private function _renderMenuItems($pid = 0)
{
global $_CONF, $_TABLES, $_USER, $_BLOCK_TEMPLATE;
foreach ($this->_menuitems as $menuitem) {
if ($this->_multiLangMode) {
$label = $this->getMenuLabel($menuitem['id']);
} else {
$label = $menuitem['label'];
}
$target = $menuitem['type'] == 2 ? 'target=newWindow;' . $this->_targetFeatures : '';
$menuitemImage = trim($menuitem['image']);
if ($menuitemImage != '') {
// Check and see if the full url is entered
if (strpos($menuitemImage, 'http') === false) {
$menuitemImage = $_CONF['site_url'] . '/nexmenu/menuimages/' . $menuitemImage;
}
}
if ($i == $this->_menuitemCount) {
$lastitem = true;
} else {
$lastitem = false;
}
// Check and see if this item is a submenu
if ($menuitem['type'] == 3) {
// Type Submenu
$url = str_replace('[siteurl]', $_CONF['site_url'], $menuitem['url']);
$url = str_replace('[siteadminurl]', $_CONF['site_admin_url'], $url);
if ($this->_type == 'header') {
$menuitemimagecss = 'headermenuitemimage';
} else {
$menuitemimagecss = 'blocksubmenuitemimage';
}
$t = new Template($_CONF['path_layout'] . 'nexmenu/procssmenu');
if ($pid == 0) {
if ($this->_type == 'header') {
$t->set_file('menu', 'headersubmenu.thtml');
} else {
$t->set_file('menu', 'submenu.thtml');
}
$t->set_var('menuitem_url', $url);
if ($menuitemImage != '') {
$image = '<img src="' . $menuitemImage . '" border="0"> ';
$label = "{$image}<span id=\"{$menuitemimagecss}\">{$label}</span>";
$t->set_var('menuitem_label', $label);
} else {
$t->set_var('menuitem_label', $label);
}
if ($pid == 0) {
$t->set_var('imgclass', 'drop');
} else {
$t->set_var('imgclass', 'fly');
}
if ($i == $this->_menuitemCount) {
$t->set_var('lastitemclass', 'class="enclose"');
}
} else {
$t->set_file('menu', 'flysubmenu.thtml');
$t->set_var('menuitem_url', $url);
$t->set_var('menuitem_label', $label);
}
parent::initMenuItems($menuitem['id']);
$t->set_var('submenu_items', $this->_renderMenuItems($menuitem['id']));
$t->parse('output', 'menu');
$retval .= $t->finish($t->get_var('output'));
} elseif ($menuitem['type'] == 4) {
// Core Menu
switch ($menuitem['url']) {
case "adminmenu":
if ($_USER['uid'] > 1) {
$_BLOCK_TEMPLATE['admin_block'] = 'nexmenu/procssmenu/blank.thtml,nexmenu/procssmenu/blank.thtml';
$_BLOCK_TEMPLATE['adminoption'] = 'nexmenu/procssmenu/menuitem.thtml,nexmenu/procssmenu/menuitem_on.thtml';
$plugin_options .= PLG_getAdminOptions();
$nrows = count($plugin_options);
if (SEC_isModerator() or $nrows > 0 or SEC_hasrights('story.edit,block.edit,topic.edit,link.edit,event.edit,poll.edit,user.edit,plugin.edit,user.mail', 'OR')) {
$retval .= COM_adminMenu();
}
}
break;
case "usermenu":
if ($_USER['uid'] > 1) {
$_BLOCK_TEMPLATE['user_block'] = 'nexmenu/procssmenu/blank.thtml,nexmenu/procssmenu/blank.thtml';
$_BLOCK_TEMPLATE['useroption'] = 'nexmenu/procssmenu/menuitem.thtml,nexmenu/procssmenu/menuitem_on.thtml';
$retval .= COM_userMenu();
}
break;
case "topicmenu":
$_BLOCK_TEMPLATE['topicoption'] = 'nexmenu/procssmenu/menuitem2.thtml,nexmenu/procssmenu/menuitem2_on.thtml';
$retval .= COM_showTopics('', " sortnum < '{$CONF_NEXMENU['restricted_topics']}'");
break;
case "linksmenu":
if ($this->_linksPlugin) {
$retval .= nexmenu_showlinks($pid, $this->_type, 'site', $numcategories, 0, $lastitem);
}
break;
case "spmenu":
if ($this->_staticpagesPlugin) {
if ($CONF_NEXMENU['sp_labelonly']) {
$sql = "SELECT sp_id,sp_title,sp_label FROM {$_TABLES['staticpage']} WHERE sp_onmenu=1 ";
$sql .= COM_getPermSql('AND');
$sql .= 'ORDER BY sp_title';
$spquery = DB_query($sql);
} else {
$sql = "SELECT sp_id,sp_title,sp_label FROM {$_TABLES['staticpage']} ";
$sql .= COM_getPermSql('WHERE');
$sql .= 'ORDER BY sp_title';
$spquery = DB_query($sql);
}
while (list($id, $title, $sp_label) = DB_fetchArray($spquery)) {
if (trim($sp_label) == '') {
$label = $title;
} else {
$label = $sp_label;
}
$url = "{$_CONF['site_url']}/staticpages/index.php?page={$id}";
$retval .= "<li><a href=\"{$url}\" {$target}>{$label}</a></li>" . LB;
}
}
break;
case "pluginmenu":
$result = DB_query("SELECT pi_name FROM {$_TABLES['plugins']} WHERE pi_enabled = 1");
$nrows = DB_numRows($result);
$menu = array();
for ($i = 1; $i <= $nrows; $i++) {
$A = DB_fetchArray($result);
$function = 'plugin_getmenuitems_' . $A['pi_name'];
if (function_exists($function)) {
$menuitems = $function();
if (is_array($menuitems) and count($menuitems) > 0) {
foreach ($menuitems as $plugin_label => $plugin_link) {
if ($pid == 0) {
$retval .= "<li class=\"top\"><a class=\"top_link\" href=\"{$plugin_link}\" {$target}><span>{$plugin_label}</span></a></li>" . LB;
} else {
$retval .= "<li><a href=\"{$plugin_link}\" {$target}><span>{$plugin_label}</span></a></li>" . LB;
}
}
}
}
}
break;
case "headermenu":
$t = new Template($_CONF['path_layout'] . 'nexmenu/procssmenu');
$t->set_file(array('menu' => 'siteheader_menuitems.thtml', 'menuitem' => 'headermenu_item.thtml', 'menuitem_last' => 'headermenu_item.thtml'));
$plugin_menu = PLG_getMenuItems();
COM_renderMenu($t, $plugin_menu);
$t->parse('output', 'menu');
$retval .= $t->finish($t->get_var('output'));
break;
}
// End of menutype == 4 (Core Menu)
} elseif ($menuitem['type'] == 5) {
if (function_exists($menuitem['url'])) {
/* Pass the type of menu to custom php function */
$retval .= $menuitem['url']($this->_type);
}
} else {
$url = str_replace('[siteurl]', $_CONF['site_url'], $menuitem['url']);
$url = str_replace('[siteadminurl]', $_CONF['site_admin_url'], $url);
// what's our current URL?
