function mail_password() { global $user_prefix, $db, $pagetitle, $userinfo; if ((!isset($_POST['lost_username']) || empty($_POST['lost_username'])) && (!isset($_POST['lost_email']) || empty($_POST['lost_email']))) { cpg_error('Please enter either a username or email address'); } if (isset($_POST['lost_username']) && (!isset($_POST['lost_email']) || empty($_POST['lost_email']))) { $username = Fix_Quotes($_POST['lost_username']); if (empty($username) || strtolower($username) == 'anonymous') { cpg_error('Invalid username'); } $sql = "username='******'"; } else { $sql = "user_email='" . Fix_Quotes($_POST['lost_email']) . "'"; } $result = $db->sql_query('SELECT username, user_email, user_password, user_level FROM ' . $user_prefix . '_users WHERE ' . $sql); $pagetitle .= ' ' . _BC_DELIM . ' ' . _PASSWORDLOST; if ($db->sql_numrows($result) != 1) { cpg_error(_SORRYNOUSERINFO); } else { $row = $db->sql_fetchrow($result); $username = $row['username']; if ($row['user_level'] > 0) { global $sitename, $MAIN_CFG; $code = $_POST['code']; $areyou = substr($row['user_password'], 0, 10); $from = 'noreply@' . str_replace('www.', '', $MAIN_CFG['server']['domain']); if ($areyou == $code) { $newpass = make_pass(8, 5); $message = _USERACCOUNT . " '{$username}' " . _AT . " {$sitename} " . _HASTHISEMAIL . " " . _AWEBUSERFROM . " " . decode_ip($userinfo["user_ip"]) . " " . _HASREQUESTED . "\n\n" . _YOURNEWPASSWORD . " {$newpass}\n\n " . _YOUCANCHANGE . " " . URL::index('Your_Account', true, true) . "\n\n" . _IFYOUDIDNOTASK; $subject = _USERPASSWORD4 . " {$username}"; if (!send_mail($mailer_message, $message, 0, $subject, $row['user_email'], $username, $from)) { cpg_error($mailer_message); } // Next step: add the new password to the database $cryptpass = md5($newpass); $query = "UPDATE " . $user_prefix . "_users SET user_password='******' WHERE username='******'"; if (!$db->sql_query($query)) { cpg_error(_UPDATEFAILED); } cpg_error(_PASSWORD4 . " {$username} " . _MAILED, _TB_INFO, URL::index()); // If no code, send it } else { $message = _USERACCOUNT . " '{$username}' " . _AT . " {$sitename} " . _HASTHISEMAIL . " " . _AWEBUSERFROM . " " . decode_ip($userinfo["user_ip"]) . " " . _CODEREQUESTED . "\n\n" . _YOURCODEIS . " {$areyou} \n\n" . _WITHTHISCODE . " " . URL::index('&op=pass_lost', true, true) . "\n" . _IFYOUDIDNOTASK2; $subject = _CODEFOR . " {$username}"; if (!send_mail($mailer_message, $message, 0, $subject, $row['user_email'], $username, $from)) { cpg_error($mailer_message); } cpg_error(_CODEFOR . " {$username} " . _MAILED, _TB_INFO, URL::index('&op=pass_lost')); } } elseif ($row['user_level'] == 0) { cpg_error(_ACCSUSPENDED); } elseif ($row['user_level'] == -1) { cpg_error(_ACCDELETED); } } }
function get_post_var($var, $pid, $html2bb = false) { $var_name = $var . $pid; if (!isset($_POST[$var_name])) { cpg_die(_CRITICAL_ERROR, PARAM_MISSING . " ({$var_name})", __FILE__, __LINE__); } if ($html2bb) { return Fix_Quotes(html2bb($_POST[$var_name])); } else { return Fix_Quotes($_POST[$var_name], 1); } }
function automated_news() { global $prefix, $currentlang, $db; $result = $db->sql_query('SELECT * FROM ' . $prefix . '_autonews WHERE time<=' . time()); while ($row2 = $db->sql_fetchrow($result, SQL_ASSOC)) { $title = Fix_Quotes($row2['title']); $hometext = Fix_Quotes($row2['hometext']); $bodytext = Fix_Quotes($row2['bodytext']); $notes = Fix_Quotes($row2['notes']); $db->sql_query('INSERT INTO ' . $prefix . '_stories (sid, catid, aid, title, time, hometext, bodytext, comments, counter, topic, informant, notes, ihome, alanguage, acomm, haspoll, poll_id, score, ratings, associated, display_order) ' . "VALUES (DEFAULT, '{$row2['catid']}', '{$row2['aid']}', '{$title}', '{$row2['time']}', '{$hometext}', '{$bodytext}', '0', '0', '{$row2['topic']}', '{$row2['informant']}', '{$notes}', '{$row2['ihome']}', '{$row2['alanguage']}', '{$row2['acomm']}', '0', '0', '0', '0', '{$row2['associated']}', 0)"); } if ($db->sql_numrows($result)) { $db->sql_query('DELETE FROM ' . $prefix . '_autonews WHERE time<=' . time()); } $db->sql_freeresult($result); }
function online() { global $userinfo, $prefix, $db, $module_title, $SESS, $mainindex; if ($SESS->dbupdate) { $url = URL::uri(); $uname = $SESS->sess_id; $guest = 1; if (is_user()) { $uname = $userinfo['username']; $guest = 0; } elseif (SEARCHBOT) { $uname = SEARCHBOT; $guest = 3; } if (is_admin()) { global $CLASS; if ($guest == 1) { $uname = $CLASS['member']->admin['aid']; } $guest = 2; if (defined('ADMIN_PAGES')) { $url = $mainindex; } } $uname = Fix_Quotes($uname); if (empty($uname)) { return; } # something screwey $ctime = time(); $custom_title = Fix_Quotes($module_title ? $module_title : _HOME); $url = Fix_Quotes(str_replace('&', '&', $url)); if ($db->sql_count($prefix . '_session', "uname='{$uname}'")) { $db->sql_query('UPDATE ' . $prefix . "_session SET time='{$ctime}', module='{$custom_title}', url='{$url}', guest='{$guest}' WHERE uname='{$uname}'", true); } else { $db->sql_query('INSERT INTO ' . $prefix . "_session (uname, time, host_addr, guest, module, url) VALUES ('{$uname}', '{$ctime}', {$userinfo['user_ip']}, '{$guest}', '{$custom_title}', '{$url}')", true); } } }
if (!$value['auth_read']) { $ignore_forum_sql .= ($ignore_forum_sql != '' ? ', ' : '') . $key; } } if ($ignore_forum_sql != '') { $auth_sql .= $auth_sql != '' ? " AND f.forum_id NOT IN ({$ignore_forum_sql}) " : "f.forum_id NOT IN ({$ignore_forum_sql}) "; } } // // Author name search // if ($search_author != '') { if (preg_match('#^[\\*%]+$#', trim($search_author)) || preg_match('#^[^\\*]{1,2}$#', str_replace(array('*', '%'), '', trim($search_author)))) { $search_author = ''; } $search_author = str_replace('*', '%', trim(Fix_Quotes($search_author))); } if ($total_match_count) { if ($show_results == 'topics') { // // This one is a beast, try to seperate it a bit (workaround for connection timeouts) // $search_id_chunks = array(); $count = 0; $chunk = 0; if (count($search_ids) > $limiter) { for ($i = 0; $i < count($search_ids); $i++) { if ($count == $limiter) { $chunk++; $count = 0; }
function search_attachments($order_by, &$total_rows) { global $db, $_POST, $_GET, $lang; $where_sql = array(); // // Get submitted Vars // $search_vars = array('search_keyword_fname', 'search_keyword_comment', 'search_author', 'search_size_smaller', 'search_size_greater', 'search_count_smaller', 'search_count_greater', 'search_days_greater', 'search_forum', 'search_cat'); for ($i = 0; $i < count($search_vars); $i++) { if (isset($_POST[$search_vars[$i]]) || isset($_GET[$search_vars[$i]])) { ${$search_vars}[$i] = isset($_POST[$search_vars[$i]]) ? $_POST[$search_vars[$i]] : $_GET[$search_vars[$i]]; } else { ${$search_vars}[$i] = ''; } } // // Author name search // if ($search_author != '') { $search_author = str_replace('*', '%', trim(Fix_Quotes($search_author))); // // We need the post_id's, because we want to query the Attachment Table // $result = $db->sql_query('SELECT user_id FROM ' . USERS_TABLE . ' WHERE username LIKE \'' . $search_author . '\''); $matching_userids = ''; if ($row = $db->sql_fetchrow($result)) { do { $matching_userids .= ($matching_userids != '' ? ', ' : '') . $row['user_id']; } while ($row = $db->sql_fetchrow($result)); } else { message_die(GENERAL_MESSAGE, $lang['No_attach_search_match']); } $where_sql[] = ' (t.user_id_1 IN (' . $matching_userids . ')) '; } // // Search Keyword // if ($search_keyword_fname != '') { $match_word = str_replace('*', '%', $search_keyword_fname); $where_sql[] = ' (a.real_filename LIKE \'' . $match_word . '\') '; } if ($search_keyword_comment != '') { $match_word = str_replace('*', '%', $search_keyword_comment); $where_sql[] = ' (a.comment LIKE \'' . $match_word . '\') '; } // // Search Download Count // if ($search_count_smaller != '' || $search_count_greater != '') { if ($search_count_smaller != '') { $where_sql[] = ' (a.download_count < ' . $search_count_smaller . ') '; } else { if ($search_count_greater != '') { $where_sql[] = ' (a.download_count > ' . $search_count_greater . ') '; } } } // // Search Filesize // if ($search_size_smaller != '' || $search_size_greater != '') { if ($search_size_smaller != '') { $where_sql[] = ' (a.filesize < ' . $search_size_smaller . ') '; } else { if ($search_size_greater != '') { $where_sql[] = ' (a.filesize > ' . $search_size_greater . ') '; } } } // // Search Attachment Time // if ($search_days_greater != '') { $where_sql[] = ' (a.filetime < ' . (time() - $search_days_greater * 86400) . ') '; } $sql = 'SELECT a.*, t.post_id, p.post_time, p.topic_id FROM ' . ATTACHMENTS_TABLE . ' t, ' . ATTACHMENTS_DESC_TABLE . ' a, ' . POSTS_TABLE . ' p WHERE '; if (count($where_sql) > 0) { $sql .= implode('AND', $where_sql) . ' AND '; } $sql .= '(t.post_id = p.post_id) AND (a.attach_id = t.attach_id) '; $total_rows_sql = $sql; $sql .= $order_by; $result = $db->sql_query($sql); $attachments = $db->sql_fetchrowset($result); $num_attach = $db->sql_numrows($result); if ($num_attach == 0) { message_die(GENERAL_MESSAGE, $lang['No_attach_search_match']); } $result = $db->sql_query($total_rows_sql); $total_rows = $db->sql_numrows($result); return $attachments; }
