')) {
$message = "<div style='text-align:center'>" . $message . '</div>';
}
$caption = isset($USERSETTINGS_MESSAGE_CAPTION) ? $USERSETTINGS_MESSAGE_CAPTION : LAN_OK;
}
// End - if (!$error)...
if (!$error && !$promptPassword) {
if (isset($_POST) && vartrue($changedUserData['user_name'])) {
$redirect = e107::getRedirect();
$url = e107::getUrl();
$to = $_uid ? $url->create('user/profile/edit', array('id' => $_uid, 'name' => $changedUserData['user_name'])) : $url->create('user/myprofile/edit');
if ($message) {
e107::getMessage()->addSuccess($message, 'default', true);
}
$redirect->redirect($to);
}
unset($_POST);
}
if ($error) {
// require_once (e_HANDLER.'message_handler.php');
$temp = array();
if (count($extraErrors)) {
$temp[] = implode('<br />', $extraErrors);
}
function sc_admin_lang($parm)
{
if (!ADMIN || !e107::getPref('multilanguage')) {
return '';
}
$e107 = e107::getInstance();
$sql = e107::getDb();
$pref = e107::getPref();
$ns = e107::getRender();
e107::plugLan('user_menu', '', true);
$params = array();
parse_str($parm, $params);
$lanlist = explode(',', e_LANLIST);
sort($lanlist);
$text = '';
$lanperms = array();
foreach ($lanlist as $langval) {
if (getperms($langval)) {
$lanperms[] = $langval;
}
}
$slng = e107::getLanguage();
if (!getperms($sql->mySQLlanguage) && $lanperms) {
$slng->set($lanperms[0]);
if ($pref['user_tracking'] == "session" && $pref['multilanguage_subdomain']) {
e107::getRedirect()->redirect($slng->subdomainUrl($lanperms[0]));
}
/*$sql->mySQLlanguage = ($lanperms[0] != $pref['sitelanguage']) ? $lanperms[0] : "";
if ($pref['user_tracking'] == "session")
{
$_SESSION['e107language_'.$pref['cookie_name']] = $lanperms[0];
if($pref['multilanguage_subdomain']){
header("Location:".$slng->subdomainUrl($lanperms[0]));
}
}
else
{
setcookie('e107language_'.$pref['cookie_name'], $lanperms[0], time() + 86400, '/');
$_COOKIE['e107language_'.$pref['cookie_name']]= $lanperms[0];
}*/
}
if (varset($GLOBALS['mySQLtablelist'])) {
foreach ($GLOBALS['mySQLtablelist'] as $tabs) {
$clang = strtolower($sql->mySQLlanguage);
if (strpos($tabs, "lan_" . $clang) && $clang != "") {
$aff[] = str_replace(MPREFIX . "lan_" . $clang . "_", "", $tabs);
}
}
}
$text .= "\n\t\t<div>\n\t\t";
if (isset($aff)) {
$text .= $sql->mySQLlanguage;
$text .= " (" . $slng->convert($sql->mySQLlanguage) . ")\n\t\t\t: <span class='btn btn-default button' style='cursor: pointer;' onclick='expandit(\"lan_tables\");'><a style='text-decoration:none' title='' href=\"javascript:void(0);\" > " . count($aff) . " " . UTHEME_MENU_L3 . " </a></span><br />\n\t\t\t<span style='display:none' id='lan_tables'>\n\t\t\t";
$text .= implode('<br />', $aff);
$text .= '</span>';
} elseif ($sql->mySQLlanguage && $sql->mySQLlanguage != $pref['sitelanguage']) {
$text .= $sql->mySQLlanguage;
$text .= ' (' . $slng->convert($sql->mySQLlanguage) . '): ' . LAN_INACTIVE;
} else {
$text .= $pref['sitelanguage'];
}
$text .= "<br /><br /></div>";
$select = '';
if (isset($pref['multilanguage_subdomain']) && $pref['multilanguage_subdomain']) {
// TODO - JS independent
$select .= "\n\t\t\t<select class='tbox' name='lang_select' id='sitelanguage' onchange=\"location.href=this.options[selectedIndex].value\">";
foreach ($lanperms as $lng) {
$selected = $lng == $sql->mySQLlanguage || $lng == $pref['sitelanguage'] && !$sql->mySQLlanguage ? " selected='selected'" : "";
$urlval = $slng->subdomainUrl($lng);
$select .= "<option value='" . $urlval . "' {$selected}>{$lng}</option>\n";
}
$select .= "</select>";
} else {
$select .= "\n\t\t\t<form method='post' action='" . e_SELF . (e_QUERY ? '?' . e_QUERY : '') . "'>\n\t\t\t<div>\n\t\t\t<select name='sitelanguage' id='sitelanguage' class='tbox' onchange='this.form.submit()'>";
foreach ($lanperms as $lng) {
// FIXME - language detection is a mess - db handler, mysql handler, session handler and language handler + constants invlolved
// Too complex, doesn't work!!! SIMPLIFY!!!
//$langval = ($lng == $pref['sitelanguage'] && $lng == 'English') ? "" : $lng;
//$selected = ($lng == $sql->mySQLlanguage || ($lng == $pref['sitelanguage'] && !$sql->mySQLlanguage)) ? " selected='selected'" : "";
//$select .= "<option value='".$langval."'{$selected}>$lng</option>\n";
$selected = $lng == e_LANGUAGE ? " selected='selected'" : "";
$select .= "<option value='" . $lng . "'{$selected}>{$lng}</option>\n";
}
$select .= "</select> " . (!isset($params['nobutton']) ? "<button class='update e-hide-if-js' type='submit' name='setlanguage' value='no-value'><span>" . UTHEME_MENU_L1 . "</span></button>" : '') . "\n\t\t\t" . e107::getForm()->hidden('setlanguage', '1') . "\n\t\t\t</div>\n\t\t\t</form>\n\t\t\t";
}
if (isset($params['nomenu'])) {
return $select;
}
if ($select) {
$text .= "<div class='center'>{$select}</div>";
}
return $ns->tablerender(UTHEME_MENU_L2, $text, '', true);
}
function sendFile($data)
{
$sql = e107::getDb();
$post_id = intval($data['id']);
// forum (post) id
$file_id = intval($data['dl']);
// file id
$forum_id = $sql->retrieve('forum_post', 'post_forum', 'post_id=' . $post_id);
// Check if user is allowed to download this file (has 'view' permissions to forum)
if (!$this->checkPerm($forum_id, 'view')) {
if (E107_DEBUG_LEVEL > 0) {
echo "You don't have 'view' access to forum-id: : " . $forum_id;
print_a($this->permList);
return;
}
$url = e107::url('forum', 'index', 'full');
e107::getRedirect()->go($url);
// header('Location:'.e107::getUrl()->create('forum/forum/main')); // FIXME needs proper redirect and 403 header
exit;
}
$array = $sql->retrieve('forum_post', 'post_user,post_attachments', 'post_id=' . $post_id);
$attach = e107::unserialize($array['post_attachments']);
$file = $this->getAttachmentPath($array['post_user']) . varset($attach['file'][$file_id]);
// Check if file exists. Send file for download if it does, return 404 error code when file does not exist.