$thisUrl = COM_getCurrentURL();
if ($menuitemImage != '') {
if ($this->_type == 'header') {
$menuitemimagecss = 'headermenuitemimage';
} else {
$menuitemimagecss = 'blockmenuitemimage';
}
$image = '<img src="' . $menuitemImage . '" border="0"> ';
if ($i == 1 and $pid > 0) {
$retval .= "<li><a href=\"{$url}\" {$target} class=\"enclose\">{$image}<span id=\"{$menuitemimagecss}\">{$label}</span></a></li>" . LB;
} elseif ($i == $menurows and $pid == 0) {
$retval .= "<li><a href=\"{$url}\" {$target} class=\"enclose\">{$image}<span id=\"{$menuitemimagecss}\">{$label}</span></a></li>" . LB;
} elseif ($url == $thisUrl) {
$retval .= "<li id=\"menuitem_current\"><a href=\"{$url}\" {$target}>{$image}<span id=\"{$menuitemimagecss}\">{$label}</span></a></li>" . LB;
} else {
$retval .= "<li><a href=\"{$url}\" {$target}>{$image}<span id=\"{$menuitemimagecss}\">{$label}</span></a></li>" . LB;
}
} else {
if ($pid == 0) {
$retval .= "<li class=\"top\"><a class=\"top_link\" href=\"{$url}\" {$target}><span>{$label}</span></a></li>" . LB;
} else {
$retval .= "<li><a href=\"{$url}\" {$target}><span>{$label}</span></a></li>" . LB;
}
}
}
$i++;
}
// Restore Template Setting
$_BLOCK_TEMPLATE = $this->_currentBlockTemplate;
return $retval;
}
echo COM_refresh($_CONF['site_url'] . '/users.php?msg=111');
// OAuth authentication error
}
$consumer->doAction($oauth_userinfo);
}
// end OAuth authentication method(s)
} else {
$status = -2;
}
if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) {
// logged in AOK.
SESS_completeLogin($uid);
$_GROUPS = SEC_getUserGroups($_USER['uid']);
$_RIGHTS = explode(',', SEC_getUserPermissions());
if ($_SYSTEM['admin_session'] > 0 && $local_login) {
if (SEC_isModerator() || SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') || count(PLG_getAdminOptions()) > 0) {
$admin_token = SEC_createTokenGeneral('administration', $_SYSTEM['admin_session']);
SEC_setCookie('token', $admin_token, 0, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
}
}
if (!isset($_USER['theme'])) {
$_USER['theme'] = $_CONF['theme'];
$_CONF['path_layout'] = $_CONF['path_themes'] . $_USER['theme'] . '/';
$_CONF['layout_url'] = $_CONF['site_url'] . '/layout/' . $_USER['theme'];
if ($_CONF['allow_user_themes'] == 1) {
if (isset($_COOKIE[$_CONF['cookie_theme']])) {
$theme = COM_sanitizeFilename($_COOKIE[$_CONF['cookie_theme']], true);
if (is_dir($_CONF['path_themes'] . $theme)) {
$_USER['theme'] = $theme;
$_CONF['path_layout'] = $_CONF['path_themes'] . $theme . '/';
$_CONF['layout_url'] = $_CONF['site_url'] . '/layout/' . $theme;
/**
* Prints administration menu
*
* This will return the administration menu items that the user has
* sufficient rights to -- Admin Block on the left side.
*
* @param string $help Help file to show
* @param string $title Menu Title
* @param string $position Side being shown on 'left', 'right' or blank.
* @see function COM_userMenu
*
*/
function COM_adminMenu($help = '', $title = '', $position = '')
{
global $_TABLES, $_CONF, $_CONF_FT, $LANG01, $LANG_ADMIN, $_BLOCK_TEMPLATE, $_DB_dbms, $config;
$retval = '';
if (COM_isAnonUser()) {
return $retval;
}
$plugin_options = PLG_getAdminOptions();
$num_plugins = count($plugin_options);
if (SEC_isModerator() or SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') or $num_plugins > 0 or SEC_hasConfigAcess()) {
// what's our current URL?