$fields[$f_field] = htmlprepare($val); } } } check_dl_details($_POST['in'], $errors); if ($db->sql_count($dl_prefix . '_mirrors', "did={$mng_id}") < 1) { $errors[] = 'You must specify at least 1 download URL'; } if (empty($errors)) { $fields['title'] = Fix_Quotes($in['title'], true); $fields['screen'] = $in['screen']; $fields['cid'] = intval($in['cat']); $fields['desc_short'] = Fix_Quotes($in['desc_short'], true); $fields['desc_long'] = Fix_Quotes($in['desc_long'], true); $fields['name'] = Fix_Quotes($in['name'], true); $fields['email'] = Fix_Quotes($in['email'], true); $fields['active'] = can_admin($module_name) ? 1 : 2; $fields['access'] = can_admin($module_name) ? intval($in['access']) : 0; $fields['submitter'] = is_user() ? $userinfo['user_id'] : 'admin'; $db->sql_query("INSERT INTO " . $dl_prefix . "_downloads \n\t\t\t\t(lid, cid, active, access, title, screen, desc_short, desc_long, date, name, email, submitter" . $field_list . ") \n\t\t\t\tVALUES \n\t\t\t\t(DEFAULT, '{$fields['cid']}', {$fields['active']}, '{$fields['access']}', '{$fields['title']}', '{$fields['screen']}', '{$fields['desc_short']}', '{$fields['desc_long']}', '" . time() . "', '{$fields['name']}', '{$fields['email']}', '{$fields['submitter']}'" . $value_list . ")"); $next_id = $db->sql_nextid('lid'); $db->sql_query("UPDATE " . $dl_prefix . "_mirrors \n\t\t\t\tSET did={$next_id} \n\t\t\t\tWHERE did={$mng_id}"); $db->sql_query("UPDATE " . $dl_prefix . "_screenshots \n\t\t\t\tSET did={$next_id} \n\t\t\t\tWHERE did={$mng_id}"); if (can_admin($module_name)) { $time = time(); $time_year = generate_date($time, 'Y'); $time_month = generate_date($time, 'm'); $db->sql_query("INSERT INTO " . $dl_prefix . "_stats \n\t\t\t\t(id, year, month, hits, views) \n\t\t\t\tVALUES \n\t\t\t\t('{$next_id}', '{$time_year}', '{$time_month}', 0, 0)"); } if ($fields['version']) { $db->sql_query("INSERT INTO " . $dl_prefix . "_history \n\t\t\t\t(id, vers, author, date, comment) \n\t\t\t\tVALUES \n\t\t\t\t({$next_id}, '{$fields['version']}', '{$fields['submitter']}', " . time() . ", 'Initial Version')");
$cpgtpl->assign_vars(array('EDITLINK' => false, 'EDITCAT' => true, 'S_URL' => _URL, 'S_CPG_MMOPTIONAL' => _CPG_MMOPTIONAL, 'MODE' => $mode, 'CID' => $cid, 'S_CATNAME_VALUE' => htmlprepare($cat['name']), 'S_CATIMAGE_VALUE' => $cat['image'], 'S_CATLINK_VALUE' => $cat['link'], 'S_SUBMIT_VALUE' => $mode != 'new' ? _SAVECHANGES : _CPG_MMADDCAT, 'SEL_LINKTYPE' => select_box('lnktype', $cat['link_type'], array(0 => 'getlink', 1 => 'link', 2 => 'web')))); $cpgtpl->set_handle('body', 'admin/cpgmm_edit.html'); $cpgtpl->display('body'); } else { cpg_error(_CPG_MMNOCAT); } } elseif (isset($_GET['savecat'])) { if ($_POST['catname'] == '') { cpg_error(_CPG_MMCATEMPTY); } if ($_GET['savecat'] == 'mod') { $db->sql_query("UPDATE " . $prefix . "_modules_cat SET name='" . Fix_Quotes($_POST['catname']) . "', image='{$_POST['catimage']}', link='{$_POST['catlink']}', link_type='{$_POST['lnktype']}' WHERE cid=" . intval($_POST['cid'])); } else { list($pos) = $db->sql_ufetchrow("SELECT pos FROM " . $prefix . "_modules_cat \n\t\t\tORDER BY pos DESC", SQL_NUM); $pos = empty($pos) ? 0 : $pos + 1; $db->sql_query("INSERT INTO " . $prefix . "_modules_cat (name, image, pos, link, link_type) VALUES ('" . Fix_Quotes($_POST['catname']) . "', '{$_POST['catimage']}', '{$pos}', '{$_POST['catlink']}', '{$_POST['lnktype']}')"); } URL::redirect(URL::admin('cpgmm')); } elseif ($mode == 'delcat' && intval($_GET['cid']) > 0) { $cid = intval($_GET['cid']); $result = $db->sql_query("SELECT name FROM " . $prefix . "_modules_cat WHERE cid=" . $cid); if ($db->sql_numrows($result) > 0) { $cat = $db->sql_fetchrow($result); if (isset($_GET['ok'])) { $db->sql_query("UPDATE " . $prefix . "_modules_links SET cat_id=0 WHERE cat_id=" . $cid); $db->sql_query("UPDATE " . $prefix . "_modules SET cat_id=0 WHERE cat_id=" . $cid); $db->sql_query("DELETE FROM " . $prefix . "_modules_cat WHERE cid=" . $cid); URL::redirect(URL::admin('cpgmm')); } $cat['name'] = defined($cat['name']) ? constant($cat['name']) : $cat['name']; $pagetitle .= ' ' . _BC_DELIM . ' Delete Category: ' . $cat['name'];
function Process_Form() { // Processes the form, writes the updated file // // returns the number of bytes written and status messages, which it // gets from Write_File // include "msre_function_global_vars.php"; $new_file = array(); $bytes = 0; $status_msg = ""; // Debugging... this displays all my post vars for me /* echo "<span class=\"debug\">\n"; echo "POST vars:<br>\n"; foreach ($_POST as $key => $value) { echo "$key: $value<br>\n"; } echo "</span>\n"; */ // mmkay... what we'll want to do here is write out // a new file with the updated rules that the user has // just saved. Rather than trying to edit the file every // time, I'm just going to overwrite it each time. // But that means that I need to keep comments on the top... // look thru the file, and grab comments on the top, // stopping when we have reached a non-comment line $previous_line = ""; $first_line = true; foreach (preg_split("/\n/", $file_contents) as $line) { if ($line == "" or substr($line, 0, 1) == "#" and !preg_match("/#DISABLED#/", $line)) { if (!$first_line) { $new_file[] = $previous_line . "\n"; } } else { break; } $previous_line = $line; $first_line = false; } // to make my life easier (or possibly harder), I'm going // to re-arrange the rule varibles from the _POST var // into a single multi-dimensional array that will hold // all the info i need for the rules. $new_ruleset = array(); // I should know the number of rules I have... right? // we do <= so that we can check for the add rule thingy, // which will end up being on the end of the ruleset // Also, we will be pulling out the "default" rule, if // it exists, because we want to tack that back onto // the end of the ruleset when we're done (default should // stay @ the bottom) $default_direction = "FromOrTo:"; $default_action = ""; $default_desc = ""; for ($i = -1; $i <= $_POST["rule_count"]; $i++) { $rule_prefix = "rule" . $i . "_"; $description = $rule_prefix . "description"; $direction = $rule_prefix . "direction"; $target = $rule_prefix . "target"; $and = $rule_prefix . "and"; $and_direction = $rule_prefix . "and_direction"; $and_target = $rule_prefix . "and_target"; $action = $rule_prefix . "action"; $rule_action = $rule_prefix . "rule_action"; // we need to remove any "magic quoting" from the description, target, // and action fields, so that it doesn't put it into the file if (isset($_POST[$description])) { $_POST[$description] = Fix_Quotes($_POST[$description]); } else { $_POST[$description] = ""; } //echo "$description: " . $_POST[$description] . "<br>\n"; // check for "default" rule if (isset($_POST[$target])) { $_POST[$target] = Fix_Quotes($_POST[$target]); } else { $_POST[$target] = "default"; } // strip out any embedded blanks from Target $_POST[$target] = str_replace(" ", "", $_POST[$target]); if (!isset($_POST[$and_direction])) { $_POST[$and_direction] = ""; } if (isset($_POST[$and_target])) { $_POST[$and_target] = Fix_Quotes($_POST[$and_target]); } else { $_POST[$and_target] = ""; } // strip out any embedded blanks from AndTarget $_POST[$and_target] = str_replace(" ", "", $_POST[$and_target]); if (isset($_POST[$action])) { $_POST[$action] = Fix_Quotes($_POST[$action]); } else { $_POST[$action] = ""; } // On no account allow invalid rule // Target and Action must both have values // delete rule if they don't if ($_POST[$target] == "" or $_POST[$action] == "") { continue; } if (strtolower($_POST[$target]) == "default") { // Default 'direction' can only be "Virus:" or "FromOrTo:" if ($_POST[$direction] == "Virus:") { $default_direction = "Virus:"; } else { $default_direction = "FromOrTo:"; } $default_action = $_POST[$action]; $default_desc = $_POST[$description]; continue; } // check to see if any rule action was specified, like