if (file_exists($file)) {
e107::getFile()->send($file);
} else {
if (E107_DEBUG_LEVEL > 0) {
echo "Couldn't find file: " . $file;
return;
}
$url = e107::url('forum', 'index', 'full');
e107::getRedirect()->go($url);
// header('Location:'.e107::getUrl()->create('forum/forum/main', TRUE, 404)); // FIXME needs proper redirect and 404 header
exit;
}
}
function upgrade_pre($var)
{
//Redirect upgrade to customized upgrade routine
e107::getRedirect()->redirect(e_PLUGIN_ABS . 'forum/forum_update.php');
//header('Location: '.e_PLUGIN.'forum/forum_update.php');
}
function manager_category()
{
global $plugintable, $qs, $sql, $ns, $rs, $aa;
if (!getperms("0")) {
//jsx_location(e_SELF);
$url = e_SELF;
e107::getRedirect()->go($url);
}
if (!is_numeric($qs[1])) {
//jsx_location(e_SELF);
$url = e_SELF;
e107::getRedirect()->go($url);
}
if (!is_object($sql)) {
$sql = new db();
}
if (!$sql->db_Select($plugintable, "content_id, content_heading, content_pref", "content_id='" . intval($qs[1]) . "' ")) {
//js_location(e_SELF."?manager");
$url = e_SELF . "?manager";
e107::getRedirect()->go($url);
} else {
$row = $sql->db_Fetch();
$caption = CONTENT_ADMIN_CAT_LAN_30 . " : " . $row['content_heading'];
}
//$content_pref = e107::unserialize($row['content_pref']);
$content_pref = e107::unserialize($row['content_pref']);
$qs[1] = intval($qs[1]);
$text = "\n\t\t\t<div class='text-left'>\n\t\t\t" . $rs->form_open("post", e_SELF . "?" . e_QUERY, "managerform", "", "enctype='multipart/form-data'") . "\n\t\t\t<table class='table adminform' id='manager_category_01'>\n\t\t\t<tr>\n\t\t\t\t<td class='forumheader3' style='text-align:left'>\n\t\t\t\t\t" . CONTENT_ADMIN_MANAGER_LAN_0 . "<br />" . CONTENT_ADMIN_MANAGER_LAN_1 . "<br />\n\t\t\t\t</td>\n\t\t\t\t<td class='forumheader3' style='text-align:left'>\n\t\t\t\t\t" . r_userclass("content_manager_approve", $content_pref["content_manager_approve"], 'off', "nobody,member,admin,classes") . "\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class='forumheader3' style='text-align:left'>\n\t\t\t\t\t" . CONTENT_ADMIN_MANAGER_LAN_2 . "<br />" . CONTENT_ADMIN_MANAGER_LAN_3 . "<br />\n\t\t\t\t</td>\n\t\t\t\t<td class='forumheader3' style='text-align:left'>\n\t\t\t\t\t" . r_userclass("content_manager_personal", $content_pref["content_manager_personal"], 'off', "nobody,member,admin,classes") . "\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class='forumheader3' style='text-align:left'>\n\t\t\t\t\t" . CONTENT_ADMIN_MANAGER_LAN_4 . "<br />" . CONTENT_ADMIN_MANAGER_LAN_5 . "<br />\n\t\t\t\t</td>\n\t\t\t\t<td class='forumheader3' style='text-align:left'>\n\t\t\t\t\t" . r_userclass("content_manager_category", $content_pref["content_manager_category"], 'off', "nobody,member,admin,classes") . "\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td colspan='2' class='fcaption' style='text-align:center'>\n\t\t\t\t\t" . $rs->form_button("submit", "update_manager", LAN_SAVE) . "\n\t\t\t\t\t" . $rs->form_hidden("options_type", $qs[1]) . "\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t</table>\n\t\t\t" . $rs->form_close() . "\n\t\t\t</div>";
$ns->tablerender($caption, $text);
}
/**
* Display list of links within a particular category
*/
function show_links()
{
global $qs, $rs, $tp, $from;
$db = e107::getDb();
$number = "20";
$LINK_CAT_NAME = '';
// May be appropriate to add a shortcode later
if ($qs[2] == "all") {
// Show all categories
$caption = LCLAN_ITEM_38;
$qry = " link_id != '' ORDER BY link_category ASC, link_order ASC";
} else {
// Show single category
if ($db->select("links_page_cat", "link_category_name", "link_category_id='" . intval($qs[2]) . "' ")) {
$row = $db->fetch();
$caption = LCLAN_ITEM_2 . " " . $row['link_category_name'];
}
$qry = " link_category=" . intval($qs[2]) . " ORDER BY link_order, link_id ASC";
}
$link_total = $db->select("links_page", "*", " " . $qry . " ");
if (!$db->select("links_page", "*", " " . $qry . " LIMIT " . intval($from) . "," . intval($number) . " ")) {
//jsx_location(e107::url('links_page', 'index'));
$url = e107::url('links_page', 'index');
e107::getRedirect()->go($url);
} else {
// Display the individual links
$text = $rs->form_open("post", e_SELF . (e_QUERY ? "?" . e_QUERY : ""), "myform_{$row['link_id']}", "", "");
$text .= "<div style='text-align:center'>\n <table class='fborder' style='" . ADMIN_WIDTH . "'>\n <tr>\n <td class='fcaption' style='width:5%'>" . LCLAN_ITEM_25 . "</td>\n <td class='fcaption' style='width:65%'>" . LCLAN_ITEM_26 . "</td>\n <td class='fcaption' style='width:10%'>" . LCLAN_ITEM_27 . "</td>\n <td class='fcaption' style='width:10%'>" . LCLAN_ITEM_28 . "</td>\n <td class='fcaption' style='width:10%'>" . LCLAN_ITEM_29 . "</td>\n </tr>";
while ($row = $db->fetch()) {
$linkid = $row['link_id'];
$img = "";
if ($row['link_button']) {
if (strpos($row['link_button'], "http://") !== FALSE) {
$img = "<img style='border:0;' src='" . $row['link_button'] . "' alt='" . $LINK_CAT_NAME . "' />";
} else {
if (strstr($row['link_button'], "/")) {
$img = "<img style='border:0;' src='" . e_BASE . $row['link_button'] . "' alt='" . $LINK_CAT_NAME . "' />";
} else {
$img = "<img style='border:0' src='" . e_PLUGIN_ABS . "links_page/link_images/" . $row['link_button'] . "' alt='" . $LINK_CAT_NAME . "' />";
}
}
}
$name_suffix = URL_SEPARATOR . $linkid . URL_SEPARATOR . $row['link_order'] . URL_SEPARATOR . $row['link_category'];
if ($row['link_order'] == "1") {
$up = " ";
} else {
//$up = "<input type='image' src='".LINK_ICON_ORDER_UP_BASE."' value='".$linkid.".".$row['link_order'].".".$row['link_category']."' name='inc' />";
$up = "<input type='image' src='" . LINK_ICON_ORDER_UP_BASE . "' name='inc" . $name_suffix . "' />";
