/**
* Delete a block
*
* @param string $bid id of block to delete
* @return string HTML redirect or error message
*
*/
function deleteBlock($bid)
{
global $_CONF, $_TABLES, $_USER;
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid ='{$bid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access < 3 || TOPIC_hasMultiTopicAccess('block', $bid) < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete block {$bid}.");
return COM_refresh($_CONF['site_admin_url'] . '/block.php');
}
TOPIC_deleteTopicAssignments('block', $bid);
DB_delete($_TABLES['blocks'], 'bid', $bid);
$cacheInstance = 'block__' . $bid . '__';
// remove any of this blocks instances if exists
CACHE_remove_instance($cacheInstance);
return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=12');
}
// | |
// +--------------------------------------------------------------------------+
require_once '../lib-common.php';
require_once 'auth.inc.php';
require_once $_CONF['path_system'] . 'classes/menu.class.php';
require_once $_CONF['path_system'] . 'lib-menu.php';
USES_lib_admin();
$display = '';
$content = '';
$MenuElementAllowedHTML = "i[class|style],div[class|style],span[class|style],img[src|class|style],em,strong,del,ins,q,abbr,dfn,small";
// Only let admin users access this page
if (!SEC_hasRights('menu.admin')) {
$display .= COM_siteHeader('menu', $MESSAGE[30]);
$display .= COM_showMessageText($MESSAGE[37], $MESSAGE[30], true);
$display .= COM_siteFooter();
COM_accessLog("User {$_USER['username']} unauthorized user tried to access the menu editor screen.");
echo $display;
exit;
}
function MB_displayMenuList()
{
global $_CONF, $_USER, $_TABLES, $LANG_MB01, $LANG_MB_ADMIN, $LANG_ADMIN, $LANG_MB_MENU_TYPES;
$retval = '';
$menuArray = array();
$mbadmin = SEC_hasRights('menu.admin');
$root = SEC_inGroup('Root');
if (COM_isAnonUser()) {
$uid = 1;
} else {
$uid = $_USER['uid'];
}
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +--------------------------------------------------------------------------+
require_once '../lib-common.php';
require_once 'auth.inc.php';
$display = '';
if (!SEC_hasrights('autotag.admin')) {
$display .= COM_siteHeader('menu', $MESSAGE[30]);
$display .= COM_showMessageText($MESSAGE[38], $MESSAGE[30], true);
$display .= COM_siteFooter();
COM_accessLog("User {$_USER['username']} attempted to access the autotag administration screen.");
echo $display;
exit;
}
USES_lib_install();
/**
* Main driver to handle the uploaded autotag
*
* Determines if a new style (supports automated installer) or
* an old style.
*
* @return string Formatted HTML containing the page body
*
*/
function processAutotagUpload()
{
if (!empty($file)) {
DBADMIN_download($file);
exit;
}
break;
case 'delete':
if (isset($_POST['delitem']) && SEC_checkToken()) {
foreach ($_POST['delitem'] as $delfile) {
$file = preg_replace('/[^a-zA-Z0-9\\-_\\.]/', '', COM_applyFilter($delfile));
$file = str_replace('..', '', $file);
if (!@unlink($_CONF['backup_path'] . $file)) {
COM_errorLog('Unable to remove backup file "' . $file . '"');
}
}
} else {
COM_accessLog("User {$_USER['username']} tried to illegally delete database backup(s) and failed CSRF checks.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
break;
case 'config':
$view = 'config';
break;
case 'saveconfig':
$items = array();
// Get the excluded tables into a serialized string
$tables = explode('|', $_POST['groupmembers']);
$items['lglib_dbback_exclude'] = DB_escapeString(@serialize($tables));
$items['lglib_dbback_files'] = (int) $_POST['db_backup_maxfiles'];
if (isset($_POST['disable_cron'])) {
$str = '-1';
} else {
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +---------------------------------------------------------------------------+
require_once '../../../lib-common.php';
require_once '../../auth.inc.php';
require_once $_CONF['path'] . 'plugins/downloads/include/functions.php';
if (!SEC_hasRights('downloads.edit')) {
$display = COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = DLM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally access the downloads temporary file.");
COM_output($display);
exit;
}
COM_setArgNames(array('id'));
$lid = addslashes(COM_applyFilter(COM_getArgument('id')));
$result = DB_query("SELECT url, date FROM {$_TABLES['downloadsubmission']} WHERE lid='{$lid}'");
list($url, $date) = DB_fetchArray($result);
$filepath = $_DLM_CONF['path_filestore'] . 'tmp' . date('YmdHis', $date) . DLM_createSafeFileName($url);
if (file_exists($filepath)) {
header('Content-Disposition: attachment; filename="' . $url . '"');
header('Content-Type: application/octet-stream');
header('Content-Description: File Transfer');
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
function links_delete_category($cid)
{
global $_TABLES, $LANG_LINKS_ADMIN;
$cid = addslashes($cid);
if (DB_count($_TABLES['linkcategories'], 'cid', $cid) > 0) {
// item exists so check access rights
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,\n perm_members,perm_anon FROM {$_TABLES['linkcategories']}\n WHERE cid='{$cid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access > 2) {
// has edit rights
// Check for subfolders and sublinks
$sf = DB_count($_TABLES['linkcategories'], 'pid', $cid);
$sl = DB_count($_TABLES['links'], 'cid', $cid);
if ($sf == 0 && $sl == 0) {
// No subfolder/links so OK to delete
DB_delete($_TABLES['linkcategories'], 'cid', $cid);
PLG_itemDeleted($cid, 'links.category');
return 13;
} else {
// Subfolders and/or sublinks exist so return a message
return 14;
}
} else {
// no access
return 15;
COM_accessLog(sprintf($LANG_LINKS_ADMIN[46], $_USER['username']));
}
} else {
// no such category
return 16;
}
}
/**
* Return the current user status for a user.
* NOTE: May not return for banned/non-approved users.
*
* @param int $userid Valid uid value.