delete, // disable, enable. // If so, we need to do something here.. //echo "$rule_action: |" . $_POST[$rule_action] . "|<br>\n"; if (isset($_POST[$rule_action])) { switch ($_POST[$rule_action]) { case "Delete": // deletions are simple, just ignore this rule and // go to the next one (and it won't get written to // the new file) //echo "rule$i: $rule_action says delete<br>\n"; continue 2; case "Disable": // to disable a rule, we simply add "#DISABLED" to the // beginning of the direction field, // which will end up being the first thing on the line $_POST[$direction] = "#DISABLED#" . $_POST[$direction]; break; case "Enable": // enable is the opposite of disable.. $_POST[$direction] = preg_replace("/^#DISABLED#/", "", $_POST[$direction]); break; } } //echo "after case, rule $i<br>\n"; // make sure there's something there... direction is required if (!isset($_POST[$and])) { $_POST[$and] = ""; } // if any of the "and" parts are missing, clear the whole and part if ($_POST[$and] == "" or $_POST[$and_direction] == "" or $_POST[$and_target] == "") { $_POST[$and] = ""; $_POST[$and_direction] = ""; $_POST[$and_target] = ""; } if (isset($_POST[$direction])) { if ($_POST[$direction]) { //echo "$direction: $_POST[$direction]<br>\n"; $new_ruleset[] = array("description" => $_POST[$description], "direction" => $_POST[$direction], "target" => $_POST[$target], "and" => $_POST[$and], "and_direction" => $_POST[$and_direction], "and_target" => $_POST[$and_target], "action" => $_POST[$action]); } } } // ok, at this point I think we can finish assembling the new file foreach ($new_ruleset as $new_rule) { $new_file[] = "#" . $new_rule["description"] . "\n" . $new_rule["direction"] . "\t" . $new_rule["target"] . "\t" . $new_rule["and"] . "\t" . $new_rule["and_direction"] . "\t" . $new_rule["and_target"] . "\t" . $new_rule["action"] . "\n"; } // and add on the default rule if there is one. if ($default_action != "") { $new_file[] = "#" . sanitizeInput($default_desc) . "\n"; $new_file[] = sanitizeInput($default_direction) . "\tdefault\t\t\t" . sanitizeInput($default_action) . "\n"; } // ### ---> Debugging /* echo "<span class=\"debug\">\n"; echo "new file:<br>\n"; echo "<pre>"; foreach ($new_file as $line) { echo $line; } echo "</pre>\n"; echo "</span>\n"; */ // mmmkay, now we should be able to write the new file $getFile = basename(sanitizeInput($_GET["file"])); $filename = MSRE_RULESET_DIR . "/" . $getFile; list($bytes, $status_msg) = Write_File($filename, $new_file); // schedule a reload of mailscanner's stuff. We can't do an immediate // reload w/out giving the apache user rights to run the MailScanner // startup/reload script, and that could be a bad idea... //So instead, I schedule a reload with the msre_reload.cron cron job $status_msg .= "<span class=\"status\">\n"; $status_msg .= "Scheduling reload of MailScanner..."; $fh = fopen("/tmp/msre_reload", "w"); // we don't need to write to the file, just it existing is enough if (!$fh) { $status_msg .= "<span class=\"error\">**ERROR** Couldn't schedule a reload of " . "MailScanner! (You will have to manually do a " . "|/etc/init.d/MailScanner reload| )</span><br>\n"; } else { $status_msg .= "Ok.<br>\n" . "Your changes will take effect in the next " . MSRE_RELOAD_INTERVAL . " minutes, when MailScanner reloads.<br>\n"; } $status_msg .= "</span>\n"; $returnvalue = array($bytes, $status_msg); return $returnvalue; }
private static function log_serializer($log) { for ($i = 0; $i < count($log); ++$i) { foreach ($log[$i] as $key => $val) { $log[$i][$key] = Fix_Quotes($val, true); } } return serialize($log); }
$row = $db->sql_fetchrowset($result); $num_rows = $db->sql_numrows($result); if ($num_rows > 0) { for ($i = 0; $i < $num_rows; $i++) { if ($row[$i]['quota_desc'] == $quota_desc) { $error = TRUE; if (isset($error_msg)) { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['Quota_limit_exist'], $extension_group); } } } if (!$error) { $filesize = $size_select == 'kb' ? round($filesize * 1024) : ($size_select == 'mb' ? round($filesize * 1048576) : $filesize); $sql = "INSERT INTO " . QUOTA_LIMITS_TABLE . " (quota_desc, quota_limit)\n\t\t\tVALUES ('" . Fix_Quotes($quota_desc) . "', " . $filesize . ")"; $db->sql_query($sql); } } if (!$error) { $message = $lang['Attach_config_updated'] . '<br /><br />' . sprintf($lang['Click_return_attach_config'], '<a href="' . URL::admin("&do=attachments&mode=quota") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . URL::admin("Forums") . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); return; } } else { if ($mode == 'quota') { $template->set_filenames(array('body' => 'forums/admin/attach_quota_body.html')); $max_add_filesize = intval($attach_config['max_filesize']); $size = $max_add_filesize >= 1048576 ? 'mb' : ($max_add_filesize >= 1024 ? 'kb' : 'b'); if ($max_add_filesize >= 1048576) { $max_add_filesize = round($max_add_filesize / 1048576 * 100) / 100;
public function upgrade($prev_version) { global $db, $prefix, $installer, $userinfo; if (version_compare($prev_version, '3', '<')) { $this->new_tables(); $installer->add_query('DROP', $this->prefix . '_modrequest'); $installer->add_query('DROP', $this->prefix . '_newdownload'); $installer->add_query('DROP', $this->prefix . '_editorials'); $installer->add_query('DROP', $this->prefix . '_votedata'); $installer->add_query('DEL', $this->prefix . '_categories', 'ldescription'); // $installer->add_query('DEL', $this->prefix.'_downloads', 'FOREIGN KEY sid'); $installer->add_query('DEL', $this->prefix . '_downloads', 'INDEX sid'); $installer->add_query('DEL', $this->prefix . '_downloads', 'INDEX title'); $installer->add_query('DEL', $this->prefix . '_downloads', 'COLUMN sid, DROP COLUMN downloadratingsummary, DROP COLUMN totalvotes, DROP COLUMN totalcomments'); $installer->add_query('CHANGE', $this->prefix . '_downloads', 'description desc_long TEXT'); $installer->add_query('CHANGE', $this->prefix . '_downloads', 'date date int UNSIGNED NOT NULL default ' . time()); $installer->add_query('ADD', $this->prefix . '_downloads', 'screen INT NOT NULL DEFAULT 0 AFTER url'); $installer->add_query('ADD', $this->prefix . '_downloads', 'desc_short varchar(255) NOT NULL AFTER screen'); $installer->add_query('ADD', $this->prefix . '_downloads', 'notes text NOT NULL AFTER desc_long'); $installer->add_query('ADD', $this->prefix . '_downloads', 'active TINYINT NOT NULL DEFAULT 1 AFTER cid'); $installer->add_query('ADD', $this->prefix . '_downloads', 'updated int UNSIGNED NOT NULL DEFAULT 0 AFTER date'); $installer->add_query('ADD', $this->prefix . '_downloads', 'compat varchar(255) NOT NULL AFTER homepage'); $installer->add_query('ADD', $this->prefix . '_downloads', 'pick TINYINT NOT NULL DEFAULT 0'); $installer->add_query('ADD', $this->prefix . '_downloads', 'access TINYINT NOT NULL DEFAULT 0 AFTER active'); $time = time(); $time_year = intval(L10NTime::date('Y', $time, $userinfo['user_dst'], $userinfo['user_timezone'])); $time_month = intval(L10NTime::date('m', $time, $userinfo['user_dst'], $userinfo['user_timezone'])) - 1; if ($time_month < 1) { $time_month = 12; $time_year -= 1; } $result = $db->sql_uquery("SELECT lid, UNIX_TIMESTAMP(date), hits FROM " . $prefix . '_' . $this->prefix . "_downloads"); while ($row = $db->sql_fetchrow($result)) { $installer->add_query('UPDATE', $this->prefix . '_downloads', "date='" . Fix_Quotes($row[1]) . "' WHERE lid='" . $row[0] . "'"); $installer->add_query('INSERT', $this->prefix . '_stats', "'" . $row[0] . "', '{$time_year}', '{$time_month}', '" . $row[3] . "', 0"); } $installer->add_query('DEL', $this->prefix . '_downloads', 'hits'); $this->new_config(); $result = $db->sql_uquery("SELECT lid, url, filesize FROM " . $prefix . '_' . $this->prefix . "_downloads"); while ($row = $db->sql_fetchrow($result, SQL_NUM)) { if (ereg('://', $row[1])) { $row[2] = intval($row[2]); $row[3] = 'N/A'; } else { $row[2] = intval(filesize($row[2])); $row[3] = md5_file($row[2]); clearstatcache(); } $installer->add_query('INSERT', $this->prefix . '_mirrors', "'NULL', '" . $row[0] . "', '" . Fix_Quotes($row[1]) . "', '', " . $row[2] . ", '" . $row[3] . "', 0"); } $installer->add_query('DEL', $this->prefix . '_downloads', 'url'); } // end upgrade < 3.0.0.0 // 3.0.0.0 upgrade SPECIAL for multi-screenshot system if (version_compare($prev_version, '3.0.0.1', '<')) { $installer->add_query('CHANGE', $this->prefix . '_downloads', 'screen screen INT NOT NULL DEFAULT 0'); $db->sql_query('CREATE TABLE ' . $prefix . '_' . $this->prefix . '_screenshots ( id int(11) NOT NULL auto_increment, did int(11) DEFAULT 0 NOT NULL, url varchar(255) NOT NULL, uploaded tinyint(4) DEFAULT 0 NOT NULL, PRIMARY KEY (id))'); $result = $db->sql_query("SELECT lid, screen FROM " . $prefix . '_' . $this->prefix . "_downloads"); while ($row = $db->sql_fetchrow($result, SQL_NUM)) { if (!empty($row[1])) { $db->sql_query('INSERT INTO ' . $prefix . '_' . $this->prefix . "_screenshots VALUES (NULL, '" . $row[0] . "', '" . $row[1] . "', 0)"); $installer->add_query('UPDATE', $this->prefix . '_downloads', "screen='" . $db->sql_nextid('id') . "' WHERE lid='" . $row[0] . "'"); } } } if (version_compare($prev_version, '3.0.0.2', '<')) { $installer->add_query('INSERT', 'config_custom', '"' . $this->prefix . '", "anon_dl_remote", 1'); $installer->add_query('INSERT', 'config_custom', '"' . $this->prefix . '", "use_fetch_remote", 1'); } if (version_compare($prev_version, '3.0.0.3', '<')) { $installer->add_query('ADD', $this->prefix . '_ratings', 'active TINYINT NOT NULL DEFAULT 1 AFTER uid'); $installer->add_query('INSERT', 'config_custom', '"' . $this->prefix . '", "r_active", 1'); $installer->add_query('INSERT', 'config_custom', '"' . $this->prefix . '", "r_queue", 0'); } if (version_compare($prev_version, '3.0.0.4', '<')) { $installer->add_query('ADD', $this->prefix . '_broken', 'mid INT NOT NULL DEFAULT 0 AFTER lid'); } if (version_compare($prev_version, '3.0.0.5', '<')) { $installer->add_query('INDEX', $this->prefix . '_downloads', 'active', 'active'); $installer->add_query('INDEX', $this->prefix . '_stats', 'id', 'id'); } if (version_compare($prev_version, '3.0.0.6', '<')) { $installer->add_query('INSERT', 'config_custom', '"' . $this->prefix . '", "md5_local", 1'); $installer->add_query('INSERT', 'config_custom', '"' . $this->prefix . '", "md5_remote", 1'); } if (version_compare($prev_version, '3.0.0.7', '<')) { $installer->add_query('INSERT', 'config_custom', '"' . $this->prefix . '", "screen_max", 10'); } if (version_compare($prev_version, '3.0.0.8', '<')) { $installer->add_query('INSERT', 'config_custom', '"' . $this->prefix . '", "pub_mirror", 1'); $installer->add_query('ADD', $this->prefix . '_mirrors', 'uid mediumint(8) UNSIGNED NOT NULL DEFAULT 0 AFTER did'); $installer->add_query('ADD', $this->prefix . '_mirrors', 'active TINYINT NOT NULL DEFAULT 1'); $result = $db->sql_query("SELECT lid, submitter FROM " . $prefix . '_' . $this->prefix . "_downloads"); while ($row = $db->sql_fetchrow($result, SQL_NUM)) { $installer->add_query('UPDATE', $this->prefix . '_mirrors', "uid='" . $row[1] . "' WHERE did='" . $row[0] . "'"); } } if (version_compare($prev_version, '3.0.0.9', '<')) { $installer->add_query('DELETE', 'config_custom', 'cfg_name="' . $this->prefix . '" AND cfg_field="outside"'); } return true; }
while ($badname = $db->sql_fetchrow($nameresult)) { if ($username == $badname[0]) { $error = _SHOUTUSERBAN; } } $db->sql_freeresult($nameresult); } //look for bad words, then censor them. if ($shoutconf['censor']) { $comment = check_words($comment); } //if error just reload page, else add posting. if ($error) { cpg_error($error); } else { $db->sql_query("INSERT INTO " . $prefix . "_shoutblock VALUES (NULL, '" . Fix_Quotes($username) . "', '" . Fix_Quotes($comment) . "', '" . gmtime() . "')"); url_redirect($CPG_SESS['user']['uri']); } } function nav_shouts() { global $prefix, $db, $offset, $number, $shoutconf, $userinfo; $offset = intval($offset); $result = $db->sql_query("SELECT * FROM " . $prefix . "_shoutblock ORDER BY id DESC LIMIT {$offset},25"); $loop = $db->sql_numrows($result); while ($row = $db->sql_fetchrow($result)) { echo '<div class="content">'; $row[2] = set_smilies($row[2]); echo '<a href="' . getlink('Your_Account&profile=' . $row[1]) . '"><strong>' . $row[1] . ':</strong></a>'; if ($shoutconf['date']) { echo formatDateTime($row[3], '%d-%b-%Y ');
$row = $db->sql_fetchrowset($result); $num_rows = $db->sql_numrows($result); if ($num_rows > 0) { for ($i = 0; $i < $num_rows; $i++) { if ($row[$i]['group_name'] == $extension_group) { $error = TRUE; if ($error_msg != '') { $error_msg .= '<br />'; } $error_msg .= sprintf($lang['Extension_group_exist'], $extension_group); } } } if (!$error) { $filesize = $size_select == 'kb' ? round($filesize * 1024) : ($size_select == 'mb' ? round($filesize * 1048576) : $filesize); $sql = "INSERT INTO " . EXTENSION_GROUPS_TABLE . " (group_name, cat_id, allow_group, download_mode, upload_icon, max_filesize)\n\t\t\tVALUES ('" . Fix_Quotes($extension_group) . "', " . $cat_id . ", " . $is_allowed . ", " . $download_mode . ", '" . $upload_icon . "', " . $filesize . ")"; $db->sql_query($sql); } } if (!$error) { $message = $lang['Attach_config_updated'] . '<br /><br />' . sprintf($lang['Click_return_attach_config'], '<a href="' . URL::admin("&do=extensions&mode=groups") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_admin_index'], '<a href="' . URL::admin("forums") . '">', '</a>'); message_die(GENERAL_MESSAGE, $message); } } if ($mode == 'groups') { // // Extension Groups // $template->set_filenames(array('body' => 'forums/admin/attach_extension_groups.html')); if (empty($size) && !$submit) { $max_add_filesize = intval($attach_config['max_filesize']);
} else { while ($row = $db->sql_fetchrow($result)) { $tid = $row['tid']; $title = $row['title']; echo "<strong><big>·</big></strong> <a href=\"" . getlink("&op=content&tid={$tid}&query={$query}") . "\">{$title}</a><br />"; } } echo "<br /><br />" . "<center><form action=\"" . getlink("&file=search") . "\" method=\"post\">" . "<input type=\"text\" size=\"20\" name=\"query\"> " . "<input type=\"hidden\" name=\"eid\" value=\"{$eid}\">" . "<input type=\"submit\" value=\"" . _SEARCH . "\">" . "</form><br /><br />" . "[ <a href=\"" . getlink() . "\">" . _RETURNTO . " " . _ENCYCLOPEDIA . "</a> ]<br /><br />" . _GOBACK . "</center>"; CloseTable(); } elseif (isset($_POST['query']) && !empty($_POST['query']) && $eid > 0) { $result2 = $db->sql_query("SELECT title FROM " . $prefix . "_encyclopedia WHERE eid='{$eid}'", false, __FILE__, __LINE__); $row = $db->sql_fetchrow($result2); OpenTable(); echo '<center><b>' . _SEARCHRESULTSFOR . ' <i>' . htmlprepare($_POST['query']) . '</i></b></center><br /><br /><br /> <i><b>' . _RESULTSINTERMTITLE . '</b></i><br /><br />'; $query = Fix_Quotes($_POST['query'], 1); $result = $db->sql_query("SELECT tid, title FROM " . $prefix . "_encyclopedia_text WHERE eid='{$eid}' AND title LIKE '%{$query}%'", false, __FILE__, __LINE__); if ($db->sql_numrows($result) < 1) { echo _NORESULTSTITLE; } else { while ($row = $db->sql_fetchrow($result)) { $tid = $row[tid]; $title = $row[title]; echo "<strong><big>·</big></strong> <a href=\"" . getlink("&op=content&tid={$tid}") . "\">{$title}</a><br />"; } } $result = $db->sql_query("SELECT tid, title FROM " . $prefix . "_encyclopedia_text WHERE eid='{$eid}' AND text LIKE '%{$query}%'", false, __FILE__, __LINE__); echo "<br /><br /><i><b>" . _RESULTSINTERMTEXT . "</b></i><br /><br />"; if ($db->sql_numrows($result) < 1) { echo _NORESULTSTEXT; } else {
cpg_error('The group doesn\'t exist'); } if ($group_info['group_moderator'] != $group_moderator) { if ($delete_old_moderator) { $db->sql_query('DELETE FROM ' . $prefix . '_bbuser_group WHERE user_id = ' . $group_info['group_moderator'] . ' AND group_id = ' . $group_id); } $result = $db->sql_query("SELECT user_id FROM " . $prefix . "_bbuser_group WHERE user_id = {$group_moderator} AND group_id = {$group_id}"); if (!($row = $db->sql_fetchrow($result))) { $db->sql_query("INSERT INTO " . $prefix . "_bbuser_group (group_id, user_id, user_pending) VALUES (" . $group_id . ", " . $group_moderator . ", 0)"); } } $db->sql_query("UPDATE " . $prefix . '_bbgroups' . "\n\t\t\t\t\tSET group_type = {$group_type}, group_name = '" . Fix_Quotes($group_name) . "', group_description = '" . Fix_Quotes($group_description) . "', group_moderator = {$group_moderator}\n\t\t\t\t\tWHERE group_id = {$group_id}"); group_msg('The group has been updated'); } else { if ($mode == 'newgroup') { $db->sql_query("INSERT INTO " . $prefix . '_bbgroups' . " (group_type, group_name, group_description, group_moderator, group_single_user)\n\t\t\t\t\tVALUES ({$group_type}, '" . Fix_Quotes($group_name) . "', '" . Fix_Quotes($group_description) . "', {$group_moderator},\t\t '0')"); $new_group_id = $db->sql_nextid('group_id'); $db->sql_query("INSERT INTO " . $prefix . "_bbuser_group (group_id, user_id, user_pending) VALUES ({$new_group_id}, {$group_moderator}, 0)"); group_msg('The group has been added'); } else { cpg_error('No_group_action'); } } } } else { group_head(); // This is the main display of the page before the admin has selected any options. $result = $db->sql_query('SELECT group_id, group_name FROM ' . $prefix . '_bbgroups WHERE group_single_user = 0 ORDER BY group_name'); $select_list = ''; $fa = can_admin('forums') ? 4 : 3; if ($row = $db->sql_fetchrow($result)) {
