function gf_createHTMLDocument(&$content = '', $subject = '') { global $CONF_FORUM; // Display Common headers if (!isset($CONF_FORUM['showblocks'])) { $CONF_FORUM['showblocks'] = 'leftblocks'; } if (!isset($CONF_FORUM['usermenu'])) { $CONF_FORUM['usermenu'] = 'blockmenu'; } $information = array(); $information['pagetitle'] = $subject; $information['what'] = 'menu'; $information['rightblock'] = false; if ($CONF_FORUM['showblocks'] == 'noblocks' or $CONF_FORUM['showblocks'] == 'rightblocks') { $information['what'] = 'none'; } elseif ($CONF_FORUM['showblocks'] == 'leftblocks' or $CONF_FORUM['showblocks'] == 'allblocks') { if ($CONF_FORUM['usermenu'] == 'blockmenu') { $CONF_FORUM['add_forum_menu_check'] = 1; } } if ($CONF_FORUM['showblocks'] == 'rightblocks') { $information['rightblock'] = true; if ($CONF_FORUM['usermenu'] == 'blockmenu') { $CONF_FORUM['add_forum_menu_check'] = 1; } } elseif ($CONF_FORUM['showblocks'] == 'allblocks') { $information['rightblock'] = true; } return COM_createHTMLDocument($content, $information); }
function CUSTOM_handle404($alternate_url = '') { global $_CONF, $_USER, $LANG_404; // send 404 in any case header('HTTP/1.1 404 Not Found'); header('Status: 404 Not Found'); $display .= COM_startBlock($LANG_404[1]); if (isset($_SERVER['SCRIPT_URI'])) { $url = strip_tags($_SERVER['SCRIPT_URI']); } else { $request = $_SERVER['REQUEST_URI']; $url = 'http://' . $_SERVER['HTTP_HOST'] . strip_tags($request); } // Add log stuff if (isset($_USER['uid'])) { $byuser = $_USER['uid'] . '@' . $_SERVER['REMOTE_ADDR']; } else { $byuser = '******' . $_SERVER['REMOTE_ADDR']; } $refurl = $_SERVER['HTTP_REFERER']; $remoteaddress = $_SERVER['REMOTE_ADDR']; $timestamp = @strftime('%c'); $logentry = "404 Error generated by {$byuser} for url: {$url} - Referring url: {$refurl}"; $logfile = $_CONF['path_log'] . '404.log'; if (!($file = fopen($logfile, 'a'))) { } else { fputs($file, "{$timestamp} - {$logentry} \n"); } $display .= CUSTOM_getStaticpage('404'); $display .= sprintf($LANG_404[2], $url); if ($alternate_url != '') { $display .= sprintf($LANG_404[4], $alternate_url); } else { $display .= $LANG_404[3]; } $display .= COM_endBlock(); // $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_404[1])); $display = COM_createHTMLDocument($display, array('what' => 'none', 'pagetitle' => $LANG_404[1], 'rightblock' => false)); COM_output($display); exit; // Do not want to go any further }
function show($e_code, $pages = 1) { global $_CONF; $errmsg = array("0001" => "Could not connect to the forums database.", "0002" => "The forum you selected does not exist. Please go back and try again.", "0003" => "Password Incorrect.", "0004" => "Could not query the topics database.", "0005" => "Error getting messages from the database.", "0006" => "Please enter the Nickname and the Password.", "0007" => "You are not the Moderator of this forum therefore you can't perform this function.", "0008" => "You did not enter the correct password, please go back and try again.", "0009" => "Could not remove posts from the database.", "0010" => "Could not move selected topic to selected forum. Please go back and try again.", "0011" => "Could not lock the selected topic. Please go back and try again.", "0012" => "Could not unlock the selected topic. Please go back and try again.", "0013" => "Could not query the database. <br" . XHTML . ">Error: " . mysql_error(), "0014" => "No such user or post in the database.", "0015" => "Search Engine was unable to query the forums database.", "0016" => "That user does not exist. Please go back and search again.", "0017" => "You must type a subject to post. You can't post an empty subject. Go back and enter the subject", "0018" => "You must choose message icon to post. Go back and choose message icon.", "0019" => "You must type a message to post. You can't post an empty message. Go back and enter a message.", "0020" => "Could not enter data into the database. Please go back and try again.", "0021" => "Can't delete the selected message.", "0022" => "An error ocurred while querying the database.", "0023" => "Selected message was not found in the forum database.", "0024" => "You can't reply to that message. It wasn't sent to you.", "0025" => "You can't post a reply to this topic, it has been locked. Contact the administrator if you have any question.", "0026" => "The forum or topic you are attempting to post to does not exist. Please try again.", "0027" => "You must enter your username and password. Go back and do so.", "0028" => "You have entered an incorrect password. Go back and try again.", "0029" => "Couldn't update post count.", "0030" => "The forum you are attempting to post to does not exist. Please try again.", "0031" => "Unknown Error", "0035" => "You can't edit a post that's not yours.", "0036" => "You do not have permission to edit this post.", "0037" => "You did not supply the correct password or do not have permission to edit this post. Please go back and try again.", "1001" => "Please enter value for Title.", "1002" => "Please enter value for Phone.", "1003" => "Please enter value for Summary.", "1004" => "Please enter value for Address.", "1005" => "Please enter value for City.", "1006" => "Please enter value for State/Province.", "1007" => "Please enter value for Zipcode.", "1008" => "Please enter value for Description.", "1009" => "Vote for the selected resource only once.<br" . XHTML . ">All votes are logged and reviewed.", "1010" => "You cannot vote on the resource you submitted.<br" . XHTML . ">All votes are logged and reviewed.", "1011" => "No rating selected - no vote tallied.", "1013" => "Please enter a search query.", "1016" => "Please enter value for Filename.", "1017" => "The file was not uploaded - reported filesize of 0 bytes.", "1101" => "Upload approval Error: The temporary file was not found. Check error.log", "1102" => "Upload submit Error: The temporary filestore file was not created. Check error.log", "1103" => "The download info you provided is already in the database!", "1104" => "The download info was not complete - Need to enter a title for the new file", "1105" => "The download info was not complete - Need to enter a description for the new file", "1106" => "Upload Add Error: The new file was not created. Check error.log", "1107" => "Upload Add Error: The temporary file was not found. Check error.log", "1108" => "Duplicate file - already existing in filestore", "9999" => "OOPS! God Knows"); $errorno = array_keys($errmsg); if (!in_array($e_code, $errorno)) { $e_code = '9999'; } include_once $_CONF[path_html] . "filemgmt/include/header.php"; $display = ''; $display .= '<table class="plugin" border="0" cellspacing="0" cellpadding="1" style="width:100%;">'; $display .= '<tr><td class="pluginAlert" style="text-align:right; padding:5px;">File Management Plugin</td>'; $display .= '<td class="pluginAlert" style="width:50%; padding:5px 0px 5px 10px;">Error Code: ' . $e_code . '</td></tr>'; $display .= '<tr><td colspan="2" class="pluginInfo"><b>ERROR:</b> ' . $errmsg[$e_code] . '</td></tr>'; $display .= '<tr><td colspan="2" class="pluginInfo" style="text-align:center;padding:10px;">'; $display .= '[ <a href="javascript:history.go(-' . $pages . ')">Go Back</a> ]</td></tr></table>'; if (function_exists('COM_createHTMLDocument')) { $display = COM_createHTMLDocument($display); } else { $display = COM_siteHeader() . $display . COM_siteFooter(); } COM_output($display); die(""); }
/** * Upload new topic icon, replaces previous icon if one exists * * @param string $tid ID of topic to prepend to filename * @return string filename of new photo (empty = no new photo) */ function handleIconUpload($tid) { global $_CONF, $_TABLES, $LANG27; $upload = new Upload(); if (!empty($_CONF['image_lib'])) { if ($_CONF['image_lib'] == 'imagemagick') { // Using imagemagick $upload->setMogrifyPath($_CONF['path_to_mogrify']); } elseif ($_CONF['image_lib'] == 'netpbm') { // using netPBM $upload->setNetPBM($_CONF['path_to_netpbm']); } elseif ($_CONF['image_lib'] == 'gdlib') { // using the GD library $upload->setGDLib(); } $upload->setAutomaticResize(true); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } if (isset($_CONF['jpeg_quality'])) { $upload->setJpegQuality($_CONF['jpeg_quality']); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_CONF['path_images'] . 'topics')) { $display = COM_showMessageText($upload->printErrors(false), $LANG27[29]); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG27[29])); COM_output($display); exit; // don't return } $filename = ''; // see if user wants to upload a (new) icon $newIcon = $_FILES['newicon']; if (!empty($newIcon['name'])) { $pos = strrpos($newIcon['name'], '.') + 1; $fExtension = substr($newIcon['name'], $pos); $filename = 'topic_' . $tid . '.' . $fExtension; } // do the upload if (!empty($filename)) { $upload->setFileNames($filename); $upload->setPerms('0644'); if ($_CONF['max_topicicon_width'] > 0 && $_CONF['max_topicicon_height'] > 0) { $upload->setMaxDimensions($_CONF['max_topicicon_width'], $_CONF['max_topicicon_height']); } else { $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']); } if ($_CONF['max_topicicon_size'] > 0) { $upload->setMaxFileSize($_CONF['max_topicicon_size']); } else { $upload->setMaxFileSize($_CONF['max_image_size']); } $upload->uploadFiles(); if ($upload->areErrors()) { $display = COM_showMessageText($upload->printErrors(false), $LANG27[29]); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG27[29])); COM_output($display); exit; // don't return } if (strpos($_CONF['path_images'], $_CONF['path_html']) === 0) { $filename = substr($_CONF['path_images'], strlen($_CONF['path_html']) - 1) . 'topics/' . $filename; } else { /** * Not really used when the 'path_images' is outside of the webroot. * Let's at least extract the name of the images directory then. */ $images = 'images'; $parts = explode('/', $_CONF['path_images']); if (count($parts) > 1) { $cnt = count($parts); // e.g. from /path/to/myimages/ would extract "myimages" if (empty($parts[$cnt - 1]) && !empty($parts[$cnt - 2])) { $images = $parts[$cnt - 2]; } $filename = '/' . $images . '/topics/' . $filename; } } } return $filename; }