* @return int user status, 0-3
*/
function SEC_checkUserStatus($userid)
{
global $_CONF, $_TABLES;
// Check user status
$status = DB_getItem($_TABLES['users'], 'status', "uid={$userid}");
// only do redirects if we aren't on users.php in a valid mode (logout or
// default)
if (strpos($_SERVER['PHP_SELF'], 'users.php') === false) {
$redirect = true;
} else {
if (empty($_REQUEST['mode']) || $_REQUEST['mode'] == 'logout') {
$redirect = false;
} else {
$redirect = true;
}
}
if ($status == USER_ACCOUNT_AWAITING_ACTIVATION) {
DB_change($_TABLES['users'], 'status', USER_ACCOUNT_ACTIVE, 'uid', $userid);
} elseif ($status == USER_ACCOUNT_AWAITING_APPROVAL) {
// If we aren't on users.php with a default action then go to it
if ($redirect) {
COM_accessLog("SECURITY: Attempted Cookie Session login from user awaiting approval {$userid}.");
COM_redirect($_CONF['site_url'] . '/users.php?msg=70');
}
} elseif ($status == USER_ACCOUNT_DISABLED) {
if ($redirect) {
COM_accessLog("SECURITY: Attempted Cookie Session login from banned user {$userid}.");
COM_redirect($_CONF['site_url'] . '/users.php?msg=69');
}
}
return $status;
}
/**
* Delete an existing story
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @return int Response code as defined in lib-plugins.php
*/
function service_delete_story($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER;
if (empty($args['sid']) && !empty($args['id'])) {
$args['sid'] = $args['id'];
}
if ($args['gl_svc']) {
$args['sid'] = COM_applyBasicFilter($args['sid']);
}
$sid = $args['sid'];
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['stories']} WHERE sid = '{$sid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
$access = min($access, TOPIC_hasMultiTopicAccess('article', $sid));
if ($access < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete story {$sid}.");
$output = COM_refresh($_CONF['site_admin_url'] . '/story.php');
if ($_USER['uid'] > 1) {
return PLG_RET_PERMISSION_DENIED;
} else {
return PLG_RET_AUTH_FAILED;
}
}
STORY_doDeleteThisStoryNow($sid);
$output = COM_refresh($_CONF['site_admin_url'] . '/story.php?msg=10');
return PLG_RET_OK;
}
/**
* Delete a topic
*
* @param string $tid Topic ID
* @return string HTML redirect
*
*/
function deleteTopic($tid)
{
global $_CONF, $_TABLES, $_USER;
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid ='{$tid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete topic {$tid}.");
return COM_refresh($_CONF['site_admin_url'] . '/topic.php');
}
// don't delete topic blocks - assign them to 'all' and disable them
DB_query("UPDATE {$_TABLES['blocks']} SET tid = 'all', is_enabled = 0 WHERE tid = '{$tid}'");
// same with feeds
DB_query("UPDATE {$_TABLES['syndication']} SET topic = '::all', is_enabled = 0 WHERE topic = '{$tid}'");
// delete comments, trackbacks, images associated with stories in this topic
$result = DB_query("SELECT sid FROM {$_TABLES['stories']} WHERE tid = '{$tid}'");
$numStories = DB_numRows($result);
for ($i = 0; $i < $numStories; $i++) {
$A = DB_fetchArray($result);
STORY_deleteImages($A['sid']);
DB_delete($_TABLES['comments'], array('sid', 'type'), array($A['sid'], 'article'));
DB_delete($_TABLES['trackback'], array('sid', 'type'), array($A['sid'], 'article'));
}
// delete these
DB_delete($_TABLES['stories'], 'tid', $tid);
DB_delete($_TABLES['storysubmission'], 'tid', $tid);
DB_delete($_TABLES['topics'], 'tid', $tid);
// update feed(s) and Older Stories block
COM_rdfUpToDateCheck('article');
COM_olderStuff();
return COM_refresh($_CONF['site_admin_url'] . '/topic.php?msg=14');
}
} else {
$_POST['sp_centerblock'] = 0;
}
if ($sp_inblock == 'on') {
$_POST['sp_inblock'] = 1;
} else {
$_POST['sp_inblock'] = 0;
}
$display .= PAGE_edit($sp_id, '', $editor);
$display .= COM_siteFooter();
}
break;
case 'delete':
if (empty($sp_id) || is_numeric($sp_id) && $sp_id == 0) {
COM_errorLog('Attempted to delete staticpage, sp_id empty or null, value =' . $sp_id);
$display .= COM_refresh($_CONF['site_admin_url'] . '/plugins/staticpages/index.php');
} elseif (SEC_checkToken()) {
$args = array('sp_id' => $sp_id);
PLG_invokeService('staticpages', 'delete', $args, $display, $svc_msg);
} else {
COM_accessLog("User {$_USER['username']} tried to illegally delete staticpage {$sp_id} and failed CSRF checks.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
break;
default:
$display .= COM_siteHeader('menu', $LANG_STATIC['staticpagelist']);
$display .= PAGE_list();
$display .= COM_siteFooter();
break;
}
echo $display;
/**
* Saves the user's information back to the database
*
* @param array $A User's data
* @return string HTML error message or meta redirect
*
*/
function saveuser($A)
{
global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE;
if ($_US_VERBOSE) {
COM_errorLog('**** Inside saveuser in usersettings.php ****', 1);
}
$reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = {$_USER['uid']}");
if ($reqid != $A['uid']) {
DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $_USER['uid']);
COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}.");
return COM_refresh($_CONF['site_url'] . '/index.php');
}
if (!isset($A['cooktime'])) {
// If not set or possibly removed from template - set to default
$A['cooktime'] = $_CONF['default_perm_cookie_timeout'];
} else {
$A['cooktime'] = COM_applyFilter($A['cooktime'], true);
}
// If empty or invalid - set to user default
// So code after this does not fail the user password required test
if ($A['cooktime'] < 0) {
// note that == 0 is allowed!
$A['cooktime'] = $_USER['cookietimeout'];
}
// to change the password, email address, or cookie timeout,
// we need the user's current password
$current_password = DB_getItem($_TABLES['users'], 'passwd', "uid = {$_USER['uid']}");
if (!empty($A['passwd']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
if (empty($A['old_passwd']) || SEC_encryptPassword($A['old_passwd']) != $current_password) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83');
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
}
}
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
}
}
// no need to filter the password as it's encoded anyway
if ($_CONF['allow_username_change'] == 1) {
$A['new_username'] = COM_applyFilter($A['new_username']);
if (!empty($A['new_username']) && $A['new_username'] != $_USER['username']) {
$A['new_username'] = addslashes($A['new_username']);
if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) {
if ($_CONF['allow_user_photo'] == 1) {
$photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}");
if (!empty($photo)) {
$newphoto = preg_replace('/' . $_USER['username'] . '/', $A['new_username'], $photo, 1);
$imgpath = $_CONF['path_images'] . 'userphotos/';
if (rename($imgpath . $photo, $imgpath . $newphoto) === false) {
$display = COM_siteHeader('menu', $LANG04[21]);
$display .= COM_errorLog('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".');
$display .= COM_siteFooter();
return $display;
}
DB_change($_TABLES['users'], 'photo', addslashes($newphoto), "uid", $_USER['uid']);
}
}
DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", $_USER['uid']);
} else {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51');
}
}
}
// a quick spam check with the unfiltered field contents
$profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1>' . '<p>' . COM_createLink($A['homepage'], $A['homepage']) . '<br' . XHTML . '>' . $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>' . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>';
$result = PLG_checkforSpam($profile, $_CONF['spamx']);
if ($result > 0) {
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$A['email'] = COM_applyFilter($A['email']);
$A['email_conf'] = COM_applyFilter($A['email_conf']);
$A['homepage'] = COM_applyFilter($A['homepage']);
// basic filtering only
$A['fullname'] = strip_tags(COM_stripslashes($A['fullname']));
$A['location'] = strip_tags(COM_stripslashes($A['location']));
$A['sig'] = strip_tags(COM_stripslashes($A['sig']));
$A['about'] = strip_tags(COM_stripslashes($A['about']));
$A['pgpkey'] = strip_tags(COM_stripslashes($A['pgpkey']));
if (!COM_isEmail($A['email'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52');
} else {
if ($A['email'] !== $A['email_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78');
} else {
if (emailAddressExists($A['email'], $_USER['uid'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56');
} else {
if (!empty($A['passwd'])) {
if ($A['passwd'] == $A['passwd_conf'] && SEC_encryptPassword($A['old_passwd']) == $current_password) {
$passwd = SEC_encryptPassword($A['passwd']);
DB_change($_TABLES['users'], 'passwd', "{$passwd}", "uid", $_USER['uid']);
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
} else {
$cooktime = -1000;
}
SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime);
} elseif (SEC_encryptPassword($A['old_passwd']) != $current_password) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68');