$thisUrl = COM_getCurrentURL();
$adminmenu = COM_newTemplate($_CONF['path_layout']);
if (isset($_BLOCK_TEMPLATE['adminoption'])) {
$templates = explode(',', $_BLOCK_TEMPLATE['adminoption']);
$adminmenu->set_file(array('option' => $templates[0], 'current' => $templates[1]));
} else {
$adminmenu->set_file(array('option' => 'adminoption.thtml', 'current' => 'adminoption_off.thtml'));
}
$adminmenu->set_var('block_name', str_replace('_', '-', 'admin_block'));
if (empty($title)) {
$title = DB_getItem($_TABLES['blocks'], 'title', "name = 'admin_block'");
}
$retval .= COM_startBlock($title, $help, COM_getBlockTemplate('admin_block', 'header', $position));
$topicsql = '';
if (SEC_isModerator() || SEC_hasRights('story.edit')) {
$tresult = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL());
$trows = DB_numRows($tresult);
if ($trows > 0) {
$tids = array();
for ($i = 0; $i < $trows; $i++) {
$T = DB_fetchArray($tresult);
$tids[] = $T['tid'];
}
if (count($tids) > 0) {
$topicsql = " (tid IN ('" . implode("','", $tids) . "'))";
}
}
}
$modnum = 0;
if (SEC_hasRights('story.edit,story.moderate', 'OR') || $_CONF['commentsubmission'] == 1 && SEC_hasRights('comment.moderate') || $_CONF['usersubmission'] == 1 && SEC_hasRights('user.edit,user.delete')) {
if (SEC_hasRights('story.moderate')) {
if (empty($topicsql)) {
$modnum += DB_count($_TABLES['storysubmission']);
} else {
$sresult = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['storysubmission']} WHERE" . $topicsql);
$S = DB_fetchArray($sresult);
$modnum += $S['count'];
}
}
if ($_CONF['listdraftstories'] == 1 && SEC_hasRights('story.edit')) {
$sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (draft_flag = 1)";
if (!empty($topicsql)) {
$sql .= ' AND' . $topicsql;
}
$result = DB_query($sql . COM_getPermSQL('AND', 0, 3));
$A = DB_fetchArray($result);
$modnum += $A['count'];
}
if ($_CONF['commentsubmission'] == 1 && SEC_hasRights('comment.moderate')) {
$modnum += DB_count($_TABLES['commentsubmissions']);
}
if ($_CONF['usersubmission'] == 1) {
if (SEC_hasRights('user.edit') && SEC_hasRights('user.delete')) {
$modnum += DB_count($_TABLES['users'], 'status', '2');
}
}
}
if (SEC_hasConfigAcess()) {
$url = $_CONF['site_admin_url'] . '/configuration.php';
$adminmenu->set_var('option_url', $url);
$adminmenu->set_var('option_label', $LANG01[129]);
$adminmenu->set_var('option_count', count($config->_get_groups()));
$menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option');
$link_array[$LANG01[129]] = $menu_item;
}
// now handle submissions for plugins
$modnum += PLG_getSubmissionCount();
if (SEC_hasRights('story.edit')) {
$url = $_CONF['site_admin_url'] . '/story.php';
$adminmenu->set_var('option_url', $url);
$adminmenu->set_var('option_label', $LANG01[11]);
if (empty($topicsql)) {
$numstories = DB_count($_TABLES['stories']);
} else {
$nresult = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE" . $topicsql . COM_getPermSql('AND'));
$N = DB_fetchArray($nresult);
$numstories = $N['count'];
}
$adminmenu->set_var('option_count', COM_numberFormat($numstories));
$menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option');
$link_array[$LANG01[11]] = $menu_item;
}
if (SEC_hasRights('block.edit')) {
$result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['blocks']}" . COM_getPermSql());
list($count) = DB_fetchArray($result);
$url = $_CONF['site_admin_url'] . '/block.php';
$adminmenu->set_var('option_url', $url);
$adminmenu->set_var('option_label', $LANG01[12]);
$adminmenu->set_var('option_count', COM_numberFormat($count));
$menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option');
$link_array[$LANG01[12]] = $menu_item;
}
if (SEC_hasRights('topic.edit')) {
$result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['topics']}" . COM_getPermSql());
list($count) = DB_fetchArray($result);
$url = $_CONF['site_admin_url'] . '/topic.php';
$adminmenu->set_var('option_url', $url);
$adminmenu->set_var('option_label', $LANG01[13]);
$adminmenu->set_var('option_count', COM_numberFormat($count));
$menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option');
$link_array[$LANG01[13]] = $menu_item;
}
if (SEC_hasRights('user.edit')) {
$url = $_CONF['site_admin_url'] . '/user.php';
$adminmenu->set_var('option_url', $url);
$adminmenu->set_var('option_label', $LANG01[17]);
$active_users = DB_count($_TABLES['users'], 'status', USER_ACCOUNT_ACTIVE);
$adminmenu->set_var('option_count', COM_numberFormat($active_users - 1));
$menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option');
$link_array[$LANG01[17]] = $menu_item;
}
if (SEC_hasRights('group.edit')) {
if (SEC_inGroup('Root')) {
$grpFilter = '';
} else {
$thisUsersGroups = SEC_getUserGroups();
$grpFilter = 'WHERE (grp_id IN (' . implode(',', $thisUsersGroups) . '))';
}
$result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['groups']} {$grpFilter};");
$A = DB_fetchArray($result);
$url = $_CONF['site_admin_url'] . '/group.php';
$adminmenu->set_var('option_url', $url);
$adminmenu->set_var('option_label', $LANG01[96]);