*/ require_once '../lib-common.php'; /** * Security check to ensure user even belongs on this page */ require_once 'auth.inc.php'; // MAIN if (isset($_GET['mode']) && $_GET['mode'] == 'logout') { print COM_refresh($_CONF['site_url'] . '/users.php?mode=logout'); } /** * Display a reminder to execute the security check script * * @return string HTML for security reminder (or empty string) */ function security_check_reminder() { global $_CONF, $_TABLES, $_IMAGE_TYPE, $MESSAGE; $retval = ''; if (!SEC_inGroup('Root')) { return $retval; } $done = DB_getItem($_TABLES['vars'], 'value', "name = 'security_check'"); if ($done != 1) { $retval .= COM_showMessage(92); } return $retval; } $display = COM_showMessageFromParameter() . security_check_reminder() . COM_commandControl(); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG29[34])); COM_output($display);
/** * Save a route into database * * @param int $rid * @param int $method * @param string $rule * @param string $route * @param int $priority * @return string */ function saveRoute($rid, $method, $rule, $route, $priority) { global $_CONF, $_TABLES, $MESSAGE, $LANG_ROUTER; $messageText = ''; $rid = intval($rid, 10); $method = intval($method, 10); $rule = trim($rule); $route = trim($route); $priority = intval($priority, 10); if ($method < Router::HTTP_REQUEST_GET || $method > Router::HTTP_REQUEST_HEAD) { $messageText = $LANG_ROUTER[12]; } elseif ($rule === '') { $messageText = $LANG_ROUTER[13]; } elseif ($route === '') { $messageText = $LANG_ROUTER[14]; } elseif (substr_count($rule, '@') !== substr_count($route, '@')) { $messageText = $LANG_ROUTER[15]; } // If a rule doesn't begin with a slash, then add one silently if (strpos($rule, '/') !== 0) { $rule = '/' . $rule; } // If a rule starts with "/index.php", then remove it silently if (stripos($rule, '/index.php') === 0) { $rule = preg_replace('|^/index\\.php|i', '', $rule); } // If a route doesn't begin with a slash, then add one silently if (strpos($route, '/') !== 0) { $route = '/' . $route; } // If a route starts with "/index.php/", then make it an error to prevent the script // from going an infinite loop if (stripos($route, '/index.php/') === 0) { $messageText = $LANG_ROUTER[16]; } // Replace & with & $rule = str_ireplace('&', '&', $rule); $route = str_ireplace('&', '&', $route); // Check if placeholders are the same $numPlaceHoldersInRule = preg_match_all(Router::PLACEHOLDER_MATCH, $rule, $matchesRule, PREG_SET_ORDER); $numPlaceHoldersInRoute = preg_match_all(Router::PLACEHOLDER_MATCH, $route, $matchesRoute, PREG_SET_ORDER); if ($numPlaceHoldersInRule === $numPlaceHoldersInRoute) { if ($numPlaceHoldersInRule > 0) { array_shift($matchesRule); array_shift($matchesRoute); foreach ($matchesRule as $r) { if (!in_array($r, $matchesRoute)) { $messageText = $LANG_ROUTER[15]; break; } } } } else { $messageText = $LANG_ROUTER[15]; } // If priority is out of range, then fix it silently if ($priority < 1 || $priority > 65535) { $priority = Router::DEFAULT_PRIORITY; } if ($messageText !== '') { $content = COM_showMessageText($messageText, $MESSAGE[122]) . getRouteEditor($rid); $retval = COM_createHTMLDocument($content, array('pagetitle' => $MESSAGE[122])); return $retval; } // Save data into database $rid = DB_escapeString($rid); $method = DB_escapeString($method); $rule = DB_escapeString($rule); $route = DB_escapeString($route); $priority = DB_escapeString($priority); $count = intval(DB_count($_TABLES['routes'], 'rid', $rid), 10); if ($count === 0) { $sql = "INSERT INTO {$_TABLES['routes']} (rid, method, rule, route, priority) " . "VALUES (NULL, {$method}, '{$rule}', '{$route}', {$priority})"; } else { $sql = "UPDATE {$_TABLES['routes']} " . "SET method = {$method}, rule = '{$rule}', route = '{$route}', priority = {$priority} " . "WHERE rid = {$rid} "; } for ($i = 0; $i < 5; $i++) { DB_query($sql); if (!DB_error()) { reorderRoutes(); return COM_refresh($_CONF['site_admin_url'] . '/router.php?msg=121'); } // Retry } $content = COM_showMessageText($LANG_ROUTER[17], DB_error()) . getRouteEditor($rid); $retval = COM_createHTMLDocument($content, array('pagetitle' => $MESSAGE[122])); return $retval; }
} closedir($dir); } $header_arr = array(array('text' => $LANG_SX00['plugin'], 'field' => 'title'), array('text' => $LANG33[30], 'field' => 'regdate'), array('text' => $LANG_SX00['action'], 'field' => 'edit')); $data_arr = array(); foreach ($files as $file) { require_once $_CONF['path'] . 'plugins/spamx/' . $file . '.Admin.class.php'; $CM = new $file(); $action = 'Edit'; $link = $CM->linkText; $regdate = '-'; if (strpos($link, 'Edit ') !== false) { $link = substr($link, 5); $regdate = DB_getItem($_TABLES['spamx'], 'regdate', "name = '{$CM->moduleName}' ORDER BY regdate DESC "); } else { $action = 'View'; } $data_arr[] = array('title' => $link, 'regdate' => $regdate, 'edit' => COM_createLink($LANG_SX00[strtolower($action)], $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=' . $file)); } $data_arr[] = array('title' => $LANG_SX00['documentation'], 'regdate' => '-', 'edit' => COM_createLink($LANG_SX00['view'], plugin_getdocumentationurl_spamx('index'))); $display .= ADMIN_simpleList(null, $header_arr, null, $data_arr); if (isset($_REQUEST['command'])) { $cmd = COM_applyFilter($_REQUEST['command']); if (!empty($cmd) && in_array($cmd, $files)) { $CM = new $cmd(); $display .= $CM->display(); } } $display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_SX00['plugin_name'])); COM_output($display);
if (SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3 && SEC_hasRights('calendarjp.edit')) { $editurl = $_CONF['site_admin_url'] . '/plugins/calendarjp/index.php?mode=edit&eid=' . $A['eid']; $cal_templates->set_var('event_edit', COM_createLink($LANG01[4], $editurl)); $img = '<img src="' . $_CONF['layout_url'] . '/images/edit.' . $_IMAGE_TYPE . '" alt="' . $LANG01[4] . '" title="' . $LANG01[4] . '"' . XHTML . '>'; $cal_templates->set_var('edit_icon', COM_createLink($img, $editurl)); $cal_templates->set_var('hits_admin', COM_numberFormat($A['hits'])); $cal_templates->set_var('lang_hits_admin', $LANG10[30]); } else { $cal_templates->set_var('event_edit', ''); $cal_templates->set_var('edit_icon', ''); } } if ($mode == 'personal') { // personal events don't have a hits counter $cal_templates->set_var('lang_hits', ''); $cal_templates->set_var('hits', ''); } else { $cal_templates->set_var('lang_hits', $LANG10[30]); $cal_templates->set_var('hits', COM_numberFormat($A['hits'])); } $cal_templates->parse('event_details', 'details', true); } } $cal_templates->parse('output', 'events'); $display .= $cal_templates->finish($cal_templates->get_var('output')); } $display .= COM_endBlock(); $display = COM_createHTMLDocument($display, array('pagetitle' => $pagetitle)); } // end switch COM_output($display);
/** * Submit a new or updated story. The story is updated if it exists, or a new one is created * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @return int Response code as defined in lib-plugins.php */ function service_submit_story($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS; if (!SEC_hasRights('story.edit')) { $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30])); return PLG_RET_AUTH_FAILED; } require_once $_CONF['path_system'] . 'lib-comment.php'; if (!$_CONF['disable_webservices']) { require_once $_CONF['path_system'] . 