} elseif ($A['passwd'] != $A['passwd_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67');
}
}
if ($_US_VERBOSE) {
COM_errorLog('cooktime = ' . $A['cooktime'], 1);
}
if ($A['cooktime'] <= 0) {
$cooktime = 1000;
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() - $cooktime);
} else {
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $A['cooktime']);
}
if ($_CONF['allow_user_photo'] == 1) {
$delete_photo = '';
if (isset($A['delete_photo'])) {
$delete_photo = $A['delete_photo'];
}
$filename = handlePhotoUpload($delete_photo);
}
if (!empty($A['homepage'])) {
$pos = MBYTE_strpos($A['homepage'], ':');
if ($pos === false) {
$A['homepage'] = 'http://' . $A['homepage'];
} else {
$prot = substr($A['homepage'], 0, $pos + 1);
if ($prot != 'http:' && $prot != 'https:') {
$A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1);
}
}
$A['homepage'] = addslashes($A['homepage']);
}
$A['fullname'] = addslashes($A['fullname']);
$A['email'] = addslashes($A['email']);
$A['location'] = addslashes($A['location']);
$A['sig'] = addslashes($A['sig']);
$A['about'] = addslashes($A['about']);
$A['pgpkey'] = addslashes($A['pgpkey']);
if (!empty($filename)) {
if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) {
$filename = '';
}
}
DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='{$filename}' WHERE uid={$_USER['uid']}");
DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}");
// Call custom registration save function if enabled and exists
if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
CUSTOM_userSave($_USER['uid']);
}
PLG_userInfoChanged($_USER['uid']);
if ($_US_VERBOSE) {
COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1);
}
return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=5');
}
}
}
}
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +--------------------------------------------------------------------------+
// Geeklog common function library
require_once '../lib-common.php';
// Security check to ensure user even belongs on this page
require_once 'auth.inc.php';
require_once $_CONF['path_system'] . 'lib-admin.php';
if (!SEC_inGroup('Root')) {
$display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally access the log viewer screen.");
COM_output($display);
exit;
}
if (isset($_GET['log'])) {
$log = COM_applyFilter($_GET['log']);
} elseif (isset($_POST['log'])) {
$log = COM_applyFilter($_POST['log']);
} else {
$log = '';
}
$log = COM_sanitizeFilename($log, true);
if (empty($log)) {
$log = 'error.log';
}
$display = '';
/**
* Static Pages plugin administration page
*
* @package StaticPages
* @subpackage admin
*/
/**
* Geeklog common function library and Admin authentication
*/
require_once '../../../lib-common.php';
require_once '../../auth.inc.php';
$display = '';
if (!SEC_hasRights('staticpages.edit')) {
$display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally access the static pages administration screen.");
COM_output($display);
exit;
}
/**
* Displays the static page editor form
*
* @param array $A Data to display
* @return string HTML for the static page editor
*
*/
function staticpageeditor_form($A)
{
global $_CONF, $_TABLES, $_USER, $_GROUPS, $_SP_CONF, $mode, $sp_id, $LANG21, $LANG_STATIC, $LANG_ACCESS, $LANG_ADMIN, $LANG01, $LANG24, $LANG_postmodes, $MESSAGE, $_IMAGE_TYPE, $_SCRIPTS;
if (!empty($sp_id) && $mode == 'edit') {
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
/**
* Returns a page for permission denied
*
* @return string HTML for permission denied page
*/
function _UI_perm_denied()
{
global $_USER, $MESSAGE;
$display = COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally access the config administration screen.");
return $display;
}
// +--------------------------------------------------------------------------+
// | |
// | This program is free software; you can redistribute it and/or |
// | modify it under the terms of the GNU General Public License |
// | as published by the Free Software Foundation; either version 2 |
// | of the License, or (at your option) any later version. |
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +--------------------------------------------------------------------------+
require_once '../lib-common.php';
$display = '';
if (!SEC_inGroup('Root')) {
$display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally access the clear cache.");
COM_output($display);
exit;
}
/*
* Main processing
*/
CTL_clearCache();
COM_redirect($_CONF['site_admin_url'] . '/index.php?msg=500');
* installed Geeklog in a (relatively) secure fashion. It also gives tips on
* how to fix issues.
*
*/
/**
* Geeklog common function library
*/
require_once '../lib-common.php';
/**
* Security check to ensure user even belongs on this page
*/
require_once 'auth.inc.php';
$display = '';
if (!SEC_inGroup('Root')) {
$display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally access the security check.");
COM_output($display);
exit;
}
// ugh, global variable ...
$failed_tests = 0;
/**
* Send an HTTP HEAD request for the given URL
*
* @param string $url URL to request
* @param string &$errmsg error message, if any (on return)
* @return int HTTP response code or 777 on error
*
*/
function doHeadRequest($url, &$errmsg)
{
/**
* Shows story editor
*
* Displays the story entry form
*
* @param string $sid ID of story to edit
* @param string $mode 'preview', 'edit', 'editsubmission', 'clone'
* @param string $errormsg a message to display on top of the page
* @return string HTML for story editor
*
*/
function storyeditor($sid = '', $mode = '', $errormsg = '')
{
global $_CONF, $_TABLES, $_USER, $LANG24, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_SCRIPTS, $LANG_DIRECTION, $LANG_MONTH, $LANG_WEEK;
$display = '';
if (!isset($_CONF['hour_mode'])) {
$_CONF['hour_mode'] = 12;
}
if (!empty($errormsg)) {
$display .= COM_showMessageText($errormsg, $LANG24[25]);
}
$story = new Story();
if ($mode == 'preview') {
// Handle Magic GPC Garbage:
while (list($key, $value) = each($_POST)) {
if (!is_array($value)) {
$_POST[$key] = COM_stripslashes($value);
} else {
while (list($subkey, $subvalue) = each($value)) {
$value[$subkey] = COM_stripslashes($subvalue);
}
}
}
$result = $story->loadFromArgsArray($_POST);
if ($_CONF['maximagesperarticle'] > 0) {
$errors = $story->checkAttachedImages();
if (count($errors) > 0) {
$msg = $LANG24[55] . LB . '<ul>' . LB;
foreach ($errors as $err) {
$msg .= '<li>' . $err . '</li>' . LB;
}
$msg .= '</ul>' . LB;
$display .= COM_showMessageText($msg, $LANG24[54]);
}
}
} else {
$result = $story->loadFromDatabase($sid, $mode);
}
if ($result == STORY_PERMISSION_DENIED || $result == STORY_NO_ACCESS_PARAMS) {
$display .= COM_showMessageText($LANG24[42], $LANG_ACCESS['accessdenied']);
COM_accessLog("User {$_USER['username']} tried to illegally access story {$sid}.");
return $display;
} elseif ($result == STORY_EDIT_DENIED || $result == STORY_EXISTING_NO_EDIT_PERMISSION) {
$display .= COM_showMessageText($LANG24[41], $LANG_ACCESS['accessdenied']);
$display .= STORY_renderArticle($story, 'p');
COM_accessLog("User {$_USER['username']} tried to illegally edit story {$sid}.");
return $display;
} elseif ($result == STORY_INVALID_SID) {
if ($mode == 'editsubmission') {
// that submission doesn't seem to be there any more (may have been
// handled by another Admin) - take us back to the moderation page
return COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
} else {
return COM_refresh($_CONF['site_admin_url'] . '/story.php');
}
} elseif ($result == STORY_DUPLICATE_SID) {
$display .= COM_showMessageText($LANG24[24]);
}
// Load HTML templates
$story_templates = COM_newTemplate($_CONF['path_layout'] . 'admin/story');
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
$story_templates->set_file(array('editor' => 'storyeditor_advanced.thtml'));
$advanced_editormode = true;
$story_templates->set_var('change_editormode', 'onchange="change_editmode(this);"');
require_once $_CONF['path_system'] . 'classes/navbar.class.php';
$story_templates->set_var('show_preview', 'none');
$story_templates->set_var('lang_expandhelp', $LANG24[67]);
$story_templates->set_var('lang_reducehelp', $LANG24[68]);
$story_templates->set_var('lang_publishdate', $LANG24[69]);
$story_templates->set_var('lang_toolbar', $LANG24[70]);
$story_templates->set_var('toolbar1', $LANG24[71]);
$story_templates->set_var('toolbar2', $LANG24[72]);
$story_templates->set_var('toolbar3', $LANG24[73]);
$story_templates->set_var('toolbar4', $LANG24[74]);
$story_templates->set_var('toolbar5', $LANG24[75]);
if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') {
$story_templates->set_var('show_texteditor', 'none');
$story_templates->set_var('show_htmleditor', '');
} else {
$story_templates->set_var('show_texteditor', '');
$story_templates->set_var('show_htmleditor', 'none');
}
} else {
$story_templates->set_file(array('editor' => 'storyeditor.thtml'));
$advanced_editormode = false;
}