$adminmenu->set_var('option_count', COM_numberFormat($A['count']));
$menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option');
$link_array[$LANG01[96]] = $menu_item;
}
if (SEC_hasRights('user.mail')) {
$url = $_CONF['site_admin_url'] . '/mail.php';
$adminmenu->set_var('option_url', $url);
$adminmenu->set_var('option_label', $LANG01[105]);
$adminmenu->set_var('option_count', $LANG_ADMIN['na']);
$menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option');
$link_array[$LANG01[105]] = $menu_item;
}
if ($_CONF['backend'] == 1 && SEC_hasRights('syndication.edit')) {
$url = $_CONF['site_admin_url'] . '/syndication.php';
$adminmenu->set_var('option_url', $url);
$adminmenu->set_var('option_label', $LANG01[38]);
$count = COM_numberFormat(DB_count($_TABLES['syndication']));
$adminmenu->set_var('option_count', $count);
$menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option');
$link_array[$LANG01[38]] = $menu_item;
}
if (($_CONF['trackback_enabled'] || $_CONF['pingback_enabled'] || $_CONF['ping_enabled']) && SEC_hasRights('story.ping')) {
$url = $_CONF['site_admin_url'] . '/trackback.php';
$adminmenu->set_var('option_url', $url);
$adminmenu->set_var('option_label', $LANG01[116]);
if ($_CONF['ping_enabled']) {
$count = COM_numberFormat(DB_count($_TABLES['pingservice']));
$adminmenu->set_var('option_count', $count);
} else {
$adminmenu->set_var('option_count', $LANG_ADMIN['na']);
}
$menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option');
$link_array[$LANG01[116]] = $menu_item;
}
if (SEC_hasRights('plugin.edit')) {
$url = $_CONF['site_admin_url'] . '/plugins.php';
$adminmenu->set_var('option_url', $url);
$adminmenu->set_var('option_label', $LANG01[77]);
$adminmenu->set_var('option_count', COM_numberFormat(DB_count($_TABLES['plugins'], 'pi_enabled', 1)));
$menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option');
$link_array[$LANG01[77]] = $menu_item;
}
// This will show the admin options for all installed plugins (if any)
for ($i = 0; $i < $num_plugins; $i++) {
$plg = current($plugin_options);
$adminmenu->set_var('option_url', $plg->adminurl);
$adminmenu->set_var('option_label', $plg->adminlabel);
if (isset($plg->numsubmissions) && is_numeric($plg->numsubmissions)) {
$adminmenu->set_var('option_count', COM_numberFormat($plg->numsubmissions));
} elseif (!empty($plg->numsubmissions)) {
$adminmenu->set_var('option_count', $plg->numsubmissions);
} else {
$adminmenu->set_var('option_count', $LANG_ADMIN['na']);
}
$menu_item = $adminmenu->parse('item', $thisUrl == $plg->adminurl ? 'current' : 'option', true);
$link_array[$plg->adminlabel] = $menu_item;
next($plugin_options);
}
if ($_CONF['allow_mysqldump'] == 1 and $_DB_dbms == 'mysql' and SEC_inGroup('Root')) {
$url = $_CONF['site_admin_url'] . '/database.php';
$adminmenu->set_var('option_url', $url);
$adminmenu->set_var('option_label', $LANG01[103]);
$adminmenu->set_var('option_count', $LANG_ADMIN['na']);
$menu_item = $adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option');
$link_array[$LANG01[103]] = $menu_item;
}
if ($_CONF['link_documentation'] == 1) {
$doclang = COM_getLanguageName();
$docs = 'docs/' . $doclang . '/index.html';
if (file_exists($_CONF['path_html'] . $docs)) {
$adminmenu->set_var('option_url', $_CONF['site_url'] . '/' . $docs);
} else {
$adminmenu->set_var('option_url', $_CONF['site_url'] . '/docs/english/index.html');
}
$adminmenu->set_var('option_label', $LANG01[113]);
$adminmenu->set_var('option_count', $LANG_ADMIN['na']);
$menu_item = $adminmenu->parse('item', 'option');
$link_array[$LANG01[113]] = $menu_item;
}
if ($_CONF['link_versionchecker'] == 1 and SEC_inGroup('Root')) {
$adminmenu->set_var('option_url', 'http://www.geeklog.net/versionchecker.php?version=' . VERSION);
$adminmenu->set_var('option_label', $LANG01[107]);
$adminmenu->set_var('option_count', VERSION);
$menu_item = $adminmenu->parse('item', 'option');
$link_array[$LANG01[107]] = $menu_item;
}
if ($_CONF['sort_admin']) {
uksort($link_array, 'strcasecmp');
}
$url = $_CONF['site_admin_url'] . '/moderation.php';
$adminmenu->set_var('option_url', $url);
$adminmenu->set_var('option_label', $LANG01[10]);
$adminmenu->set_var('option_count', COM_numberFormat($modnum));
$menu_item = $adminmenu->finish($adminmenu->parse('item', $thisUrl == $url ? 'current' : 'option'));
$link_array = array($menu_item) + $link_array;
foreach ($link_array as $link) {
$retval .= $link;
}
$retval .= COM_endBlock(COM_getBlockTemplate('admin_block', 'footer', $position));
}
return $retval;
}
/**
* Determines if current user is an Admin of any kind
*
* Checks to see if this user is a administrator for any of the GL features OR
* GL plugins
*
* @return boolean returns true if user has any admin rights
*
*/
function SEC_isAdmin()
{
return SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') or count(PLG_getAdminOptions()) > 0 or SEC_inGroup('Root');
}
/**
* Prints administration menu
*
* This will return the administration menu items that the user has
* sufficient rights to -- Admin Block on the left side.