'lib-webservices.php'; } $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit) { /* This is EDIT mode, so there should be an old sid */ if (empty($args['old_sid'])) { if (!empty($args['id'])) { $args['old_sid'] = $args['id']; } else { return PLG_RET_ERROR; } if (empty($args['sid'])) { $args['sid'] = $args['old_sid']; } } } else { if (empty($args['sid']) && !empty($args['id'])) { $args['sid'] = $args['id']; } } // Store the first CATEGORY as the Topic ID if (!empty($args['category'][0])) { $args['tid'] = $args['category'][0]; } $content = ''; if (!empty($args['content'])) { $content = $args['content']; } else { if (!empty($args['summary'])) { $content = $args['summary']; } } if (!empty($content)) { $parts = explode('[page_break]', $content); if (count($parts) == 1) { $args['introtext'] = $content; $args['bodytext'] = ''; } else { $args['introtext'] = array_shift($parts); $args['bodytext'] = implode('[page_break]', $parts); } } // Apply filters to the parameters passed by the webservice if ($args['gl_svc']) { if (isset($args['mode'])) { $args['mode'] = COM_applyBasicFilter($args['mode']); } if (isset($args['editopt'])) { $args['editopt'] = COM_applyBasicFilter($args['editopt']); } } // - START: Set all the defaults - /* if (empty($args['tid'])) { // see if we have a default topic $topic = DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND')); if (!empty($topic)) { $args['tid'] = $topic; } else { // otherwise, just use the first one $o = array(); $s = array(); if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) { $args['tid'] = $o[0]; } else { $svc_msg['error_desc'] = 'No topics available'; return PLG_RET_ERROR; } } } */ /* This is a solution for above but the above has issues if (!TOPIC_checkTopicSelectionControl()) { $svc_msg['error_desc'] = 'No topics selected or available'; return PLG_RET_ERROR; } */ if (empty($args['owner_id'])) { $args['owner_id'] = $_USER['uid']; } if (empty($args['group_id'])) { $args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']); } if (empty($args['postmode'])) { $args['postmode'] = $_CONF['postmode']; if (!empty($args['content_type'])) { if ($args['content_type'] == 'text') { $args['postmode'] = 'text'; } else { if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') { $args['postmode'] = 'html'; } } } } if ($args['gl_svc']) { // Permissions if (!isset($args['perm_owner'])) { $args['perm_owner'] = $_CONF['default_permissions_story'][0]; } else { $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true); } if (!isset($args['perm_group'])) { $args['perm_group'] = $_CONF['default_permissions_story'][1]; } else { $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true); } if (!isset($args['perm_members'])) { $args['perm_members'] = $_CONF['default_permissions_story'][2]; } else { $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true); } if (!isset($args['perm_anon'])) { $args['perm_anon'] = $_CONF['default_permissions_story'][3]; } else { $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true); } if (!isset($args['draft_flag'])) { $args['draft_flag'] = $_CONF['draft_flag']; } if (empty($args['frontpage'])) { $args['frontpage'] = $_CONF['frontpage']; } if (empty($args['show_topic_icon'])) { $args['show_topic_icon'] = $_CONF['show_topic_icon']; } } // - END: Set all the defaults - // TEST CODE /* foreach ($args as $k => $v) { if (!is_array($v)) { echo "$k => $v\r\n"; } else { echo "$k => $v\r\n"; foreach ($v as $k1 => $v1) { echo " $k1 => $v1\r\n"; } } }*/ // exit (); // END TEST CODE if (!isset($args['sid'])) { $args['sid'] = ''; } $args['sid'] = COM_sanitizeID($args['sid']); if (!$gl_edit) { if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) { $slug = ''; if (isset($args['slug'])) { $slug = $args['slug']; } if (function_exists('WS_makeId')) { $args['sid'] = WS_makeId($slug, STORY_MAX_ID_LENGTH); } else { $args['sid'] = COM_makeSid(); } } } $story = new Story(); $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit && !empty($args['gl_etag'])) { // First load the original story to check if it has been modified $result = $story->loadFromDatabase($args['sid']); if ($result == STORY_LOADED_OK) { if ($args['gl_etag'] != date('c', $story->_date)) { $svc_msg['error_desc'] = 'A more recent version of the story is available'; return PLG_RET_PRECONDITION_FAILED; } } else { $svc_msg['error_desc'] = 'Error loading story'; return PLG_RET_ERROR; } } // This function is also doing the security checks $result = $story->loadFromArgsArray($args); $sid = $story->getSid(); // Check if topics selected if not prompt required field if ($result == STORY_LOADED_OK) { if (!TOPIC_checkTopicSelectionControl()) { $result = STORY_EMPTY_REQUIRED_FIELDS; } } switch ($result) { case STORY_DUPLICATE_SID: $output .= COM_errorLog($LANG24[24], 2); if (!$args['gl_svc']) { $output .= storyeditor($sid); } $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[5])); return PLG_RET_ERROR; break; case STORY_EXISTING_NO_EDIT_PERMISSION: $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}."); return PLG_RET_PERMISSION_DENIED; break; case STORY_NO_ACCESS_PARAMS: $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}."); return PLG_RET_PERMISSION_DENIED; break; case STORY_EMPTY_REQUIRED_FIELDS: $output .= COM_errorLog($LANG24[31], 2); if (!$args['gl_svc']) { $output .= storyeditor($sid); } $output = COM_createHTMLDocument($output); return PLG_RET_ERROR; break; default: break; } /* Image upload is not supported by the web-service at present */ if (!$args['gl_svc']) { // Delete any images if needed if (array_key_exists('delete', $args)) { $delete = count($args['delete']); for ($i = 1; $i <= $delete; $i++) { $ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete'])); STORY_deleteImage($ai_filename); DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete'])); next($args['delete']); } } // OK, let's upload any pictures with the article if (DB_count($_TABLES['article_images'], 'ai_sid', $sid) > 0) { $index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '{$sid}'") + 1; } else { $index_start = 1; } if (count($_FILES) > 0 && $_CONF['maximagesperarticle'] > 0) { require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new Upload(); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } $upload->setMaxFileUploads($_CONF['maximagesperarticle']); if (!empty($_CONF['image_lib'])) { if ($_CONF['image_lib'] == 'imagemagick') { // Using imagemagick $upload->setMogrifyPath($_CONF['path_to_mogrify']); } elseif ($_CONF['image_lib'] == 'netpbm') { // using netPBM $upload->setNetPBM($_CONF['path_to_netpbm']); } elseif ($_CONF['image_lib'] == 'gdlib') { // using the GD library $upload->setGDLib(); } $upload->setAutomaticResize(true); if ($_CONF['keep_unscaled_image'] == 1) { $upload->keepOriginalImage(true); } else { $upload->keepOriginalImage(false); } if (isset($_CONF['jpeg_quality'])) { $upload->setJpegQuality($_CONF['jpeg_quality']); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_CONF['path_images'] . 'articles')) { $output = COM_showMessageText($upload->printErrors(false), $LANG24[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30])); echo $output; exit; } // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will // force any images bigger than the passed dimensions to be resized. // If mogrify is not set, any images larger than these dimensions // will get validation errors $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']); $upload->setMaxFileSize($_CONF['max_image_size']); // size in bytes, 1048576 = 1MB // Set file permissions on file after it gets uploaded (number is in octal) $upload->setPerms('0644'); $filenames = array(); $end_index = $index_start + $upload->numFiles() - 1; for ($z = $index_start; $z <= $end_index; $z++) { $curfile = current($_FILES); if (!empty($curfile['name'])) { $pos = strrpos($curfile['name'], '.') + 1; $fextension = substr($curfile['name'], $pos); $filenames[] = $sid . '_' . $z . '.' . $fextension; } next($_FILES); } $upload->setFileNames($filenames); reset($_FILES); $upload->uploadFiles(); if ($upload->areErrors()) { $retval = COM_showMessageText($upload->printErrors(false), $LANG24[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30])); echo $retval; exit; } reset($filenames); for ($z = $index_start; $z <= $end_index; $z++) { DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('{$sid}', {$z}, '" . current($filenames) . "')"); next($filenames); } } if ($_CONF['maximagesperarticle'] > 0) { $errors = $story->checkAttachedImages(); if (count($errors) > 0) { $output .= COM_startBlock($LANG24[54], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $LANG24[55] . LB . '<ul>' . LB; foreach ($errors as $err) { $output .= '<li>' . $err . '</li>' . LB; } $output .= '</ul>' . LB; $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= storyeditor($sid); $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[54])); echo $output; exit; } } } $result = $story->saveToDatabase(); if ($result == STORY_SAVED) { // see if any plugins want to act on that story if (!empty($args['old_sid']) && $args['old_sid'] != $sid) { PLG_itemSaved($sid, 'article', $args['old_sid']); } else { PLG_itemSaved($sid, 'article'); } // update feed(s) COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid); COM_rdfUpToDateCheck('comment'); STORY_updateLastArticlePublished(); CMT_updateCommentcodes(); if ($story->type == 'submission') { $output = COM_refresh($_CONF['site_admin_url'] . '/moderation.php?msg=9'); } else { $output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9); } /* @TODO Set the object id here */ $svc_msg['id'] = $sid; return PLG_RET_OK; } }