}
if ($row['link_order'] == $link_total) {
$down = " ";
} else {
//$down = "<input type='image' src='".LINK_ICON_ORDER_DOWN_BASE."' value='".$linkid.".".$row['link_order'].".".$row['link_category']."' name='dec' />";
$down = "<input type='image' src='" . LINK_ICON_ORDER_DOWN_BASE . "' name='dec" . $name_suffix . "' />";
}
$text .= "\n <tr>\n <td class='forumheader3' style='width:5%; text-align: center; vertical-align: middle'>" . $img . "</td>\n <td style='width:65%' class='forumheader3'>\n <a href='" . e_PLUGIN_ABS . "links_page/links.php?" . $row['link_id'] . "' rel='external'>" . LINK_ICON_LINK . "</a> " . $row['link_name'] . "\n </td>\n <td style='width:10%; text-align:center; white-space: nowrap' class='forumheader3'>\n <a href='" . e_SELF . "?link.edit." . $linkid . "' title='" . LCLAN_ITEM_31 . "'>" . LINK_ICON_EDIT . "</a>\n <input type='image' title='delete' name='delete[main_{$linkid}]' alt='" . LCLAN_ITEM_32 . "' src='" . LINK_ICON_DELETE_BASE . "' onclick=\"return jsconfirm('" . $tp->toJS(LCLAN_ITEM_33 . " [ " . $row['link_name'] . " ]") . "')\" />\n </td>\n <td style='width:10%; text-align:center; white-space: nowrap' class='forumheader3'>\n " . $up . "\n " . $down . "\n </td>\n <td style='width:10%; text-align:center' class='forumheader3'>\n <select name='link_order[]' class='tbox'>";
//".$rs -> form_select_open("link_order[]");
for ($a = 1; $a <= $link_total; $a++) {
$text .= $rs->form_option($a, $row['link_order'] == $a ? "1" : "0", $linkid . "." . $a, "");
}
$text .= $rs->form_select_close() . "\n </td>\n </tr>";
}
$text .= "\n <tr>\n <td class='forumheader' colspan='4'> </td>\n <td class='forumheader' style='width:5%; text-align:center'>\n " . $rs->form_button("submit", "update_order", LCLAN_ITEM_30) . "\n </td>\n </tr>\n </table></div>\n " . $rs->form_close();
}
e107::getRender()->tablerender($caption, $text);
$this->ShowNextPrev($from, $number, $link_total);
}
+ ----------------------------------------------------------------------------+
| e107 website system
|
| Copyright (C) 2008-2013 e107 Inc
| http://e107.org
|
| Released under the terms and conditions of the
| GNU General Public License (http://gnu.org).
|
| Generic File Request Script.
|
+----------------------------------------------------------------------------+
*/
require_once "class2.php";
if (!e_QUERY || isset($_POST['userlogin'])) {
header("location: " . SITEURL);
// $e107->base_path
exit;
}
// Media-Manager direct file download.
if (vartrue($_GET['file']) && is_numeric($_GET['file'])) {
$sql = e107::getDb();
if ($sql->select('core_media', 'media_url', "media_id= " . intval($_GET['file']) . " AND media_userclass IN (" . USERCLASS_LIST . ") LIMIT 1 ")) {
$row = $sql->fetch();
// $file = $tp->replaceConstants($row['media_url'],'rel');
e107::getFile()->send($row['media_url']);
}
} else {
e107::getRedirect()->redirect(e_PLUGIN . "download/request.php?" . e_QUERY);
}
exit;
/**
* The whole could happen inside e_user class
* @return void
*/
function init_session()
{
/*
# Validate user
#
# - parameters none
# - return boolean
# - scope public
*/
// ----------------------------------------
global $user_pref, $currentUser;
$e107 = e107::getInstance();
// New user model
$user = e107::getUser();
define('USERIP', e107::getIPHandler()->getIP(FALSE));
define('POST_REFERER', md5($user->getToken()));
// Check for intruders - outside the model for now
// TODO replace __referer with e-token, remove the above
if (isset($_POST['__referer']) && !$user->checkToken($_POST['__referer']) || isset($_GET['__referer']) && !$user->checkToken($_GET['__referer'])) {
// Die, die, die! DIE!!!
die('Unauthorized access!');
}
if (e107::isCli()) {
define('USER', true);
define('USERID', 1);
define('USERNAME', 'e107-cli');
define('USERTHEME', false);
define('ADMIN', true);
define('GUEST', false);
define('USERCLASS', '');
define('USEREMAIL', '');
define('USERCLASS_LIST', '');
define('USERCLASS', '');
define('USERJOINED', '');
return;
}
if ($user->hasBan()) {
$msg = e107::findPref('ban_messages/6');
if ($msg) {
echo e107::getParser()->toHTML($msg);
}
exit;
}
if (!$user->isUser()) {
define('USER', false);
define('USERID', 0);
define('USERTHEME', false);
define('ADMIN', false);
define('GUEST', true);
define('USERCLASS', '');
define('USEREMAIL', '');
define('USERSIGNATURE', '');
if ($user->hasSessionError()) {
define('LOGINMESSAGE', CORE_LAN10);
define('CORRUPT_COOKIE', true);
}
} else {
// we shouldn't use getValue() here, it's there for e.g. shortcodes, profile page render etc.
define('USERID', $user->getId());
define('USERNAME', $user->get('user_name'));
define('USERURL', $user->get('user_homepage', false));
//required for BC
define('USEREMAIL', $user->get('user_email'));
define('USER', true);
define('USERCLASS', $user->get('user_class'));
define('USERIMAGE', $user->get('user_image'));
define('USERPHOTO', $user->get('user_sess'));
define('USERJOINED', $user->get('user_join'));
define('USERVISITS', $user->get('user_visits'));
define('USERSIGNATURE', $user->get('user_signature'));
define('ADMIN', $user->isAdmin());
define('ADMINID', $user->getAdminId());
define('ADMINNAME', $user->getAdminName());
define('ADMINPERMS', $user->getAdminPerms());
define('ADMINEMAIL', $user->getAdminEmail());
define('ADMINPWCHANGE', $user->getAdminPwchange());
if (ADMIN) {
e107::getRedirect()->setPreviousUrl();
}
define('USERLV', $user->get('user_lastvisit'));
// BC - FIXME - get rid of them!
$currentUser = $user->getData();
$currentUser['user_realname'] = $user->get('user_login');
// Used by force_userupdate
$e107->currentUser =& $currentUser;
// if(defined('SETTHEME')) //override - within e_module for example.