$story_templates->set_var('hour_mode', $_CONF['hour_mode']);
if ($story->hasContent()) {
$previewContent = STORY_renderArticle($story, 'p');
if ($advanced_editormode and $previewContent != '') {
$story_templates->set_var('preview_content', $previewContent);
} elseif ($previewContent != '') {
$display .= COM_startBlock($LANG24[26], '', COM_getBlockTemplate('_admin_block', 'header'));
$display .= $previewContent;
$display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
}
}
if ($advanced_editormode) {
$navbar = new navbar();
if (!empty($previewContent)) {
$navbar->add_menuitem($LANG24[79], 'showhideEditorDiv("preview",0);return false;', true);
$navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",1);return false;', true);
$navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",2);return false;', true);
$navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",3);return false;', true);
$navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",4);return false;', true);
$navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",5);return false;', true);
$navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",6);return false;', true);
} else {
$navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",0);return false;', true);
$navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",1);return false;', true);
$navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",2);return false;', true);
$navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",3);return false;', true);
$navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",4);return false;', true);
$navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",5);return false;', true);
}
if ($mode == 'preview') {
$story_templates->set_var('show_preview', '');
$story_templates->set_var('show_htmleditor', 'none');
$story_templates->set_var('show_texteditor', 'none');
$story_templates->set_var('show_submitoptions', 'none');
$navbar->set_selected($LANG24[79]);
} else {
$navbar->set_selected($LANG24[80]);
}
$story_templates->set_var('navbar', $navbar->generate());
}
$oldsid = $story->EditElements('originalSid');
if (!empty($oldsid) && $mode != 'clone') {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$story_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$story_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
}
if ($mode == 'editsubmission' || $story->type == 'submission') {
$story_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission"' . XHTML . '>');
}
$story_templates->set_var('lang_author', $LANG24[7]);
$storyauthor = COM_getDisplayName($story->EditElements('uid'));
$story_templates->set_var('story_author', $storyauthor);
$story_templates->set_var('author', $storyauthor);
$story_templates->set_var('story_uid', $story->EditElements('uid'));
// user access info
$story_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$story_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($story->EditElements('owner_id'));
$story_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', 'uid = ' . $story->EditElements('owner_id')));
$story_templates->set_var('owner_name', $ownername);
$story_templates->set_var('owner', $ownername);
$story_templates->set_var('owner_id', $story->EditElements('owner_id'));
$story_templates->set_var('lang_group', $LANG_ACCESS['group']);
$story_templates->set_var('group_dropdown', SEC_getGroupDropdown($story->EditElements('group_id'), 3));
$story_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$story_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$story_templates->set_var('permissions_editor', SEC_getPermissionsHTML($story->EditElements('perm_owner'), $story->EditElements('perm_group'), $story->EditElements('perm_members'), $story->EditElements('perm_anon')));
$story_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']);
$story_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$curtime = COM_getUserDateTimeFormat($story->EditElements('date'));
$story_templates->set_var('lang_date', $LANG24[15]);
$story_templates->set_var('publish_second', $story->EditElements('publish_second'));
$publish_ampm = '';
$publish_hour = $story->EditElements('publish_hour');
if ($publish_hour >= 12) {
if ($publish_hour > 12) {
$publish_hour = $publish_hour - 12;
}
$ampm = 'pm';
} else {
$ampm = 'am';
}
$ampm_select = COM_getAmPmFormSelection('publish_ampm', $ampm);
$story_templates->set_var('publishampm_selection', $ampm_select);
$month_options = COM_getMonthFormOptions($story->EditElements('publish_month'));
$story_templates->set_var('publish_month_options', $month_options);
$day_options = COM_getDayFormOptions($story->EditElements('publish_day'));
$story_templates->set_var('publish_day_options', $day_options);
$year_options = COM_getYearFormOptions($story->EditElements('publish_year'));
$story_templates->set_var('publish_year_options', $year_options);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('publish_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($publish_hour);
}
$story_templates->set_var('publish_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('publish_minute'));
$story_templates->set_var('publish_minute_options', $minute_options);
$story_templates->set_var('publish_date_explanation', $LANG24[46]);
$story_templates->set_var('story_unixstamp', $story->EditElements('unixdate'));
$story_templates->set_var('expire_second', $story->EditElements('expire_second'));
$expire_ampm = '';
$expire_hour = $story->EditElements('expire_hour');
if ($expire_hour >= 12) {
if ($expire_hour > 12) {
$expire_hour = $expire_hour - 12;
}
$ampm = 'pm';
} else {
$ampm = 'am';
}
$ampm_select = COM_getAmPmFormSelection('expire_ampm', $ampm);
if (empty($ampm_select)) {
// have a hidden field to 24 hour mode to prevent JavaScript errors
$ampm_select = '<input type="hidden" name="expire_ampm" value=""' . XHTML . '>';
}
$story_templates->set_var('expireampm_selection', $ampm_select);
$month_options = COM_getMonthFormOptions($story->EditElements('expire_month'));
$story_templates->set_var('expire_month_options', $month_options);
$day_options = COM_getDayFormOptions($story->EditElements('expire_day'));
$story_templates->set_var('expire_day_options', $day_options);
$year_options = COM_getYearFormOptions($story->EditElements('expire_year'));
$story_templates->set_var('expire_year_options', $year_options);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('expire_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($expire_hour);
}
$story_templates->set_var('expire_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('expire_minute'));
$story_templates->set_var('expire_minute_options', $minute_options);
$story_templates->set_var('expire_date_explanation', $LANG24[46]);
$story_templates->set_var('story_unixstamp', $story->EditElements('expirestamp'));
$atopic = DB_getItem($_TABLES['topics'], 'tid', "archive_flag = 1");
$have_archive_topic = empty($atopic) ? false : true;
if ($story->EditElements('statuscode') == STORY_ARCHIVE_ON_EXPIRE) {
$story_templates->set_var('is_checked2', 'checked="checked"');
$story_templates->set_var('is_checked3', 'checked="checked"');
$js_showarchivedisabled = 'false';
$have_archive_topic = true;
// force display of auto archive option
} elseif ($story->EditElements('statuscode') == STORY_DELETE_ON_EXPIRE) {
$story_templates->set_var('is_checked2', 'checked="checked"');
$story_templates->set_var('is_checked4', 'checked="checked"');
if (!$have_archive_topic) {
$story_templates->set_var('is_checked3', 'style="display:none;"');
}
$js_showarchivedisabled = 'false';
} else {
if (!$have_archive_topic) {
$story_templates->set_var('is_checked3', 'style="display:none;"');
}
$js_showarchivedisabled = 'true';
}
$story_templates->set_var('lang_archivetitle', $LANG24[58]);
$story_templates->set_var('lang_option', $LANG24[59]);
$story_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']);
$story_templates->set_var('lang_story_stats', $LANG24[87]);
if ($have_archive_topic) {
$story_templates->set_var('lang_optionarchive', $LANG24[61]);
} else {
$story_templates->set_var('lang_optionarchive', '');
}
$story_templates->set_var('lang_optiondelete', $LANG24[62]);
$story_templates->set_var('lang_title', $LANG_ADMIN['title']);
$story_templates->set_var('story_title', $story->EditElements('title'));
$story_templates->set_var('lang_page_title', $LANG_ADMIN['page_title']);
$story_templates->set_var('page_title', $story->EditElements('page_title'));
$story_templates->set_var('lang_metadescription', $LANG_ADMIN['meta_description']);
$story_templates->set_var('meta_description', $story->EditElements('meta_description'));
$story_templates->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']);
$story_templates->set_var('meta_keywords', $story->EditElements('meta_keywords'));
if ($_CONF['meta_tags'] > 0) {
$story_templates->set_var('hide_meta', '');
} else {
$story_templates->set_var('hide_meta', ' style="display:none;"');
