function selectHTML_forum($selected = '')
{
global $_CONF, $_TABLES;
$selectHTML = '';
$asql = DB_query("SELECT * FROM {$_TABLES['forum_categories']} ORDER BY cat_order ASC");
while ($A = DB_fetchArray($asql)) {
$firstforum = true;
$bsql = DB_query("SELECT * FROM {$_TABLES['forum_forums']} WHERE forum_cat='{$A['id']}' ORDER BY forum_order ASC");
while ($B = DB_fetchArray($bsql)) {
$groupname = DB_getItem($_TABLES['groups'], 'grp_name', "grp_id='{$B['grp_id']}'");
if (SEC_inGroup($groupname)) {
if ($firstforum) {
$selectHTML .= '<option value="-1">-------------------</option>';
$selectHTML .= '<option value="-1">' . $A['cat_name'] . '</option>';
}
$firstforum = false;
if ($B['forum_id'] == $selected) {
$selectHTML .= LB . '<option value="' . $B['forum_id'] . '" selected="selected"> » ' . $B['forum_name'] . '</option>';
} else {
$selectHTML .= LB . '<option value="' . $B['forum_id'] . '"> » ' . $B['forum_name'] . '</option>';
}
}
}
}
return $selectHTML;
}
/**
* Check if user is authorized
*
* @return boolean true if access granted, false if no access
*/
function auth()
{
// You can insert your own code over here to check if the user is authorized.
// If you use a session variable, you've got to start the session first (session_start())
global $_CONF;
return SEC_inGroup('Root') || !$_CONF['filemanager_disabled'] && (SEC_inGroup('Filemanager Admin') || SEC_hasRights('filemanager.admin'));
}
function listDownloads()
{
global $_CONF, $_TABLES, $LANG_ADMIN, $LANG_DLM;
require_once $_CONF['path_system'] . 'lib-admin.php';
$retval = '';
$is_root_user = SEC_inGroup('Root');
$admin_url = $_CONF['site_admin_url'] . '/plugins/downloads/index.php';
$field_category = $LANG_DLM['category'];
if (isset($_CONF['languages'])) {
$field_category .= ' (' . $LANG_DLM['language'] . ')';
}
$header_arr = array(array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false), array('text' => $LANG_ADMIN['title'], 'field' => 'title', 'sort' => true), array('text' => $field_category, 'field' => 'cid', 'sort' => true), array('text' => $LANG_DLM['ver'], 'field' => 'version', 'sort' => true), array('text' => $LANG_DLM['size'], 'field' => 'size', 'sort' => true), array('text' => $LANG_DLM['submitdate'], 'field' => 'date', 'sort' => true));
$defsort_arr = array('field' => 'date', 'direction' => 'desc');
$menu_arr = array();
if ($is_root_user) {
$menu_arr[] = array('url' => $admin_url . '?op=listCategories', 'text' => $LANG_DLM['nav_categories']);
$menu_arr[] = array('url' => $admin_url . '?op=newCategory', 'text' => $LANG_DLM['nav_addcategory']);
}
$sql = "SELECT COUNT(*) FROM {$_TABLES['downloadcategories']} WHERE cid != ''";
list($count) = DB_fetchArray(DB_query($sql));
if ($count > 0) {
$menu_arr[] = array('url' => $admin_url . '?op=uploadFile', 'text' => $LANG_DLM['nav_addfile']);
}
$menu_arr[] = array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']);
$retval .= COM_startBlock($LANG_DLM['manager'], '', COM_getBlockTemplate('_admin_block', 'header'));
$retval .= ADMIN_createMenu($menu_arr, $is_root_user ? $LANG_DLM['instructions'] : $LANG_DLM['instructions2'], plugin_geticon_downloads());
$text_arr = array('has_extras' => true, 'form_url' => $admin_url);
$sql = "SELECT lid, url, a.title, a.cid, date, version, size, " . "b.owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon " . "FROM {$_TABLES['downloads']} a " . "LEFT JOIN {$_TABLES['downloadcategories']} b ON a.cid=b.cid " . "WHERE lid != '' " . COM_getPermSQL('AND', 0, 2, 'b');
$query_arr = array('table' => 'downloads', 'sql' => $sql, 'query_fields' => array('title'), 'default_filter' => '');
$retval .= ADMIN_list('downloads', 'downloads_getListField_Files', $header_arr, $text_arr, $query_arr, $defsort_arr);
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
function MG_selectUsers($page)
{
global $glversion, $_CONF, $_MG_CONF, $_TABLES, $_USER, $LANG_MG00, $LANG_MG01;
$retval = '';
$T = new Template($_MG_CONF['template_path']);
$T->set_file('admin', 'createmembers.thtml');
$T->set_var(array('site_admin_url' => $_CONF['site_admin_url'], 'site_url' => $_CONF['site_url'], 'xhtml' => XHTML));
$T->set_block('admin', 'UserRow', 'uRow');
$start = $page * 50;
$end = 50;
$sql = "SELECT COUNT(gl.uid) AS count " . "FROM {$_TABLES['users']} AS gl " . "LEFT JOIN {$_TABLES['mg_userprefs']} AS mg ON gl.uid=mg.uid " . "WHERE gl.status = 3 AND gl.uid > 2 AND (mg.member_gallery IS NULL OR mg.member_gallery < 1)";
$result = DB_query($sql);
list($total_records) = DB_fetchArray($result);
$sql = "SELECT gl.uid, gl.status, gl.username, gl.fullname, mg.member_gallery " . "FROM {$_TABLES['users']} AS gl " . "LEFT JOIN {$_TABLES['mg_userprefs']} AS mg ON gl.uid=mg.uid " . "WHERE gl.status = 3 AND gl.uid > 2 AND (mg.member_gallery IS NULL OR mg.member_gallery < 1) " . "ORDER BY gl.username ASC LIMIT {$start},{$end}";
$result = DB_query($sql);
while ($row = DB_fetchArray($result)) {
if ($glversion[1] < 4) {
$row['status'] = 3;
}
$uid = $row['uid'];
$remote = SEC_inGroup("Remote Users", $uid) ? '(r)' : '';
$username = $row['username'];
$member_gallery = $row['member_gallery'];
$T->set_var(array('uid' => $uid, 'username' => $username . ' ' . $remote . ' - ' . $row['fullname'], 'select' => '<input type="checkbox" name="user[]" value="' . $uid . '"' . XHTML . '>'));
$T->parse('uRow', 'UserRow', true);
}
$T->set_var(array('lang_userid' => $LANG_MG01['userid'], 'lang_username' => $LANG_MG01['username'], 'lang_select' => $LANG_MG01['select'], 'lang_checkall' => $LANG_MG01['check_all'], 'lang_uncheckall' => $LANG_MG01['uncheck_all'], 'lang_save' => $LANG_MG01['save'], 'lang_cancel' => $LANG_MG01['cancel'], 'lang_reset' => $LANG_MG01['reset'], 's_form_action' => $_MG_CONF['admin_url'] . 'createmembers.php', 'pagenav' => COM_printPageNavigation($_MG_CONF['admin_url'] . 'createmembers.php', $page + 1, ceil($total_records / 50))));
$retval .= $T->finish($T->parse('output', 'admin'));
return $retval;
}
/**
* Display a reminder to execute the security check script
*
* @return string HTML for security reminder (or empty string)
*/
function security_check_reminder()
{
global $_CONF, $_TABLES, $_IMAGE_TYPE, $MESSAGE;
$retval = '';
if (!SEC_inGroup('Root')) {
return $retval;
}
$done = DB_getItem($_TABLES['vars'], 'value', "name = 'security_check'");
if ($done != 1) {
$retval .= COM_showMessage(92);
}
return $retval;
}
function taskconsoleShowNavbar($selected = 'My Tasks')
{
global $_USER, $_CONF, $optLinkVars, $usermodeUID;
$retval = '<div id="navbar1" style="display:;">';
$navbar = new navbar();
if ($_USER['uid'] > 1) {
$navbar->add_menuitem('My Tasks', $_CONF['site_url'] . '/nexflow/index.php?op=mytasks' . $optLinkVars);
$navbar->add_menuitem('My Flows', $_CONF['site_url'] . '/nexflow/index.php?op=myprojects' . $optLinkVars);
}
$navbar->add_menuitem('All Flows', $_CONF['site_url'] . '/nexflow/index.php?op=allprojects' . $optLinkVars);
if (SEC_inGroup('nexflow Admin')) {
$navbar->add_menuitem('Outstanding Tasks', $_CONF['site_admin_url'] . '/plugins/nexflow/outstanding.php?taskuser='******'uid'] > 1) {
$navbar->add_menuitem('Start New Process', $_CONF['site_url'] . '/nexflow/newprocess.php?taskuser='******'</div>';
return $retval;
}
public function renderMenu()
{
global $_TABLES, $_CONF;
$menuItems = false;
$query = DB_query("SELECT grp_access FROM {$_TABLES['nexmenu']} WHERE pid=0 AND is_enabled=1 AND location='{$this->_type}'");
while (list($grp_id) = DB_fetchArray($query)) {
$grp_name = DB_getItem($_TABLES['groups'], "grp_name", "grp_id='{$grp_id}'");
if (SEC_inGroup($grp_name)) {
// There is atleast 1 item - set true and break out of loop
$menuItems = true;
break;
}
}
if ($menuItems) {
if ($this->_type == 'header') {
return $this->_renderHeaderMenu();
} elseif ($this->_type == 'block') {
return $this->_renderBlockMenu();
}
} else {
return '';
}
}
function upload_file()
{
global $CONF_FE, $_TABLES, $GLOBALS, $_CONF;
//upload the file
$field_name = COM_applyFilter($_POST['current_upload_file']);
$result_id = COM_applyFilter($_POST['res_id'], true);
$form_id = COM_applyFilter($_POST['form_id'], true);
$uploadfile = $_FILES[$field_name];
$fieldID = COM_applyFilter($_REQUEST['field_id'], true);
if ($result_id == 0) {
//form has not been saved yet
$result_id = nexform_dbsave($form_id, 0, false);
}
if (($rec = nexform_check4files($result_id, $field_name)) != 0) {
$retval = '';
$retval .= " <a href=\"{$CONF_FE['public_url']}/download.php?id={$rec}\" target=\"_new\">";
$retval .= "<img src=\"{$CONF_FE['image_url']}/document_sm.gif\" border=\"0\">{$uploadfile['name'][0]}</a> ";
$edit_group = DB_getItem($_TABLES['nxform_definitions'], 'perms_edit', "id='{$form_id}'");
if (SEC_inGroup($edit_group)) {
$retval .= "<a href=\"#\" onClick='ajaxDeleteFile({$fieldID},{$rec},\"{$field_name}\"); return false;'>";
$retval .= "<img src=\"{$CONF_FE['image_url']}/delete.gif\" border=\"0\"></a> ";
}
$iserror = 'false';
} else {
//COM_fileLog("upload error:" . $GLOBALS['fe_errmsg']);
$errmsg = $GLOBALS['fe_errmsg'];
$err_fieldname = 'error_' . ppRandomFilename();
$retval = '';
if ($errmsg == '') {
$errmsg = 'Your file could not be uploaded.';
}
$retval .= "<table id=\"tbl_{$err_fieldname}\"><tr id=\"{$err_fieldname}\"><td><img src=\"{$_CONF['layout_url']}/nexform/images/error.gif\"></td><td>{$errmsg}<br><center><font size=\"1\"><a href=\"#\" onClick=\"ajaxClearErrorMessage('{$err_fieldname}'); return false;\">[ Clear Message ]</a></font></center></td></tr></table>";
$iserror = 'true';
}
return array($retval, $fieldID, $field_name, $form_id, $result_id, $iserror);
}
function MB_saveNewMenuElement()
{
global $_CONF, $_TABLES, $_GROUPS, $MenuElementAllowedHTML;
$filter = sanitizer::getInstance();
$allowedElements = $filter->makeAllowedElements($MenuElementAllowedHTML);
$filter->setAllowedElements($allowedElements);
$filter->setPostmode('html');
// build post vars
$E['menu_id'] = COM_applyFilter($_POST['menu'], true);
$E['pid'] = COM_applyFilter($_POST['pid'], true);
$E['element_label'] = $filter->filterHTML($_POST['menulabel']);
$E['element_type'] = COM_applyFilter($_POST['menutype'], true);
$E['element_target'] = isset($_POST['urltarget']) ? COM_applyFilter($_POST['urltarget']) : '';
$afterElementID = COM_applyFilter($_POST['menuorder'], true);
$E['element_active'] = COM_applyFilter($_POST['menuactive'], true);
$E['element_url'] = isset($_POST['menuurl']) ? trim(COM_applyFilter($_POST['menuurl'])) : '';
$E['group_id'] = COM_applyFilter($_POST['group'], true);
$menu = menu::getInstance($E['menu_id']);
switch ($E['element_type']) {
case 2:
$E['element_subtype'] = DB_escapeString(COM_applyFilter($_POST['glfunction']));
break;
case 3:
$E['element_subtype'] = COM_applyFilter($_POST['gltype'], true);
break;
case 4:
$E['element_subtype'] = DB_escapeString(COM_applyFilter($_POST['pluginname']));
break;
case 5:
$E['element_subtype'] = DB_escapeString(COM_applyFilter($_POST['spname']));
break;
case 6:
$E['element_subtype'] = DB_escapeString(COM_applyFilter($_POST['menuurl']));
/*
* check URL if it needs http:// appended...