// {
// $_POST['sitetheme'] = SETTHEME;
// $_POST['settheme'] = 1;
// }
// XXX could go to e_user class as well
if ($user->checkClass(e107::getPref('allow_theme_select', false), false)) {
// User can set own theme
if (isset($_POST['settheme'])) {
$uconfig = $user->getConfig();
if (e107::getPref('sitetheme') != $_POST['sitetheme']) {
require_once e_HANDLER . "theme_handler.php";
$utheme = new themeHandler();
$ut = $utheme->themeArray[$_POST['sitetheme']];
$uconfig->setPosted('sitetheme', $_POST['sitetheme'])->setPosted('sitetheme_custompages', $ut['custompages'])->setPosted('sitetheme_deflayout', $utheme->findDefault($_POST['sitetheme']));
} else {
$uconfig->remove('sitetheme')->remove('sitetheme_custompages')->remove('sitetheme_deflayout');
}
$uconfig->save(true);
unset($ut);
}
} elseif ($user->getPref('sitetheme')) {
$user->getConfig()->remove('sitetheme')->remove('sitetheme_custompages')->remove('sitetheme_deflayout')->save(false);
}
// XXX could go to e_user class as well END
if (!defined("USERTHEME")) {
define('USERTHEME', $user->getPref('sitetheme') && file_exists(e_THEME . $user->getPref('sitetheme') . "/theme.php") ? $user->getPref('sitetheme') : false);
}
$user_pref = $user->getPref();
}
define('USERCLASS_LIST', $user->getClassList(true));
define('e_CLASS_REGEXP', $user->getClassRegex());
define('e_NOBODY_REGEXP', '(^|,)' . e_UC_NOBODY . '(,|$)');
}
function dbCategory($mode)
{
global $pref, $sql, $ns, $qs, $rs, $aa, $tp, $plugintable, $e107cache, $content_cat_icon_path_large, $content_cat_icon_path_small;
$_POST['cat_heading'] = $tp->toDB($_POST['cat_heading']);
$_POST['cat_subheading'] = $tp->toDB($_POST['cat_subheading']);
if (e_WYSIWYG) {
$_POST['cat_text'] = $tp->createConstants($_POST['cat_text']);
// convert e107_images/ to {e_IMAGE} etc.
}
$_POST['cat_text'] = $tp->toDB($_POST['cat_text']);
$_POST['cat_class'] = $_POST['cat_class'] ? intval($_POST['cat_class']) : "0";
//category create
if (isset($qs[0]) && $qs[0] == 'cat' && isset($qs[1]) && $qs[1] == 'create') {
if (isset($qs[2]) && is_numeric($qs[2])) {
$parent = "0." . intval($qs[2]);
} else {
$parent = 0;
}
//category edit
} elseif (isset($qs[0]) && $qs[0] == 'cat' && isset($qs[1]) && $qs[1] == 'edit') {
if (isset($qs[2]) && is_numeric($qs[2])) {
if (isset($qs[3]) && is_numeric($qs[3])) {
if (intval($qs[3]) == 0) {
$parent = 0;
} elseif ($qs[2] == $qs[3]) {
$parent = 0;
} else {
$parent = "0." . intval($qs[3]);
}
} else {
if ($qs[2] == $_POST['cat_id']) {
$parent = intval($_POST['parent_id']);
$parent = $parent != 0 ? "0." . $parent : 0;
} else {
}
}
} else {
$parent = 0;
}
}
$_POST['parent'] = $parent;
if (isset($_POST['cat_startdate']) && $_POST['cat_startdate'] != "0" && $_POST['cat_startdate'] != "") {
$newstarttime = e107::getDate()->toTime($_POST['cat_startdate'], 'inputdatetime');
} else {
$newstarttime = time();
}
if (isset($_POST['content_datestamp']) && $_POST['content_datestamp'] != "" && $_POST['content_datestamp'] != "0") {
if ($newstarttime != $starttime) {
$starttime = $newstarttime;
} else {
$starttime = intval($_POST['content_datestamp']);
}
} else {
$starttime = time();
}
if (isset($_POST['cat_enddate']) && $_POST['cat_enddate'] != "0" && $_POST['cat_enddate'] != "") {
$endtime = e107::getDate()->toTime($_POST['cat_enddate'], 'inputdatetime');
} else {
$endtime = "0";
}
if ($mode == "create") {
$sql->db_Insert($plugintable, "'0', '" . $_POST['cat_heading'] . "', '" . $_POST['cat_subheading'] . "', '', '" . $_POST['cat_text'] . "', '" . ADMINID . "', '" . $tp->toDB($_POST["cat_icon"]) . "', '', '', '" . $_POST['parent'] . "', '" . intval($_POST['cat_comment']) . "', '" . intval($_POST['cat_rate']) . "', '" . intval($_POST['cat_pe']) . "', '', '" . $starttime . "', '" . $endtime . "', '" . $_POST['cat_class'] . "', '', '0', '0', '', '' ");
// check and insert default pref values if new main parent + create menu file
if ($_POST['parent'] == "0") {
$iid = mysql_insert_id();
$content_pref = $aa->getContentPref($iid);
$aa->CreateParentMenu($iid);
}
$e107cache->clear("{$plugintable}");
//jsx_location(e_SELF."?".e_QUERY.".pc");
$url = e_SELF . "?" . e_QUERY . ".pc";
e107::getRedirect()->go($url);
} elseif ($mode == "update") {
$sql->db_Update($plugintable, "content_heading = '" . $_POST['cat_heading'] . "', content_subheading = '" . $_POST['cat_subheading'] . "', content_summary = '', content_text = '" . $_POST['cat_text'] . "', content_author = '" . ADMINID . "', content_icon = '" . $tp->toDB($_POST["cat_icon"]) . "', content_image = '', content_parent = '" . $_POST['parent'] . "', content_comment = '" . intval($_POST['cat_comment']) . "', content_rate = '" . intval($_POST['cat_rate']) . "', content_pe = '" . intval($_POST['cat_pe']) . "', content_refer = '0', content_datestamp = '" . $starttime . "', content_enddate = '" . $endtime . "', content_class = '" . intval($_POST['cat_class']) . "' WHERE content_id = '" . intval($_POST['cat_id']) . "' ");
// check and insert default pref values if new main parent + create menu file
if ($_POST['parent'] == "0") {
@unlink(e_PLUGIN . "content/menus/content_" . $_POST['menuheading'] . "_menu.php");
$content_pref = $aa->getContentPref($_POST['cat_id']);
$aa->CreateParentMenu($_POST['cat_id']);
}
$e107cache->clear("{$plugintable}");
//jsx_location(e_SELF."?".e_QUERY.".pu");
$url = e_SELF . "?" . e_QUERY . ".pu";
e107::getRedirect()->go($url);
}
}
<p>Loading…</p>
</div>
<div class="modal-footer">
<a href="#" data-dismiss="modal" class="btn btn-primary">Close</a>
</div>
</div>';
*/
}
if ($mode == 'download' && !empty($_GET['src'])) {
define('e_IFRAME', true);
$frm = e107::getForm();
$mes = e107::getMessage();
$string = base64_decode($_GET['src']);
parse_str($string, $data);
if (!empty($data['price'])) {
e107::getRedirect()->go($data['url']);
return true;
}
$mp = $themec->getMarketplace();
$mes->addSuccess("Connecting...");
if ($mp->download($data['id'], $data['mode'], 'theme')) {
// Auto install?