}
$story_templates->set_var('lang_topic', $LANG_ADMIN['topic']);
if ($mode == 'preview') {
$tlist = TOPIC_getTopicSelectionControl('article', '', false, true, true);
} else {
$tlist = TOPIC_getTopicSelectionControl('article', $oldsid, false, true, true);
}
if (empty($tlist)) {
$display .= COM_showMessage(101);
return $display;
}
$story_templates->set_var('topic_selection', $tlist);
$story_templates->set_var('lang_show_topic_icon', $LANG24[56]);
if ($story->EditElements('show_topic_icon') == 1) {
$story_templates->set_var('show_topic_icon_checked', 'checked="checked"');
} else {
$story_templates->set_var('show_topic_icon_checked', '');
}
$story_templates->set_var('lang_cachetime', $LANG24['cache_time']);
$story_templates->set_var('lang_cachetime_desc', $LANG24['cache_time_desc']);
$story_templates->set_var('cache_time', $story->EditElements('cache_time'));
$story_templates->set_var('lang_draft', $LANG24[34]);
if ($story->EditElements('draft_flag')) {
$story_templates->set_var('is_checked', 'checked="checked"');
}
$story_templates->set_var('lang_mode', $LANG24[3]);
$story_templates->set_var('status_options', COM_optionList($_TABLES['statuscodes'], 'code,name', $story->EditElements('statuscode')));
$story_templates->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $story->EditElements('commentcode')));
$story_templates->set_var('trackback_options', COM_optionList($_TABLES['trackbackcodes'], 'code,name', $story->EditElements('trackbackcode')));
// comment expire
$story_templates->set_var('lang_cmt_disable', $LANG24[63]);
if ($story->EditElements('cmt_close')) {
$story_templates->set_var('is_checked5', 'checked="checked"');
$js_showcmtclosedisabled = 'false';
} else {
$js_showcmtclosedisabled = 'true';
}
$month_options = COM_getMonthFormOptions($story->EditElements('cmt_close_month'));
$story_templates->set_var('cmt_close_month_options', $month_options);
$day_options = COM_getDayFormOptions($story->EditElements('cmt_close_day'));
$story_templates->set_var('cmt_close_day_options', $day_options);
// ensure that the year dropdown includes the close year
$endtm = mktime(0, 0, 0, date('m'), date('d') + $_CONF['article_comment_close_days'], date('Y'));
$yoffset = date('Y', $endtm) - date('Y');
$close_year = $story->EditElements('cmt_close_year');
if ($yoffset < -1) {
$year_options = COM_getYearFormOptions($close_year, $yoffset);
} elseif ($yoffset > 5) {
$year_options = COM_getYearFormOptions($close_year, -1, $yoffset);
} else {
$year_options = COM_getYearFormOptions($close_year);
}
$story_templates->set_var('cmt_close_year_options', $year_options);
$cmt_close_ampm = '';
$cmt_close_hour = $story->EditElements('cmt_close_hour');
//correct hour
if ($cmt_close_hour >= 12) {
if ($cmt_close_hour > 12) {
$cmt_close_hour = $cmt_close_hour - 12;
}
$ampm = 'pm';
} else {
$ampm = 'am';
}
$ampm_select = COM_getAmPmFormSelection('cmt_close_ampm', $ampm);
if (empty($ampm_select)) {
// have a hidden field to 24 hour mode to prevent JavaScript errors
$ampm_select = '<input type="hidden" name="cmt_close_ampm" value=""' . XHTML . '>';
}
$story_templates->set_var('cmt_close_ampm_selection', $ampm_select);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('cmt_close_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($cmt_close_hour);
}
$story_templates->set_var('cmt_close_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('cmt_close_minute'));
$story_templates->set_var('cmt_close_minute_options', $minute_options);
$story_templates->set_var('cmt_close_second', $story->EditElements('cmt_close_second'));
if ($_CONF['onlyrootfeatures'] == 1 && SEC_inGroup('Root') or $_CONF['onlyrootfeatures'] !== 1) {
$featured_options = "<select name=\"featured\">" . LB . COM_optionList($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured')) . "</select>" . LB;
} else {
$featured_options = "<input type=\"hidden\" name=\"featured\" value=\"0\"" . XHTML . ">";
}
$story_templates->set_var('featured_options', $featured_options);
$story_templates->set_var('frontpage_options', COM_optionList($_TABLES['frontpagecodes'], 'code,name', $story->EditElements('frontpage')));
$story_templates->set_var('story_introtext', $story->EditElements('introtext'));
$story_templates->set_var('story_bodytext', $story->EditElements('bodytext'));
$story_templates->set_var('lang_introtext', $LANG24[16]);
$story_templates->set_var('lang_bodytext', $LANG24[17]);
$story_templates->set_var('lang_postmode', $LANG24[4]);
$story_templates->set_var('lang_publishoptions', $LANG24[76]);
$story_templates->set_var('noscript', COM_getNoScript(false, $LANG24[77], sprintf($LANG24[78], $_CONF['site_admin_url'], $sid)));
$postmode = $story->EditElements('postmode');
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') {
$postmode = '';
}
}
$post_options = COM_optionList($_TABLES['postmodes'], 'code,name', $postmode);
$postmode_list = 'plaintext,html';
// If Advanced Mode - add post option and set default if editing story created with Advanced Editor
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
$postmode_list .= ',adveditor';
if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') {
$post_options .= '<option value="adveditor" selected="selected">' . $LANG24[86] . '</option>';
} else {
$post_options .= '<option value="adveditor">' . $LANG24[86] . '</option>';
}
}
if ($_CONF['wikitext_editor']) {
$postmode_list .= ',wikitext';
if ($story->EditElements('postmode') == 'wikitext') {
$post_options .= '<option value="wikitext" selected="selected">' . $LANG24[88] . '</option>';
} else {
$post_options .= '<option value="wikitext">' . $LANG24[88] . '</option>';
}
}
$story_templates->set_var('post_options', $post_options);
$postmode_array = explode(',', $postmode_list);
$allowed_html = '';
foreach ($postmode_array as $pm) {
$allowed_html .= COM_allowedHTML('story.edit', false, 1, $pm);
}
$allowed_tags = array('code', 'raw');
if ($_CONF['allow_page_breaks'] == 1) {
$allowed_tags = array_merge($allowed_tags, array('page_break'));
}
$allowed_html .= COM_allowedAutotags(false, $allowed_tags);
$story_templates->set_var('lang_allowed_html', $allowed_html);
$fileinputs = '';
$saved_images = '';
if ($_CONF['maximagesperarticle'] > 0) {
$story_templates->set_var('lang_images', $LANG24[47]);
$icount = DB_count($_TABLES['article_images'], 'ai_sid', $story->getSid());
if ($icount > 0) {
$result_articles = DB_query("SELECT * FROM {$_TABLES['article_images']} WHERE ai_sid = '" . $story->getSid() . "'");
for ($z = 1; $z <= $icount; $z++) {
$I = DB_fetchArray($result_articles);
$saved_images .= $z . ') ' . COM_createLink($I['ai_filename'], $_CONF['site_url'] . '/images/articles/' . $I['ai_filename']) . ' ' . $LANG_ADMIN['delete'] . ': <input type="checkbox" name="delete[' . $I['ai_img_num'] . ']"' . XHTML . '><br' . XHTML . '>';
}
}
$newallowed = $_CONF['maximagesperarticle'] - $icount;
for ($z = $icount + 1; $z <= $_CONF['maximagesperarticle']; $z++) {
$fileinputs .= $z . ') <input type="file" dir="ltr" name="file' . $z . '"' . XHTML . '>';
if ($z < $_CONF['maximagesperarticle']) {
$fileinputs .= '<br' . XHTML . '>';
}
}
$fileinputs .= '<br' . XHTML . '>' . $LANG24[51];
if ($_CONF['allow_user_scaling'] == 1) {
$fileinputs .= $LANG24[27];
}
$fileinputs .= $LANG24[28] . '<br' . XHTML . '>';
}
// Add JavaScript
$_SCRIPTS->setJavaScriptFile('story_editor', '/javascript/story_editor.js');
if ($_CONF['titletoid']) {
$_SCRIPTS->setJavaScriptFile('title_2_id', '/javascript/title_2_id.js');
$story_templates->set_var('titletoid', true);
}
$_SCRIPTS->setJavaScriptFile('postmode_control', '/javascript/postmode_control.js');
// Loads jQuery UI datepicker and timepicker-addon
$_SCRIPTS->setJavaScriptLibrary('jquery.ui.slider');
// $_SCRIPTS->setJavaScriptLibrary('jquery.ui.button');
$_SCRIPTS->setJavaScriptLibrary('jquery.ui.datepicker');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-i18n');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-timepicker-addon');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-timepicker-addon-i18n');
// $_SCRIPTS->setJavaScriptLibrary('jquery-ui-slideraccess');
$_SCRIPTS->setJavaScriptFile('datetimepicker', '/javascript/datetimepicker.js');
$langCode = COM_getLangIso639Code();
$toolTip = $MESSAGE[118];
$imgUrl = $_CONF['site_url'] . '/images/calendar.png';
$_SCRIPTS->setJavaScript("jQuery(function () {" . " geeklog.hour_mode = {$_CONF['hour_mode']};" . " geeklog.datetimepicker.set('publish', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . " geeklog.datetimepicker.set('expire', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . " geeklog.datetimepicker.set('cmt_close', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . "});", TRUE, TRUE);
// Setup Advanced Editor
COM_setupAdvancedEditor('/javascript/storyeditor_adveditor.js');
$story_templates->set_var('saved_images', $saved_images);
$story_templates->set_var('image_form_elements', $fileinputs);