*/
if (trim($E['element_subtype']) != '') {
if (strpos($E['element_subtype'], "http") !== 0 && strpos($E['element_subtype'], "%site") === false && rtrim($E['element_subtype']) != '') {
$E['element_subtype'] = 'http://' . $E['element_subtype'];
}
}
break;
case 7:
$E['element_subtype'] = DB_escapeString(COM_applyFilter($_POST['phpfunction']));
break;
case 9:
$E['element_subtype'] = DB_escapeString(COM_applyFilter($_POST['topicname']));
break;
default:
$E['element_subtype'] = '';
break;
}
// check if URL needs the http:// added
if (trim($E['element_url']) != '') {
if (strpos($E['element_url'], "http") !== 0 && strpos($E['element_url'], "%site") === false && $E['element_url'][0] != '#' && rtrim($E['element_url']) != '') {
$E['element_url'] = 'http://' . $E['element_url'];
}
}
/*
* Pull some constants..
*/
$meadmin = SEC_hasRights('menu.admin');
$root = SEC_inGroup('Root');
$groups = $_GROUPS;
/* set element order */
if ($afterElementID == 0) {
$aorder = 0;
} else {
$aorder = DB_getItem($_TABLES['menu_elements'], 'element_order', 'id=' . $afterElementID);
}
$E['element_order'] = $aorder + 1;
/*
* build our class
*/
$element = new menuElement();
$element->constructor($E, $meadmin, $root, $groups, 1);
$element->id = $element->createElementID($E['menu_id']);
$element->saveElement();
$pid = $E['pid'];
$menu_id = $E['menu_id'];
$menu->reorderMenu($pid);
CACHE_remove_instance('menu');
}
/**
* Saves user to the database
*
* @param int $uid user id
* @param string $usernmae (short) username
* @param string $fullname user's full name
* @param string $email user's email address
* @param string $regdate date the user registered with the site
* @param string $homepage user's homepage URL
* @param array $groups groups the user belongs to
* @param string $delete_photo delete user's photo if == 'on'
* @return string HTML redirect or error message
*
*/
function saveusers($uid, $username, $fullname, $passwd, $passwd_conf, $email, $regdate, $homepage, $groups, $delete_photo = '', $userstatus = 3, $oldstatus = 3)
{
global $_CONF, $_TABLES, $_USER, $LANG28, $_USER_VERBOSE;
$retval = '';
$userChanged = false;
if ($_USER_VERBOSE) {
COM_errorLog("**** entering saveusers****", 1);
COM_errorLog("group size at beginning = " . count($groups), 1);
}
$service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$uid}");
// If remote service then assume blank password
if (!empty($service)) {
$passwd = '';
$passwd_conf = '';
}
$passwd_changed = true;
if (empty($service) && SEC_encryptUserPassword($passwd, $uid) === 0 && $passwd_conf === '') {
$passwd_changed = false;
}
if ($passwd_changed && $passwd != $passwd_conf) {
// passwords don't match
return edituser($uid, 67);
}
$nameAndEmailOkay = true;
if (empty($username)) {
$nameAndEmailOkay = false;
} elseif (empty($email)) {
if (empty($uid)) {
$nameAndEmailOkay = false;
// new users need an email address
} else {
if (empty($service)) {
$nameAndEmailOkay = false;
// not a remote user - needs email
}
}
}
if ($nameAndEmailOkay) {
if (!empty($email) && !COM_isEmail($email)) {
return edituser($uid, 52);
}
$uname = DB_escapeString($username);
if (empty($uid)) {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******'");
} else {
if (!empty($service)) {
$uservice = DB_escapeString($service);
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND remoteservice = '{$uservice}'");
} else {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND (remoteservice = '' OR remoteservice IS NULL)");
}
}
if ($ucount > 0) {
// Admin just changed a user's username to one that already exists
return edituser($uid, 51);
}
$emailaddr = DB_escapeString($email);
$exclude_remote = " AND (remoteservice IS NULL OR remoteservice = '')";
if (empty($uid)) {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}'" . $exclude_remote);
} else {
$old_email = DB_getItem($_TABLES['users'], 'email', "uid = '{$uid}'");
if ($old_email == $email) {
// email address didn't change so don't care
$ucount = 0;
} else {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}' AND uid <> {$uid}" . $exclude_remote);
}
}
if ($ucount > 0) {
// Admin just changed a user's email to one that already exists
return edituser($uid, 56);
}
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($username, $email);
if (!empty($ret)) {
// need a numeric return value - otherwise use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return edituser($uid, $ret['number']);
}
}
if (empty($uid)) {
if (empty($passwd)) {
// no password? create one ...
$passwd = SEC_generateRandomPassword();
}
$uid = USER_createAccount($username, $email, $passwd, $fullname, $homepage);
if ($uid > 1) {
DB_query("UPDATE {$_TABLES['users']} SET status = {$userstatus} WHERE uid = {$uid}");
}
} else {
$fullname = DB_escapeString($fullname);
$homepage = DB_escapeString($homepage);
$curphoto = DB_getItem($_TABLES['users'], 'photo', "uid = {$uid}");
if (!empty($curphoto) && $delete_photo == 'on') {
USER_deletePhoto($curphoto);
$curphoto = '';
}
if ($_CONF['allow_user_photo'] == 1 && !empty($curphoto)) {
$curusername = DB_getItem($_TABLES['users'], 'username', "uid = {$uid}");
if ($curusername != $username) {
// user has been renamed - rename the photo, too
$newphoto = preg_replace('/' . $curusername . '/', $username, $curphoto, 1);
$imgpath = $_CONF['path_images'] . 'userphotos/';
if (@rename($imgpath . $curphoto, $imgpath . $newphoto) === false) {
$retval .= COM_errorLog('Could not rename userphoto "' . $curphoto . '" to "' . $newphoto . '".');
return $retval;
}
$curphoto = $newphoto;
}
}
$curphoto = DB_escapeString($curphoto);
DB_query("UPDATE {$_TABLES['users']} SET username = '******', fullname = '{$fullname}', email = '{$email}', homepage = '{$homepage}', photo = '{$curphoto}', status='{$userstatus}' WHERE uid = {$uid}");
if ($passwd_changed && !empty($passwd)) {
SEC_updateUserPassword($passwd, $uid);
}
if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
CUSTOM_userSave($uid);
}
if ($_CONF['usersubmission'] == 1 && $oldstatus == USER_ACCOUNT_AWAITING_APPROVAL && $userstatus == USER_ACCOUNT_ACTIVE) {
USER_createAndSendPassword($username, $email, $uid);
}
if ($userstatus == USER_ACCOUNT_DISABLED) {
SESS_endUserSession($uid);
}
$userChanged = true;
}
// check that the user is allowed to change group assignments
if (is_array($groups) && SEC_hasRights('group.assign')) {
if (!SEC_inGroup('Root')) {
$rootgrp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'");
if (in_array($rootgrp, $groups)) {
COM_accessLog("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user {$username}.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
exit;
}
}
// make sure the Remote Users group is in $groups
if (SEC_inGroup('Remote Users', $uid)) {
$remUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'");
if (!in_array($remUsers, $groups)) {
$groups[] = $remUsers;
}
}
if ($_USER_VERBOSE) {
COM_errorLog("deleting all group_assignments for user {$uid}/{$username}", 1);
}
// remove user from all groups that the User Admin is a member of
$UserAdminGroups = SEC_getUserGroups();
$whereGroup = 'ug_main_grp_id IN (' . implode(',', $UserAdminGroups) . ')';
DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = {$uid}) AND " . $whereGroup);
// make sure to add user to All Users and Logged-in Users groups
$allUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'All Users'");
if (!in_array($allUsers, $groups)) {
$groups[] = $allUsers;
}
$logUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Logged-in Users'");
if (!in_array($logUsers, $groups)) {
$groups[] = $logUsers;
}
foreach ($groups as $userGroup) {
if (in_array($userGroup, $UserAdminGroups)) {
if ($_USER_VERBOSE) {
COM_errorLog("adding group_assignment " . $userGroup . " for {$username}", 1);
}
$sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$userGroup}, {$uid})";
DB_query($sql);
}
}
}
if ($userChanged) {
PLG_userInfoChanged($uid);
}
$errors = DB_error();
if (empty($errors)) {
echo PLG_afterSaveSwitch($_CONF['aftersave_user'], "{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}", 'user', 21);
} else {
$retval .= COM_errorLog('Error in saveusers in ' . $_CONF['site_admin_url'] . '/user.php');
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[22]));
echo $retval;
exit;
}
} else {
$retval .= COM_showMessageText($LANG28[10]);
if (!empty($uid) && $uid > 1 && DB_count($_TABLES['users'], 'uid', $uid) > 0) {
$retval .= edituser($uid);
} else {
$retval .= edituser();
}
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[1]));
COM_output($retval);
exit;
}
if ($_USER_VERBOSE) {
COM_errorLog("***************leaving saveusers*****************", 1);
}
return $retval;
}
function MG_mediaEdit($album_id, $media_id, $actionURL = '', $mqueue = 0, $view = 0, $back = '')
{
global $_USER, $_CONF, $_MG_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03, $LANG_MG07, $_DB_dbms;
$album = new mgAlbum($album_id);
if ($actionURL == '') {
$actionURL = $_MG_CONF['site_url'] . '/index.php';
}
$retval = '';
$T = COM_newTemplate(MG_getTemplatePath($album_id));
$T->set_file(array('admin' => 'mediaedit.thtml', 'asf_options' => 'edit_asf_options.thtml', 'mp3_options' => 'edit_mp3_options.thtml', 'swf_options' => 'edit_swf_options.thtml', 'mov_options' => 'edit_mov_options.thtml', 'flv_options' => 'edit_flv_options.thtml'));
// pull the media information from the database...