*
* @param string $help Help file to show
* @param string $title Menu Title
* @param string $position Side being shown on 'left', 'right' or blank.
* @see function COM_userMenu
*
*/
function COM_adminMenu($help = '', $title = '', $position = '')
{
$retval = '';
// This is quick so do first
if (COM_isAnonUser()) {
return $retval;
}
$plugin_options = PLG_getAdminOptions();
$num_plugins = count($plugin_options);
if (SEC_isModerator() or SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') or $num_plugins > 0 or SEC_hasConfigAccess()) {
$retval = COM_commandControl(true, $help, $title, $position);
}
return $retval;
}
private function _renderMenuItems()
{
global $_CONF, $_TABLES, $_USER, $_BLOCK_TEMPLATE;
foreach ($this->_menuitems as $menuitem) {
if ($this->_multiLangMode) {
$label = $this->getMenuLabel($menuitem['id']);
} else {
$label = $menuitem['label'];
}
$target = $menuitem['type'] == 2 ? 'target=newWindow;' . $this->_targetFeatures : '';
$menuitemImage = trim($menuitem['image']);
if ($menuitemImage != '') {
// Check and see if the full url is entered
if (strpos($menuitemImage, 'http') === false) {
$menuitemImage = $_CONF['site_url'] . '/nexmenu/menuimages/' . $menuitemImage;
}
}
if ($i == $this->_menuitemCount) {
$lastitem = true;
} else {
$lastitem = false;
}
// Check and see if this item is a submenu
if ($menuitem['type'] == 3) {
// Type Submenu
$url = str_replace('[siteurl]', $_CONF['site_url'], $menuitem['url']);
$url = str_replace('[siteadminurl]', $_CONF['site_admin_url'], $url);
if ($this->_type == 'header') {
$menuitemimagecss = 'headermenuitemimage';
} else {
$menuitemimagecss = 'blocksubmenuitemimage';
}
if ($menuitemImage != '') {
$retval .= 'aI("image=' . $menuitemImage . ';text=' . $label . ';' . 'url=' . $url . ';' . $target . 'showmenu=nexmenu' . $menuitem['id'] . ';");';
} else {
$retval .= 'aI("text=' . $label . ';' . 'url=' . $url . ';' . $target . 'showmenu=nexmenu' . $menuitem['id'] . ';");';
}
} elseif ($menuitem['type'] == 4) {
// Core Menu
switch ($menuitem['url']) {
case "adminmenu":
if ($_USER['uid'] > 1) {
$_BLOCK_TEMPLATE['admin_block'] = 'nexmenu/milonicmenu/blockheader-blank.thtml,nexmenu/milonicmenu/blockfooter-blank.thtml';
$_BLOCK_TEMPLATE['adminoption'] = 'nexmenu/milonicmenu/option.thtml,nexmenu/milonicmenu/option_off.thtml';
$plugin_options .= PLG_getAdminOptions();
$nrows = count($plugin_options);
if (SEC_isModerator() or $nrows > 0 or SEC_hasrights('story.edit,block.edit,topic.edit,link.edit,event.edit,poll.edit,user.edit,plugin.edit,user.mail', 'OR')) {
$retval .= COM_adminMenu();
}
}
break;
case "usermenu":
if ($_USER['uid'] > 1) {
$_BLOCK_TEMPLATE['user_block'] = 'nexmenu/milonicmenu/blockheader-blank.thtml,nexmenu/milonicmenu/blockfooter-blank.thtml';
$_BLOCK_TEMPLATE['useroption'] = 'nexmenu/milonicmenu/option.thtml,nexmenu/milonicmenu/option_off.thtml';
$retval .= COM_userMenu();
}
break;
case "topicmenu":
$_BLOCK_TEMPLATE['topicoption'] = 'nexmenu/milonicmenu/option.thtml,nexmenu/milonicmenu/option_off.thtml';
$retval .= COM_showTopics('', " sortnum < '{$CONF_NEXMENU['restricted_topics']}'");
break;
case "linksmenu":
if ($this->_linksPlugin) {
$retval .= $this->_milonicLinksPluginSiteLinks();
}
break;
case "spmenu":
if ($this->_staticpagesPlugin) {
if ($CONF_NEXMENU['sp_labelonly']) {
$sql = "SELECT sp_id,sp_title,sp_label FROM {$_TABLES['staticpage']} WHERE sp_onmenu=1 ";
$sql .= COM_getPermSql('AND');
$sql .= 'ORDER BY sp_title';
$spquery = DB_query($sql);
} else {
$sql = "SELECT sp_id,sp_title,sp_label FROM {$_TABLES['staticpage']} ";
$sql .= COM_getPermSql('WHERE');
$sql .= 'ORDER BY sp_title';
$spquery = DB_query($sql);
}
while (list($id, $title, $sp_label) = DB_fetchArray($spquery)) {
if (trim($sp_label) == '') {
$label = $title;
} else {
$label = $sp_label;
}
$url = "{$_CONF['site_url']}/staticpages/index.php?page={$id}";
$retval .= 'aI("text=' . $label . ';url=' . $_CONF['site_url'] . '/staticpages/index.php?page=' . $id . ';");';
}
}
break;
case "pluginmenu":
$result = DB_query("SELECT pi_name FROM {$_TABLES['plugins']} WHERE pi_enabled = 1");
$nrows = DB_numRows($result);
$menu = array();
for ($i = 1; $i <= $nrows; $i++) {
$A = DB_fetchArray($result);
$function = 'plugin_getmenuitems_' . $A['pi_name'];
if (function_exists($function)) {
$menuitems = $function();
if (is_array($menuitems) and count($menuitems) > 0) {
foreach ($menuitems as $plugin_label => $plugin_link) {
$retval .= 'aI("text=' . $plugin_label . ';' . $target . 'url=' . $plugin_link . ';");';
}
}
}
}
break;
}
// End of menutype == 4 (Core Menu)
} elseif ($menuitem['type'] == 5) {
if (function_exists($menuitem['url'])) {
/* Pass the type of menu to custom php function */
$retval .= $menuitem['url']($this->_type);
}
} else {
$url = str_replace('[siteurl]', $_CONF['site_url'], $menuitem['url']);
$url = str_replace('[siteadminurl]', $_CONF['site_admin_url'], $url);
// what's our current URL?