// $text = e107::getPlugin()->install($data['plugin_folder']);
// $mes->addInfo($text);
echo $mes->render('default', 'success');
} else {
echo $mes->addError('Unable to continue')->render('default', 'error');
}
echo $mes->render('default', 'debug');
} elseif (vartrue($_POST['selectadmin'])) {
$mode = "admin";
$query = "`user_email`='{$clean_email}' ";
// Allow admins to remove 'username' from fpw_template.php if they wish.
$query .= isset($_POST['username']) ? " AND `user_loginname`='{$clean_username}'" : "";
if ($sql->select('user', '*', $query)) {
// Found user in DB
$row = $sql->fetch();
// Main admin expected to be competent enough to never forget password! (And its a security check - so warn them)
// Sending email to admin alerting them of attempted admin password reset, and redirect user to homepage.
if ($row['user_admin'] == 1 && ($row['user_perms'] == '0' or $row['user_perms'] == '0.')) {
sendemail($pref['siteadminemail'], LAN_06, LAN_07 . ' [' . e107::getIPHandler()->getIP(FALSE) . '] ' . e107::getIPHandler()->getIP(TRUE) . ' ' . LAN_08);
e107::getRedirect()->redirect(SITEURL);
}
// Banned user, or not validated
switch ($row['user_ban']) {
case USER_BANNED:
e107::getRedirect()->redirect(SITEURL);
break;
case USER_VALIDATED:
break;
default:
fpw_error(LAN_02 . ':' . $row['user_ban']);
// Intentionally rather a vague message
exit;
}
// Check if password reset was already requested
if ($result = $sql->select('tmp', '*', "`tmp_ip` = 'pwreset' AND `tmp_info` LIKE '" . $row['user_loginname'] . FPW_SEPARATOR . "%'")) {
fpw_error(LAN_FPW4);
exit;
}
// Set unique reset code
mt_srand((double) microtime() * 1000000);
public function redirect403()
{
e107::getRedirect()->redirect(SITEURL . $this->e403);
}
| $Author$
+----------------------------------------------------------------------------+
*/
require_once "class2.php";
// security image may be disabled by removing the appropriate shortcodes from the template.
require_once e_HANDLER . "secure_img_handler.php";
$sec_img = new secure_image();
include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_' . e_PAGE);
require_once HEADERF;
if (!$CONTACT_FORM) {
if (file_exists(THEME . "contact_template.php")) {
require_once THEME . "contact_template.php";
} else {
// Redirect Page if no contact-form or contact-info is available.
if ($pref['sitecontacts'] == e_UC_NOBODY && trim(SITECONTACTINFO) == "") {
e107::getRedirect()->redirect(e_BASE . "index.php");
exit;
}
require_once e_THEME . "templates/contact_template.php";
}
}
if (isset($_POST['send-contactus'])) {
$error = "";
$sender_name = $tp->toEmail($_POST['author_name'], TRUE, 'RAWTEXT');
$sender = check_email($_POST['email_send']);
$subject = $tp->toEmail($_POST['subject'], TRUE, 'RAWTEXT');
$body = $tp->toEmail($_POST['body'], TRUE, 'RAWTEXT');
// Check Image-Code
if (isset($_POST['rand_num']) && !$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) {
$error .= LANCONTACT_15 . "\\n";
}
/**
# Class called when user attempts to log in
#
# @param string $username, $_POSTED user name
# @param string $userpass, $_POSTED user password
# @param $autologin - 'signup' - uses a specially encoded password - logs in if matches
# - zero for 'normal' login
# - non-zero sets the 'remember me' flag in the cookie
' @param string $response - response string returned by CHAP login (instead of password)
# @return boolean - FALSE on login fail, TRUE on login successful
*/
public function login($username, $userpass, $autologin, $response = '', $noredirect = false)
{
$pref = e107::getPref();
$tp = e107::getParser();
$sql = e107::getDb();
$e_event = e107::getEvent();
$_E107 = e107::getE107();
$username = trim($username);
$userpass = trim($userpass);
if ($_E107['cli'] && $username == '') {
return FALSE;
}
$forceLogin = $autologin === 'signup';
if (!$forceLogin && $autologin === 'provider') {
$forceLogin = '******';
}
if ($username == "" || $userpass == "" && $response == '' && $forceLogin !== 'provider') {
// Required fields blank
return $this->invalidLogin($username, LOGIN_BLANK_FIELD);
}
// $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'IP: '.$fip,FALSE,LOG_TO_ROLLING);
// $this->e107->check_ban("banlist_ip='{$this->userIP}' ",FALSE); // This will exit if a ban is in force
e107::getIPHandler()->checkBan("banlist_ip='{$this->userIP}' ", FALSE);
// This will exit if a ban is in force
$autologin = intval($autologin);
// Will decode to zero if forced login
$authorized = false;
if (!$forceLogin && $this->e107->isInstalled('alt_auth')) {
$authMethod[0] = varset($pref['auth_method'], 'e107');
// Primary authentication method
$authMethod[1] = varset($pref['auth_method2'], 'none');
// Secondary authentication method (if defined)
$result = false;
foreach ($authMethod as $method) {
if ($method == 'e107') {
if ($this->lookupUser($username, $forceLogin)) {
if ($this->checkUserPassword($username, $userpass, $response, $forceLogin) === TRUE) {
$authorized = true;
$result = LOGIN_CONTINUE;
// Valid User exists in local DB
} elseif (varset($pref['auth_badpassword'], TRUE)) {
$result = LOGIN_TRY_OTHER;
continue;
// Should use alternate method for password auth
} else {
return $this->invalidLogin($username, LOGIN_ABORT);
}
}
} else {
if ($method != 'none') {
$auth_file = e_PLUGIN . 'alt_auth/' . $method . '_auth.php';
if (file_exists($auth_file)) {
require_once e_PLUGIN . 'alt_auth/alt_auth_login_class.php';
$al = new alt_login($method, $username, $userpass);
$result = $al->loginResult;
switch ($result) {
case LOGIN_ABORT:
return $this->invalidLogin($username, LOGIN_ABORT);
break;
case LOGIN_DB_ERROR:
return $this->invalidLogin($username, LOGIN_DB_ERROR);
break;
case AUTH_SUCCESS:
$authorized = true;
break;
case LOGIN_TRY_OTHER:
continue;
break;
}
}
}
}
if ($result === LOGIN_CONTINUE) {
break;
}
}
}
$username = preg_replace("/\\sOR\\s|\\=|\\#/", "", $username);
// Check secure image
if (!$forceLogin && $pref['logcode'] && extension_loaded('gd')) {
require_once e_HANDLER . "secure_img_handler.php";
$sec_img = new secure_image();
if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) {
// Invalid code
return $this->invalidLogin($username, LOGIN_BAD_CODE);
}
}
if (empty($this->userData)) {
if (!$this->lookupUser($username, $forceLogin)) {
return $this->invalidLogin($username, LOGIN_BAD_USERNAME);
// User doesn't exist
}
}
if ($authorized !== true && $this->checkUserPassword($username, $userpass, $response, $forceLogin) !== true) {
return $this->invalidLogin($username, LOGIN_BAD_PW);
}
// Check user status
switch ($this->userData['user_ban']) {
case USER_REGISTERED_NOT_VALIDATED:
// User not fully signed up - hasn't activated account.