$story_templates->set_var('lang_hits', $LANG24[18]);
$story_templates->set_var('story_hits', $story->EditElements('hits'));
$story_templates->set_var('lang_comments', $LANG24[19]);
$story_templates->set_var('story_comments', $story->EditElements('comments'));
$story_templates->set_var('lang_trackbacks', $LANG24[29]);
$story_templates->set_var('story_trackbacks', $story->EditElements('trackbacks'));
$story_templates->set_var('lang_emails', $LANG24[39]);
$story_templates->set_var('story_emails', $story->EditElements('numemails'));
if ($mode == 'clone') {
$story_templates->set_var('story_id', COM_makesid());
} else {
$story_templates->set_var('story_id', $story->getSid());
$story_templates->set_var('old_story_id', $story->EditElements('originalSid'));
}
$story_templates->set_var('lang_sid', $LANG24[12]);
$story_templates->set_var('lang_save', $LANG_ADMIN['save']);
$story_templates->set_var('lang_preview', $LANG_ADMIN['preview']);
$story_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$story_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
$story_templates->set_var('gltoken_name', CSRF_TOKEN);
$token = SEC_createToken();
$story_templates->set_var('gltoken', $token);
$story_templates->parse('output', 'editor');
$display .= COM_startBlock($LANG24[5], '', COM_getBlockTemplate('_admin_block', 'header'));
$display .= SEC_getTokenExpiryNotice($token, $LANG24[91]);
$display .= $story_templates->finish($story_templates->get_var('output'));
$display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $display;
}
/**
* Delete a poll
*
* @param string $pid ID of poll to delete
* @return string HTML redirect
*
*/
function deletePoll($pid)
{
global $_CONF, $_TABLES, $_USER;
$pid = addslashes($pid);
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
$Q = DB_fetchArray($result);
$access = SEC_hasAccess($Q['owner_id'], $Q['group_id'], $Q['perm_owner'], $Q['perm_group'], $Q['perm_members'], $Q['perm_anon']);
if ($access < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete poll {$pid}.");
return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php');
}
DB_delete($_TABLES['polltopics'], 'pid', $pid);
DB_delete($_TABLES['pollanswers'], 'pid', $pid);
DB_delete($_TABLES['pollquestions'], 'pid', $pid);
DB_delete($_TABLES['comments'], array('sid', 'type'), array($pid, 'polls'));
PLG_itemDeleted($pid, 'polls');
return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=20');
}
case $LANG_ADMIN['delete']:
if ($rid === 0) {
COM_errorLog('Attempted to delete route, rid empty or null, value =' . $rid);
$display = COM_refresh($_CONF['site_admin_url'] . '/router.php');
} elseif (SEC_checkToken()) {
$display = deleteRoute($rid);
} else {
COM_accessLog("User {$_USER['username']} tried to illegally delete route {$rid} and failed CSRF checks.");
$display = COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
echo $display;
die;
break;
case $LANG_ADMIN['save']:
if (!SEC_checkToken()) {
COM_accessLog("User {$_USER['username']} tried to illegally save route {$rid} and failed CSRF checks.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
die;
}
$method = \Geeklog\Input::fPost('method', '');
$rule = \Geeklog\Input::post('rule', '');
$route = \Geeklog\Input::post('route', '');
$priority = \Geeklog\Input::fPost('priority', Router::DEFAULT_PRIORITY);
$display = saveRoute($rid, $method, $rule, $route, $priority);
break;
case 'edit':
$content = getRouteEditor($rid);
$display = COM_createHTMLDocument($content, array('pagetitle' => $LANG_ROUTER[2]));
break;
case 'move':
if (SEC_checkToken()) {
$display .= PLUGINS_list($token);
$display .= COM_siteFooter();
} else {
COM_accessLog("User {$_USER['username']} tried to illegally delete plugin {$pi_name} and failed CSRF checks.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
break;
case 'remove':
if (SEC_checkToken()) {
$display .= COM_siteHeader('menu', $LANG32[30]);
$display .= PLUGINS_remove($pi_name);
$token = SEC_createToken();
$display .= PLUGINS_list($token);
$display .= COM_siteFooter();
} else {
COM_accessLog("User {$_USER['username']} tried to illegally remove plugin {$pi_name} and failed CSRF checks.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
break;
default:
$display .= COM_siteHeader('menu', $LANG32[5]);
$msg = COM_getMessage();
$plugin = '';
if (isset($_POST['plugin'])) {
$plugin = COM_applyFilter($_POST['plugin']);
} else {
if (isset($_GET['plugin'])) {
$plugin = COM_applyFilter($_GET['plugin']);
}
}
$display .= $msg > 0 ? COM_showMessage($msg, $plugin) : '';
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +---------------------------------------------------------------------------+
/**
* @package Maps
*/
require_once '../../../lib-common.php';
require_once '../../auth.inc.php';
$display = '';
// Ensure user even has the rights to access this page
if (!SEC_hasRights('maps.admin')) {
$display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
// Log attempt to access.log
COM_accessLog("User {$_USER['username']} tried to illegally access the Maps plugin administration screen.");
echo $display;
exit;
}
// Incoming variable filter
$vars = array('mode' => 'alpha', 'cid' => 'number', 'id' => 'number', 'msg' => 'text');
MAPS_filterVars($vars, $_REQUEST);
/**
* List all maps that the user has access to
*
* @retun string HTML for the list
*
*/
function MAPS_listmaps()
{
global $_CONF, $_TABLES, $_IMAGE_TYPE, $LANG_ADMIN, $LANG_MAPS_1;
function _checkHasAccess()
{
global $_USER, $LANG_DLM;
// only users who belong to the Root group can full access
if (!SEC_inGroup('Root')) {
// deny access
COM_accessLog("User {$_USER['username']} tried illegally to edit category {$this->_cid}.");
$display = COM_showMessage(6, 'downloads');
$display = DLM_createHTMLDocument($display, array('pagetitle' => $LANG_DLM['manager']));
COM_output($display);
exit;
}
}
/**
* Saves user to the database
*
* @param int $uid user id
* @param string $usernmae (short) username
* @param string $fullname user's full name
* @param string $email user's email address
* @param string $regdate date the user registered with the site
* @param string $homepage user's homepage URL
* @param array $groups groups the user belongs to
* @param string $delete_photo delete user's photo if == 'on'
* @return string HTML redirect or error message
*
*/
function saveusers($uid, $username, $fullname, $passwd, $passwd_conf, $email, $regdate, $homepage, $groups, $delete_photo = '', $userstatus = 3, $oldstatus = 3)
{
global $_CONF, $_TABLES, $_USER, $LANG28, $_USER_VERBOSE;
$retval = '';
$userChanged = false;
if ($_USER_VERBOSE) {
COM_errorLog("**** entering saveusers****", 1);
COM_errorLog("group size at beginning = " . count($groups), 1);
}
$service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$uid}");
// If remote service then assume blank password
if (!empty($service)) {
$passwd = '';
$passwd_conf = '';
}
$passwd_changed = true;
if (empty($service) && SEC_encryptUserPassword($passwd, $uid) === 0 && $passwd_conf === '') {
$passwd_changed = false;
}
if ($passwd_changed && $passwd != $passwd_conf) {
// passwords don't match
return edituser($uid, 67);
}
$nameAndEmailOkay = true;
if (empty($username)) {
$nameAndEmailOkay = false;
} elseif (empty($email)) {
if (empty($uid)) {
$nameAndEmailOkay = false;
// new users need an email address
} else {
if (empty($service)) {
$nameAndEmailOkay = false;
// not a remote user - needs email
}
}
}
if ($nameAndEmailOkay) {
if (!empty($email) && !COM_isEmail($email)) {
return edituser($uid, 52);
}
$uname = DB_escapeString($username);
if (empty($uid)) {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******'");
} else {
if (!empty($service)) {
$uservice = DB_escapeString($service);
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND remoteservice = '{$uservice}'");
} else {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND (remoteservice = '' OR remoteservice IS NULL)");
}
}
if ($ucount > 0) {
// Admin just changed a user's username to one that already exists
return edituser($uid, 51);
}
$emailaddr = DB_escapeString($email);
$exclude_remote = " AND (remoteservice IS NULL OR remoteservice = '')";
if (empty($uid)) {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}'" . $exclude_remote);
} else {
$old_email = DB_getItem($_TABLES['users'], 'email', "uid = '{$uid}'");
if ($old_email == $email) {
// email address didn't change so don't care
$ucount = 0;
} else {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}' AND uid <> {$uid}" . $exclude_remote);
}
}
if ($ucount > 0) {
// Admin just changed a user's email to one that already exists
return edituser($uid, 56);
}
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($username, $email);
if (!empty($ret)) {
// need a numeric return value - otherwise use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return edituser($uid, $ret['number']);
}
}
if (empty($uid)) {
if (empty($passwd)) {
// no password? create one ...