$thisUrl = COM_getCurrentURL();
if ($menuitemImage != '') {
$retval .= 'aI("image=' . $menuitemImage . ';text=' . $label . ';url=' . $url . ';' . $target . ';");';
} else {
$retval .= 'aI("text=' . $label . ';url=' . $url . ';' . $target . ';");';
}
}
$i++;
}
// Restore Template Setting
$_BLOCK_TEMPLATE = $this->_currentBlockTemplate;
return $retval;
}
PLG_loginUser($_USER['uid']);
// Now that we handled session cookies, handle longterm cookie
if (!isset($_COOKIE[$_CONF['cookie_name']])) {
// Either their cookie expired or they are new
$cooktime = COM_getUserCookieTimeout();
if (!empty($cooktime)) {
// They want their cookie to persist for some amount of time so set it now
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $cooktime);
}
}
if (!SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,syndication.edit', 'OR')) {
COM_redirect($_CONF['site_admin_url'] . '/index.php');
} else {
COM_redirect($_CONF['site_url'] . '/index.php');
}
} elseif (!SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') && count(PLG_getAdminOptions()) == 0 && !SEC_hasConfigAccess()) {
COM_updateSpeedlimit('login');
$display .= COM_startBlock($LANG20[1]);
if (!$_CONF['user_login_method']['standard']) {
$display .= '<p>' . $LANG_LOGIN[2] . '</p>';
} else {
if (isset($_POST['warn'])) {
$display .= $LANG20[2] . '<br' . XHTML . '><br' . XHTML . '>' . COM_accessLog($LANG20[3] . ' ' . $_POST['loginname']);
}
$display .= '<form action="' . $_CONF['site_admin_url'] . '/index.php" method="post">' . '<table cellspacing="0" cellpadding="3" border="0" width="100%">' . LB . '<tr><td class="alignright"><b><label for="loginname">' . $LANG20[4] . '</label></b></td>' . LB . '<td><input type="text" name="loginname" id="loginname" size="16" maxlength="16"' . XHTML . '></td>' . LB . '</tr>' . LB . '<tr>' . LB . '<td class="alignright"><b><label for="passwd">' . $LANG20[5] . '</label></b></td>' . LB . '<td><input type="password" name="passwd" id="passwd" size="16"' . XHTML . '></td>' . '</tr>' . LB . '<tr>' . LB . '<td colspan="2" align="center" class="warning">' . $LANG20[6] . '<input type="hidden" name="warn" value="1"' . XHTML . '>' . '<br' . XHTML . '><input type="submit" name="mode" value="' . $LANG20[7] . '"' . XHTML . '></td>' . LB . '</tr>' . LB . '</table></form>';
}
$display .= COM_endBlock();
$display = COM_createHTMLDocument($display);
COM_output($display);
exit;
}
function getAdminMenu()
{
global $_SP_CONF, $_USER, $_TABLES, $LANG01, $LANG_MB01, $LANG_LOGO, $LANG_AM, $LANG_SOCIAL, $LANG29, $_CONF, $_DB_dbms, $_GROUPS, $config;
$item_array = array();
if (!COM_isAnonUser()) {
$plugin_options = PLG_getAdminOptions();
$num_plugins = count($plugin_options);
if (SEC_isModerator() or SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit,social.admin', 'OR') or $num_plugins > 0) {
// what's our current URL?