/** * Saves a block * * @param string $bid Block ID * @param string $title Block title * @param string $type Type of block * @param int $blockorder Order block appears relative to the others * @param string $content Content of block * @param string $tid Ids of topics block is assigned to * @param string $rdfurl URL to headline feed for portal blocks * @param string $rdfupdated Date RSS/RDF feed was last updated * @param string $rdflimit max. number of entries to import from feed * @param string $phpblockfn Name of php function to call to get content * @param int $onleft Flag indicates if block shows up on left or right * @param int $owner_id ID of owner * @param int $group_id ID of group block belongs to * @param array $perm_owner Permissions the owner has on the object * @param array $perm_group Permissions the group has on the object * @param array $perm_members Permissions the logged in members have * @param array $perm_anon Permissinos anonymous users have * @param int $is_enabled Flag, indicates if block is enabled or not * @return string HTML redirect or error message * */ function saveblock($bid, $name, $title, $help, $type, $blockorder, $content, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags, $cache_time) { global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE, $_USER; $retval = ''; $title = DB_escapeString(COM_stripslashes(strip_tags($title))); $phpblockfn = DB_escapeString(COM_stripslashes(trim($phpblockfn))); if (empty($title) || !TOPIC_checkTopicSelectionControl()) { $retval .= COM_showMessageText($LANG21[64], $LANG21[63]) . editblock($bid); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[63])); return $retval; } // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $access = 0; if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !TOPIC_hasMultiTopicAccess('topic') || !SEC_inGroup($group_id)) { $retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}."); return $retval; } elseif (!empty($name) and ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'phpblock' && !empty($phpblockfn) && !empty($title) or $type == 'gldefault' && strlen($blockorder) > 0)) { if ($is_enabled == 'on') { $is_enabled = 1; } else { $is_enabled = 0; } if ($allow_autotags == 'on') { $allow_autotags = 1; } else { $allow_autotags = 0; } if ($cache_time < -1 or $cache_time == "") { $cache_time = $_CONF['default_cache_time_block']; } if ($type == 'portal') { $content = ''; $rdfupdated = ''; $phpblockfn = ''; // get rid of possible extra prefixes (e.g. "feed://http://...") if (substr($rdfurl, 0, 4) == 'rss:') { $rdfurl = substr($rdfurl, 4); } elseif (substr($rdfurl, 0, 5) == 'feed:') { $rdfurl = substr($rdfurl, 5); } if (substr($rdfurl, 0, 2) == '//') { $rdfurl = substr($rdfurl, 2); } $rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https')); } if ($type == 'gldefault') { $content = ''; $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; $phpblockfn = ''; } if ($type == 'phpblock') { // NOTE: PHP Blocks must be within a function and the function // must start with phpblock_ as the prefix. This will prevent // the arbitrary execution of code if (!stristr($phpblockfn, 'phpblock_')) { $retval .= COM_showMessageText($LANG21[38], $LANG21[37]) . editblock($bid); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[37])); return $retval; } $content = ''; $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; } if ($type == 'normal') { $rdfurl = ''; $rdfupdated = ''; $rdflimit = 0; $phpblockfn = ''; if ($allow_autotags == 1) { // Remove any autotags the user doesn't have permission to use $content = PLG_replaceTags($content, '', true); } $content = DB_escapeString($content); } if ($rdflimit < 0) { $rdflimit = 0; } if (!empty($rdfurl)) { $rdfurl = DB_escapeString($rdfurl); } if (empty($rdfupdated)) { $rdfupdated = '0000-00-00 00:00:00'; } if ($bid > 0) { DB_save($_TABLES['blocks'], 'bid,name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time,rdf_last_modified,rdf_etag', "{$bid},'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time},NULL,NULL"); } else { $sql = array(); $sql['mysql'] = $sql['mssql'] = "INSERT INTO {$_TABLES['blocks']} " . '(name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time) ' . "VALUES ('{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time})"; $sql['pgsql'] = "INSERT INTO {$_TABLES['blocks']} " . '(bid,name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time) ' . "VALUES ((SELECT NEXTVAL('{$_TABLES['blocks']}_bid_seq')),'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','1970-01-01','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time})"; DB_query($sql); $bid = DB_insertId(); } TOPIC_saveTopicSelectionControl('block', $bid); $cacheInstance = 'block__' . $bid . '__'; // remove any of this blocks instances if exists CACHE_remove_instance($cacheInstance); return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=11'); } else { if (empty($name)) { // empty block name $msgtxt = $LANG21[50]; } elseif ($type == 'portal') { // Portal block is missing fields $msgtxt = $LANG21[33]; } elseif ($type == 'phpblock') { // PHP Block is missing field $msgtxt = $LANG21[34]; } elseif ($type == 'normal') { // Normal block is missing field $msgtxt = $LANG21[35]; } elseif ($type == 'gldefault') { // Default geeklog field missing $msgtxt = $LANG21[42]; } else { // Layout block missing content $msgtxt = $LANG21[36]; } $retval .= COM_showMessageText($msgtxt, $LANG21[32]) . editblock($bid); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[32])); } return $retval; }
$lang = $checked[$type] ? 'ja' : 'en'; JAPANIZE_execute($type, $lang); $msgs[] = JAPANIZE_str('msg_' . $lang . '_' . $type); } } } else { $new = $current; } if (count($msgs) > 0) { $li_style = ' style="margin: 0 0 0 2em; padding: 0;"'; $msgs = '<ol style="background-color: #ccff99; padding: 3px; border: solid 1px #33ccff;">' . '<li' . $li_style . '>' . implode('</li><li' . $li_style . '>', $msgs) . '</li></ol>'; } else { $msgs = ''; } if (DB_getItem($_TABLES['vars'], 'COUNT(*)', "name='japanize_plugin'") == 1) { $sql = "UPDATE {$_TABLES['vars']} " . "SET value = '" . DB_escapeString($new) . "' " . "WHERE (name = 'japanize_plugin') "; } else { $sql = "INSERT INTO {$_TABLES['vars']} (name, value) " . "VALUES ('japanize_plugin', '" . DB_escapeString($new) . "') "; } DB_query($sql); $T = new Template($_CONF['path'] . 'plugins/japanize/templates/admin'); $T->set_file('admin', 'index.thtml'); $T->set_var(array('checked1' => $checked[1] ? ' checked="checked"' : '', 'checked2' => $checked[2] ? ' checked="checked"' : '', 'checked3' => $checked[3] ? ' checked="checked"' : '', 'checked4' => $checked[4] ? ' checked="checked"' : '', 'checked5' => $checked[5] ? ' checked="checked"' : '', 'checked6' => $checked[6] ? ' checked="checked"' : '', 'icon_url' => plugin_geticon_japanize(), 'lang_cancel' => JAPANIZE_str('cancel'), 'lang_execute' => JAPANIZE_str('execute'), 'lang_japanize_all' => JAPANIZE_str('japanize_all'), 'lang_piname' => JAPANIZE_str('piname'), 'lang_restore_all' => JAPANIZE_str('restore_all'), 'msgs' => $msgs, 'site_admin_url' => $_CONF['site_admin_url'], 'token_name' => CSRF_TOKEN, 'token_value' => SEC_createToken(), 'xhtml' => XHTML)); $T->parse('output', 'admin'); $content = $T->finish($T->get_var('output')); $display = is_callable('COM_createHTMLDocument') ? COM_createHTMLDocument($content) : COM_siteHeader() . $content . COM_siteFooter(); if (is_callable('COM_output')) { COM_output($display); } else { echo $display; }
case 'msg': if (PLG_getItemInfo('staticpages', $_CONTACT_CONF['contact_page'], 'id') == $_CONTACT_CONF['contact_page']) { $display .= PLG_getItemInfo('staticpages', $_CONTACT_CONF['contact_page'], 'excerpt'); } $display .= '<div id="contactform" class="contactform">' . CONTACT_message($_GET['msg']) . '</div>'; if ($_CONTACT_CONF['contact_page_footer'] != '') { if (PLG_getItemInfo('staticpages', $_CONTACT_CONF['contact_page_footer'], 'id') == $_CONTACT_CONF['contact_page_footer']) { $display .= PLG_getItemInfo('staticpages', $_CONTACT_CONF['contact_page_footer'], 'excerpt'); } } break; default: if (PLG_getItemInfo('staticpages', $_CONTACT_CONF['contact_page'], 'id') == $_CONTACT_CONF['contact_page']) { $display .= PLG_getItemInfo('staticpages', $_CONTACT_CONF['contact_page'], 'excerpt'); } if ($_CONTACT_CONF['use_contact_form'] == 1) { $display .= CONTACT_contactform($uid, true, $subject); } if ($_CONTACT_CONF['contact_page_footer'] != '') { if (PLG_getItemInfo('staticpages', $_CONTACT_CONF['contact_page_footer'], 'id') == $_CONTACT_CONF['contact_page_footer']) { $display .= PLG_getItemInfo('staticpages', $_CONTACT_CONF['contact_page_footer'], 'excerpt'); } } break; } if (!defined("CONTACT_TITLE")) { define("CONTACT_TITLE", $LANG_CONTACT_1['plugin_name']); } $information = array('what' => CONTACT_MENU, 'pagetitle' => CONTACT_TITLE, 'breadcrumbs' => '', 'headercode' => '', 'rightblock' => CONTACT_FOOTER); $display = COM_createHTMLDocument($display, $information); COM_output($display);
/** * Save a group to the database * * @param string $grp_id ID of group to save * @param string $grp_name Group Name * @param string $grp_descr Description of group * @param boolean $grp_admin Flag that indicates this is an admin use group * @param boolean $grp_gl_core Flag that indicates if this is a core Geeklog group * @param boolean $grp_default Flag that indicates if this is a default group * @param boolean $grp_applydefault Flag that indicates whether to apply a change in $grp_default to all existing user accounts * @param array $features Features the group has access to * @param array $groups Groups this group will belong to * @return string HTML refresh or error message * */ function savegroup($grp_id, $grp_name, $grp_descr, $grp_admin, $grp_gl_core, $grp_default, $grp_applydefault, $features, $groups) { global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $_GROUP_VERBOSE; $retval = ''; if (!empty($grp_name) && !empty($grp_descr)) { $GroupAdminGroups = SEC_getUserGroups(); if (!empty($grp_id) && $grp_id > 0 && !in_array($grp_id, $GroupAdminGroups) && !SEC_groupIsRemoteUserAndHaveAccess($grp_id, $GroupAdminGroups)) { COM_accessLog("User {$_USER['username']} tried to edit group '{$grp_name}' ({$grp_id}) with insufficient privileges."); return COM_refresh($_CONF['site_admin_url'] . '/group.php'); } if ($grp_gl_core == 1 and !is_array($features)) { COM_errorLog("Sorry, no valid features were passed to this core group ({$grp_id}) and saving could cause problem...bailing."); return COM_refresh($_CONF['site_admin_url'] . '/group.php'); } // group names have to be unique, so check if this one exists already $g_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = '{$grp_name}'"); if ($g_id > 0) { if (empty($grp_id) || $grp_id != $g_id) { // there already is a group with that name - complain $retval .