$passwd = SEC_generateRandomPassword();
}
$uid = USER_createAccount($username, $email, $passwd, $fullname, $homepage);
if ($uid > 1) {
DB_query("UPDATE {$_TABLES['users']} SET status = {$userstatus} WHERE uid = {$uid}");
}
} else {
$fullname = DB_escapeString($fullname);
$homepage = DB_escapeString($homepage);
$curphoto = DB_getItem($_TABLES['users'], 'photo', "uid = {$uid}");
if (!empty($curphoto) && $delete_photo == 'on') {
USER_deletePhoto($curphoto);
$curphoto = '';
}
if ($_CONF['allow_user_photo'] == 1 && !empty($curphoto)) {
$curusername = DB_getItem($_TABLES['users'], 'username', "uid = {$uid}");
if ($curusername != $username) {
// user has been renamed - rename the photo, too
$newphoto = preg_replace('/' . $curusername . '/', $username, $curphoto, 1);
$imgpath = $_CONF['path_images'] . 'userphotos/';
if (@rename($imgpath . $curphoto, $imgpath . $newphoto) === false) {
$retval .= COM_errorLog('Could not rename userphoto "' . $curphoto . '" to "' . $newphoto . '".');
return $retval;
}
$curphoto = $newphoto;
}
}
$curphoto = DB_escapeString($curphoto);
DB_query("UPDATE {$_TABLES['users']} SET username = '******', fullname = '{$fullname}', email = '{$email}', homepage = '{$homepage}', photo = '{$curphoto}', status='{$userstatus}' WHERE uid = {$uid}");
if ($passwd_changed && !empty($passwd)) {
SEC_updateUserPassword($passwd, $uid);
}
if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
CUSTOM_userSave($uid);
}
if ($_CONF['usersubmission'] == 1 && $oldstatus == USER_ACCOUNT_AWAITING_APPROVAL && $userstatus == USER_ACCOUNT_ACTIVE) {
USER_createAndSendPassword($username, $email, $uid);
}
if ($userstatus == USER_ACCOUNT_DISABLED) {
SESS_endUserSession($uid);
}
$userChanged = true;
}
// check that the user is allowed to change group assignments
if (is_array($groups) && SEC_hasRights('group.assign')) {
if (!SEC_inGroup('Root')) {
$rootgrp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'");
if (in_array($rootgrp, $groups)) {
COM_accessLog("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user {$username}.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
exit;
}
}
// make sure the Remote Users group is in $groups
if (SEC_inGroup('Remote Users', $uid)) {
$remUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'");
if (!in_array($remUsers, $groups)) {
$groups[] = $remUsers;
}
}
if ($_USER_VERBOSE) {
COM_errorLog("deleting all group_assignments for user {$uid}/{$username}", 1);
}
// remove user from all groups that the User Admin is a member of
$UserAdminGroups = SEC_getUserGroups();
$whereGroup = 'ug_main_grp_id IN (' . implode(',', $UserAdminGroups) . ')';
DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = {$uid}) AND " . $whereGroup);
// make sure to add user to All Users and Logged-in Users groups
$allUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'All Users'");
if (!in_array($allUsers, $groups)) {
$groups[] = $allUsers;
}
$logUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Logged-in Users'");
if (!in_array($logUsers, $groups)) {
$groups[] = $logUsers;
}
foreach ($groups as $userGroup) {
if (in_array($userGroup, $UserAdminGroups)) {
if ($_USER_VERBOSE) {
COM_errorLog("adding group_assignment " . $userGroup . " for {$username}", 1);
}
$sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$userGroup}, {$uid})";
DB_query($sql);
}
}
}
if ($userChanged) {
PLG_userInfoChanged($uid);
}
$errors = DB_error();
if (empty($errors)) {
echo PLG_afterSaveSwitch($_CONF['aftersave_user'], "{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}", 'user', 21);
} else {
$retval .= COM_errorLog('Error in saveusers in ' . $_CONF['site_admin_url'] . '/user.php');
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[22]));
echo $retval;
exit;
}
} else {
$retval .= COM_showMessageText($LANG28[10]);
if (!empty($uid) && $uid > 1 && DB_count($_TABLES['users'], 'uid', $uid) > 0) {
$retval .= edituser($uid);
} else {
$retval .= edituser();
}
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[1]));
COM_output($retval);
exit;
}
if ($_USER_VERBOSE) {
COM_errorLog("***************leaving saveusers*****************", 1);
}
return $retval;
}
} elseif (isset($_GET[$provided])) {
$action = $provided;
}
}
switch ($action) {
case 'banbutton_x':
if (SEC_checkToken()) {
$msg = SFS_banUsers();
$pageBody .= COM_showMessageText($msg) . SFS_adminList();
} else {
COM_accessLog('User ' . $_USER['username'] . ' tried to ban users and failed CSRF checks.');
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
break;
case 'delbutton_x':
if (SEC_checkToken()) {
$msg = SFS_delUsers();
$pageBody .= COM_showMessageText($msg) . SFS_adminList();
} else {
COM_accessLog('User ' . $_USER['username'] . ' tried to del users and failed CSRF checks.');
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
break;
default:
$pageBody .= SFS_adminList();
break;
}
$display = COM_siteHeader('menu', $LANG_SFS['title']);
$display .= $pageBody;
$display .= COM_siteFooter();
echo $display;
if (!in_array('databox', $_PLUGINS)) {
COM_handle404();
exit;
}
require_once $_CONF['path'] . 'plugins/databox/lib/ppNavbar.php';
$edt_flg = FALSE;
// 権限チェック
if (SEC_hasRights('databox.admin')) {
} else {
$information = array();
$information['pagetitle'] = $MESSAGE[30];
$display = "";
$display .= COM_startBlock($MESSAGE[30], '', COM_getBlockTemplate('_msg_block', 'header'));
$display .= $MESSAGE[35];
$display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
COM_accessLog("User {$_USER['username']} tried to illegally access the databox administration screen.");
$display = DATABOX_displaypage($pi_name, '_admin', $display, $information);
COM_output($display);
exit;
}
$adminurl = $_CONF['site_admin_url'] . '/plugins/' . THIS_PLUGIN . "/";
$navbarMenu = array();
$navbarMenu[$LANG_DATABOX_admin_menu['1']] = $adminurl . 'information.php';
$navbarMenu[$LANG_DATABOX_admin_menu['2']] = $adminurl . 'data.php';
$navbarMenu[$LANG_DATABOX_admin_menu['3']] = $adminurl . 'field.php';
$navbarMenu[$LANG_DATABOX_admin_menu['31']] = $adminurl . 'fieldset.php';
$navbarMenu[$LANG_DATABOX_admin_menu['4']] = $adminurl . 'category.php';
$navbarMenu[$LANG_DATABOX_admin_menu['5']] = $adminurl . 'group.php';
$navbarMenu[$LANG_DATABOX_admin_menu['51']] = $adminurl . 'mst.php';
$navbarMenu[$LANG_DATABOX_admin_menu['6']] = $adminurl . 'backuprestore.php';
//
* Geeklog common function library and Admin authentication
*/
require_once '../../../lib-common.php';
require_once '../../auth.inc.php';
require_once $_CONF['path_system'] . '/lib-admin.php';
if (!in_array('spamx', $_PLUGINS)) {
COM_handle404();
exit;
}
$display = '';
// Only let admin users access this page
if (!SEC_hasRights('spamx.admin')) {
// Someone is trying to illegally access this page
$display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("Someone has tried to illegally access the Spam-X Admin page. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$_SERVER['REMOTE_ADDR']}", 1);
COM_output($display);
exit;
}
/**
* Main
*/
$display = '';
$menu_arr = array(array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
$display = COM_startBlock($LANG_SX00['plugin_name'], '', COM_getBlockTemplate('_admin_block', 'header'));
$display .= ADMIN_createMenu($menu_arr, $LANG_SX00['adminc'], plugin_geticon_spamx());
$files = array();
if ($dir = @opendir($_CONF['path'] . 'plugins/spamx/')) {
while (($file = readdir($dir)) !== false) {
if (is_file($_CONF['path'] . 'plugins/spamx/' . $file)) {
if (substr($file, -16) === '.Admin.class.php') {
/**
* Delete a topic
*
* @param string $tid Topic ID
* @return string HTML redirect
*/
function deleteTopic($tid)
{
global $_CONF, $_TABLES, $_USER, $_TOPICS;
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid ='{$tid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete topic {$tid}.");
COM_redirect($_CONF['site_admin_url'] . '/topic.php');
}
// Update any child topics to root and un hide them
DB_query("UPDATE {$_TABLES['topics']} SET parent_id = '" . TOPIC_ROOT . "', hidden = 0 WHERE parent_id = '{$tid}'");
// same with feeds
DB_query("UPDATE {$_TABLES['syndication']} SET topic = '::all', is_enabled = 0 WHERE topic = '{$tid}'");
// Need to cycle through stories from topic
// Only delete story if only this one topic
// Make sure to check if this topic is default for story. If is make another topic default.