$op = parse_select_option($option_value); switch ($op['action']) { case '0': break; case '1': if (GALLERY_ADMIN_MODE) { $category = intval($_POST['cat']); } else { $category = FIRST_USER_CAT + USER_ID; } echo "<tr><td colspan=\"6\" class=\"tableb\">" . sprintf('CREATE_ALB', $op['album_nm']) . "</td></tr>\n"; $album_nm = Fix_Quotes($op['album_nm']); $db->sql_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (category, title, uploads, pos) VALUES ('{$category}', '" . $album_nm . "', 'NO', '{$op['album_sort']}')", false, __FILE__, __LINE__); break; case '2': $album_nm = Fix_Quotes($op['album_nm']); echo "<tr><td colspan=\"6\" class=\"tableb\">" . sprintf(UPDATE_ALB, $op['album_no'], $op['album_nm'], $op['album_sort']) . "</td></tr>\n"; $db->sql_query("UPDATE {$CONFIG['TABLE_ALBUMS']} SET title='" . $album_nm . "', pos='{$op['album_sort']}' WHERE aid='{$op['album_no']}' {$restrict}", false, __FILE__, __LINE__); break; default: cpg_die(CRITICAL_ERROR, $ERR_INVALID_DATA, __FILE__, __LINE__); } } } if ($need_caption) { output_caption(); } echo "<tr><td colspan=\"6\" class=\"tablef\" align=\"center\">\n"; echo "<div class=\"admin_menu_thumb\"><a href=\"" . URL::index("&file=albmgr") . "\" class=\"adm_menu\">" . CONTINU . "</a></div>\n"; echo "</td></tr>"; endtable();
if (!can_admin('history')) { die('Access Denied'); } $pagetitle .= ' ' . _BC_DELIM . ' ' . _EPHEMADMIN; if (isset($_POST['createEntry'])) { $day = intval($_POST['day']); $month = intval($_POST['month']); $year = Fix_Quotes($_POST['year'], 1); $content = Fix_Quotes($_POST['content']); $entry_language = $_POST['language']; $db->sql_query("INSERT INTO " . $prefix . "_history (eid, did, mid, yid, content, language) VALUES (DEFAULT, '{$day}', '{$month}', '{$year}', '{$content}', '{$entry_language}')"); URL::redirect(URL::admin()); } elseif (isset($_POST['saveEntry'])) { $id = intval($_POST['entry_id']); $year = Fix_Quotes($_POST['entry_year'], 1); $content = Fix_Quotes($_POST['entry_content']); $entry_language = $_POST['entry_lang']; $db->sql_query("UPDATE " . $prefix . "_history SET yid='{$year}', content='{$content}', language='{$entry_language}' WHERE eid='{$id}'"); URL::redirect(URL::admin('&edit=' . $id)); } elseif (isset($_GET['delete'])) { if (isset($_POST['cancel'])) { URL::redirect(URL::admin()); } if (isset($_POST['confirm'])) { $db->sql_query("DELETE FROM " . $prefix . "_history WHERE eid='" . intval($_GET['delete']) . "'"); URL::redirect(URL::admin()); } cpg_delete_msg(URL::admin('&delete=' . intval($_GET['delete'])), sprintf(_ERROR_DELETE_CONF, 'this entry')); } elseif (isset($_POST['transferEntry'])) { $entry_day = intval($_POST['day']); $entry_month = intval($_POST['month']);
if (isset($_GET['status'])) { $statusMsg = intval($_GET['status']); $result = $db->sql_query("SELECT active FROM " . $prefix . "_message WHERE mid='{$statusMsg}'"); if ($db->sql_numrows($result) > 0) { list($status) = $db->sql_fetchrow($result); if (is_numeric($status)) { $status = intval(!$status); $db->sql_query("UPDATE " . $prefix . "_message SET active='{$status}' WHERE mid='{$statusMsg}'"); } } URL::redirect(URL::admin('messages')); } elseif (isset($_GET['save']) && isset($_POST['content'])) { $id = intval($_GET['save']); $title = Fix_Quotes($_POST['title']); $content = Fix_Quotes(encode_bbcode($_POST['content'])); $language = Fix_Quotes($_POST['language']); $expire = intval($_POST['expire']); $active = intval($_POST['active']); $view = intval($_POST['view']); if ($id > 0) { $newdate = $_POST['chng_date'] ? ', date=' . time() : ''; $result = $db->sql_query("UPDATE " . $prefix . "_message SET title='{$title}', content='{$content}' {$newdate}, expire={$expire}, active={$active}, view={$view}, mlanguage='{$language}' WHERE mid='{$id}'"); } else { $db->sql_query("INSERT INTO " . $prefix . "_message (mid, title, content, date, expire, active, view, mlanguage) VALUES (DEFAULT, '{$title}', '{$content}', " . time() . ", {$expire}, {$active}, {$view}, '{$language}')"); } URL::redirect(URL::admin('messages')); } else { if (isset($_GET['del']) && isset($_POST['confirm'])) { $db->sql_query('DELETE FROM ' . $prefix . '_message WHERE mid=' . intval($_GET['del'])); $db->optimize_table($prefix . '_message'); URL::redirect(URL::admin('messages'));
if (!is_user()) { cpg_error('You are not allowed to edit/create documents, please login or register'); } elseif (isset($_POST['content']) && !(isset($_POST['wysiwyg']) || isset($_POST['preview']))) { if (!can_admin($module_name)) { $msg = intval($_POST['page_id']) > 0 ? 'replace the current page.' : 'be added.'; $db->sql_query('INSERT INTO ' . $module_prefix . "_pages_wait (page_id, parent_id, title, user_id, comment, body) VALUES (" . intval($_POST['page_id']) . ", " . intval($_POST['parent_id']) . ", '" . Fix_Quotes($_POST['title']) . "', " . is_user() . ", '" . Fix_Quotes($_POST['comment']) . "', '" . Fix_Quotes($_POST['content']) . "')"); cpg_error('Page is added and is awaiting approval to ' . $msg, '', $MAIN_CFG['server']['path'] . URL::index()); } // page_id is used for modifications if (intval($_POST['page_id']) > 0) { $id = intval($_POST['page_id']); $sql = 'UPDATE ' . $module_prefix . "_pages SET" . ' parent_id=' . intval($_POST['parent_id']) . ', active=1' . ", title='" . Fix_Quotes($_POST['title']) . "', version=version+1" . ', supercede=' . time() . ', upd_user_id=' . is_user() . ", upd_author='" . Fix_Quotes($userinfo['username']) . "', comment='" . Fix_Quotes($_POST['comment']) . "', body='" . Fix_Quotes($_POST['content']) . "' WHERE id={$id}"; $db->sql_query($sql); } else { list($pos) = $db->sql_ufetchrow("SELECT COUNT(*) FROM " . $module_prefix . "_pages WHERE parent_id=" . intval($_POST['parent_id'])); $sql = 'INSERT INTO ' . $module_prefix . '_pages (parent_id, active, pos, title, time, user_id, author, comment, body) VALUES (' . intval($_POST['parent_id']) . ', 1, ' . ($pos + 1) . ", '" . Fix_Quotes($_POST['title']) . "', " . time() . ', ' . is_user() . ", '" . Fix_Quotes($userinfo['username']) . "', '" . Fix_Quotes($_POST['comment']) . "', '" . Fix_Quotes($_POST['content']) . "')"; $db->sql_query($sql); $id = $db->sql_nextid('id'); } cpg_error('Page is added', '', $MAIN_CFG['server']['path'] . URL::index('&id=' . $id)); } else { $row['id'] = 0; $row['parent_id'] = 0; $row['title'] = ''; $row['comment'] = ''; $row['content'] = '<b>nothing</b> yet'; if (isset($_POST['wysiwyg']) || isset($_POST['preview'])) { $row['id'] = $_POST['page_id']; $row['parent_id'] = $_POST['parent_id']; $row['title'] = $_POST['title']; $row['comment'] = $_POST['comment'];
function search($search_id = '') { global $db, $dl_prefix, $user_prefix, $CPG_SESS, $module_name, $perpage, $limit; $searchsess = array(); $s_opt = array('s_BASICSEARCH' => array('o' => 4, 't' => 'Keywords'), 's_cid' => array('o' => 2, 't' => _CATEGORY), 's_submitter' => array('o' => 2, 't' => _DLP_SUBMITTEDBY), 's_name' => array('o' => 1, 't' => _AUTHORNAME), 's_email' => array('o' => 1, 't' => _AUTHOREMAIL), 's_pick' => array('o' => 5, 't' => _DLP_EDPICK), 's_screenshot' => array('o' => 6, 't' => 'Have screenshot'), 's_date' => array('o' => 3, 't' => 'Published in past'), 's_updated' => array('o' => 3, 't' => 'Updated in past')); $result = $db->sql_uquery("SELECT * FROM " . $dl_prefix . "_fields \n\t\t\tWHERE visible > 0 \n\t\t\tORDER BY title"); while ($field = $db->sql_fetchrow($result)) { $f_title = defined($field['title']) ? constant($field['title']) : $field['title']; $s_opt['s_' . $field['field']] = array('o' => $field['type'] == 1 || $field['type'] == 3 ? 