= COM_showMessageText($LANG_ACCESS['groupexistsmsg'], $LANG_ACCESS['groupexists']) . editgroup($grp_id); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor'])); return $retval; } } $grp_descr = COM_stripslashes($grp_descr); $grp_descr = DB_escapeString($grp_descr); $grp_applydefault_add = true; if (empty($grp_id)) { DB_save($_TABLES['groups'], 'grp_name,grp_descr,grp_gl_core,grp_default', "'{$grp_name}','{$grp_descr}',{$grp_gl_core},{$grp_default}"); $grp_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = '{$grp_name}'"); $new_group = true; } else { if ($grp_applydefault == 1) { // check if $grp_default changed $old_default = DB_getItem($_TABLES['groups'], 'grp_default', "grp_id = {$grp_id}"); if ($old_default == $grp_default) { // no change required $grp_applydefault = 0; } elseif ($old_default == 1) { $grp_applydefault_add = false; } } DB_save($_TABLES['groups'], 'grp_id,grp_name,grp_descr,grp_gl_core,grp_default', "{$grp_id},'{$grp_name}','{$grp_descr}',{$grp_gl_core},{$grp_default}"); $new_group = false; } if (empty($grp_id) || $grp_id < 1) { // "this shouldn't happen" COM_errorLog("Internal error: invalid group id"); $retval .= COM_showMessage(95); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor'])); return $retval; } // Use the field grp_gl_core to indicate if this non-core GL Group // is an Admin related group if ($grp_gl_core != 1 and $grp_id > 1) { if ($grp_admin == 1) { DB_query("UPDATE {$_TABLES['groups']} SET grp_gl_core=2 WHERE grp_id={$grp_id}"); } else { DB_query("UPDATE {$_TABLES['groups']} SET grp_gl_core=0 WHERE grp_id={$grp_id}"); } } // now save the features DB_delete($_TABLES['access'], 'acc_grp_id', $grp_id); $num_features = count($features); if (SEC_inGroup('Root')) { foreach ($features as $f) { DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id,acc_grp_id) VALUES ({$f},{$grp_id})"); } } else { $GroupAdminFeatures = SEC_getUserPermissions(); $availableFeatures = explode(',', $GroupAdminFeatures); foreach ($features as $f) { if (in_array($f, $availableFeatures)) { DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id,acc_grp_id) VALUES ({$f},{$grp_id})"); } } } if ($_GROUP_VERBOSE) { COM_errorLog('groups = ' . $groups); COM_errorLog("deleting all group_assignments for group {$grp_id}/{$grp_name}", 1); } DB_delete($_TABLES['group_assignments'], 'ug_grp_id', $grp_id); if (!empty($groups)) { foreach ($groups as $g) { if (in_array($g, $GroupAdminGroups)) { if ($_GROUP_VERBOSE) { COM_errorLog("adding group_assignment {$g} for {$grp_name}", 1); } $sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_grp_id) VALUES ({$g},{$grp_id})"; DB_query($sql); } } } // Make sure Root group belongs to any new group if (DB_getItem($_TABLES['group_assignments'], 'COUNT(*)', "ug_main_grp_id = {$grp_id} AND ug_grp_id = 1") == 0) { DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_grp_id) VALUES ({$grp_id}, 1)"); } // make sure this Group Admin belongs to the new group if (!SEC_inGroup('Root')) { if (DB_count($_TABLES['group_assignments'], 'ug_uid', "(ug_uid = {$_USER['uid']}) AND (ug_main_grp_id = {$grp_id})") == 0) { DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$grp_id},{$_USER['uid']})"); } } if ($grp_applydefault == 1) { applydefaultgroup($grp_id, $grp_applydefault_add); } if ($new_group) { PLG_groupChanged($grp_id, 'new'); } else { PLG_groupChanged($grp_id, 'edit'); } if (isset($_REQUEST['chk_showall']) && $_REQUEST['chk_showall'] == 1) { return COM_refresh($_CONF['site_admin_url'] . '/group.php?msg=49&chk_showall=1'); } else { return COM_refresh($_CONF['site_admin_url'] . '/group.php?msg=49'); } } else { $retval .= COM_showMessageText($LANG_ACCESS['missingfieldsmsg'], $LANG_ACCESS['missingfields']) . editgroup($grp_id); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor'])); return $retval; } }
/** * Saves link to the database * * @param string $lid ID for link * @param string $old_lid old ID for link * @param string $cid cid of category link belongs to * @param string $categorydd Category links belong to * @param string $url URL of link to save * @param string $description Description of link * @param string $title Title of link * @param int $hits Number of hits for link * @param int $owner_id ID of owner * @param int $group_id ID of group link belongs to * @param int $perm_owner Permissions the owner has * @param int $perm_group Permissions the group has * @param int $perm_members Permissions members have * @param int $perm_anon Permissions anonymous users have * @return string HTML redirect or error message * @global array core config vars * @global array core group data * @global array core table data * @global array core user data * @global array core msg data * @global array links plugin lang admin vars * */ function savelink($lid, $old_lid, $cid, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF; $retval = ''; // Convert array values to numeric permission values if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } // Remove any autotags the user doesn't have permission to use $description = PLG_replaceTags($description, '', true); // clean 'em up $description = DB_escapeString(COM_checkHTML(COM_checkWords($description), 'links.edit')); $title = DB_escapeString(strip_tags(COM_checkWords($title))); $cid = DB_escapeString($cid); if (empty($owner_id)) { // this is new link from admin, set default values $owner_id = $_USER['uid']; if (isset($_GROUPS['Links Admin'])) { $group_id = $_GROUPS['Links Admin']; } else { $group_id = SEC_getFeatureGroup('links.edit'); } $perm_owner = 3; $perm_group = 2; $perm_members = 2; $perm_anon = 2; } $lid = COM_sanitizeID($lid); $old_lid = COM_sanitizeID($old_lid); if (empty($lid)) { if (empty($old_lid)) { $lid = COM_makeSid(); } else { $lid = $old_lid; } } // check for link id change if (!empty($old_lid) && $lid != $old_lid) { // check if new lid is already in use if (DB_count($_TABLES['links'], 'lid', $lid) > 0) { // TBD: abort, display editor with all content intact again $lid = $old_lid; // for now ... } } $access = 0; $old_lid = DB_escapeString($old_lid); if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}."); COM_output($display); exit; } elseif (!empty($title) && !empty($description) && !empty($url)) { if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) { $cid = DB_escapeString($categorydd); } else { if ($categorydd != $LANG_LINKS_ADMIN[7]) { echo COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php'); } } DB_delete($_TABLES['linksubmission'], 'lid', $old_lid); DB_delete($_TABLES['links'], 'lid', $old_lid); DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$lid}','{$cid}','{$url}','{$description}','{$title}',NOW(),'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"); if (empty($old_lid) || $old_lid == $lid) { PLG_itemSaved($lid, 'links'); } else { PLG_itemSaved($lid, 'links', $old_lid); } // Get category for rdf check $category = DB_getItem($_TABLES['linkcategories'], "category", "cid='{$cid}'"); COM_rdfUpToDateCheck('links', $category, $lid); return PLG_afterSaveSwitch($_LI_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/links/portal.php?what=link&item={$lid}"), 'links', 2); } else { // missing fields $retval .= COM_errorLog($LANG_LINKS_ADMIN[10], 2); if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) { $retval .= editlink('edit', $old_lid); } else { $retval .= editlink('edit', ''); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LINKS_ADMIN[1])); return $retval; } }
/** * Saves the user's information back to the database * * @param array $A User's data * @return string HTML error message or meta redirect * */ function saveuser($A) { global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE; if ($_US_VERBOSE) { COM_errorLog('**** Inside saveuser in usersettings.php ****', 1); } $reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = {$_USER['uid']}"); if ($reqid != $A['uid']) { DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $_USER['uid']); COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}."); return COM_refresh($_CONF['site_url'] . '/index.php'); } if (!isset($A['cooktime'])) { // If not set or possibly removed from template - set to default $A['cooktime'] = $_CONF['default_perm_cookie_timeout']; } else { $A['cooktime'] = COM_applyFilter($A['cooktime'], true); } // If empty or invalid - set to user default // So code after this does not fail the user password required test if ($A['cooktime'] < 0) { // note that == 0 is allowed! $A['cooktime'] = $_USER['cookietimeout']; } // to change the password, email address, or cookie timeout, // we need the user's current password $service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$_USER['uid']}"); if ($service == '') { if (!empty($A['passwd']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) { // verify password if (empty($A['old_passwd']) || SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) < 0) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83'); } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message handler // - if not numeric use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}"); } } } elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($A['username'], $A['email']); if (!empty($ret)) { // Need a numeric return for the default message handler // - if not numeric use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}"); } } } else { if ($A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) { // re athenticate remote user again for these changes to take place // Can't just be done here since user may have to relogin to his service which then sends us back here and we lose his changes } } // no need to filter the password as it's encoded anyway if ($_CONF['allow_username_change'] == 1) { $A['new_username'] = COM_applyFilter($A['new_username']); if (!empty($A['new_username']) && $A['new_username'] != $_USER['username']) { $A['new_username'] = DB_escapeString($A['new_username']); if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) { if ($_CONF['allow_user_photo'] == 1) { $photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}"); if (!empty($photo)) { $newphoto = preg_replace('/' . $_USER['username'] . '/', $A['new_username'], $photo, 1); $imgpath = $_CONF['path_images'] . 