$sql = "SELECT * FROM ";
if ($_DB_dbms == "mssql") {
$sql = "SELECT *,CAST(media_desc AS TEXT) AS media_desc FROM ";
}
$sql .= ($mqueue ? $_TABLES['mg_mediaqueue'] : $_TABLES['mg_media']) . " WHERE media_id='" . addslashes($media_id) . "'";
$result = DB_query($sql);
$row = DB_fetchArray($result);
if ($album->access != 3 && !SEC_inGroup($album->mod_group_id) && $row['media_user_id'] != $_USER['uid']) {
COM_errorLog("Someone has tried to illegally sort albums in Media Gallery. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
return COM_showMessageText($LANG_MG00['access_denied_msg']);
}
// Build Album List
$album_jumpbox = '<select name="albums" width="40">';
$root_album = new mgAlbum(0);
$root_album->buildJumpBox($album_jumpbox, $album_id);
$album_jumpbox .= '</select>';
// should check the above for errors, etc...
$exif_info = '';
if ($row['media_type'] == 0) {
if (!function_exists('MG_readEXIF')) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-exif.php';
}
$exif_info = MG_readEXIF($row['media_id'], 1, $mqueue);
if (empty($exif_info)) {
$exif_info = '';
}
}
$media_time_month = date("m", $row['media_time']);
$media_time_day = date("d", $row['media_time']);
$media_time_year = date("Y", $row['media_time']);
$media_time_hour = date("H", $row['media_time']);
$media_time_minute = date("i", $row['media_time']);
$month_select = '<select name="media_month">';
$month_select .= COM_getMonthFormOptions($media_time_month);
$month_select .= '</select>';
$day_select = '<select name="media_day">';
for ($i = 1; $i < 32; $i++) {
$day_select .= '<option value="' . $i . '"' . ($media_time_day == $i ? 'selected="selected"' : "") . '>' . $i . '</option>';
}
$day_select .= '</select>';
$current_year = (int) date("Y");
$end_year = $current_year + 10;
$year_select = '<select name="media_year">';
for ($i = 1998; $i < $end_year; $i++) {
$year_select .= '<option value="' . $i . '"' . ($media_time_year == $i ? 'selected="selected"' : "") . '>' . $i . '</option>';
}
$year_select .= '</select>';
$hour_select = '<select name="media_hour">';
for ($i = 0; $i < 24; $i++) {
$hour_select .= '<option value="' . $i . '"' . ($media_time_hour == $i ? 'selected="selected"' : "") . '>' . $i . '</option>';
}
$hour_select .= '</select>';
$minute_select = '<select name="media_minute">';
for ($i = 0; $i < 60; $i++) {
$minute_select .= '<option value="' . $i . '"' . ($media_time_minute == $i ? 'selected="selected"' : "") . '>' . ($i < 10 ? '0' : '') . $i . '</option>';
}
$minute_select .= '</select>';
$media_time = MG_getUserDateTimeFormat($row['media_time']);
$tn_size = 1;
list($thumbnail, $pThumbnail, $size) = Media::getThumbInfo($row, $tn_size);
$attached_thumbnail = '';
if ($row['media_tn_attached'] == 1) {
$atnsize = '';
if ($size != false) {
list($newwidth, $newheight) = Media::getImageWH($size[0], $size[1], 150, 150);
$atnsize = 'width="' . $newwidth . '" height="' . $newheight . '"';
}
$attached_thumbnail = '<img src="' . $thumbnail . '" alt="" ' . $atnsize . XHTML . '>';
$tmpthumb = Media::getDefaultThumbnail($row, $tn_size);
$thumbnail = $_MG_CONF['mediaobjects_url'] . '/' . $tmpthumb;
$size = getimagesize($_MG_CONF['path_mediaobjects'] . $tmpthumb);
}
$preview = '';
$preview_end = '';
if ($row['media_type'] == 0 || $row['media_type'] == 1 || $row['media_type'] == 2) {
// image, video and music file
if ($row['media_type'] == 2) {
$win_width = 540;
$win_height = 320;
} elseif ($row['media_type'] == 1) {
$win_width = 660;
$win_height = 525;
} elseif ($row['media_type'] == 0) {
$path = Media::getFilePath('disp', $row['media_filename'], $row['media_mime_ext']);
$media_size_disp = @getimagesize($path);
$win_width = $media_size_disp[0] + 20;
$win_height = $media_size_disp[1] + 20;
} else {
$win_width = 800;
$win_height = 600;
}
$url = Media::getHref_showvideo($row['media_id'], $win_height, $win_width, $mqueue);
$preview = "<a href=\"" . $url . "\">";
$preview_end = "</a>";
}
$rotate_right = '';
$rotate_left = '';
if ($row['media_type'] == 0 && ($_CONF['image_lib'] != 'gdlib' || function_exists("imagerotate"))) {
$rotate_right = '<a href="' . $_MG_CONF['site_url'] . '/admin.php?mode=rotate&action=right&media_id=' . $row['media_id'] . '&album_id=' . $album_id . '">' . '<img src="' . $_MG_CONF['site_url'] . '/images/rotate_right_icon.gif" alt="' . $LANG_MG01['rotate_left'] . '" style="border:none;"' . XHTML . '></a>';
$rotate_left = '<a href="' . $_MG_CONF['site_url'] . '/admin.php?mode=rotate&action=left&media_id=' . $row['media_id'] . '&album_id=' . $album_id . '">' . '<img src="' . $_MG_CONF['site_url'] . '/images/rotate_left_icon.gif" alt="' . $LANG_MG01['rotate_right'] . '" style="border:none;"' . XHTML . '></a>';
}
$resolution = '';
$lang_resolution = '';
if ($row['media_type'] == 1) {
// video file
$resolution = 'unknown';
if ($row['media_resolution_x'] > 0 && $row['media_resolution_y'] > 0) {
$resolution = $row['media_resolution_x'] . 'x' . $row['media_resolution_y'];
}
$lang_resolution = $LANG_MG07['resolution'];
}
$sql = "SELECT * FROM {$_TABLES['mg_playback_options']} " . "WHERE media_id='" . addslashes($row['media_id']) . "'";
$poResult = DB_query($sql);
$poNumRows = DB_numRows($poResult);
// playback options, if needed...
if ($row['mime_type'] == 'video/x-ms-asf' || $row['mime_type'] == 'video/x-ms-wvx' || $row['mime_type'] == 'video/x-ms-wm' || $row['mime_type'] == 'video/x-ms-wmx' || $row['mime_type'] == 'video/x-ms-wmv' || $row['mime_type'] == 'audio/x-ms-wma' || $row['mime_type'] == 'video/x-msvideo') {
// pull defaults, then override...
$playback_options['autostart'] = $_MG_CONF['asf_autostart'];
$playback_options['enablecontextmenu'] = $_MG_CONF['asf_enablecontextmenu'];
$playback_options['stretchtofit'] = $_MG_CONF['asf_stretchtofit'];
$playback_options['uimode'] = $_MG_CONF['asf_uimode'];
$playback_options['showstatusbar'] = $_MG_CONF['asf_showstatusbar'];
$playback_options['playcount'] = $_MG_CONF['asf_playcount'];
$playback_options['height'] = $_MG_CONF['asf_height'];
$playback_options['width'] = $_MG_CONF['asf_width'];
$playback_options['bgcolor'] = $_MG_CONF['asf_bgcolor'];
for ($i = 0; $i < $poNumRows; $i++) {
$poRow = DB_fetchArray($poResult);
$playback_options[$poRow['option_name']] = $poRow['option_value'];
}
$uimode_select = MG_optionlist(array('name' => 'uimode', 'current' => $playback_options['uimode'], 'values' => array('none' => $LANG_MG07['none'], 'mini' => $LANG_MG07['mini'], 'full' => $LANG_MG07['full'])));
$T->set_var(array('autostart_enabled' => $playback_options['autostart'] ? ' checked="checked"' : '', 'autostart_disabled' => $playback_options['autostart'] ? '' : ' checked="checked"', 'enablecontextmenu_enabled' => $playback_options['enablecontextmenu'] ? ' checked="checked"' : '', 'enablecontextmenu_disabled' => $playback_options['enablecontextmenu'] ? '' : ' checked="checked"', 'stretchtofit_enabled' => $playback_options['stretchtofit'] ? ' checked="checked"' : '', 'stretchtofit_disabled' => $playback_options['stretchtofit'] ? '' : ' checked="checked"', 'showstatusbar_enabled' => $playback_options['showstatusbar'] ? ' checked="checked"' : '', 'showstatusbar_disabled' => $playback_options['showstatusbar'] ? '' : ' checked="checked"', 'uimode_select' => $uimode_select, 'uimode' => $playback_options['uimode'], 'playcount' => $playback_options['playcount'], 'height' => $playback_options['height'], 'width' => $playback_options['width'], 'bgcolor' => $playback_options['bgcolor'], 'lang_resolution' => $lang_resolution, 'resolution' => $resolution));
$T->parse('playback_options', 'asf_options');
}
if ($row['mime_type'] == 'audio/mpeg') {
// pull defaults, then override...