5 : 1, 't' => $f_title); } $operator = 'AND'; $sq = $sq2 = array(); if (!empty($search_id)) { if (!isset($CPG_SESS[$module_name]['search'][$search_id])) { echo $this->show_error('Invalid session data'); return; } else { $dsource = $CPG_SESS[$module_name]['search'][$search_id]; } } else { $dsource = $_POST; } if (isset($_GET['sa'])) { $dsource['s_submitter'] = $_GET['sa']; } elseif (isset($_GET['key'])) { if ($_GET['key'] == 'new') { $dsource['s_date'] = 5; } elseif ($_GET['key'] == 'pick') { $dsource['s_pick'] = 1; } } foreach ($s_opt as $value => $sp) { if (isset($dsource[$value]) && !empty($dsource[$value])) { if (empty($search_id)) { $searchsess[$value] = $dsource[$value]; } if ($sp['o'] == 5 || $sp['o'] == 6) { $this->criteria[$sp['t']] = $dsource[$value] == 1 ? _YES : _NO; } elseif ($value == 's_cid') { list($cattitle) = $db->sql_ufetchrow("SELECT title FROM " . $dl_prefix . "_categories \n\t\t\t\t\t\tWHERE cid='" . intval($dsource[$value]) . "'"); $this->criteria[$sp['t']] = $cattitle; } elseif ($value == 's_submitter') { if (is_numeric($dsource[$value])) { list($username) = $db->sql_ufetchrow("SELECT username FROM " . $user_prefix . "_users \n\t\t\t\t\t\t\tWHERE user_id='" . intval($dsource[$value]) . "'"); $this->criteria[$sp['t']] = $username; } else { list($userid) = $db->sql_ufetchrow("SELECT user_id FROM " . $user_prefix . "_users \n\t\t\t\t\t\t\tWHERE username='******'"); $this->criteria[$sp['t']] = $dsource[$value]; $dsource['s_submitter'] = $userid; } } else { $this->criteria[$sp['t']] = $dsource[$value]; } $dbvalue = substr($value, 2); if ($sp['o'] == 2 || $sp['o'] == 5) { $sq2[] = 'd.' . $dbvalue . '=' . intval($dsource[$value]); } elseif ($sp['o'] == 3) { $advance = intval($dsource[$value]) * 86400; $date = time() - $advance; $sq2[] = 'd.' . $dbvalue . ' >= ' . $date; $this->criteria[$sp['t']] = $dsource[$value] . ' days'; } elseif ($sp['o'] == 4) { $sq[] = "d.title LIKE '%" . Fix_Quotes($dsource[$value]) . "%'"; $sq[] = "d.desc_short LIKE '%" . Fix_Quotes($dsource[$value]) . "%'"; $operator = 'OR'; } elseif ($sp['o'] == 6) { $sq2[] = 'd.screen > 0'; } else { $sq[] = "d.{$dbvalue} LIKE '%" . Fix_Quotes($dsource[$value]) . "%'"; } } } if (empty($this->criteria)) { echo $this->show_error('Please provide some criteria for your search') . $this->search_form(); return; } if (empty($search_id)) { mt_srand((double) microtime() * 1000000); $search_id = mt_rand(); foreach ($searchsess as $k => $v) { $CPG_SESS[$module_name]['search'][$search_id][$k] = $v; } } $this->search_id = $search_id; $sq2[] = can_admin($module_name) ? 'd.active!=2' : 'd.active=1'; $qstring = implode($sq, ' ' . $operator . ' '); $qstring2 = implode($sq2, ' AND '); if (!empty($qstring) && !empty($qstring2)) { $qstring2 .= ' AND '; } $result = $db->sql_query("SELECT d.*, SUM(r.score) AS score, COUNT(r.score) AS votes, s.url AS img_url, u.username FROM " . $dl_prefix . "_downloads d\n\t\t\tLEFT JOIN " . $dl_prefix . "_ratings r ON (r.lid = d.lid AND r.active = 1)\n\t\t\tLEFT JOIN " . $dl_prefix . "_screenshots s ON (s.id = d.screen)\n\t\t\tLEFT JOIN " . $user_prefix . "_users u ON (u.user_id = d.submitter)\n\t\t\tWHERE {$qstring2} " . (!empty($qstring) ? "({$qstring})" : '') . " \n\t\t\tGROUP BY d.lid, d.cid, d.active, d.access, d.title, d.screen, d.desc_short, d.desc_long, d.notes, d.date, d.updated, d.name, d.email, d.submitter, d.filesize, d.version, d.homepage, d.compat, d.pick, s.url, u.username \n\t\t\tLIMIT {$perpage} OFFSET {$limit}"); list($totalresults) = $db->sql_ufetchrow("SELECT COUNT(d.lid) FROM " . $dl_prefix . "_downloads d WHERE {$qstring2} " . (!empty($qstring) ? "({$qstring})" : '')); $this->total_results = $totalresults; while ($row = $db->sql_fetchrow($result)) { $this->add_result($row); } }
require 'header.php'; OpenTable(); echo open_form($adminindex, false, _NOADMINYET) . ' <label class="set" for="name">' . _NICKNAME . '</label><input class="set" type="text" name="name" id="name" size="30" maxlength="25" /><br /> <label class="set" for="email">' . _EMAIL . '</label><input class="set" type="text" name="email" id="email" size="30" maxlength="255" /><br /> <label class="set" for="password">' . _PASSWORD . '</label><input class="set" type="password" name="pwd" id="pwd" size="20" maxlength="40" /><br /> <label class="set" for="user_new">' . _CREATEUSERDATA . '</label>' . yesno_option('user_new', 1) . '<br /> <input type="hidden" name="fop" value="create_first" /> <div style="text-align:center;"><input type="submit" class="sub" value="' . _SUBMIT . '" /></div>' . close_form(); CloseTable(); require 'footer.php'; } else { if (isset($_POST['fop']) && $_POST['fop'] == 'create_first') { if (preg_match('#^[0-9]#', $_POST['pwd']) && preg_match('#[a-z]#', $_POST['pwd']) && preg_match('#[A-Z]#', $_POST['pwd'])) { $name = Fix_Quotes($_POST['name']); $email = Fix_Quotes($_POST['email']); $pwd = md5($_POST['pwd']); $db->sql_query("INSERT INTO " . $prefix . "_admins (aid, email, pwd, radminsuper) VALUES ('{$name}', '{$email}', '{$pwd}', '1')"); if ($_POST['user_new'] == 1) { $db->sql_query('INSERT INTO ' . $user_prefix . "_users (user_id, username, user_email, user_avatar, user_regdate, user_password, theme, commentmax, user_level, user_lang, user_dateformat)\n\t\t\t\t\tVALUES (DEFAULT,'{$name}','{$email}','" . $MAIN_CFG['avatar']['default'] . "','" . time() . "','{$pwd}','{$MAIN_CFG['global']['Default_Theme']}','4096', '2', 'english','D M d, Y g:i a')"); } login(); } else { cpg_error(_PASSWORD_MALFORMED); } } } exit; } } function login()
function run_ranks() { global $db, $lang, $template, $op, $bgcolor1, $bgcolor2; if (isset($_GET['mode']) || isset($_POST['mode'])) { $mode = htmlprepare(isset($_GET['mode']) ? $_GET['mode'] : $_POST['mode']); } else { if (isset($_POST['add'])) { $mode = 'add'; } else { if (isset($_POST['save'])) { $mode = 'save'; } else { $mode = ''; } } } if ($mode != '') { if ($mode == 'edit' || $mode == 'add') { // // They want to add a new rank, show the form. // $rank_id = isset($_GET['id']) ? intval($_GET['id']) : 0; $s_hidden_fields = ''; if ($mode == 'edit') { if (empty($rank_id)) { message_die(GENERAL_MESSAGE, $lang['Must_select_rank']); } $result = $db->sql_query("SELECT * FROM {$db->TBL->bbranks} WHERE rank_id = {$rank_id}"); $rank_info = $db->sql_fetchrow($result); $s_hidden_fields .= '<input type="hidden" name="id" value="' . $rank_id . '" />'; } else { $rank_info['rank_special'] = 0; } $s_hidden_fields .= '<input type="hidden" name="mode" value="save" />'; $rank_is_special = $rank_info['rank_special'] ? "checked=\"checked\"" : ""; $rank_is_not_special = !$rank_info['rank_special'] ? "checked=\"checked\"" : ""; $template->set_filenames(array('body' => 'forums/admin/ranks_edit_body.html')); $template->assign_vars(array("RANK" => isset($rank_info['rank_title']) ? $rank_info['rank_title'] : '', "SPECIAL_RANK" => $rank_is_special, "NOT_SPECIAL_RANK" => $rank_is_not_special, "MINIMUM" => $rank_is_special ? "" : isset($rank_info['rank_min']) ? $rank_info['rank_min'] : '', "IMAGE" => isset($rank_info['rank_image']) && $rank_info['rank_image'] != "" ? $rank_info['rank_image'] : "", "IMAGE_DISPLAY" => isset($rank_info['rank_image']) && $rank_info['rank_image'] != "" ? '<img src="' . $rank_info['rank_image'] . '" alt="" />' : "", "L_RANKS_TITLE" => $lang['Ranks_title'], "L_RANKS_TEXT" => $lang['Ranks_explain'], "L_RANK_TITLE" => $lang['Rank_title'], "L_RANK_SPECIAL" => $lang['Rank_special'], "L_RANK_MINIMUM" => $lang['Rank_minimum'], "L_RANK_IMAGE" => $lang['Rank_image'], "L_RANK_IMAGE_EXPLAIN" => $lang['Rank_image_explain'], "L_SUBMIT" => $lang['Submit'], "L_RESET" => $lang['Reset'], "L_YES" => $lang['Yes'], "L_NO" => $lang['No'], "S_RANK_ACTION" => URL::admin("{$op}"), "S_HIDDEN_FIELDS" => $s_hidden_fields)); } else { if ($mode == "save") { // // Ok, they sent us our info, let's update it. // $rank_id = isset($_POST['id']) ? intval($_POST['id']) : 0; $rank_title = isset($_POST['title']) ? trim($_POST['title']) : ""; $special_rank = $_POST['special_rank'] == 1 ? TRUE : 0; $min_posts = isset($_POST['min_posts']) ? intval($_POST['min_posts']) : -1; $rank_image = isset($_POST['rank_image']) ? trim($_POST['rank_image']) : ""; if ($rank_title == "") { message_die(GENERAL_MESSAGE, $lang['Must_select_rank']); } if ($special_rank == 1) { $max_posts = -1; $min_posts = -1; } // // The rank image has to be a jpg, gif or png // if ($rank_image != "") { if (!preg_match("/(\\.gif|\\.png|\\.jpg)\$/is", $rank_image)) { $rank_image = ""; } } if ($rank_id) { if (!$special_rank) { $db->sql_query("UPDATE " . USERS_TABLE . " SET user_rank = 0 WHERE user_rank = {$rank_id}"); } $sql = "UPDATE {$db->TBL->bbranks}\n\t\t\t\t\tSET rank_title = '" . Fix_Quotes($rank_title) . "', rank_special = {$special_rank}, rank_min = {$min_posts}, rank_image = '" . Fix_Quotes($rank_image) . "'\n\t\t\t\t\tWHERE rank_id = {$rank_id}"; $message = $lang['Rank_updated']; } else { $sql = "INSERT INTO {$db->TBL->bbranks} (rank_title, rank_special, rank_min, rank_image)\n\t\t\t\t\tVALUES ('" . Fix_Quotes($rank_title) . "', {$special_rank}, {$min_posts}, '" . Fix_Quotes($rank_image) . "')"; $message = $lang['Rank_added']; } $db->sql_query($sql); $message .