$elementUrl = COM_getCurrentURL();
$topicsql = '';
if (SEC_isModerator() || SEC_hasRights('story.edit')) {
$tresult = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL());
$trows = DB_numRows($tresult);
if ($trows > 0) {
$tids = array();
for ($i = 0; $i < $trows; $i++) {
$T = DB_fetchArray($tresult);
$tids[] = $T['tid'];
}
if (sizeof($tids) > 0) {
$topicsql = " (tid IN ('" . implode("','", $tids) . "'))";
}
}
}
$modnum = 0;
if (SEC_hasRights('story.edit,story.moderate', 'OR') || $_CONF['usersubmission'] == 1 && SEC_hasRights('user.edit,user.delete')) {
if (SEC_hasRights('story.moderate')) {
if (empty($topicsql)) {
$modnum += DB_count($_TABLES['storysubmission']);
} else {
$sresult = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['storysubmission']} WHERE" . $topicsql);
$S = DB_fetchArray($sresult);
$modnum += $S['count'];
}
}
if ($_CONF['listdraftstories'] == 1 && SEC_hasRights('story.edit')) {
$sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (draft_flag = 1)";
if (!empty($topicsql)) {
$sql .= ' AND' . $topicsql;
}
$result = DB_query($sql . COM_getPermSQL('AND', 0, 3));
$A = DB_fetchArray($result);
$modnum += $A['count'];
}
if ($_CONF['usersubmission'] == 1) {
if (SEC_hasRights('user.edit') && SEC_hasRights('user.delete')) {
$modnum += DB_count($_TABLES['users'], 'status', '2');
}
}
}
// now handle submissions for plugins
$modnum += PLG_getSubmissionCount();
if (SEC_hasRights('story.edit')) {
$url = $_CONF['site_admin_url'] . '/story.php';
$label = $LANG01[11];
if (empty($topicsql)) {
$numstories = DB_count($_TABLES['stories']);
} else {
$nresult = DB_query("SELECT COUNT(*) AS count from {$_TABLES['stories']} WHERE" . $topicsql . COM_getPermSql('AND'));
$N = DB_fetchArray($nresult);
$numstories = $N['count'];
}
$label .= ' (' . COM_numberFormat($numstories) . ')';
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_hasRights('block.edit')) {
$result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['blocks']}" . COM_getPermSql());
list($count) = DB_fetchArray($result);
$url = $_CONF['site_admin_url'] . '/block.php';
$label = $LANG01[12] . ' (' . COM_numberFormat($count) . ')';
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_hasRights('autotag.admin')) {
$url = $_CONF['site_admin_url'] . '/autotag.php';
$label = $LANG_AM['title'];
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_inGroup('Root')) {
$url = $_CONF['site_admin_url'] . '/clearctl.php';
$label = $LANG01['ctl'];
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_inGroup('Root')) {
$url = $_CONF['site_admin_url'] . '/menu.php';
$label = $LANG_MB01['menu_builder'];
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_inGroup('Root')) {
$url = $_CONF['site_admin_url'] . '/logo.php';
$label = $LANG_LOGO['logo_admin'];
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_hasRights('topic.edit')) {
$result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['topics']}" . COM_getPermSql());
list($count) = DB_fetchArray($result);
$url = $_CONF['site_admin_url'] . '/topic.php';
$label = $LANG01[13] . ' (' . COM_numberFormat($count) . ')';
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_hasRights('user.edit')) {
$url = $_CONF['site_admin_url'] . '/user.php';
$label = $LANG01[17] . ' (' . COM_numberFormat(DB_count($_TABLES['users']) - 1) . ')';
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_hasRights('group.edit')) {
if (SEC_inGroup('Root')) {
$grpFilter = '';
} else {
$elementUsersGroups = SEC_getUserGroups();
$grpFilter = 'WHERE (grp_id IN (' . implode(',', $elementUsersGroups) . '))';
}
$result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['groups']} {$grpFilter};");
$A = DB_fetchArray($result);
$url = $_CONF['site_admin_url'] . '/group.php';
$label = $LANG01[96] . ' (' . COM_numberFormat($A['count']) . ')';
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_hasRights('social.admin')) {
$url = $_CONF['site_admin_url'] . '/social.php';
$label = $LANG_SOCIAL['label'];
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_inGroup('Root')) {
$url = $_CONF['site_admin_url'] . '/envcheck.php';
$label = $LANG01['env_check'];
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_hasRights('user.mail')) {
$url = $_CONF['site_admin_url'] . '/mail.php';
$label = $LANG01[105] . ' (N/A)';
$item_array[] = array('label' => $label, 'url' => $url);
}
if ($_CONF['backend'] == 1 && SEC_hasRights('syndication.edit')) {
$url = $_CONF['site_admin_url'] . '/syndication.php';
$label = $LANG01[38] . ' (' . COM_numberFormat(DB_count($_TABLES['syndication'])) . ')';
$item_array[] = array('label' => $label, 'url' => $url);
}
if (($_CONF['trackback_enabled'] || $_CONF['pingback_enabled'] || $_CONF['ping_enabled']) && SEC_hasRights('story.ping')) {
$url = $_CONF['site_admin_url'] . '/trackback.php';
$label = $LANG01[116] . ' (' . COM_numberFormat(DB_count($_TABLES['pingservice'])) . ')';
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_hasRights('plugin.edit')) {
$url = $_CONF['site_admin_url'] . '/plugins.php';
$label = $LANG01[77] . ' (' . COM_numberFormat(DB_count($_TABLES['plugins'])) . ')';
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_inGroup('Root')) {
$url = $_CONF['site_admin_url'] . '/configuration.php';
$label = $LANG01[129] . ' (' . COM_numberFormat(count($config->_get_groups())) . ')';
$item_array[] = array('label' => $label, 'url' => $url);
}
// This will show the admin options for all installed plugins (if any)
for ($i = 0; $i < $num_plugins; $i++) {
$plg = current($plugin_options);
$url = $plg->adminurl;
$label = $plg->adminlabel;
if (empty($plg->numsubmissions)) {
$label .= '';
} else {
$label .= ' (' . COM_numberFormat($plg->numsubmissions) . ')';
}
$item_array[] = array('label' => $label, 'url' => $url);
next($plugin_options);
}
if (SEC_inGroup('Root')) {
$url = $_CONF['site_admin_url'] . '/database.php';
$label = $LANG01[103] . '';
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_inGroup('Root')) {
$url = $_CONF['site_admin_url'] . '/logview.php';
$label = $LANG01['logview'] . '';
$item_array[] = array('label' => $label, 'url' => $url);
}
if ($_CONF['link_documentation'] == 1) {
$doclang = COM_getLanguageName();
if (@file_exists($_CONF['path_html'] . 'docs/' . $doclang . '/index.html')) {
$docUrl = $_CONF['site_url'] . '/docs/' . $doclang . '/index.html';
} else {
$docUrl = $_CONF['site_url'] . '/docs/english/index.html';
}
$url = $docUrl;
$label = $LANG01[113] . '';
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_inGroup('Root')) {
$url = $_CONF['site_admin_url'] . '/vercheck.php';
$label = $LANG01[107] . ' (' . GVERSION . PATCHLEVEL . ')';
$item_array[] = array('label' => $label, 'url' => $url);
}
if (SEC_isModerator()) {
$url = $_CONF['site_admin_url'] . '/moderation.php';
$label = $LANG01[10] . ' (' . COM_numberFormat($modnum) . ')';
$item_array[] = array('label' => $label, 'url' => $url);
}
if ($_CONF['sort_admin']) {
usort($item_array, '_mb_cmp');
}
$url = $_CONF['site_admin_url'] . '/index.php';
$label = $LANG29[34];
$cc_item = array('label' => $LANG29[34], 'url' => $url);
$item_array = array_merge(array($cc_item), $item_array);
}
}
return $item_array;
}
/**
* Merge User Accounts
*
* This validates the entered password and then merges a remote
* account with a local account.