$playback_options['autostart'] = $_MG_CONF['mp3_autostart'];
$playback_options['enablecontextmenu'] = $_MG_CONF['mp3_enablecontextmenu'];
$playback_options['uimode'] = $_MG_CONF['mp3_uimode'];
$playback_options['showstatusbar'] = $_MG_CONF['mp3_showstatusbar'];
$playback_options['loop'] = $_MG_CONF['mp3_loop'];
for ($i = 0; $i < $poNumRows; $i++) {
$poRow = DB_fetchArray($poResult);
$playback_options[$poRow['option_name']] = $poRow['option_value'];
}
$uimode_select = MG_optionlist(array('name' => 'uimode', 'current' => $playback_options['uimode'], 'values' => array('none' => $LANG_MG07['none'], 'mini' => $LANG_MG07['mini'], 'full' => $LANG_MG07['full'])));
$T->set_var(array('autostart_enabled' => $playback_options['autostart'] ? ' checked="checked"' : '', 'autostart_disabled' => $playback_options['autostart'] ? '' : ' checked="checked"', 'enablecontextmenu_enabled' => $playback_options['enablecontextmenu'] ? ' checked="checked"' : '', 'enablecontextmenu_disabled' => $playback_options['enablecontextmenu'] ? '' : ' checked="checked"', 'showstatusbar_enabled' => $playback_options['showstatusbar'] ? ' checked="checked"' : '', 'showstatusbar_disabled' => $playback_options['showstatusbar'] ? '' : ' checked="checked"', 'loop_enabled' => $playback_options['loop'] ? ' checked="checked"' : '', 'loop_disabled' => $playback_options['loop'] ? '' : ' checked="checked"', 'uimode_select' => $uimode_select, 'uimode' => $playback_options['uimode']));
$T->parse('playback_options', 'mp3_options');
}
if ($row['mime_type'] == 'application/x-shockwave-flash' || $row['mime_type'] == 'video/x-flv') {
// pull defaults, then override...
$playback_options['play'] = $_MG_CONF['swf_play'];
$playback_options['menu'] = $_MG_CONF['swf_menu'];
$playback_options['quality'] = $_MG_CONF['swf_quality'];
$playback_options['height'] = $_MG_CONF['swf_height'];
$playback_options['width'] = $_MG_CONF['swf_width'];
$playback_options['loop'] = $_MG_CONF['swf_loop'];
$playback_options['scale'] = $_MG_CONF['swf_scale'];
$playback_options['wmode'] = $_MG_CONF['swf_wmode'];
$playback_options['allowscriptaccess'] = $_MG_CONF['swf_allowscriptaccess'];
$playback_options['bgcolor'] = $_MG_CONF['swf_bgcolor'];
$playback_options['swf_version'] = $_MG_CONF['swf_version'];
for ($i = 0; $i < $poNumRows; $i++) {
$poRow = DB_fetchArray($poResult);
$playback_options[$poRow['option_name']] = $poRow['option_value'];
}
$quality_select = MG_optionlist(array('name' => 'quality', 'current' => $playback_options['quality'], 'values' => array('low' => $LANG_MG07['low'], 'high' => $LANG_MG07['high'])));
$scale_select = MG_optionlist(array('name' => 'scale', 'current' => $playback_options['scale'], 'values' => array('showall' => $LANG_MG07['showall'], 'noborder' => $LANG_MG07['noborder'], 'exactfit' => $LANG_MG07['exactfit'])));
$wmode_select = MG_optionlist(array('name' => 'wmode', 'current' => $playback_options['wmode'], 'values' => array('window' => $LANG_MG07['window'], 'opaque' => $LANG_MG07['opaque'], 'transparent' => $LANG_MG07['transparent'])));
$asa_select = MG_optionlist(array('name' => 'allowscriptaccess', 'current' => $playback_options['allowscriptaccess'], 'values' => array('always' => $LANG_MG07['always'], 'sameDomain' => $LANG_MG07['sameDomain'], 'never' => $LANG_MG07['never'])));
$T->set_var(array('play_enabled' => $playback_options['play'] ? ' checked="checked"' : '', 'play_disabled' => $playback_options['play'] ? '' : ' checked="checked"', 'menu_enabled' => $playback_options['menu'] ? ' checked="checked"' : '', 'menu_disabled' => $playback_options['menu'] ? '' : ' checked="checked"', 'loop_enabled' => $playback_options['loop'] ? ' checked="checked"' : '', 'loop_disabled' => $playback_options['loop'] ? '' : ' checked="checked"', 'quality_select' => $quality_select, 'scale_select' => $scale_select, 'wmode_select' => $wmode_select, 'asa_select' => $asa_select, 'flashvars' => isset($playback_options['flashvars']) ? $playback_options['flashvars'] : '', 'height' => $playback_options['height'], 'width' => $playback_options['width'], 'bgcolor' => $playback_options['bgcolor'], 'swf_version' => $playback_options['swf_version']));
if ($row['mime_type'] == 'application/x-shockwave-flash') {
$T->parse('playback_options', 'swf_options');
} else {
$T->parse('playback_options', 'flv_options');
}
}
if ($row['media_mime_ext'] == 'mov' || $row['media_mime_ext'] == 'mp4' || $row['mime_type'] == 'video/quicktime' || $row['mime_type'] == 'video/mpeg') {
// pull defaults, then override...
$playback_options['autoref'] = $_MG_CONF['mov_autoref'];
$playback_options['autoplay'] = $_MG_CONF['mov_autoplay'];
$playback_options['controller'] = $_MG_CONF['mov_controller'];
$playback_options['kioskmode'] = isset($_MG_CONF['mov_kioskmod']) ? $_MG_CONF['mov_kiokmode'] : '';
$playback_options['scale'] = $_MG_CONF['mov_scale'];
$playback_options['loop'] = $_MG_CONF['mov_loop'];
$playback_options['height'] = $_MG_CONF['mov_height'];
$playback_options['width'] = $_MG_CONF['mov_width'];
$playback_options['bgcolor'] = $_MG_CONF['mov_bgcolor'];
for ($i = 0; $i < $poNumRows; $i++) {
$poRow = DB_fetchArray($poResult);
$playback_options[$poRow['option_name']] = $poRow['option_value'];
}
$scale_select = MG_optionlist(array('name' => 'scale', 'current' => $playback_options['scale'], 'values' => array('tofit' => $LANG_MG07['to_fit'], 'aspect' => $LANG_MG07['aspect'], '1' => $LANG_MG07['normal_size'])));
$T->set_var(array('autoref_enabled' => $playback_options['autoref'] ? ' checked="checked"' : '', 'autoref_disabled' => $playback_options['autoref'] ? '' : ' checked="checked"', 'autoplay_enabled' => $playback_options['autoplay'] ? ' checked="checked"' : '', 'autoplay_disabled' => $playback_options['autoplay'] ? '' : ' checked="checked"', 'controller_enabled' => $playback_options['controller'] ? ' checked="checked"' : '', 'controller_disabled' => $playback_options['controller'] ? '' : ' checked="checked"', 'kioskmode_enabled' => $playback_options['kioskmode'] ? ' checked="checked"' : '', 'kioskmode_disabled' => $playback_options['kioskmode'] ? '' : ' checked="checked"', 'loop_enabled' => $playback_options['loop'] ? ' checked="checked"' : '', 'loop_disabled' => $playback_options['loop'] ? '' : ' checked="checked"', 'height' => $playback_options['height'], 'width' => $playback_options['width'], 'bgcolor' => $playback_options['bgcolor']));
$T->parse('playback_options', 'mov_options');
}
$remoteurl = $row['remote_url'];
$lang_remote_url = $row['remote_media'] == 1 ? $LANG_MG01['remote_url'] : $LANG_MG01['alternate_url'];
// user information
$username = '';
if (SEC_hasRights('mediagallery.admin')) {
$username = '******';
$sql = "SELECT * FROM {$_TABLES['users']} WHERE status=3 AND uid > 1 ORDER BY username ASC";
$result = DB_query($sql);
while ($userRow = DB_fetchArray($result)) {
$username .= '<option value="' . $userRow['uid'] . '"' . ($userRow['uid'] == $row['media_user_id'] ? ' selected="selected"' : '') . '>' . $userRow['username'] . '</option>' . LB;
}
$username .= '</select>';
} else {
if ($row['media_user_id'] != '') {
$displayname = $_CONF['show_fullname'] ? 'fullname' : 'username';
$username = DB_getItem($_TABLES['users'], $displayname, "uid={$row['media_user_id']}");
}
}
$cat_select = '<select name="cat_id" id="cat_id">';
$cat_select .= '<option value="">' . $LANG_MG01['no_category'] . '</option>';
$result = DB_query("SELECT * FROM {$_TABLES['mg_category']} ORDER BY cat_id ASC");
while ($catRow = DB_fetchArray($result)) {
$cat_select .= '<option value="' . $catRow['cat_id'] . '" ' . ($catRow['cat_id'] == $row['media_category'] ? ' selected="selected"' : '') . '>' . $catRow['cat_name'] . '</option>';
}
$cat_select .= '</select>';
$T->set_var(array('original_filename' => $row['media_original_filename'], 'attach_tn' => $row['media_tn_attached'], 'at_tn_checked' => $row['media_tn_attached'] == 1 ? ' checked="checked"' : '', 'attached_thumbnail' => $attached_thumbnail, 'album_id' => $album_id, 'media_thumbnail' => $thumbnail, 'media_id' => $row['media_id'], 'media_title' => $row['media_title'], 'media_desc' => $row['media_desc'], 'media_time' => $media_time[0], 'media_views' => $row['media_views'], 'media_comments' => $row['media_comments'], 'media_exif_info' => $exif_info, 'media_rating_max' => 5, 'height' => $size[1] + 50, 'width' => $size[0] + 40, 'queue' => $mqueue, 'month_select' => $month_select, 'day_select' => $day_select, 'year_select' => $year_select, 'hour_select' => $hour_select, 'minute_select' => $minute_select, 'user_ip' => $row['media_user_ip'], 'album_select' => $album_jumpbox, 'media_rating' => $row['media_rating'] / 2, 'media_votes' => $row['media_votes'], 's_mode' => 'edit', 's_title' => $LANG_MG01['edit_media'], 's_rotate_right' => $rotate_right, 's_rotate_left' => $rotate_left, 's_form_action' => $actionURL, 'allowed_html' => COM_allowedHTML(), 'site_url' => $_MG_CONF['site_url'], 'preview' => $preview, 'preview_end' => $preview_end, 'rpath' => htmlentities($back, ENT_QUOTES, COM_getCharset()), 'remoteurl' => $remoteurl, 'lang_remote_url' => $lang_remote_url, 'resolution' => $resolution, 'lang_resolution' => $lang_resolution, 'username' => $username, 'cat_select' => $cat_select, 'media_keywords' => $row['media_keywords'], 'artist' => $row['artist'], 'musicalbum' => $row['album'], 'genre' => $row['genre']));