= "<br /><br />" . sprintf($lang['Click_return_rankadmin'], "<a href=\"" . URL::admin("{$op}") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . URL::admin($op) . "\">", "</a>"); message_die(GENERAL_MESSAGE, $message); } else { if ($mode == "delete") { // // Ok, they want to delete their rank // if (isset($_POST['id']) || isset($_GET['id'])) { $rank_id = isset($_POST['id']) ? intval($_POST['id']) : intval($_GET['id']); } else { $rank_id = 0; } if ($rank_id) { $db->sql_query("DELETE FROM {$db->TBL->bbranks} WHERE rank_id = {$rank_id}"); $db->sql_query("UPDATE " . USERS_TABLE . " SET user_rank = 0 WHERE user_rank = {$rank_id}"); $message = $lang['Rank_removed'] . "<br /><br />" . sprintf($lang['Click_return_rankadmin'], "<a href=\"" . URL::admin("{$op}") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . URL::admin($op) . "\">", "</a>"); message_die(GENERAL_MESSAGE, $message); } else { message_die(GENERAL_MESSAGE, $lang['Must_select_rank']); } } else { // // They didn't feel like giving us any information. Oh, too bad, we'll just display the // list then... // $template->set_filenames(array('body' => 'forums/admin/ranks_list_body.html')); $result = $db->sql_query("SELECT * FROM {$db->TBL->bbranks} ORDER BY rank_min, rank_title"); $rank_rows = $db->sql_fetchrowset($result); $rank_count = count($rank_rows); $template->assign_vars(array("L_RANKS_TITLE" => $lang['Ranks_title'], "L_RANKS_TEXT" => $lang['Ranks_explain'], "L_RANK" => $lang['Rank_title'], "L_RANK_MINIMUM" => $lang['Rank_minimum'], "L_SPECIAL_RANK" => $lang['Special_rank'], "L_EDIT" => $lang['Edit'], "L_DELETE" => $lang['Delete'], "L_ADD_RANK" => $lang['Add_new_rank'], "L_ACTION" => $lang['Action'], "S_RANKS_ACTION" => URL::admin("{$op}"))); for ($i = 0; $i < $rank_count; $i++) { $rank = $rank_rows[$i]['rank_title']; $special_rank = $rank_rows[$i]['rank_special']; $rank_id = $rank_rows[$i]['rank_id']; $rank_min = $rank_rows[$i]['rank_min']; if ($special_rank) { $rank_min = $rank_max = "-"; } $row_color = !($i % 2) ? $bgcolor2 : $bgcolor1; $row_class = !($i % 2) ? 'row1' : 'row2'; $template->assign_block_vars("ranks", array("ROW_COLOR" => $row_color, "ROW_CLASS" => $row_class, "RANK" => $rank, "RANK_MIN" => $rank_min, "SPECIAL_RANK" => $special_rank == 1 ? $lang['Yes'] : $lang['No'], "U_RANK_EDIT" => URL::admin("{$op}&mode=edit&id={$rank_id}"), "U_RANK_DELETE" => URL::admin("{$op}&mode=delete&id={$rank_id}"))); } } } } } else { // // Show the default page // $template->set_filenames(array('body' => 'forums/admin/ranks_list_body.html')); $result = $db->sql_query("SELECT * FROM {$db->TBL->bbranks} ORDER BY rank_min ASC, rank_special ASC"); $rank_count = $db->sql_numrows($result); $rank_rows = $db->sql_fetchrowset($result); $template->assign_vars(array("L_RANKS_TITLE" => $lang['Ranks_title'], "L_RANKS_TEXT" => $lang['Ranks_explain'], "L_RANK" => $lang['Rank_title'], "L_RANK_MINIMUM" => $lang['Rank_minimum'], "L_SPECIAL_RANK" => $lang['Rank_special'], "L_EDIT" => $lang['Edit'], "L_DELETE" => $lang['Delete'], "L_ADD_RANK" => $lang['Add_new_rank'], "L_ACTION" => $lang['Action'], "S_RANKS_ACTION" => URL::admin($op))); for ($i = 0; $i < $rank_count; $i++) { $rank = $rank_rows[$i]['rank_title']; $special_rank = $rank_rows[$i]['rank_special']; $rank_id = $rank_rows[$i]['rank_id']; $rank_min = $rank_rows[$i]['rank_min']; if ($special_rank == 1) { $rank_min = $rank_max = "-"; } $row_color = !($i % 2) ? $bgcolor2 : $bgcolor1; $row_class = !($i % 2) ? 'row1' : 'row2'; $rank_is_special = $special_rank ? $lang['Yes'] : $lang['No']; $template->assign_block_vars("ranks", array("ROW_COLOR" => $row_color, "ROW_CLASS" => $row_class, "RANK" => $rank, "SPECIAL_RANK" => $rank_is_special, "RANK_MIN" => $rank_min, "U_RANK_EDIT" => URL::admin("{$op}&mode=edit&id={$rank_id}"), "U_RANK_DELETE" => URL::admin("{$op}&mode=delete&id={$rank_id}"))); } } $template->display('body'); CloseTable(); }
private function do_insert_attachment($mode, $message_type, $message_id) { global $db, $upload_dir; if (intval($message_id) < 0) { return FALSE; } if ($message_type == 'pm') { global $userdata, $to_userdata; $post_id = 0; $privmsgs_id = $message_id; $user_id_1 = $userdata['user_id']; $user_id_2 = $to_userdata['user_id']; } else { if ($message_type = 'post') { global $post_info, $userdata; $post_id = $message_id; $privmsgs_id = 0; $user_id_1 = isset($post_info['poster_id']) ? $post_info['poster_id'] : 0; $user_id_2 = 0; if (!$user_id_1) { $user_id_1 = $userdata['user_id']; } } } if ($mode == 'attach_list') { for ($i = 0; $i < count($this->attachments); $i++) { $this->attachments[$i]['comment'] = Fix_Quotes($this->attachments[$i]['comment']); $this->attachments[$i]['real_filename'] = Fix_Quotes($this->attachments[$i]['real_filename']); if ($this->attachments[$i]['attach_id'] > 0) { // // update entry in db if attachment already stored in db and filespace // $sql = "UPDATE " . ATTACHMENTS_DESC_TABLE . " \n\t\t\t\t\tSET comment = '" . trim($this->attachments[$i]['comment']) . "'\n\t\t\t\t\tWHERE attach_id = " . $this->attachments[$i]['attach_id']; $db->sql_query($sql); } else { // // insert attachment into db // $sql = "INSERT INTO " . ATTACHMENTS_DESC_TABLE . " (physical_filename, real_filename, comment, extension, mimetype, filesize, filetime, thumbnail) \n\t\t\t\t\tVALUES ( '" . $this->attachments[$i]['physical_filename'] . "', '" . $this->attachments[$i]['real_filename'] . "', '" . trim($this->attachments[$i]['comment']) . "', '" . $this->attachments[$i]['extension'] . "', '" . $this->attachments[$i]['mimetype'] . "', " . $this->attachments[$i]['filesize'] . ", " . $this->attachments[$i]['filetime'] . ", " . $this->attachments[$i]['thumbnail'] . ")"; $db->sql_query($sql); $attach_id = $db->sql_nextid('attach_id'); $sql = 'INSERT INTO ' . ATTACHMENTS_TABLE . ' (attach_id, post_id, privmsgs_id, user_id_1, user_id_2) VALUES (' . $attach_id . ', ' . $post_id . ', ' . $privmsgs_id . ', ' . $user_id_1 . ', ' . $user_id_2 . ')'; $db->sql_query($sql); } } return TRUE; } if ($mode == 'last_attachment') { if ($this->post_attach && !isset($_POST['update_attachment'])) { // // insert attachment into db, here the user submited it directly // $sql = "INSERT INTO " . ATTACHMENTS_DESC_TABLE . " (physical_filename, real_filename, comment, extension, mimetype, filesize, filetime, thumbnail) \n\t\t\t\tVALUES ( '" . $this->attach_filename . "', '" . Fix_Quotes($this->filename) . "', '" . trim(Fix_Quotes($this->file_comment)) . "', '" . $this->extension . "', '" . $this->type . "', " . $this->filesize . ", " . $this->filetime . ", " . $this->thumbnail . ")"; $db->sql_query($sql); $attach_id = $db->sql_nextid('attach_id'); $sql = 'INSERT INTO ' . ATTACHMENTS_TABLE . ' (attach_id, post_id, privmsgs_id, user_id_1, user_id_2) VALUES (' . $attach_id . ', ' . $post_id . ', ' . $privmsgs_id . ', ' . $user_id_1 . ', ' . $user_id_2 . ')'; $db->sql_query($sql); } } }
private function loginadmin() { $aid = isset($_POST['alogin']) ? Fix_Quotes($_POST['alogin']) : NULL; $pwd = isset($_POST['pwd']) ? $_POST['pwd'] : NULL; if ($aid && $pwd) { global $sec_code, $CPG_SESS; if ($sec_code & 1) { $gfxid = isset($_POST['gfxid']) ? $_POST['gfxid'] : 0; $code = $CPG_SESS['gfx'][$gfxid]; $gfx_check = isset($_POST['gfx_check']) ? $_POST['gfx_check'] : ''; if (strlen($gfx_check) < 2 || $code != $gfx_check) { return false; } } global $db, $prefix; $pwd = md5($pwd); $result = $db->sql_query('SELECT * FROM ' . $prefix . "_admins WHERE aid='{$aid}'"); $row = $db->sql_fetchrow($result, SQL_ASSOC); if (isset($row['admin_id'])) { if (!($login = Cache::array_load('login', 'a', false)) || !isset($login[$row['admin_id']])) { $login[$row['admin_id']] = 1; } else { if ($login[$row['admin_id']] >= 5) { cpg_error('Too many failed login attempts'); } else { $login[$row['admin_id']]++; } } if ($row['pwd'] == $pwd && $row['pwd'] != '') { $this->setadmcookie(true, $row['admin_id'], $pwd, isset($_POST['persistent'])); unset($row['pwd']); $this->admin = $row; $this->admin_id = $row['aid']; $this->demo = CPGN_DEMO && false !== strpos($this->admin_id, 'demo'); unset($CPG_SESS['admin']); $login[$row['admin_id']] = 1; } Cache::array_save('login', 'a', $login); } } return $this->admin_id; }
function DownloadsModEditorial() { global $downloadsprefix, $db; $db->sql_query("update " . $downloadsprefix . "_editorials set editorialtext='" . Fix_Quotes($_POST['editorialtext']) . "', editorialtitle='" . Fix_Quotes($_POST['editorialtitle']) . "' where downloadid=" . intval($_POST['downloadid'])); url_redirect(adminlink("&mode=DownloadsModDownload&lid={$downloadid}")); }