'userphotos/'; if (rename($imgpath . $photo, $imgpath . $newphoto) === false) { $display = COM_errorLog('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".'); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[21])); return $display; } DB_change($_TABLES['users'], 'photo', DB_escapeString($newphoto), "uid", $_USER['uid']); } } DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", $_USER['uid']); } else { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51'); } } } // a quick spam check with the unfiltered field contents $profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1><p>'; // this is a hack, for some reason remoteservice links made SPAMX SLV check barf if (empty($service)) { $profile .= COM_createLink($A['homepage'], $A['homepage']) . '<br' . XHTML . '>'; } $profile .= $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>' . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>'; $result = PLG_checkforSpam($profile, $_CONF['spamx']); if ($result > 0) { COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden'); } $A['email'] = COM_applyFilter($A['email']); $A['email_conf'] = COM_applyFilter($A['email_conf']); $A['homepage'] = COM_applyFilter($A['homepage']); // basic filtering only $A['fullname'] = strip_tags(COM_stripslashes($A['fullname'])); $A['location'] = strip_tags(COM_stripslashes($A['location'])); $A['sig'] = strip_tags(COM_stripslashes($A['sig'])); $A['about'] = strip_tags(COM_stripslashes($A['about'])); $A['pgpkey'] = strip_tags(COM_stripslashes($A['pgpkey'])); if (!COM_isEmail($A['email'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52'); } else { if ($A['email'] !== $A['email_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78'); } else { if (emailAddressExists($A['email'], $_USER['uid'])) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56'); } else { $passwd = ''; if ($service == '') { if (!empty($A['passwd'])) { if ($A['passwd'] == $A['passwd_conf'] && SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) == 0) { SEC_updateUserPassword($A['passwd'], $_USER['uid']); if ($A['cooktime'] > 0) { $cooktime = $A['cooktime']; } else { $cooktime = -1000; } SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime); } elseif (SEC_encryptUserPassword($A['old_passwd'], $_USER['uid']) < 0) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68'); } elseif ($A['passwd'] != $A['passwd_conf']) { return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67'); } } } else { // Cookie if ($A['cooktime'] > 0) { $cooktime = $A['cooktime']; } else { $cooktime = -1000; } SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime); } if ($_US_VERBOSE) { COM_errorLog('cooktime = ' . $A['cooktime'], 1); } if ($A['cooktime'] <= 0) { $cooktime = 1000; SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() - $cooktime); } else { SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $A['cooktime']); } if ($_CONF['allow_user_photo'] == 1) { $delete_photo = ''; if (isset($A['delete_photo'])) { $delete_photo = $A['delete_photo']; } $filename = handlePhotoUpload($delete_photo); } if (!empty($A['homepage'])) { $pos = MBYTE_strpos($A['homepage'], ':'); if ($pos === false) { $A['homepage'] = 'http://' . $A['homepage']; } else { $prot = substr($A['homepage'], 0, $pos + 1); if ($prot != 'http:' && $prot != 'https:') { $A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1); } } $A['homepage'] = DB_escapeString($A['homepage']); } $A['fullname'] = DB_escapeString($A['fullname']); $A['email'] = DB_escapeString($A['email']); $A['location'] = DB_escapeString($A['location']); $A['sig'] = DB_escapeString($A['sig']); $A['about'] = DB_escapeString($A['about']); $A['pgpkey'] = DB_escapeString($A['pgpkey']); if (!empty($filename)) { if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) { $filename = ''; } } DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='{$filename}' WHERE uid={$_USER['uid']}"); DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}"); // Call custom registration save function if enabled and exists if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) { CUSTOM_userSave($_USER['uid']); } PLG_userInfoChanged($_USER['uid']); // at this point, the user information has been saved, but now we're going to check to see if // the user has requested resynchronization with their remoteservice account $msg = 5; // default msg = Your account information has been successfully saved if (isset($A['resynch'])) { if ($_CONF['user_login_method']['oauth'] && strpos($_USER['remoteservice'], 'oauth.') === 0) { $modules = SEC_collectRemoteOAuthModules(); $active_service = count($modules) == 0 ? false : in_array(substr($_USER['remoteservice'], 6), $modules); if (!$active_service) { $status = -1; $msg = 115; // Remote service has been disabled. } else { require_once $_CONF['path_system'] . 'classes/oauthhelper.class.php'; $service = substr($_USER['remoteservice'], 6); $consumer = new OAuthConsumer($service); $callback_url = $_CONF['site_url']; $consumer->setRedirectURL($callback_url); $user = $consumer->authenticate_user(); $consumer->doSynch($user); } } if ($msg != 5) { $msg = 114; // Account saved but re-synch failed. COM_errorLog($MESSAGE[$msg]); } } if ($_US_VERBOSE) { COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1); } return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=' . $msg); } } } }
$mode = COM_applyFilter($_POST['mode']); $bquota = COM_applyFilter($_POST['bquota'], true); $bquota = $bquota * 1048576; $numItems = count($_POST['uid']); for ($i = 0; $i < $numItems; $i++) { DB_change($_TABLES['mg_userprefs'], 'quota', $bquota, 'uid', $_POST['uid'][$i]); if (DB_error()) { $sql = "INSERT INTO {$_TABLES['mg_userprefs']} (uid, active, display_rows, display_columns, mp3_player, playback_mode, tn_size, quota, member_gallery) " . "VALUES (" . $uid . ",1,0,0,-1,-1,-1," . $bquota . ",0)"; DB_query($sql, 1); } } } $page = isset($_GET['page']) ? COM_applyFilter($_GET['page'], true) : 0; if ($page <= 0) { $page = 0; } else { $page--; } $quota = isset($_POST['quota']) ? COM_applyFilter($_POST['quota'], true) : 0; $used = isset($_POST['used']) ? COM_applyFilter($_POST['used'], true) : 0; $T = new Template($_MG_CONF['template_path']); $T->set_file('admin', 'administration.thtml'); $T->set_var(array('site_admin_url' => $_MG_CONF['admin_url'], 'site_url' => $_MG_CONF['site_url'], 'lang_admin' => $LANG_MG00['admin'], 'xhtml' => XHTML)); $T->set_var(array('admin_body' => MG_quotaReport($page, $quota, $used), 'title' => $LANG_MG01['quota_report'], 'lang_help' => '<img src="' . MG_getImageFile('button_help.png') . '" border="0" alt="?">', 'help_url' => $_MG_CONF['site_url'] . '/docs/usage.html#Member_Album_User_list')); $T->parse('output', 'admin'); $display = COM_startBlock($LANG_MG00['admin'], '', COM_getBlockTemplate('_admin_block', 'header')); $display .= MG_showAdminMenu('member_albums'); $display .= $T->finish($T->get_var('output')); $display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_MG01['quota_report'])); COM_output($display);
} elseif ($mode == $LANG_ADMIN['save'] && !empty($LANG_ADMIN['save']) && SEC_checkToken()) { $msg = links_save_category($_POST['cid'], $_POST['old_cid'], $_POST['pid'], $_POST['category'], $_POST['description'], COM_applyFilter($_POST['tid']), COM_applyFilter($_POST['owner_id'], true), COM_applyFilter($_POST['group_id'], true), $_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon']); $display .= COM_showMessage($msg, 'links'); $display .= links_list_categories($root); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_LINKS_ADMIN[11])); // edit category } else { if ($mode == 'edit') { $pid = ''; if (isset($_GET['pid'])) { $pid = strip_tags(COM_stripslashes($_GET['pid'])); } $cid = ''; if (isset($_GET['cid'])) { $cid = strip_tags(COM_stripslashes($_GET['cid'])); } $display .= links_edit_category($cid, $pid); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_LINKS_ADMIN[56])); // nothing, so list categories } else { if (isset($_REQUEST['msg'])) { $msg = COM_applyFilter($_REQUEST['msg'], true); if ($msg > 0) { $display .= COM_showMessage($msg, 'links'); } } $display .= links_list_categories($root); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_LINKS_ADMIN[11])); } } COM_output($display);