*
* @return string HTML merge form if error, redirect on success
*
*/
function USER_mergeAccounts()
{
global $_CONF, $_SYSTEM, $_TABLES, $_USER, $LANG04, $LANG12, $LANG20;
$retval = '';
$remoteUID = COM_applyFilter($_POST['remoteuid'], true);
$localUID = COM_applyFilter($_POST['localuid'], true);
$localpwd = $_POST['localp'];
$localResult = DB_query("SELECT * FROM {$_TABLES['users']} WHERE uid=" . (int) $localUID);
$localRow = DB_fetchArray($localResult);
if (SEC_check_hash($localpwd, $localRow['passwd'])) {
// password is valid
$sql = "SELECT * FROM {$_TABLES['users']} WHERE remoteusername <> '' and email='" . DB_escapeString($localRow['email']) . "'";
$result = DB_query($sql);
$numRows = DB_numRows($result);
if ($numRows == 1) {
$remoteRow = DB_fetchArray($result);
if ($remoteUID == $remoteRow['uid']) {
$remoteUID = (int) $remoteRow['uid'];
$remoteService = substr($remoteRow['remoteservice'], 6);
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
$sql = "UPDATE {$_TABLES['users']} SET remoteusername='******'remoteusername']) . "'," . "remoteservice='" . DB_escapeString($remoteRow['remoteservice']) . "', " . "account_type=3 " . " WHERE uid=" . (int) $localUID;
DB_query($sql);
$_USER['uid'] = $localRow['uid'];
$local_login = true;
SESS_completeLogin($localUID);
$_GROUPS = SEC_getUserGroups($_USER['uid']);
$_RIGHTS = explode(',', SEC_getUserPermissions());
if ($_SYSTEM['admin_session'] > 0 && $local_login) {
if (SEC_isModerator() || SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') || count(PLG_getAdminOptions()) > 0) {
$admin_token = SEC_createTokenGeneral('administration', $_SYSTEM['admin_session']);
SEC_setCookie('token', $admin_token, 0, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
}
}
COM_resetSpeedlimit('login');
// log the user out
SESS_endUserSession($remoteUID);
// Let plugins know a user is being merged
PLG_moveUser($remoteUID, $_USER['uid']);
// Ok, now delete everything related to this user
// let plugins update their data for this user
PLG_deleteUser($remoteUID);
if (function_exists('CUSTOM_userDeleteHook')) {
CUSTOM_userDeleteHook($remoteUID);
}
// Call custom account profile delete function if enabled and exists
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userDelete')) {
CUSTOM_userDelete($remoteUID);
}
// remove from all security groups
DB_delete($_TABLES['group_assignments'], 'ug_uid', $remoteUID);
// remove user information and preferences
DB_delete($_TABLES['userprefs'], 'uid', $remoteUID);
DB_delete($_TABLES['userindex'], 'uid', $remoteUID);
DB_delete($_TABLES['usercomment'], 'uid', $remoteUID);
DB_delete($_TABLES['userinfo'], 'uid', $remoteUID);
// delete user photo, if enabled & exists
if ($_CONF['allow_user_photo'] == 1) {
$photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$remoteUID}");
USER_deletePhoto($photo, false);
}
// delete subscriptions
DB_delete($_TABLES['subscriptions'], 'uid', $remoteUID);
// in case the user owned any objects that require Admin access, assign
// them to the Root user with the lowest uid
$rootgroup = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'");
$result = DB_query("SELECT DISTINCT ug_uid FROM {$_TABLES['group_assignments']} WHERE ug_main_grp_id = '{$rootgroup}' ORDER BY ug_uid LIMIT 1");
$A = DB_fetchArray($result);
$rootuser = $A['ug_uid'];
if ($rootuser == '' || $rootuser < 2) {
$rootuser = 2;
}
DB_query("UPDATE {$_TABLES['blocks']} SET owner_id = {$rootuser} WHERE owner_id = {$remoteUID}");
DB_query("UPDATE {$_TABLES['topics']} SET owner_id = {$rootuser} WHERE owner_id = {$remoteUID}");
// now delete the user itself
DB_delete($_TABLES['users'], 'uid', $remoteUID);
} else {
// invalid password - let's try one more time
// need to set speed limit and give them 3 tries
COM_clearSpeedlimit($_CONF['login_speedlimit'], 'merge');
$last = COM_checkSpeedlimit('merge', 4);
if ($last > 0) {
COM_setMsg($LANG04[190], 'error');
echo COM_refresh($_CONF['site_url'] . '/users.php');
} else {
COM_updateSpeedlimit('merge');
USER_mergeAccountScreen($remoteUID, $localUID, $LANG20[3]);
}
return $retval;
}
// can't use COM_setMsg here since the session is being destroyed.
echo COM_refresh($_CONF['site_url'] . '/index.php?msg=522');
}