} } $template->assign_vars(array("WORD" => isset($word_info['word']) ? htmlprepare($word_info['word']) : '', "REPLACEMENT" => isset($word_info['replacement']) ? htmlprepare($word_info['replacement']) : '', "L_WORDS_TITLE" => $lang['Words_title'], "L_WORDS_TEXT" => $lang['Words_explain'], "L_WORD_CENSOR" => $lang['Edit_word_censor'], "L_WORD" => $lang['Word'], "L_REPLACEMENT" => $lang['Replacement'], "L_SUBMIT" => $lang['Submit'], "S_WORDS_ACTION" => URL::admin("&do=words"), "S_HIDDEN_FIELDS" => $s_hidden_fields)); } else { if ($mode == "save") { $word_id = isset($_POST['id']) ? intval($_POST['id']) : 0; $word = isset($_POST['word']) ? trim($_POST['word']) : ""; $replacement = isset($_POST['replacement']) ? trim($_POST['replacement']) : ""; if ($word == "" || $replacement == "") { message_die(GENERAL_MESSAGE, $lang['Must_enter_word']); } if ($word_id) { $sql = "UPDATE " . WORDS_TABLE . "\n\t\t\t\tSET word = '" . Fix_Quotes($word) . "', replacement = '" . Fix_Quotes($replacement) . "'\n\t\t\t\tWHERE word_id = {$word_id}"; $message = $lang['Word_updated']; } else { $sql = "INSERT INTO " . WORDS_TABLE . " (word, replacement)\n\t\t\t\tVALUES ('" . Fix_Quotes($word) . "', '" . Fix_Quotes($replacement) . "')"; $message = $lang['Word_added']; } if (!($result = $db->sql_query($sql))) { message_die(GENERAL_ERROR, "Could not insert data into words table", $lang['Error'], __LINE__, __FILE__, $sql); } $message .= "<br /><br />" . sprintf($lang['Click_return_wordadmin'], "<a href=\"" . URL::admin("&do=words") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . URL::admin($op) . "\">", "</a>"); message_die(GENERAL_MESSAGE, $message); } else { if ($mode == "delete") { if (isset($_POST['id']) || isset($_GET['id'])) { $word_id = isset($_POST['id']) ? $_POST['id'] : $_GET['id']; $word_id = intval($word_id); } else { $word_id = 0; }
//forum specific //grab the forum name so we can confirm it $db->sql_query("SELECT forum_name FROM " . FORUMS_TABLE . " WHERE forum_id = {$forum_id}"); $forum_row = $db->sql_fetchrowset($result); $db->sql_freeresult($result); $forum_name = $forum_row[0]['forum_name']; $forum_text = $lang_icons_admin['remove003']; } $template->assign_vars(array('L_TITLE' => $lang_icons_admin['remove001'], 'L_EXPLAIN1' => $lang_icons_admin['remove002'], 'L_EXPLAIN2' => $forum_text, 'L_CONFIRM_REMOVE' => $lang_icons_admin['remove005'], 'ICON_TO_REMOVE_SRC' => $icon_url, 'FORUM_TO_REMOVE_FROM' => $forum_name, 'S_ACTION' => URL::admin("&do=topic_icons"), 'S_HIDDEN_FIELDS' => '<input type="hidden" name="icon_id" value="' . $icon_id . '">')); return; } } //check for add request if (isset($_POST['addicon'])) { $forum_ids = $_POST['forum_id_list']; $icon_name = Fix_Quotes($_POST['icon_name']); $icon_path = $_POST['icon_path']; $global = $_POST['addglobal']; //add global if (isset($global) && !empty($icon_name) && !empty($icon_path)) { $db->sql_query("INSERT INTO " . TOPIC_ICONS_TABLE . " (forum_id, icon_url, icon_name) VALUES(-1, '{$icon_path}', '{$icon_name}')"); } else { if (!empty($forum_ids) && !empty($icon_name) && !empty($icon_path)) { //add forum specific //create the icon for each forum for ($i = 0; $i < count($forum_ids); $i++) { $forum_id = intval($forum_ids[$i]); $db->sql_query("INSERT INTO " . TOPIC_ICONS_TABLE . " (forum_id, icon_url, icon_name) VALUES({$forum_id}, '{$icon_path}', '{$icon_name}')"); } } }
function addrating($ratinglid, $ratinguser, $rating, $ratinghost_name, $ratingcomments) { global $downloadsprefix, $db, $userinfo, $module_name, $MAIN_CFG, $module_name, $outsidewaitdays, $anonymous; $passtest = true; include "header.php"; completevoteheader(); if (is_user()) { $ratinguser = $userinfo['user_id']; } else { if (isset($_POST['ratinguser'])) { $ratinguser = "******"; } else { $ratinguser = $anonymous; } } $results3 = $db->sql_query("SELECT title FROM " . $downloadsprefix . "_downloads WHERE lid={$ratinglid}"); while (list($title) = $db->sql_fetchrow($results3)) { $ttitle = $title; } /* Make sure only 1 anonymous from an IP in a single day. */ $ip = gethostbyaddr($_SERVER['REMOTE_ADDR']); //returns ip on function failure /* Check if Rating is Null */ if ($rating == "--") { $error = "nullerror"; completevote($error); $passtest = false; } /* Check if Download POSTER is voting (UNLESS Anonymous users allowed to post) */ if ($ratinguser != $anonymous && $ratinguser != "outside") { $result = $db->sql_query("SELECT submitter FROM " . $downloadsprefix . "_downloads WHERE lid={$ratinglid}"); while (list($ratinguserDB) = $db->sql_fetchrow($result)) { if ($ratinguserDB == $ratinguser) { $error = "postervote"; completevote($error); $passtest = false; } } } /* Check if REG user is trying to vote twice. */ if ($ratinguser != $anonymous && $ratinguser != "outside") { $result = $db->sql_query("SELECT ratinguser FROM " . $downloadsprefix . "_votedata WHERE ratinglid={$ratinglid}"); while (list($ratinguserDB) = $db->sql_fetchrow($result)) { if ($ratinguserDB == $ratinguser) { $error = "regflood"; completevote($error); $passtest = false; } } } /* Check if ANONYMOUS user is trying to vote more than once per day. */ if ($ratinguser == $anonymous) { $yesterdaytimestamp = time() - 86400 * $MAIN_CFG[$module_name]['anonwaitdays']; $ytsDB = Date("Y-m-d H:i:s", $yesterdaytimestamp); $result = $db->sql_query("SELECT * FROM " . $downloadsprefix . "_votedata WHERE ratinglid={$ratinglid} AND ratinguser='******' AND ratinghostname = '{$ip}' AND TO_DAYS(NOW()) - TO_DAYS(ratingtimestamp) < " . $MAIN_CFG[$module_name]['anonwaitdays']); $anonvotecount = $db->sql_numrows($result); if ($anonvotecount >= 1) { $error = "anonflood"; completevote($error); $passtest = false; } } /* Check if OUTSIDE user is trying to vote more than once per day. */ if ($ratinguser == "outside") { $yesterdaytimestamp = time() - 86400 * $outsidewaitdays; $ytsDB = Date("Y-m-d H:i:s", $yesterdaytimestamp); $result = $db->sql_query("SELECT * FROM " . $downloadsprefix . "_votedata WHERE ratinglid={$ratinglid} AND ratinguser='******' AND ratinghostname = '{$ip}' AND TO_DAYS(NOW()) - TO_DAYS(ratingtimestamp) < {$outsidewaitdays}"); $outsidevotecount = $db->sql_numrows($result); if ($outsidevotecount >= 1) { $error = "outsideflood"; completevote($error); $passtest = false; } } /* Passed Tests */ if ($passtest) { $ratingcomments = Fix_Quotes($ratingcomments); /* All is well. Add to Line Item Rate to DB. */ $db->sql_query("INSERT into " . $downloadsprefix . "_votedata values (NULL,'{$ratinglid}', '{$ratinguser}', '{$rating}', '{$ip}', '{$ratingcomments}', now())"); /* All is well. Calculate Score & Add to Summary (for quick retrieval & sorting) to DB. */ /* NOTE: If weight is modified, ALL downloads need to be refreshed with new weight. */ /* Running a SQL statement with your modded calc for ALL downloads will accomplish this. */ $voteresult = $db->sql_query("SELECT rating, ratinguser, ratingcomments FROM " . $downloadsprefix . "_votedata WHERE ratinglid = {$ratinglid}"); $totalvotesDB = $db->sql_numrows($voteresult); include "modules/{$module_name}/voteinclude.php"; $db->sql_query("UPDATE " . $downloadsprefix . "_downloads SET downloadratingsummary={$finalrating},totalvotes={$totalvotesDB},totalcomments={$truecomments} WHERE lid = {$ratinglid}"); $error = "none"; completevote($error); } completevotefooter($ratinglid, $ttitle, $ratinguser); include "footer.php"; }
function update_user($user_id) { global $db, $CONFIG, $lang_usermgr_php, $lang_register_php; $user_active_cp = $_POST['user_active_cp']; $user_group_cp = $_POST['user_group_cp']; $group_list = isset($_POST['group_list']) ? $_POST['group_list'] : ''; $username = isset($username) ? $username : ''; $sql = "SELECT user_id FROM {$CONFIG['TABLE_USERS']} WHERE username = '******' AND user_id != {$user_id}"; $result = $db->sql_query($sql); if ($db->sql_numrows($result)) { cpg_die(_ERROR, $lang_register_php['err_user_exists'], __FILE__, __LINE__); return false; } $db->sql_freeresult($result); $user_group_list = ''; if (is_array($group_list)) { foreach ($group_list as $group) { $user_group_list .= $group != $user_group_cp ? $group . ',' : ''; } $user_group_list = substr($user_group_list, 0, -1); } $sql_update = "UPDATE {$CONFIG['TABLE_USERS']} SET " . "user_active_cp = '{$user_active_cp}', " . "user_group_cp = '{$user_group_cp}', " . "user_group_list_cp = '{$user_group_list}' " . "WHERE user_id = '{$user_id}'"; $db->sql_query($sql_update); }