if (count($categories) == 0) { list($num_items, $items) = MYCALJP_buildItems($driver, $driver_name, false); $T->set_var('category_list', $items); } else { $cats = ''; foreach ($categories as $category) { list($num_cat, $cat) = MYCALJP_buildCategory($driver, $driver_name, $category); if ($num_cat > 0) { $cats .= $cat; } $num_items += $num_cat; } $T->set_var('categories', $cats); $T->parse('category_list', 't_category_list'); } if ($num_items > 0) { $T->set_var('num_items', $num_items); if ($content == 'stories' && $_MYCALJP2_CONF['showstoriesintro']) { $T->set_var('contents', MYCALJP_showStoriesIntro()); $T->parse('data_sources', 't_data_source_no_hr', true); } else { $T->parse('data_sources', 't_data_source', true); } } } $T->set_var('lang_site_calendar_result', $LANG_MYCALJP['pickup_title']); // ハードコード $T->parse('output', 't_index'); $display = $T->finish($T->get_var('output')); $display = COM_createHTMLDocument($display, array('rightblock' => $_MYCALJP2_CONF['enablesrblocks'])); COM_output($display);
} $retval['errorCode'] = 0; $return["json"] = json_encode($retval); echo json_encode($return); exit; break; case 'convertdbcomplete': $engine = COM_applyFilter($_POST['engine']); DBADMIN_ajaxFinishCvt($engine); $retval['errorCode'] = 0; $return["json"] = json_encode($retval); echo json_encode($return); exit; break; case 'dbbackup_init': DBADMIN_backupAjax(); break; case 'dbbackup_table': DBADMIN_backupTableAjax(); break; case 'dbbackup_complete': DBADMIN_backupCompleteAjax(); break; } break; default: $page = DBADMIN_list(); break; } $display = COM_createHTMLDocument($page, array('pagetitle' => $LANG_DB_BACKUP['database_admin'])); COM_output($display);
} if (!isset($_POST['sp_inblock'])) { $_POST['sp_inblock'] = ''; } if (!isset($_POST['postmode'])) { $_POST['postmode'] = ''; } if (!isset($_POST['draft_flag'])) { $_POST['draft_flag'] = ''; } if (!isset($_POST['cache_time'])) { $_POST['cache_time'] = $_SP_CONF['default_cache_time']; } if (!isset($_POST['template_flag'])) { $_POST['template_flag'] = ''; } $display .= submitstaticpage($sp_id, $_POST['sp_title'], $_POST['sp_page_title'], $_POST['sp_content'], COM_applyFilter($_POST['sp_hits'], true), COM_applyFilter($_POST['sp_format']), $_POST['sp_onmenu'], $_POST['sp_label'], COM_applyFilter($_POST['commentcode'], true), COM_applyFilter($_POST['owner_id'], true), COM_applyFilter($_POST['group_id'], true), $_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon'], $_POST['sp_php'], $_POST['sp_nf'], COM_applyFilter($_POST['sp_old_id']), $_POST['sp_centerblock'], $sp_help, COM_applyFilter($_POST['sp_where'], true), $_POST['sp_inblock'], COM_applyFilter($_POST['postmode']), $_POST['meta_description'], $_POST['meta_keywords'], $_POST['draft_flag'], $_POST['template_flag'], $_POST['template_id'], COM_applyFilter($_POST['cache_time'], true)); } else { $display = COM_refresh($_CONF['site_admin_url'] . '/index.php'); } } else { if (isset($_REQUEST['msg'])) { $msg = COM_applyFilter($_REQUEST['msg'], true); if ($msg > 0) { $display .= COM_showMessage($msg, 'staticpages'); } } $display .= liststaticpages(); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_STATIC['staticpagelist'])); } COM_output($display);
/** * This will save a submission * * @param string $type Type of submission we are dealing with * @param array $A Data for that submission * */ function savesubmission($type, $A) { global $_CONF, $_TABLES, $LANG12; COM_clearSpeedlimit($_CONF['speedlimit'], 'submit'); $last = COM_checkSpeedlimit('submit'); if ($last > 0) { $retval = COM_showMessageText($LANG12[30] . $last . $LANG12[31], $LANG12[26]); $retval = COM_createHTMLDocument($retval); return $retval; } if (!empty($type) && $type !== 'story') { // Update the submitspeedlimit for user - assuming Plugin approves // submission record COM_updateSpeedlimit('submit'); // see if this is a submission that needs to be handled by a plugin // and should include its own redirect $retval = PLG_saveSubmission($type, $A); if ($retval === false) { COM_errorLog("Could not save your submission. Bad type: {$type}"); } elseif (empty($retval)) { // plugin should include its own redirect - but in case handle // it here and redirect to the main page PLG_submissionSaved($type); COM_redirect($_CONF['site_url'] . '/index.php'); } else { PLG_submissionSaved($type); return $retval; } } if (!empty($A['title']) && !empty($A['introtext']) && TOPIC_checkTopicSelectionControl()) { $retval = savestory($A); PLG_submissionSaved($type); } else { $retval = COM_showMessageText($LANG12[23], $LANG12[22]) . submissionform($type); $retval = COM_createHTMLDocument($retval); } return $retval; }
$log = 'error.log'; } $display = ''; $menu_arr = array(array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home'])); $display = COM_startBlock($LANG_LOGVIEW['log_viewer'], '', COM_getBlockTemplate('_admin_block', 'header')) . ADMIN_createMenu($menu_arr, $LANG_LOGVIEW['info'], $_CONF['layout_url'] . '/images/icons/log_viewer.' . $_IMAGE_TYPE); $display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/logviewer.php" class="uk-form"><div>' . $LANG_LOGVIEW['logs'] . ': ' . '<select name="log">'; foreach (glob($_CONF['path_log'] . '*.log') as $file) { $file = basename($file); $display .= '<option value="' . $file . '"'; if ($log === $file) { $display .= ' selected="selected"'; } $display .= '>' . $file . '</option>'; } $display .= '</select> ' . '<button type="submit" name="viewlog" value="' . $LANG_LOGVIEW['view'] . '" class="uk-button">' . $LANG_LOGVIEW['view'] . '</button>' . ' ' . '<button type="submit" name="clearlog" value="' . $LANG_LOGVIEW['clear'] . '" class="uk-button" onclick="return confirm(\'' . $MESSAGE[76] . '\');">' . $LANG_LOGVIEW['clear'] . '</button>' . '</div></form>'; if (isset($_POST['clearlog'])) { if (@unlink($_CONF['path_log'] . $log)) { $timestamp = strftime("%c"); @file_put_contents($_CONF['path_log'] . $log, "{$timestamp} - Log File Cleared " . PHP_EOL, FILE_APPEND); $_POST['viewlog'] = 1; } } if (isset($_POST['viewlog'])) { $display .= '<p><strong>' . $LANG_LOGVIEW['log_file'] . ': ' . $log . '</strong></p>' . '<div style="margin:10px 0 5px;border-bottom:1px solid #cccccc;"></div>' . '<pre style="overflow:scroll; height:500px;">' . htmlentities(file_get_contents($_CONF['path_log'] . $log), ENT_NOQUOTES, COM_getEncodingt()) . '</pre>'; } $display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); $output = COM_createHTMLDocument($display, array('pagetitle' => $LANG_LOGVIEW['log_viewer'])); header('Content-Type: text/html; charset=' . COM_getEncodingt()); header('X-XSS-Protection: 1; mode=block'); header('X-Content-Type-Options: nosniff'); COM_output($output);
// +--------------------------------------------------------------------------+ // | | // | This program is free software; you can redistribute it and/or | // | modify it under the terms of the GNU General Public License | // | as published by the Free Software Foundation; either version 2 | // | of the License, or (at your option) any later version. | // | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +--------------------------------------------------------------------------+ require_once '../lib-common.php'; $display = ''; if (!SEC_inGroup('Root')) { $display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally access the clear cache."); COM_output($display); exit; } /* * Main processing */ CTL_clearCache(); COM_redirect($_CONF['site_admin_url'] . '/index.php?msg=500');
/** * Display weblog directory service editor * * @param int $pid ID of the service or 0 for new service * @param string $msg an error message to display * @param string $new_name name of the service * @param string $new_site_url URL of the service's site * @param string $new_ping_url URL to ping at the service * @param string $new_method ping method to use * @param int $new_enabled service is enabled (1) / disabled (0) * @return string HTML for the editor * */ function editServiceForm($pid, $msg = '', $new_name = '', $new_site_url = '', $new_ping_url = '', $new_method = '', $new_enabled = -1) { global $_CONF, $_TABLES, $LANG_TRB, $LANG_ADMIN, $MESSAGE; $retval = ''; if ($pid > 0) { $result = DB_query("SELECT * FROM {$_TABLES['pingservice']} WHERE pid = '{$pid}'"); $A = DB_fetchArray($result); } else { $A['is_enabled'] = 1; $A['method'] = 'weblogUpdates.ping'; } if (!empty($new_name)) { $A['name'] = $new_name; } if (!empty($new_site_url)) { $A['site_url'] = $new_site_url; } if (!empty($new_ping_url)) { $A['ping_url'] = $new_ping_url; } if (!empty($new_method)) { $A['method'] = $new_method; } if ($new_enabled >= 0) { $A['is_enabled'] = $new_enabled; } if (!empty($msg)) { $retval .= showTrackbackMessage('Error', $msg); } $token = SEC_createToken(); $retval .= COM_startBlock($LANG_TRB['edit_service'], getHelpUrl() . '#ping', COM_getBlockTemplate('_admin_block', 'header')); $retval .= SEC_getTokenExpiryNotice($token); $template = COM_newTemplate($_CONF['path_layout'] . 