// language items
$T->set_var(array('lang_playcount' => $LANG_MG07['playcount'], 'lang_playcount_help' => $LANG_MG07['playcount_help'], 'lang_playback_options' => $LANG_MG07['playback_options'], 'lang_option' => $LANG_MG07['option'], 'lang_description' => $LANG_MG07['description'], 'lang_on' => $LANG_MG07['on'], 'lang_off' => $LANG_MG07['off'], 'lang_auto_start' => $LANG_MG07['auto_start'], 'lang_auto_start_help' => $LANG_MG07['auto_start_help'], 'lang_height' => $LANG_MG07['height'], 'lang_width' => $LANG_MG07['width'], 'lang_height_help' => $LANG_MG07['height_help'], 'lang_width_help' => $LANG_MG07['width_help'], 'lang_enable_context_menu' => $LANG_MG07['enable_context_menu'], 'lang_enable_context_menu_help' => $LANG_MG07['enable_context_menu_help'], 'lang_stretch_to_fit' => $LANG_MG07['stretch_to_fit'], 'lang_stretch_to_fit_help' => $LANG_MG07['stretch_to_fit_help'], 'lang_status_bar' => $LANG_MG07['status_bar'], 'lang_status_bar_help' => $LANG_MG07['status_bar_help'], 'lang_ui_mode' => $LANG_MG07['ui_mode'], 'lang_ui_mode_help' => $LANG_MG07['ui_mode_help'], 'lang_bgcolor' => $LANG_MG07['bgcolor'], 'lang_bgcolor_help' => $LANG_MG07['bgcolor_help'], 'lang_loop' => $LANG_MG07['loop'], 'lang_loop_help' => $LANG_MG07['loop_help'], 'lang_menu' => $LANG_MG07['menu'], 'lang_menu_help' => $LANG_MG07['menu_help'], 'lang_scale' => $LANG_MG07['scale'], 'lang_swf_scale_help' => $LANG_MG07['swf_scale_help'], 'lang_wmode' => $LANG_MG07['wmode'], 'lang_wmode_help' => $LANG_MG07['wmode_help'], 'lang_quality' => $LANG_MG07['quality'], 'lang_quality_help' => $LANG_MG07['quality_help'], 'lang_flash_vars' => $LANG_MG07['flash_vars'], 'lang_asa' => $LANG_MG07['asa'], 'lang_asa_help' => $LANG_MG07['asa_help'], 'lang_swf_version_help' => $LANG_MG07['swf_version_help'], 'lang_auto_ref' => $LANG_MG07['auto_ref'], 'lang_auto_ref_help' => $LANG_MG07['auto_ref_help'], 'lang_controller' => $LANG_MG07['controller'], 'lang_controller_help' => $LANG_MG07['controller_help'], 'lang_kiosk_mode' => $LANG_MG07['kiosk_mode'], 'lang_kiosk_mode_help' => $LANG_MG07['kiosk_mode_help'], 'lang_original_filename' => $LANG_MG01['original_filename'], 'lang_media_item' => $LANG_MG00['media_col_header'], 'lang_media_attributes' => $LANG_MG01['media_attributes'], 'lang_mediaattributes' => $LANG_MG01['mediaattributes'], 'lang_attached_thumbnail' => $LANG_MG01['attached_thumbnail'], 'lang_category' => $LANG_MG01['category'], 'lang_keywords' => $LANG_MG01['keywords'], 'lang_rating' => $LANG_MG03['rating'], 'lang_comments' => $LANG_MG03['comments'], 'lang_votes' => $LANG_MG03['votes'], 'media_edit_title' => $LANG_MG01['media_edit'], 'media_edit_help' => $LANG_MG01['media_edit_help'], 'rotate_left' => $LANG_MG01['rotate_left'], 'rotate_right' => $LANG_MG01['rotate_right'], 'lang_title' => $LANG_MG01['title'], 'albums' => $LANG_MG01['albums'], 'description' => $LANG_MG01['description'], 'capture_time' => $LANG_MG01['capture_time'], 'views' => $LANG_MG03['views'], 'uploaded_by' => $LANG_MG01['uploaded_by'], 'submit' => $LANG_MG01['submit'], 'cancel' => $LANG_MG01['cancel'], 'reset' => $LANG_MG01['reset'], 'lang_save' => $LANG_MG01['save'], 'lang_reset' => $LANG_MG01['reset'], 'lang_cancel' => $LANG_MG01['cancel'], 'lang_delete' => $LANG_MG01['delete'], 'lang_delete_confirm' => $LANG_MG01['delete_item_confirm'], 'lang_reset_rating' => $LANG_MG01['reset_rating'], 'lang_reset_views' => $LANG_MG01['reset_views'], 'lang_replacefile' => $LANG_MG01['replace_file'], 'lang_artist' => $LANG_MG01['artist'], 'lang_genre' => $LANG_MG01['genre'], 'lang_music_album' => $LANG_MG01['music_album']));
$retval .= $T->finish($T->parse('output', 'admin'));
return $retval;
}
//$meta_description = stripslashes( DB_getItem( $_TABLES['topics'], 'meta_description', "tid = '$topic'" ));
//$meta_keywords = stripslashes( DB_getItem( $_TABLES['topics'], 'meta_keywords', "tid = '$topic'" ));
$header .= COM_createMetaTags($meta_description, $meta_keywords);
}
} else {
$header = '<link rel="microsummary" href="' . $_CONF['site_url'] . '/index.php?display=microsummary" title="Microsummary"' . XHTML . '>';
}
$display .= COM_siteHeader('menu', '', $header);
if (isset($_GET['msg'])) {
$plugin = '';
if (isset($_GET['plugin'])) {
$plugin = COM_applyFilter($_GET['plugin']);
}
$display .= COM_showMessage(COM_applyFilter($_GET['msg'], true), $plugin);
}
if (SEC_inGroup('Root') && $page == 1) {
$done = DB_getItem($_TABLES['vars'], 'value', "name = 'security_check'");
if ($done != 1) {
/**
* we don't have the path to the admin directory, so try to figure it
* out from $_CONF['site_admin_url']
* @todo FIXME: this duplicates some code from admin/sectest.php
*/
$adminurl = $_CONF['site_admin_url'];
if (strrpos($adminurl, '/') == strlen($adminurl)) {
$adminurl = substr($adminurl, 0, -1);
}
$pos = strrpos($adminurl, '/');
if ($pos === false) {
// only guessing ...
$installdir = $_CONF['path_html'] . 'admin/install';
$form_details .= "<b>Created:</b> {$createdDate}<br><b> by:</b> {$createdUser}";
if ($lastUpdatedDate != 0) {
$lastUpdatedDate = strftime("%Y-%m-%d %H:%M", $lastUpdatedDate);
$lastUpdatedUser = COM_getDisplayName($lastUpdatedUid);
$form_date = "<b>[U]</b> {$lastUpdatedDate}";
$form_details .= "<br><b>Updated:</b> {$lastUpdatedDate}<br><b> by:</b> {$lastUpdatedUser}";
}
$p->set_var('form_details', $form_details);
// Get last timestamp event for this form
$q = DB_query("SELECT timestamp FROM {$_TABLES['nf_projecttimestamps']} WHERE project_formid='{$PD['id']}' ORDER BY timestamp DESC limit 1");
list($timestamp) = DB_fetchArray($q);
$p->set_var('form_date', strftime("%m-%d-%Y %H:%M:%S", $timestamp));
$p->set_var('form_status', $CONF_NF['formstatus'][$PD['status']]);
$p->set_var('form_name', $PD['formtype']);
$p->set_var('form_url', '#" onClick="nfNewWindow(\'' . sprintf($viewFormURL, $PD['form_id'], $PD['results_id'], $project_id) . '\');"');
if ($PD['created_by_uid'] == $_USER['uid'] or SEC_inGroup('nexflow Admin')) {
$edit_link = '<a href="#" onClick="nfNewWindow(\'' . sprintf($editFormURL, $PD['form_id'], $PD['results_id'], $usermodeUID) . '\');">';
$edit_link .= '<img src="' . $_CONF['layout_url'] . '/nexflow/images/edit.gif" Title="Edit Form" border="0"></a>';
} else {
$edit_link = '';
}
$p->set_var('edit_link', $edit_link);
if ($f == 1) {
$p->parse('form_records', 'projectforms');
} else {
$p->parse('form_records', 'projectforms', true);
}
$f++;
}
// while
}
// | of the License, or (at your option) any later version. |
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +--------------------------------------------------------------------------+
require_once '../../../lib-common.php';
require_once $_CONF['path'] . '/plugins/calendar/autoinstall.php';
USES_lib_install();
if (!SEC_inGroup('Root')) {
// Someone is trying to illegally access this page
COM_errorLog("Someone has tried to illegally access the Calendar install/uninstall page. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
$display = COM_siteHeader('menu', $LANG_ACCESS['accessdenied']) . COM_startBlock($LANG_ACCESS['accessdenied']) . $LANG_ACCESS['plugin_access_denied_msg'] . COM_endBlock() . COM_siteFooter();
echo $display;
exit;
}
/**
* Main Function
*/
if (SEC_checkToken()) {
$action = COM_applyFilter($_GET['action']);
if ($action == 'install') {
if (plugin_install_calendar()) {
// Redirects to the plugin editor
echo COM_refresh($_CONF['site_admin_url'] . '/plugins.php?msg=44');
/**
* Displays the contact form
*
* @param int $uid User ID of article author
* @param string $subject Subject of email
* @param string $message Text of message to send
* @return string HTML for the contact form
*
*/
function contactform($uid, $subject = '', $message = '')
{
global $_CONF, $_TABLES, $_USER, $LANG08, $LANG_LOGIN;
$retval = '';
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailuserloginrequired'] == 1)) {
$retval = COM_startBlock($LANG_LOGIN[1], '', COM_getBlockTemplate('_msg_block', 'header'));
$login = new Template($_CONF['path_layout'] . 'submit');
$login->set_file(array('login' => 'submitloginrequired.thtml'));
$login->set_var('xhtml', XHTML);
$login->set_var('site_url', $_CONF['site_url']);
$login->set_var('site_admin_url', $_CONF['site_admin_url']);
$login->set_var('layout_url', $_CONF['layout_url']);
$login->set_var('login_message', $LANG_LOGIN[2]);
$login->set_var('lang_login', $LANG_LOGIN[3]);
$login->set_var('lang_newuser', $LANG_LOGIN[4]);
$login->parse('output', 'login');
$retval .= $login->finish($login->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
} else {
$result = DB_query("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '{$uid}'");
$P = DB_fetchArray($result);
if (SEC_inGroup('Root') || SEC_hasRights('user.mail')) {
$isAdmin = true;
} else {
$isAdmin = false;
}
$displayname = COM_getDisplayName($uid);