return $this->invalidLogin($username, LOGIN_NOT_ACTIVATED);
case USER_BANNED:
// User banned
return $this->invalidLogin($username, LOGIN_BANNED, $this->userData['user_id']);
case USER_VALIDATED:
// Valid user
break;
// Nothing to do ATM
// Nothing to do ATM
case USER_EMAIL_BOUNCED:
$bounceLAN = "Emails to [x] are bouncing back. Please [verify your email address is correct].";
//TODO LAN
$bounceMessage = $tp->lanVars($bounceLAN, $this->userData['user_email'], true);
$bounceMessage = str_replace(array('[', ']'), array("<a href='" . e_HTTP . "usersettings.php'>", "</a>"), $bounceMessage);
e107::getMessage()->addWarning($bounceMessage, 'default', true);
break;
default:
// May want to pick this up
}
// User is OK as far as core is concerned
// $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'User passed basics',FALSE,LOG_TO_ROLLING);
if ($this->passResult !== FALSE && $this->passResult !== PASSWORD_VALID) {
// May want to rewrite password using salted hash (or whatever the preferred method is) - $pass_result has the value to write
// If login by email address also allowed, will have to write that value too
// $sql->update('user',"`user_password` = '{$pass_result}' WHERE `user_id`=".intval($this->userData['user_id']));
}
$userpass = '';
// Finished with any plaintext password - can get rid of it
$ret = $e_event->trigger("preuserlogin", $username);
if ($ret != '') {
return $this->invalidLogin($username, LOGIN_BAD_TRIGGER, $ret);
}
// Trigger events happy as well
$user_id = $this->userData['user_id'];
$user_name = $this->userData['user_name'];
$user_admin = $this->userData['user_admin'];
$user_email = $this->userData['user_email'];
/* restrict more than one person logging in using same us/pw */
if ($pref['disallowMultiLogin']) {
if ($sql->db_Select("online", "online_ip", "online_user_id='" . $user_id . "." . $user_name . "'")) {
return $this->invalidLogin($username, LOGIN_MULTIPLE, $user_id);
}
}
// User login definitely accepted here
$cookieval = $this->userMethods->makeUserCookie($this->userData, $autologin);
// Calculate class membership - needed for a couple of things
// Problem is that USERCLASS_LIST just contains 'guest' and 'everyone' at this point
$class_list = $this->userMethods->addCommonClasses($this->userData, TRUE);
$user_logging_opts = e107::getConfig()->get('user_audit_opts');
if (isset($user_logging_opts[USER_AUDIT_LOGIN]) && in_array(varset($pref['user_audit_class'], ''), $class_list)) {
// Need to note in user audit trail
$this->e107->admin_log->user_audit(USER_AUDIT_LOGIN, '', $user_id, $user_name);
}
$edata_li = array('user_id' => $user_id, 'user_name' => $user_name, 'class_list' => implode(',', $class_list), 'remember_me' => $autologin, 'user_admin' => $user_admin, 'user_email' => $user_email);
e107::getEvent()->trigger("login", $edata_li);
if ($_E107['cli']) {
return $cookieval;
}
if (in_array(e_UC_NEWUSER, $class_list)) {
if (time() > $this->userData['user_join'] + varset($pref['user_new_period'], 0) * 86400) {
// 'New user' probationary period expired - we can take them out of the class
$this->userData['user_class'] = $this->e107->user_class->ucRemove(e_UC_NEWUSER, $this->userData['user_class']);
// $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login new user complete",$this->userData['user_class'],FALSE,FALSE);
$sql->update('user', "`user_class` = '" . $this->userData['user_class'] . "'", 'WHERE `user_id`=' . $this->userData['user_id']);
unset($class_list[e_UC_NEWUSER]);
$edata_li = array('user_id' => $user_id, 'user_name' => $username, 'class_list' => implode(',', $class_list), 'user_email' => $user_email);
$e_event->trigger('userNotNew', $edata_li);
}
}
if ($noredirect) {
return true;
}
$redir = e_REQUEST_URL;
//$redir = e_SELF;
//if (e_QUERY) $redir .= '?'.str_replace('&','&',e_QUERY);
if (isset($pref['frontpage_force']) && is_array($pref['frontpage_force'])) {
// See if we're to force a page immediately following login - assumes $pref['frontpage_force'] is an ordered list of rules
// $log_info = "New user: "******" Class: ".$this->userData['user_class']." Admin: ".$this->userData['user_admin']." Perms: ".$this->userData['user_perms'];
// $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login Start",$log_info,FALSE,FALSE);
// FIXME - front page now supports SEF URLs - make a check here
foreach ($pref['frontpage_force'] as $fk => $fp) {
if (in_array($fk, $class_list)) {
// We've found the entry of interest
if (strlen($fp)) {
if (strpos($fp, 'http') === FALSE) {
$fp = str_replace(e_HTTP, '', $fp);
// This handles sites in a subdirectory properly (normally, will replace nothing)
$fp = SITEURL . $fp;
}
//$redir = ((strpos($fp, 'http') === FALSE) ? SITEURL : '').$tp->replaceConstants($fp, TRUE, FALSE);
$redir = e107::getParser()->replaceConstants($fp, TRUE, FALSE);
// $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Redirect active",$redir,FALSE,FALSE);
}
break;
}
}
}
$redirPrev = e107::getRedirect()->getPreviousUrl();
if ($redirPrev) {
e107::getRedirect()->redirect($redirPrev);
}
e107::getRedirect()->redirect($redir);
exit;
}
public function login($redirectUrl = true)
{
if (!e107::getPref('social_login_active', false)) {
throw new Exception("Signup failed! This feature is disabled.", 100);
// TODO lan
}
if (!$this->getProvider()) {
throw new Exception("Login failed! Wrong provider.", 22);
// TODO lan
}
if ($redirectUrl) {
if (true === $redirectUrl) {
$redirectUrl = SITEURL;
} elseif (strpos($redirectUrl, 'http://') !== 0 && strpos($redirectUrl, 'https://') !== 0) {
$redirectUrl = e107::getUrl()->create($redirectUrl);
}
}
if (e107::getUser()->isUser()) {
if ($redirectUrl) {
e107::getRedirect()->redirect($redirectUrl);
}
return true;