$object_tables[] = $_TABLES['stories'];
$object_tables[] = $_TABLES['storysubmission'];
$object_tables[] = $_TABLES['blocks'];
$object_tables_id[$_TABLES['stories']] = 'sid';
$object_tables_id[$_TABLES['storysubmission']] = 'sid';
$object_tables_id[$_TABLES['blocks']] = 'bid';
$object_type[$_TABLES['stories']] = 'article';
$object_type[$_TABLES['storysubmission']] = 'article';
$object_type[$_TABLES['blocks']] = 'block';
foreach ($object_tables as $object_table) {
$sql = "SELECT {$object_tables_id[$object_table]}, ta.tdefault\n FROM {$object_table}, {$_TABLES['topic_assignments']} ta\n WHERE ta.type = '{$object_type[$object_table]}' AND ta.id = CAST({$object_tables_id[$object_table]} AS CHAR) AND ta.tid = '{$tid}'";
$result = DB_query($sql);
$numStories = DB_numRows($result);
for ($i = 0; $i < $numStories; $i++) {
$A = DB_fetchArray($result);
// Now check if another topic exists for this story
$sql = "SELECT {$object_tables_id[$object_table]}, ta.tid\n FROM {$object_table}, {$_TABLES['topic_assignments']} ta\n WHERE ta.type = '{$object_type[$object_table]}' AND ta.id = {$object_tables_id[$object_table]}\n AND ta.tid <> '{$tid}' AND {$object_tables_id[$object_table]} = '{$A[$object_tables_id[$object_table]]}'";
$resultB = DB_query($sql);
$numTopics = DB_numRows($resultB);
if ($numTopics == 0) {
// Delete comments, trackbacks, images associated with stories in this topic since only topic
if ($object_table == $_TABLES['stories'] || $object_table == $_TABLES['storysubmission']) {
STORY_deleteImages($A['sid']);
DB_delete($_TABLES['comments'], array('sid', 'type'), array($A['sid'], 'article'));
DB_delete($_TABLES['trackback'], array('sid', 'type'), array($A['sid'], 'article'));
if ($object_table == $_TABLES['stories']) {
PLG_itemDeleted($A['sid'], 'article');
}
}
DB_delete($object_table, $object_tables_id[$object_table], $A[$object_tables_id[$object_table]]);
} else {
// Story still exists for other topics so make sure one is default
if ($object_table == $_TABLES['stories'] || $object_table == $_TABLES['storysubmission']) {
if ($A['tdefault'] == 1) {
$B = DB_fetchArray($resultB);
$sql = "UPDATE {$_TABLES['topic_assignments']} SET tdefault = 1 WHERE type = 'article' AND tid = '{$B['tid']}' AND id = '{$B['sid']}'";
DB_query($sql);
}
}
}
}
}
// Notify of Delete topic so other plugins can deal with their items without topics
PLG_itemDeleted($tid, 'topic');
// delete these
DB_delete($_TABLES['topic_assignments'], 'tid', $tid);
DB_delete($_TABLES['topics'], 'tid', $tid);
// Reorder Topics, Delete topic cache and reload topic tree
reorderTopics();
// update feed(s)
COM_rdfUpToDateCheck('article');
COM_redirect($_CONF['site_admin_url'] . '/topic.php?msg=14');
}
case 'english':
case 'english_utf-8':
default:
$_LANG_UPDATE = array('title' => 'Downloads Plugin Update', 'submit' => $LANG_ACCESS['submit'], 'cancel' => $LANG_ACCESS['cancel'], 'description1' => 'Downloads plugin is already up to date. There is no need to update.', 'description2' => 'Click the Submit button to start the process. (You cannot undo.)', 'description_001' => '#001: Respond to the new Configuration UI has been introduced with Geeklog version 1.8.0.', 'dm_not_installed' => 'Downloads Plugin are not installed or disabled.', 'db_error' => 'During a database access error occurred: ', 'process_canceled' => 'Update process %s was canceled.', 'process_interrupted' => 'Update process %s was interrupted.', 'process_completed' => 'Update process %s was completed successfully!');
break;
}
if (!in_array('downloads', $_PLUGINS)) {
$display = COM_showMessageText($_LANG_UPDATE['dm_not_installed'], $MESSAGE[40]);
$display = DLM_createHTMLDocument($display, array('menu' => $MESSAGE[40]));
COM_output($display);
exit;
}
if (!SEC_hasRights('downloads.edit')) {
$display = COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = DLM_createHTMLDocument($display, array('menu' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally access " . "the downloads administration screen.");
COM_output($display);
exit;
}
function DLM_check_001()
{
global $_CONF, $_TABLES, $_LANG_UPDATE;
$retval = '';
if (version_compare(VERSION, '1.8.0') >= 0) {
$n = DB_getItem($_TABLES['conf_values'], 'COUNT(name)', "group_name = 'downloads' AND type = 'tab'");
if ($n == 0) {
$retval .= $_LANG_UPDATE['description_001'];
}
}
return $retval;
}
$mode = "save";
} else {
if ($mode == $LANG_ADMIN['delete'] && !empty($LANG_ADMIN['delete'])) {
$mode = "delete";
}
}
if ($action == $LANG_ADMIN['cancel']) {
// cancel
$mode = "";
}
//echo "mode=".$mode."<br>";
if ($mode == "" or $mode == "edit" or $mode == "new" or $mode == "export" or $mode == "sampleimport" or $mode == "copy") {
} else {
if (!SEC_checkToken()) {
// if (SEC_checkToken()){//テスト用
COM_accessLog("User {$_USER['username']} tried to illegally and failed CSRF checks.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
exit;
}
}
if ($mode == "exportexec") {
LIB_export($pi_name);
exit;
}
if ($mode == "sampleimportexec") {
LIB_sampleimport($pi_name);
}
//
$menuno = 51;
$display = '';
$information = array();
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +---------------------------------------------------------------------------+
require_once '../../../lib-common.php';
if (!SEC_hasRights('japanize.edit')) {
$content = COM_startBlock($MESSAGE[30], '', COM_getBlockTemplate('_msg_block', 'header')) . $MESSAGE[35] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$display = is_callable('COM_createHTMLDocument') ? COM_createHTMLDocument($content) : COM_siteHeader() . $content . COM_siteFooter();
COM_accessLog('User ' . $_USER['username'] . ' tried to illegally access the japanize administration screen.');
echo $display;
exit;
}
// +---------------------------------------------------------------------------+
// | MAIN |
// +---------------------------------------------------------------------------+
// Gets the current state of Japanization
if (DB_getItem($_TABLES['vars'], 'COUNT(*)', "name='japanize_plugin'") == 1) {
$current = (int) DB_getItem($_TABLES['vars'], 'value', "name='japanize_plugin'");
} else {
$current = 0;
}
$needChange = false;
if (isset($_POST['japanize_all']) && $_POST['japanize_all'] === JAPANIZE_str('japanize_all')) {
$A = 63;