if ($P['emailfromadmin'] == 1 && $isAdmin || $P['emailfromuser'] == 1 && !$isAdmin) {
$retval = COM_startBlock($LANG08[10] . ' ' . $displayname);
$mail_template = new Template($_CONF['path_layout'] . 'profiles');
$mail_template->set_file('form', 'contactuserform.thtml');
$mail_template->set_var('xhtml', XHTML);
$mail_template->set_var('site_url', $_CONF['site_url']);
$mail_template->set_var('lang_description', $LANG08[26]);
$mail_template->set_var('lang_username', $LANG08[11]);
if (COM_isAnonUser()) {
$sender = '';
if (isset($_POST['author'])) {
$sender = strip_tags($_POST['author']);
$sender = substr($sender, 0, strcspn($sender, "\r\n"));
$sender = htmlspecialchars(trim($sender), ENT_QUOTES);
}
$mail_template->set_var('username', $sender);
} else {
$mail_template->set_var('username', COM_getDisplayName($_USER['uid'], $_USER['username'], $_USER['fullname']));
}
$mail_template->set_var('lang_useremail', $LANG08[12]);
if (COM_isAnonUser()) {
$email = '';
if (isset($_POST['authoremail'])) {
$email = strip_tags($_POST['authoremail']);
$email = substr($email, 0, strcspn($email, "\r\n"));
$email = htmlspecialchars(trim($email), ENT_QUOTES);
}
$mail_template->set_var('useremail', $email);
} else {
$mail_template->set_var('useremail', $_USER['email']);
}
$mail_template->set_var('lang_cc', $LANG08[36]);
$mail_template->set_var('lang_cc_description', $LANG08[37]);
$mail_template->set_var('lang_subject', $LANG08[13]);
$mail_template->set_var('subject', $subject);
$mail_template->set_var('lang_message', $LANG08[14]);
$mail_template->set_var('message', htmlspecialchars($message));
$mail_template->set_var('lang_nohtml', $LANG08[15]);
$mail_template->set_var('lang_submit', $LANG08[16]);
$mail_template->set_var('uid', $uid);
PLG_templateSetVars('contact', $mail_template);
$mail_template->parse('output', 'form');
$retval .= $mail_template->finish($mail_template->get_var('output'));
$retval .= COM_endBlock();
} else {
$retval = COM_startBlock($LANG08[10] . ' ' . $displayname, '', COM_getBlockTemplate('_msg_block', 'header'));
$retval .= $LANG08[35];
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
}
}
return $retval;
}
function MG_indexAll()
{
global $_USER, $_MG_CONF, $_CONF, $_TABLES, $MG_albums, $LANG_MG00, $LANG_MG01, $LANG_MG02, $LANG_MG03, $themeStyle, $ImageSkin, $sortOrder, $displayColumns, $displayRows, $tnSize, $level, $album_jumpbox;
$album_id = 0;
if (isset($_GET['aid'])) {
$album_id = (int) COM_applyFilter($_GET['aid'], true);
}
$page = 0;
if (isset($_GET['page'])) {
$page = (int) COM_applyFilter($_GET['page'], true);
}
if ($page != 0) {
$page = $page - 1;
}
$lbSlideShow = '';
$errorMessage = '';
$columns_per_page = $displayColumns;
$rows_per_page = $displayRows;
$media_per_page = $columns_per_page * $rows_per_page;
// image frame setup
$nFrame = new mgFrame();
$nFrame->constructor($ImageSkin);
$imageFrameTemplate = $nFrame->getTemplate();
$frWidth = $nFrame->frame['wHL'] + $nFrame->frame['wHR'];
$frHeight = $nFrame->frame['hVT'] + $nFrame->frame['hVB'];
$fCSS = $nFrame->getCSS();
// Let's build our admin menu options
$showAdminBox = 0;
$admin_box = '<form name="adminbox" id="adminbox" action="' . $_MG_CONF['site_url'] . '/admin.php" method="get" style="margin:0;padding:0;">' . LB;
$admin_box .= '<div>';
$admin_box .= '<select onchange="javascript:forms[\'adminbox\'].submit();" name="mode">' . LB;
$admin_box .= '<option label="' . $LANG_MG01['options'] . '" value="">' . $LANG_MG01['options'] . '</option>' . LB;
if (($MG_albums[0]->member_uploads || $MG_albums[0]->access == 3) && (isset($_USER['uid']) && $_USER['uid'] > 1)) {
$admin_box .= '<option value="upload">' . $LANG_MG01['add_media'] . '</option>' . LB;
$showAdminBox = 1;
}
if ($MG_albums[0]->owner_id) {
$admin_box .= '<option value="albumsort">' . $LANG_MG01['sort_albums'] . '</option>' . LB;
$admin_box .= '<option value="globalattr">' . $LANG_MG01['globalattr'] . '</option>' . LB;
$admin_box .= '<option value="globalperm">' . $LANG_MG01['globalperm'] . '</option>' . LB;
$queue_count = DB_count($_TABLES['mg_media_album_queue']);
$admin_box .= '<option value="moderate">' . $LANG_MG01['media_queue'] . ' (' . $queue_count . ')</option>' . LB;
$admin_box .= '<option value="wmmanage">' . $LANG_MG01['wm_management'] . '</option>' . LB;
$admin_box .= '<option value="create">' . $LANG_MG01['create_album'] . '</option>' . LB;
$showAdminBox = 1;
} elseif ($MG_albums[0]->access == 3) {
$admin_box .= '<option value="create">' . $LANG_MG01['create_album'] . '</option>' . LB;
$showAdminBox = 1;
} elseif ($_MG_CONF['member_albums'] == 1 && (isset($_USER['uid']) && $_USER['uid'] > 1) && $_MG_CONF['member_album_root'] == 0 && $_MG_CONF['member_create_new']) {
$admin_box .= '<option value="create">' . $LANG_MG01['create_album'] . '</option>' . LB;
$showAdminBox = 1;
}
$admin_box .= '</select>' . LB;
$admin_box .= '<input type="hidden" name="album_id" value="0"/>' . LB;
$admin_box .= ' <input type="submit" value="' . $LANG_MG03['go'] . '"/>' . LB;
$admin_box .= '</div>';
$admin_box .= '</form>';
if ($showAdminBox == 0) {
$admin_box = '';
}
// construct the album jumpbox...
$level = 0;
$album_jumpbox = '<form name="jumpbox" id="jumpbox" action="' . $_MG_CONF['site_url'] . '/album.php' . '" method="get" style="margin:0;padding:0"><div>';
$album_jumpbox .= $LANG_MG03['jump_to'] . ': <select name="aid" onchange="forms[\'jumpbox\'].submit()">';
$MG_albums[0]->buildJumpBox(0);
$album_jumpbox .= '</select>';
$album_jumpbox .= ' <input type="submit" value="' . $LANG_MG03['go'] . '"/>';
$album_jumpbox .= '<input type="hidden" name="page" value="1"/>';
$album_jumpbox .= '</div></form>';
// initialize our variables
$total_media = 0;
$arrayCounter = 0;
$total_object_count = 0;
$mediaObject = array();
$begin = $media_per_page * $page;
$end = $media_per_page;
$MG_media = array();
// loop thru all the albums and build a list of valid albums that the user can see
$first = 0;
$albumList = getAlbumList($album_id, $first);
$orderBy = ' ORDER BY m.media_upload_time ' . $sortOrder;
if ($albumList != '') {
$sql = "SELECT COUNT(*) AS total FROM {$_TABLES['mg_media_albums']} as ma INNER JOIN " . $_TABLES['mg_media'] . " as m " . " ON ma.media_id=m.media_id WHERE ma.album_id IN (" . $albumList . ") " . $orderBy;
$result = DB_query($sql);
$row = DB_fetchArray($result);
$cCount = $row['total'];
} else {
$cCount = 0;
}
if ($albumList != '') {
$sql = "SELECT * FROM {$_TABLES['mg_media_albums']} as ma INNER JOIN " . $_TABLES['mg_media'] . " as m " . " ON ma.media_id=m.media_id WHERE ma.album_id IN (" . $albumList . ") " . $orderBy;
$sql .= ' LIMIT ' . $begin . ',' . $end;
$result = DB_query($sql);
$nRows = DB_numRows($result);
} else {
$nRows = 0;
}
$mediaRows = 0;
$lbss_count = 0;
$posCount = 0;
if ($nRows > 0) {
while ($row = DB_fetchArray($result)) {
$media = new MediaItem();
$media->constructor($row, $row['album_id']);
$MG_media[$arrayCounter] = $media;
$MG_albums[$row['album_id']]->imageFrameTemplate = $imageFrameTemplate;
$arrayCounter++;
$mediaRows++;
}
}
$total_media = $total_media + $mediaRows;
$total_items_in_album = $cCount;
$total_pages = ceil($total_items_in_album / $media_per_page);
if ($page >= $total_pages) {
$page = $total_pages - 1;
}
$start = $page * $media_per_page;
$current_print_page = floor($start / $media_per_page) + 1;
$total_print_pages = ceil($total_items_in_album / $media_per_page);
if ($current_print_page == 0) {
$current_print_page = 1;
}
if ($total_print_pages == 0) {
$total_print_pages = 1;
}
// now build the admin select...
$admin_box = '';
$admin_box = '<form name="adminbox" id="adminbox" action="' . $_MG_CONF['site_url'] . '/admin.php" method="get" style="margin:0;padding:0">';
$admin_box .= '<div><input type="hidden" name="album_id" value="' . $album_id . '"/>';
$admin_box .= '<select name="mode" onchange="forms[\'adminbox\'].submit()">';
$admin_box .= '<option label="' . $LANG_MG01['options'] . '" value="">' . $LANG_MG01['options'] . '</option>';
$admin_box .= '<option value="search">' . $LANG_MG01['search'] . '</option>';
$uploadMenu = 0;
$adminMenu = 0;
if ($MG_albums[0]->owner_id) {
$uploadMenu = 1;
$adminMenu = 1;
} else {
if ($MG_albums[$album_id]->access == 3) {
$uploadMenu = 1;
$adminMenu = 1;
if ($_MG_CONF['member_albums']) {
if ($_MG_USERPREFS['active'] != 1) {
$uploadMenu = 0;
$adminMenu = 0;
} else {
$uploadMenu = 1;
$adminMenu = 1;
}
}
} else {
if ($MG_albums[$album_id]->member_uploads == 1 && isset($_USER['uid']) && $_USER['uid'] >= 2) {
$uploadMenu = 1;
$adminMenu = 0;
}
}
}
if ($uploadMenu == 1) {
$admin_box .= '<option value="upload">' . $LANG_MG01['add_media'] . '</option>';
}
if ($adminMenu == 1) {
$admin_box .= '<option value="create">' . $LANG_MG01['create_album'] . '</option>';
} elseif ($_MG_CONF['member_albums'] == 1 && !empty($_USER['username']) && $_MG_CONF['member_create_new'] == 1 && $_MG_USERPREFS['active'] == 1 && $album_id == $_MG_CONF['member_album_root']) {
$admin_box .= '<option value="create">' . $LANG_MG01['create_album'] . '</option>';
$adminMenu = 1;
}
// now check for moderation capabilities....