}
$this->adapter = $this->hybridauth->authenticate($this->getProvider());
$check = e107::getUser()->setProvider($this)->loginProvider($this->userId(), false);
if ($redirectUrl) {
e107::getRedirect()->redirect($redirectUrl);
}
return $check;
}
/**
* @param $url
*/
private function redirect($url)
{
if (E107_DEBUG_LEVEL > 0) {
require_once HEADERF;
e107::getRender()->tablerender('Debug', "Redirecting to: <a href='" . $url . "'>" . $url . "</a>");
require_once FOOTERF;
exit;
}
e107::getRedirect()->go($url);
}
function displayLinkComment()
{
global $qs, $cobj, $linkbutton_count, $lc, $rowl, $link_shortcodes, $linkspage_pref, $LINK_APPEND;
$db = e107::getDb();
$template = e107::getTemplate('links_page', 'links_page');
$tp = e107::getParser();
if (!(isset($linkspage_pref["link_comment"]) && $linkspage_pref["link_comment"])) {
//jsx_location(e107::url('links_page', 'index'));
$url = e107::url('links_page', 'index');
e107::getRedirect()->go($url);
} else {
$qry = "\n\t\tSELECT l.*, lc.*, COUNT(c.comment_id) AS link_comment\n\t\tFROM #links_page AS l\n\t\tLEFT JOIN #links_page_cat AS lc ON lc.link_category_id = l.link_category\n\t\tLEFT JOIN #comments as c ON c.comment_item_id=l.link_id AND comment_type='links_page'\n\t\tWHERE l.link_active = 1 AND l.link_id = '" . intval($qs[1]) . "' AND lc.link_category_class REGEXP '" . e_CLASS_REGEXP . "' AND l.link_class REGEXP '" . e_CLASS_REGEXP . "'\n\t\tGROUP BY l.link_id";
$link_comment_table_string = "";
if (!($linkcomment = $db->gen($qry))) {
//jsx_location(e107::url('links_page', 'index'));
$url = e107::url('links_page', 'index');
e107::getRedirect()->go($url);
} else {
$rowl = $db->fetch();
$linkbutton_count = $rowl['link_button'] ? $linkbutton_count + 1 : $linkbutton_count;
$LINK_APPEND = $lc->parse_link_append($rowl);
$subject = $rowl['link_name'];
$text = $tp->parseTemplate($template['LINK_TABLE_START'], FALSE, $link_shortcodes);
$text .= $tp->parseTemplate($template['LINK_TABLE'], FALSE, $link_shortcodes);
$text .= $tp->parseTemplate($template['LINK_TABLE_END'], FALSE, $link_shortcodes);
$navigator = displayNavigator();
$text = $navigator . $text;
e107::getRender()->tablerender(LAN_LINKS_36, $text);
$cobj->compose_comment("links_page", "comment", $qs[1], $width, $subject, $showrate = FALSE);
}
}
return;
}
list($id, $from) = explode(".", e_QUERY);
$forumId = intval($id);
$threadFrom = intval($from);
unset($id, $from);
}
if (!$forum->checkPerm($forumId, 'view')) {
// header('Location:'.e107::getUrl()->create('forum/forum/main'));
$url = e107::url('forum', 'index', 'full');
if (E107_DEBUG_LEVEL > 0) {
print_a($_REQUEST);
print_a($_GET);
echo __FILE__ . ' Line: ' . __LINE__;
echo " forumId: " . $forumId;
exit;
}
e107::getRedirect()->go($url);
exit;
}
$forumInfo = $forum->forumGet($forumId);
$threadsViewed = $forum->threadGetUserViewed();
if (!vartrue($FORUM_VIEW_START)) {
if (file_exists(THEME . 'forum_viewforum_template.php')) {
require_once THEME . 'forum_viewforum_template.php';
} elseif (file_exists(THEME . 'forum_template.php')) {
require_once THEME . 'forum_template.php';
} else {
require_once e_PLUGIN . 'forum/templates/forum_viewforum_template.php';
}
}
if (is_array($FORUM_VIEWFORUM_TEMPLATE) && deftrue('BOOTSTRAP', false)) {
$FORUM_VIEW_START_CONTAINER = $FORUM_VIEWFORUM_TEMPLATE['start'];
function submitPage($mode = FALSE, $type = FALSE)
{
global $e107cache, $admin_log, $e_event;
$frm = e107::getForm();
$sql = e107::getDb();
$tp = e107::getParser();
$ns = e107::getRender();
$mes = e107::getMessage();
$page_title = $tp->toDB($_POST['page_title']);
// print_a($_POST);
// if(is_array($_POST['data']) && is_array($_POST['subtitle']))
$newData = array();
foreach ($_POST as $k => $v) {
if (substr($k, 0, 4) == 'data' && trim($v) != '') {
list($tm, $key) = explode("_", $k);
if ($mode == FALSE) {
$newData[] = "[newpage=" . $_POST['page_subtitle'][$key] . "]\n";
}
$newData[] = $v;
}
// return;
}
// return;
$newData = implode("\n\n", $newData);
// echo nl2br($newData);
$page_text = $tp->toDB($newData);
$pauthor = $_POST['page_display_authordate_flag'] ? USERID : 0;
// Ideally, this check should be done in the front-end.
$update = 0;
// Make sure some updates happen
$page_sef = '';
$page_metad = '';
$page_metak = '';
if (!$type) {
if (!empty($_POST['page_sef'])) {
$page_sef = eHelper::secureSef($_POST['page_sef']);
}
if (empty($page_sef)) {
$page_sef = eHelper::title2sef($_POST['page_title']);
}
if (!empty($_POST['page_metadscr'])) {
$page_metad = $tp->toDB(eHelper::formatMetaDescription($_POST['page_metadscr']));
}
if (!empty($_POST['page_metakeys'])) {
$page_metak = eHelper::formatMetaKeys($_POST['page_metakeys']);
}
}
if (!$type && (!$page_title || !$page_sef)) {
e107::getMessage()->addError(CUSLAN_34, 'default', true);
e107::getRedirect()->redirect(e_ADMIN_ABS . 'cpage.php');
}
// FIXME Causes false positives on Update.. - what is trying to be achieved with this check?
/*
if(!$type && $sql->db_Count('page', '(page_id)', ($mode ? "page_id != {$mode} AND " : '')."page_sef != '{$page_sef}'"))
{
e107::getMessage()->addError(CUSLAN_34, 'default', true);
e107::getMessage()->addDebug("type=".$type, 'default', true);
e107::getMessage()->addDebug("page_title=".$page_title, 'default', true);
e107::getMessage()->addDebug("page_sef=".$page_sef, 'default', true);
e107::getMessage()->addDebug("Mode=".$mode, 'default', true);
e107::getRedirect()->redirect(e_ADMIN_ABS.'cpage.php');
}
*/
if ($type && empty($_POST['menu_name'])) {
e107::getMessage()->addError(CUSLAN_36, 'default', true);
e107::getRedirect()->redirect(e_ADMIN_ABS . 'cpage.php');
}
if ($mode) {
// Saving existing page/menu after edit
// Don't think $_POST['page_ip_restrict'] is ever set.