'admin/trackback'); $template->set_file(array('editor' => 'serviceeditor.thtml')); $template->set_var('max_url_length', 255); $template->set_var('method_ping', 'weblogUpdates.ping'); $template->set_var('method_ping_extended', 'weblogUpdates.extendedPing'); $template->set_var('lang_name', $LANG_TRB['service']); $template->set_var('lang_site_url', $LANG_TRB['service_website']); $template->set_var('lang_ping_url', $LANG_TRB['service_ping_url']); $template->set_var('lang_enabled', $LANG_ADMIN['enabled']); $template->set_var('lang_method', $LANG_TRB['ping_method']); $template->set_var('lang_method_standard', $LANG_TRB['ping_standard']); $template->set_var('lang_method_extended', $LANG_TRB['ping_extended']); $template->set_var('lang_save', $LANG_ADMIN['save']); $template->set_var('lang_cancel', $LANG_ADMIN['cancel']); if ($pid > 0) { $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="servicemode[2]"%s' . XHTML . '>'; $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; $template->set_var('delete_option', sprintf($delbutton, $jsconfirm)); $template->set_var('delete_option_no_confirmation', sprintf($delbutton, '')); } else { $template->set_var('delete_option', ''); } if (isset($A['pid'])) { $template->set_var('service_id', $A['pid']); } else { $template->set_var('service_id', ''); } if (isset($A['name'])) { $template->set_var('service_name', $A['name']); } else { $template->set_var('service_name', ''); } if (isset($A['site_url'])) { $template->set_var('service_site_url', $A['site_url']); } else { $template->set_var('service_site_url', ''); } if (isset($A['ping_url'])) { $template->set_var('service_ping_url', $A['ping_url']); } else { $template->set_var('service_ping_url', ''); } if ($A['is_enabled'] == 1) { $template->set_var('is_enabled', 'checked="checked"'); } else { $template->set_var('is_enabled', ''); } if ($A['method'] == 'weblogUpdates.ping') { $template->set_var('standard_is_checked', 'checked="checked"'); $template->set_var('extended_is_checked', ''); } else { $template->set_var('standard_is_checked', ''); $template->set_var('extended_is_checked', 'checked="checked"'); } $template->set_var('gltoken_name', CSRF_TOKEN); $template->set_var('gltoken', $token); $template->parse('output', 'editor'); $retval .= $template->finish($template->get_var('output')); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_TRB['edit_service'])); return $retval; }
/** * Check a security token. * Checks the POST and GET data for a security token, if one exists, validates * that it's for this user and URL. If the token is not valid, it asks the user * to re-authenticate and resends the request if authentication was successful. * * @return boolean true if the token is valid; does not return if not! * @see SECINT_checkToken * @link http://wiki.geeklog.net/index.php/Re-Authentication_for_expired_Tokens */ function SEC_checkToken() { global $_CONF, $LANG20, $LANG_ADMIN; if (SECINT_checkToken()) { // if this was a recreated request, recreate $_FILES array, too SECINT_recreateFilesArray(); return true; } /** * Token not valid (probably expired): Ask user to authenticate again */ $returnurl = COM_getCurrentUrl(); $method = strtoupper($_SERVER['REQUEST_METHOD']); $postdata = serialize($_POST); $getdata = serialize($_GET); $files = ''; if (!empty($_FILES)) { // rescue uploaded files foreach ($_FILES as $key => $f) { if (!empty($f['name'])) { $filename = basename($f['tmp_name']); move_uploaded_file($f['tmp_name'], $_CONF['path_data'] . $filename); $_FILES[$key]['tmp_name'] = $filename; // drop temp. dir } } $files = serialize($_FILES); } $display = COM_showMessageText($LANG_ADMIN['token_expired']) . SECINT_authform($returnurl, $method, $postdata, $getdata, $files); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG20[1])); COM_output($display); exit; // we don't return from here }
$directory = DIR_displayAll($template, $dir_topic); $page_navigation = ''; $block_title = $LANG_DIR['title']; $val_year = 0; $val_month = 0; if ($conf_list_current_month) { $currentTime = time(); $currentYear = date('Y', $currentTime); $currentMonth = date('n', $currentTime); $thisMonth = COM_startBlock($LANG_MONTH[$currentMonth]) . DIR_displayMonth($template, $dir_topic, $currentYear, $currentMonth) . COM_endBlock(); if (TEMPLATE_EXISTS) { $template->set_var('current_month', $thisMonth); } else { $display .= $thisMonth; } } } if (TEMPLATE_EXISTS) { $topic_list = TOPIC_getTopicListSelect($dir_topic, 2, true); $template->set_var(array('url' => $_CONF['site_url'] . '/' . THIS_SCRIPT, 'topic_list' => $topic_list, 'blockheader' => COM_startBlock($block_title), 'val_year' => $val_year, 'val_month' => $val_month, 'directory' => $directory, 'page_navigation' => $page_navigation, 'blockfooter' => COM_endBlock())); $template->parse('output', 't_directory'); $display .= $template->finish($template->get_var('output')); } else { $display .= COM_startBlock($block_title); $display .= DIR_topicList($dir_topic, $val_year, $val_month) . LB; $display .= $directory; $display .= '<div class="pagenav">' . $page_navigation . '</div>' . LB; $display .= COM_endBlock(); } $display = COM_createHTMLDocument($display, array('pagetitle' => $title, 'headercode' => $headerCode)); COM_output($display);
/** * Display "batch add" (import) form * * @return string HTML for import form * */ function display_batchAddform() { global $_CONF, $LANG28, $LANG_ADMIN, $_IMAGE_TYPE; require_once $_CONF['path_system'] . 'lib-admin.php'; $retval = ''; $token = SEC_createToken(); $retval .= COM_startBlock($LANG28[24], '', COM_getBlockTemplate('_admin_block', 'header')); $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/user.php', 'text' => $LANG28[11]), array('url' => $_CONF['site_admin_url'] . '/user.php?mode=batchdelete', 'text' => $LANG28[54]), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home'])); $desc = '<p>' . $LANG28[25] . '</p>'; $icon = $_CONF['layout_url'] . '/images/icons/user.' . $_IMAGE_TYPE; $retval .= ADMIN_createMenu($menu_arr, $desc, $icon); $retval .= '<form action="' . $_CONF['site_admin_url'] . '/user.php" method="post" enctype="multipart/form-data"><div>' . $LANG28[29] . ': <input type="file" dir="ltr" name="importfile" size="40"' . XHTML . '>' . '<input type="hidden" name="mode" value="import"' . XHTML . '>' . '<input type="submit" name="submit" value="' . $LANG28[30] . '"' . XHTML . '><input type="hidden" name="' . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . '></div></form>' . LB; $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[24])); return $retval; }
$retval .= "</select> "; $retval .= "<input type=\"submit\" name=\"action\" value=\"{$LANG_CP00['view_file']}\"" . XHTML . ">"; $retval .= " "; $retval .= "<input type=\"submit\" name=\"action\" value=\"{$LANG_CP00['clear_file']}\"" . XHTML . ">"; $retval .= "</form>"; $action = COM_applyFilter($_REQUEST['action']); if ($action == $LANG_CP00['clear_file']) { @unlink($_CONF['path_log'] . $log); $timestamp = strftime("%c"); $fd = fopen($_CONF['path_log'] . $log, 'a'); fputs($fd, "{$timestamp} - {$LANG_CP00['file_cleared']} \n"); fclose($fd); $action = $LANG_CP00['view_file']; } if ($action == $LANG_CP00['view_file']) { $retval .= "<hr" . XHTML . "><p><b>{$LANG_CP00['file']} " . $log . "</b></p><div class=\"captcha_logview\">"; if (file_exists($_CONF['path_log'] . $log)) { $retval .= implode('<br' . XHTML . '><br' . XHTML . '>', file($_CONF['path_log'] . $log)); } $retval .= "</div>"; } $T->set_var(array('admin_body' => $retval, 'title' => $LANG_CP00['log_viewer'])); $T->parse('output', 'admin'); $display .= $T->finish($T->get_var('output')) . COM_endBlock(); //Output if (function_exists("COM_createHTMLDocument")) { //Geeklog 2.0+ COM_output(COM_createHTMLDocument($display)); } else { COM_output(COM_siteHeader() . $display . COM_siteFooter(true)); }
if (isset($_GET['mode'])) { $mode = COM_applyFilter($_GET['mode']); } } $T = new Template($_MG_CONF['template_path']); $T->set_file('admin', 'administration.thtml'); $T->set_var(array('site_admin_url' => $_CONF['site_admin_url'], 'site_url' => $_MG_CONF['site_url'], 'lang_admin' => $LANG_MG00['admin'], 'xhtml' => XHTML)); if ($mode == $LANG_MG01['save'] && !empty($LANG_MG01['save'])) { MG_createUsers(); exit; } elseif ($mode == $LANG_MG01['cancel']) { echo COM_refresh($_MG_CONF['admin_url'] . 'index.php'); exit; } else { if (isset($_REQUEST['page'])) { $page = COM_applyFilter($_REQUEST['page'], true) - 1; if ($page < 0) { $page = 0; } } else { $page = 0; } $T->set_var(array('admin_body' => MG_selectUsers($page), 'title' => $LANG_MG01['batch_create_members'], 'lang_help' => '<img src="' . MG_getImageFile('button_help.png') . '" style="border:none;" alt="?"' . XHTML . '>', 'help_url' => $_MG_CONF['site_url'] . '/docs/usage.html#Batch_Create_Member_Albums')); } $T->parse('output', 'admin'); $display = COM_startBlock($LANG_MG00['admin'], '', COM_getBlockTemplate('_admin_block', 'header')); $display .= MG_showAdminMenu('member_albums'); $display .= $T->finish($T->get_var('output')); $display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); $display = COM_createHTMLDocument($display); COM_output($display);
// poll doesn't exist or user doesn't have access COM_handle404($_CONF['site_url'] . '/polls/index.php'); } else { // Meta Tags $headercode = ''; if ($_PO_CONF['meta_tags'] > 0) { $headercode = LB . PLG_getMetaTags('poll', $pid, array(array('name' => 'description', 'content' => stripslashes($A['meta_description'])), array('name' => 'keywords', 'content' => stripslashes($A['meta_keywords'])))); } if ($msg > 0) { $display .= COM_showMessage($msg, 'polls'); } if (isset($_POST['aid'])) { $display .= COM_showMessageText($LANG_POLLS['answer_all'] . ' "' . $polltopic . '"', $LANG_POLLS['not_saved']); } if (DB_getItem($_TABLES['polltopics'], 'is_open', "pid = '{$pid}'") != 1) { $aid = -1; // poll closed - show result } if (!isset($_COOKIE['poll-' . $pid]) && !POLLS_ipAlreadyVoted($pid) && $aid != -1) { $display .= POLLS_pollVote($pid, true, 0, $order, $mode, $page); } else { $display .= POLLS_pollResults($pid, 400, $order, $mode, $page); } $display = COM_createHTMLDocument($display, array('pagetitle' => $polltopic, 'headercode' => $headercode)); } } else { $display .= polllist(); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_POLLS['pollstitle'])); } } COM_output($display);