if ($MG_albums[$album_id]->member_uploads == 1 && $MG_albums[$album_id]->moderate == 1) {
// check to see if we are in the album_mod_group
if (SEC_inGroup($MG_albums[$album_id]->mod_group_id) || $MG_albums[0]->owner_id) {
$queue_count = DB_count($_TABLES['mg_media_album_queue'], 'album_id', $album_id);
$admin_box .= '<option value="moderate">' . $LANG_MG01['media_queue'] . ' (' . $queue_count . ')</option>';
$adminMenu = 1;
}
}
$admin_box .= '</select>';
$admin_box .= ' <input type="submit" value="' . $LANG_MG03['go'] . '" style="padding:0px;margin:0px;"/>';
$admin_box .= '</div></form>';
if ($uploadMenu == 0 && $adminMenu == 0) {
$admin_box = '';
}
if ($MG_albums[$album_id]->enable_sort == 1) {
$sort_box = '<form name="sortbox" id="sortbox" action="' . $_MG_CONF['site_url'] . '/album.php" method="get" style="margin:0;padding:0"><div>';
$sort_box .= '<input type="hidden" name="aid" value="' . $album_id . '"/>';
$sort_box .= '<input type="hidden" name="page" value="' . $page . '"/>';
$sort_box .= $LANG_MG03['sort_by'] . ' <select name="sort" onchange="forms[\'sortbox\'].submit()">';
$sort_box .= '<option value="0" ' . ($sortOrder == 0 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_default'] . '</option>';
$sort_box .= '<option value="1" ' . ($sortOrder == 1 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_default_asc'] . '</option>';
$sort_box .= '<option value="2" ' . ($sortOrder == 2 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_upload'] . '</option>';
$sort_box .= '<option value="3" ' . ($sortOrder == 3 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_upload_asc'] . '</option>';
$sort_box .= '<option value="4" ' . ($sortOrder == 4 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_capture'] . '</option>';
$sort_box .= '<option value="5" ' . ($sortOrder == 5 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_capture_asc'] . '</option>';
$sort_box .= '<option value="6" ' . ($sortOrder == 6 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_rating'] . '</option>';
$sort_box .= '<option value="7" ' . ($sortOrder == 7 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_rating_asc'] . '</option>';
$sort_box .= '<option value="8" ' . ($sortOrder == 8 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_views'] . '</option>';
$sort_box .= '<option value="9" ' . ($sortOrder == 9 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_views_asc'] . '</option>';
$sort_box .= '<option value="10" ' . ($sortOrder == 10 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_alpha'] . '</option>';
$sort_box .= '<option value="11" ' . ($sortOrder == 11 ? ' selected="selected" ' : '') . '>' . $LANG_MG03['sort_alpha_asc'] . '</option>';
$sort_box .= '</select>';
$sort_box .= ' <input type="submit" value="' . $LANG_MG03['go'] . '"/>';
$sort_box .= '</div></form>';
} else {
$sort_box = '';
}
$owner_id = $MG_albums[$album_id]->owner_id;
if ($owner_id == '' || !isset($MG_albums[$album_id]->owner_id)) {
$owner_id = 0;
}
$ownername = DB_getItem($_TABLES['users'], 'username', "uid=" . (int) $owner_id);
$album_last_update = MG_getUserDateTimeFormat($MG_albums[$album_id]->last_update);
$T = new Template($_MG_CONF['template_path']);
$T->set_file(array('page' => 'index-all.thtml'));
//@TODO fix language tag
$T->set_var(array('site_url' => $_MG_CONF['site_url'], 'album_title' => "All Photos - Sorted by Post Date", 'table_columns' => $columns_per_page, 'table_column_width' => intval(100 / $columns_per_page) . '%', 'top_pagination' => COM_printPageNavigation($_MG_CONF['site_url'] . '/index.php?aid=' . $album_id, $page + 1, ceil($total_items_in_album / $media_per_page)), 'bottom_pagination' => COM_printPageNavigation($_MG_CONF['site_url'] . '/index.php?aid=' . $album_id, $page + 1, ceil($total_items_in_album / $media_per_page)), 'page_number' => sprintf("%s %d %s %d", $LANG_MG03['page'], $current_print_page, $LANG_MG03['of'], $total_print_pages), 'jumpbox' => $album_jumpbox, 'album_id' => $album_id, 'lbslideshow' => $lbSlideShow, 'album_description' => $MG_albums[$album_id]->display_album_desc ? PLG_replaceTags($MG_albums[$album_id]->description) : '', 'album_id_display' => $MG_albums[0]->owner_id || $_MG_CONF['enable_media_id'] == 1 ? $LANG_MG03['album_id_display'] . $album_id : '', 'select_adminbox' => $admin_box, 'select_sortbox' => $sort_box, 'album_last_update' => $album_last_update[0], 'album_owner' => $ownername, 'media_count' => $MG_albums[$album_id]->getMediaCount(), 'lang_search' => $LANG_MG01['search'], 'table_columns' => $displayColumns));
$T->set_var('select_adminbox', $admin_box);
if ($_MG_CONF['rss_full_enabled']) {
$feedUrl = MG_getFeedUrl($_MG_CONF['rss_feed_name'] . '.rss');
$rsslink = '<a href="' . $feedUrl . '"' . ' type="application/rss+xml">';
$rsslink .= '<img src="' . MG_getImageFile('feed.png') . '" alt="" style="border:none;"/></a>';
$T->set_var('rsslink', $rsslink);
} else {
$T->set_var('rsslink', '');
}
// completed setting header / footer vars, parse them
PLG_templateSetVars('mediagallery', $T);
if ($total_media == 0) {
$T->set_var(array('lang_no_image' => $LANG_MG03['no_media_objects']));
}
//
// main processing of the album contents.
//
$noParse = 0;
$needFinalParse = 0;
if ($total_media > 0) {
$k = 0;
$T->set_block('page', 'ImageColumn', 'IColumn');
$T->set_block('page', 'ImageRow', 'IRow');
for ($i = 0; $i < $media_per_page; $i += $columns_per_page) {
for ($j = $i; $j < $i + $columns_per_page; $j++) {
if ($j >= $total_media) {
$k = $i + $columns_per_page - $j;
$m = $k % $columns_per_page;
for ($z = $m; $z > 0; $z--) {
$T->set_var(array('CELL_DISPLAY_IMAGE' => ''));
$T->parse('IColumn', 'ImageColumn', true);
$needFinalParse = 1;
}
if ($needFinalParse == 1) {
$T->parse('IRow', 'ImageRow', true);
$T->set_var('IColumn', '');
}
$noParse = 1;
break;
}
$previous_image = $i - 1;
if ($previous_image < 0) {
$previous_image = -1;
}
$next_image = $i + 1;
if ($next_image >= $total_media - 1) {
$next_image = -1;
}
$z = $j + $start;
$celldisplay = $MG_media[$j]->displayThumb($z, 0, $imageFrameTemplate);
if ($MG_media[$j]->type == 1) {
$PhotoURL = $_MG_CONF['mediaobjects_url'] . '/disp/' . $MG_media[$j]->filename[0] . '/' . $MG_media[$j]->filename . '.jpg';
$T->set_var(array('URL' => $PhotoURL));
}
$T->set_var(array('CELL_DISPLAY_IMAGE' => $celldisplay));
$T->parse('IColumn', 'ImageColumn', true);
}
if ($noParse == 1) {
break;
}
$T->parse('IRow', 'ImageRow', true);
$T->set_var('IColumn', '');
}
}
$T->parse('output', 'page');
$fCSS = $nFrame->getCSS();
if ($fCSS != '') {
$outputHandle = outputHandler::getInstance();
$outputHandle->addStyle($fCSS);
}
$display = MG_siteHeader(strip_tags($MG_albums[$album_id]->title));
$display .= $T->finish($T->get_var('output'));
$display .= MG_siteFooter();
echo $display;
}
// +---------------------------------------------------------------------------+
require_once './include/security.inc';
if (!GUS_HasAccess()) {
exit;
}
require_once './include/sql.inc';
require_once './include/util.inc';
/*
* Main Function
*/
// Check for cached file
if (file_exists(GUS_cachefile()) and date('Yn') !== $year . $month) {
$display = GUS_getcache();
} else {
// no cached version found - generate page
if (SEC_inGroup('Root') or SEC_hasRights('gus.view')) {
$T = GUS_template_start('daily.thtml');
} else {
$T = GUS_template_start('daily-a.thtml');
}
$T->set_var('additional_nav', GUS_make_nav($day, $month, $year));
$T->set_block('page', 'ROW', 'ABlock');
$T->set_var(array('stats_name' => 'gus', 'site_url' => $_CONF['site_url'], 'period_title' => $LANG_GUS00['day_title'], 'anon_title' => $LANG_GUS00['anon_title'], 'reg_title' => $LANG_GUS00['reg_title'], 'page_title' => $LANG_GUS00['page_title'], 'story_title' => $LANG_GUS00['new_stories'], 'comm_title' => $LANG_GUS00['new_comments'], 'link_title' => $LANG_GUS00['link_title']));
$anon = 0;
$reg = 0;
$pages = 0;
$stories = 0;
$comments = 0;
$linksf = 0;
$days = Date('t', mktime(0, 0, 0, $month, 1, $year));
// special case for this month - don't show days in the future
/**
* Checks if current user has access to the given object
* This function takes the access info from a Geeklog object
* and let's us know if they have access to the object
* returns 3 for read/edit, 2 for read only and 0 for no
* access
*
* @param int $owner_id ID of the owner of object
* @param int $group_id ID of group object belongs to
* @param int $perm_owner Permissions the owner has
* @param int $perm_group Permissions the gorup has
* @param int $perm_members Permissions logged in members have
* @param int $perm_anon Permissions anonymous users have
* @param int $uid User id or 0 = current user
* @return int returns 3 for read/edit 2 for read only 0 for no access
*/
function SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $uid = 0)
{
global $_USER;
if ($uid == 0) {
// Cache current user id
if (empty($_USER['uid'])) {
$uid = 1;
} else {
$uid = $_USER['uid'];
}
}
// If user is in Root group then return full access
if (SEC_inGroup('Root', $uid)) {
return 3;
}
// If user is owner then return 1 now
if ($uid == $owner_id) {
return $perm_owner;
}
// Not private, if user is in group then give access
if (SEC_inGroup($group_id, $uid)) {
return $perm_group;
} else {
if ($uid == 1) {
// This is an anonymous user, return it's rights
return $perm_anon;
} else {
// This is a logged in member, return their rights
return $perm_members;
}
}
}
// | of the License, or (at your option) any later version. |
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +--------------------------------------------------------------------------+
require_once '../../../lib-common.php';
require_once '../../auth.inc.php';
$display = '';
if (!SEC_inGroup('Bad Behavior2 Admin')) {
$display .= COM_siteHeader('menu');
$display .= COM_showMessageText($LANG20[6], $LANG20[1], true);
$display .= COM_siteFooter();
echo $display;
exit;
}
USES_lib_admin();
require_once $_CONF['path_html'] . '/bad_behavior2/bad-behavior-glfusion.php';
/**
* List logged requests
*
* @param int $page page number
* @return string HTML for list of entries
*
*/
/**
* Modifies template location to prevent non-Root users from seeing it
*
* @param string $location
* @return string If the current user is in the Root group, $location is
* unchanged. Otherwise, $location is changed into a path
* relative to $_CONF['path_layout'].