$menuname = $type && vartrue($_POST['menu_name']) ? ", page_theme = '" . $tp->toDB($_POST['menu_name']) . "'" : "";
$status = $sql->db_Update("page", "page_title='{$page_title}', page_sef='{$page_sef}', page_chapter='" . intval($_POST['page_chapter']) . "', page_metakeys='{$page_metak}', page_metadscr='{$page_metad}', page_text='{$page_text}', page_datestamp='" . time() . "', page_author='{$pauthor}', page_rating_flag='" . intval($_POST['page_rating_flag']) . "', page_comment_flag='" . intval($_POST['page_comment_flag']) . "', page_password='******'page_password'] . "', page_class='" . $_POST['page_class'] . "', page_ip_restrict='" . varset($_POST['page_ip_restrict'], '') . "', page_template='" . $_POST['page_template'] . "' {$menuname} WHERE page_id='{$mode}'") ? E_MESSAGE_SUCCESS : E_MESSAGE_ERROR;
if ($status == E_MESSAGE_SUCCESS) {
$update++;
}
$mes->add($message, $status);
$admin_log->log_event('CPAGE_02', $mode . '[!br!]' . $page_title . '[!br!]' . $pauthor, E_LOG_INFORMATIVE, '');
$e107cache->clear("page_{$mode}");
$e107cache->clear("page-t_{$mode}");
$data = array('method' => 'update', 'table' => 'page', 'id' => $mode, 'plugin' => 'page', 'function' => 'submitPage');
$this->message = $e_event->triggerHook($data);
if ($type) {
$menu_name = $tp->toDB($_POST['menu_name']);
// not to be confused with menu-caption.
// Need to check whether menu already in table, else we can't distinguish between a failed update and no update needed
if ($sql->db_Select('menus', 'menu_name', "`menu_path` = '{$mode}'")) {
// Updating existing entry
if ($sql->db_Update('menus', "menu_name='{$menu_name}' WHERE menu_path='{$mode}' ") !== FALSE) {
$update++;
}
}
}
//$url = e107::getUrl()->sc('page/view', array('name' => $tp->post_toForm($_POST['page_title']), 'id' => $mode));
/*
// Prevent links being updated in another language unless the table is present.
if((($pref['sitelanguage'] != $sql->mySQLlanguage) && ($sql->mySQLlanguage!='')) && ($sql->db_IsLang("links")=='links'))
{
//echo "DISABLED LINK CREATION";
//echo ' Sitelan='.$pref['sitelanguage'];
//echo " Dblang=".$sql->mySQLlanguage;
//echo " Links=".$sql->db_IsLang("links");
return;
}
if ($_POST['page_link'])
{
// FIXME extremely ugly, just join on created link ID by new field page_link
if ($sql->db_Select("links", "link_id", "link_url='".$url."' && link_name!='".$tp->toDB($_POST['page_link'])."'"))
{
$sql->db_Update("links", "link_name='".$tp->toDB($_POST['page_link'])."' WHERE link_url='".$url."'");
$update++;
$e107cache->clear("sitelinks");
}
else if (!$sql->db_Select("links", "link_id", "link_url='".$url."'"))
{
$sql->db_Insert("links", "0, '".$tp->toDB($_POST['page_link'])."', '".$url."', '', '', 1, 0, 0, 0, ".$_POST['page_class']);
$update++;
$e107cache->clear("sitelinks");
}
} else {
if ($sql->db_Select("links", "link_id", "link_url='".$url."'"))
{
$sql->db_Delete("links", "link_url='".$url."'");
$update++;
$e107cache->clear("sitelinks");
}
}*/
$mes = e107::getMessage();
$mes->autoMessage($update, 'update', LAN_UPDATED, false, false);
// Display result of update
} else {
// New page/menu
$menuname = $type ? $tp->toDB($_POST['menu_name']) : "";
$addMsg = $type ? CUSLAN_51 : CUSLAN_27;
$info = array('page_title' => $page_title, 'page_sef' => $page_sef, 'page_chapter' => varset($_POST['page_chapter'], 0), 'page_metakeys' => $page_metak, 'page_metadscr' => $page_metad, 'page_text' => $page_text, 'page_author' => $pauthor, 'page_datestamp' => time(), 'page_rating_flag' => varset($_POST['page_rating_flag'], 0), 'page_comment_flag' => varset($_POST['page_comment_flag'], ''), 'page_password' => varset($_POST['page_password'], ''), 'page_class' => varset($_POST['page_class'], e_UC_PUBLIC), 'page_ip_restrict' => '', 'page_theme' => $menuname, 'page_template' => varset($_POST['page_template'], ''));
$pid = e107::getMessage()->autoMessage($sql->db_Insert('page', $info), 'insert', $addMsg, LAN_CREATED_FAILED, false);
$admin_log->log_event('CPAGE_01', $menuname . '[!br!]' . $page_title . '[!br!]' . $pauthor, E_LOG_INFORMATIVE, '');
if ($type) {
$info = array('menu_name' => $menuname, 'menu_location' => 0, 'menu_order' => 0, 'menu_class' => '0', 'menu_pages' => '', 'menu_path' => $pid);
e107::getMessage()->autoMessage($sql->db_Insert('menus', $info), 'insert', CUSLAN_52, LAN_CREATED_FAILED, false);
}
/*if(vartrue($_POST['page_link']))
{
//$link = 'page.php?'.$pid;
$url = e107::getUrl()->sc('page/view', array('name' => $tp->post_toForm($_POST['page_title']), 'id' => $pid));
if (!$sql->db_Select("links", "link_id", "link_name='".$tp->toDB($_POST['page_link'])."'"))
{
$linkname = $tp->toDB($_POST['page_link']);
$sql->db_Insert("links", "0, '{$linkname}', '{$url}', '', '', 1, 0, 0, 0, ".$_POST['page_class']);
$e107cache->clear("sitelinks");
}
}*/
$data = array('method' => 'create', 'table' => 'page', 'id' => $pid, 'plugin' => 'page', 'function' => 'submitPage');
$this->message = $e_event->triggerHook($data);
}
}
<?php
/*
+ ----------------------------------------------------------------------------+
| e107 website system
|
| Copyright (C) 2008-2009 e107 Inc
| http://e107.org
|
|
| Released under the terms and conditions of the
| GNU General Public License (http://gnu.org).
|
| $Source: /cvs_backup/e107_0.8/download.php,v $
| $Revision$
| $Date$
| $Author$
|
+----------------------------------------------------------------------------+
*/
require_once "class2.php";
$query = e_QUERY ? "?" . str_replace("&", "&", e_QUERY) : "";
e107::getRedirect()->go(e_PLUGIN . "download/download.php" . $query, true);
//require_once(e_PLUGIN."download/download.php");
exit;