*/
protected function _modifyTemplateLocation($location)
{
global $_CONF;
static $switch = null;
if ($switch === null) {
$switch = $this->debug > 0 && SEC_inGroup('Root');
}
if (!$switch) {
$location = str_ireplace($_CONF['path_layout'], '', $location);
}
return $location;
}
/**
* Shows story editor
*
* Displays the story entry form
*
* @param string $sid ID of story to edit
* @param string $mode 'preview', 'edit', 'editsubmission', 'clone'
* @param string $errormsg a message to display on top of the page
* @return string HTML for story editor
*
*/
function storyeditor($sid = '', $mode = '', $errormsg = '')
{
global $_CONF, $_TABLES, $_USER, $LANG24, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_SCRIPTS, $LANG_DIRECTION, $LANG_MONTH, $LANG_WEEK;
$display = '';
if (!isset($_CONF['hour_mode'])) {
$_CONF['hour_mode'] = 12;
}
if (!empty($errormsg)) {
$display .= COM_showMessageText($errormsg, $LANG24[25]);
}
$story = new Story();
if ($mode == 'preview') {
// Handle Magic GPC Garbage:
while (list($key, $value) = each($_POST)) {
if (!is_array($value)) {
$_POST[$key] = COM_stripslashes($value);
} else {
while (list($subkey, $subvalue) = each($value)) {
$value[$subkey] = COM_stripslashes($subvalue);
}
}
}
$result = $story->loadFromArgsArray($_POST);
if ($_CONF['maximagesperarticle'] > 0) {
$errors = $story->checkAttachedImages();
if (count($errors) > 0) {
$msg = $LANG24[55] . LB . '<ul>' . LB;
foreach ($errors as $err) {
$msg .= '<li>' . $err . '</li>' . LB;
}
$msg .= '</ul>' . LB;
$display .= COM_showMessageText($msg, $LANG24[54]);
}
}
} else {
$result = $story->loadFromDatabase($sid, $mode);
}
if ($result == STORY_PERMISSION_DENIED || $result == STORY_NO_ACCESS_PARAMS) {
$display .= COM_showMessageText($LANG24[42], $LANG_ACCESS['accessdenied']);
COM_accessLog("User {$_USER['username']} tried to illegally access story {$sid}.");
return $display;
} elseif ($result == STORY_EDIT_DENIED || $result == STORY_EXISTING_NO_EDIT_PERMISSION) {
$display .= COM_showMessageText($LANG24[41], $LANG_ACCESS['accessdenied']);
$display .= STORY_renderArticle($story, 'p');
COM_accessLog("User {$_USER['username']} tried to illegally edit story {$sid}.");
return $display;
} elseif ($result == STORY_INVALID_SID) {
if ($mode == 'editsubmission') {
// that submission doesn't seem to be there any more (may have been
// handled by another Admin) - take us back to the moderation page
return COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
} else {
return COM_refresh($_CONF['site_admin_url'] . '/story.php');
}
} elseif ($result == STORY_DUPLICATE_SID) {
$display .= COM_showMessageText($LANG24[24]);
}
// Load HTML templates
$story_templates = COM_newTemplate($_CONF['path_layout'] . 'admin/story');
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
$story_templates->set_file(array('editor' => 'storyeditor_advanced.thtml'));
$advanced_editormode = true;
$story_templates->set_var('change_editormode', 'onchange="change_editmode(this);"');
require_once $_CONF['path_system'] . 'classes/navbar.class.php';
$story_templates->set_var('show_preview', 'none');
$story_templates->set_var('lang_expandhelp', $LANG24[67]);
$story_templates->set_var('lang_reducehelp', $LANG24[68]);
$story_templates->set_var('lang_publishdate', $LANG24[69]);
$story_templates->set_var('lang_toolbar', $LANG24[70]);
$story_templates->set_var('toolbar1', $LANG24[71]);
$story_templates->set_var('toolbar2', $LANG24[72]);
$story_templates->set_var('toolbar3', $LANG24[73]);
$story_templates->set_var('toolbar4', $LANG24[74]);
$story_templates->set_var('toolbar5', $LANG24[75]);
if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') {
$story_templates->set_var('show_texteditor', 'none');
$story_templates->set_var('show_htmleditor', '');
} else {
$story_templates->set_var('show_texteditor', '');
$story_templates->set_var('show_htmleditor', 'none');
}
} else {
$story_templates->set_file(array('editor' => 'storyeditor.thtml'));
$advanced_editormode = false;
}
$story_templates->set_var('hour_mode', $_CONF['hour_mode']);
if ($story->hasContent()) {
$previewContent = STORY_renderArticle($story, 'p');
if ($advanced_editormode and $previewContent != '') {
$story_templates->set_var('preview_content', $previewContent);
} elseif ($previewContent != '') {
$display .= COM_startBlock($LANG24[26], '', COM_getBlockTemplate('_admin_block', 'header'));
$display .= $previewContent;
$display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
}
}
if ($advanced_editormode) {
$navbar = new navbar();
if (!empty($previewContent)) {
$navbar->add_menuitem($LANG24[79], 'showhideEditorDiv("preview",0);return false;', true);
$navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",1);return false;', true);
$navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",2);return false;', true);
$navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",3);return false;', true);
$navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",4);return false;', true);
$navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",5);return false;', true);
$navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",6);return false;', true);
} else {
$navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",0);return false;', true);
$navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",1);return false;', true);
$navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",2);return false;', true);
$navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",3);return false;', true);
$navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",4);return false;', true);
$navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",5);return false;', true);
}
if ($mode == 'preview') {
$story_templates->set_var('show_preview', '');
$story_templates->set_var('show_htmleditor', 'none');
$story_templates->set_var('show_texteditor', 'none');
$story_templates->set_var('show_submitoptions', 'none');
$navbar->set_selected($LANG24[79]);
} else {
$navbar->set_selected($LANG24[80]);
}
$story_templates->set_var('navbar', $navbar->generate());
}
$oldsid = $story->EditElements('originalSid');
if (!empty($oldsid) && $mode != 'clone') {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$story_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$story_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
}
if ($mode == 'editsubmission' || $story->type == 'submission') {
$story_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission"' . XHTML . '>');
}
$story_templates->set_var('lang_author', $LANG24[7]);
$storyauthor = COM_getDisplayName($story->EditElements('uid'));
$story_templates->set_var('story_author', $storyauthor);
$story_templates->set_var('author', $storyauthor);
$story_templates->set_var('story_uid', $story->EditElements('uid'));
// user access info
$story_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$story_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($story->EditElements('owner_id'));
$story_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', 'uid = ' . $story->EditElements('owner_id')));
$story_templates->set_var('owner_name', $ownername);
$story_templates->set_var('owner', $ownername);
$story_templates->set_var('owner_id', $story->EditElements('owner_id'));
$story_templates->set_var('lang_group', $LANG_ACCESS['group']);
$story_templates->set_var('group_dropdown', SEC_getGroupDropdown($story->EditElements('group_id'), 3));
$story_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$story_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$story_templates->set_var('permissions_editor', SEC_getPermissionsHTML($story->EditElements('perm_owner'), $story->EditElements('perm_group'), $story->EditElements('perm_members'), $story->EditElements('perm_anon')));
$story_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']);
$story_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$curtime = COM_getUserDateTimeFormat($story->EditElements('date'));
$story_templates->set_var('lang_date', $LANG24[15]);
$story_templates->set_var('publish_second', $story->EditElements('publish_second'));
$publish_ampm = '';
$publish_hour = $story->EditElements('publish_hour');
if ($publish_hour >= 12) {
if ($publish_hour > 12) {
$publish_hour = $publish_hour - 12;
}
$ampm = 'pm';
} else {
$ampm = 'am';
}
$ampm_select = COM_getAmPmFormSelection('publish_ampm', $ampm);
$story_templates->set_var('publishampm_selection', $ampm_select);
$month_options = COM_getMonthFormOptions($story->EditElements('publish_month'));
$story_templates->set_var('publish_month_options', $month_options);
$day_options = COM_getDayFormOptions($story->EditElements('publish_day'));
$story_templates->set_var('publish_day_options', $day_options);
$year_options = COM_getYearFormOptions($story->EditElements('publish_year'));
$story_templates->set_var('publish_year_options', $year_options);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('publish_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($publish_hour);
}
$story_templates->set_var('publish_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('publish_minute'));
$story_templates->set_var('publish_minute_options', $minute_options);
$story_templates->set_var('publish_date_explanation', $LANG24[46]);
$story_templates->set_var('story_unixstamp', $story->EditElements('unixdate'));
$story_templates->set_var('expire_second', $story->EditElements('expire_second'));
$expire_ampm = '';
$expire_hour = $story->EditElements('expire_hour');
if ($expire_hour >= 12) {
if ($expire_hour > 12) {
$expire_hour = $expire_hour - 12;
}
$ampm = 'pm';
} else {
$ampm = 'am';
}
$ampm_select = COM_getAmPmFormSelection('expire_ampm', $ampm);
if (empty($ampm_select)) {
// have a hidden field to 24 hour mode to prevent JavaScript errors
$ampm_select = '<input type="hidden" name="expire_ampm" value=""' . XHTML . '>';
}
$story_templates->set_var('expireampm_selection', $ampm_select);
$month_options = COM_getMonthFormOptions($story->EditElements('expire_month'));
$story_templates->set_var('expire_month_options', $month_options);
$day_options = COM_getDayFormOptions($story->EditElements('expire_day'));
$story_templates->set_var('expire_day_options', $day_options);
$year_options = COM_getYearFormOptions($story->EditElements('expire_year'));
$story_templates->set_var('expire_year_options', $year_options);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('expire_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($expire_hour);
}
$story_templates->set_var('expire_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('expire_minute'));
$story_templates->set_var('expire_minute_options', $minute_options);
$story_templates->set_var('expire_date_explanation', $LANG24[46]);
$story_templates->set_var('story_unixstamp', $story->EditElements('expirestamp'));
$atopic = DB_getItem($_TABLES['topics'], 'tid', "archive_flag = 1");
$have_archive_topic = empty($atopic) ? false : true;
if ($story->EditElements('statuscode') == STORY_ARCHIVE_ON_EXPIRE) {
$story_templates->set_var('is_checked2', 'checked="checked"');
$story_templates->set_var('is_checked3', 'checked="checked"');
$js_showarchivedisabled = 'false';
$have_archive_topic = true;
// force display of auto archive option
} elseif ($story->EditElements('statuscode') == STORY_DELETE_ON_EXPIRE) {
$story_templates->set_var('is_checked2', 'checked="checked"');
$story_templates->set_var('is_checked4', 'checked="checked"');
if (!$have_archive_topic) {
$story_templates->set_var('is_checked3', 'style="display:none;"');
}
$js_showarchivedisabled = 'false';
} else {
if (!$have_archive_topic) {
$story_templates->set_var('is_checked3', 'style="display:none;"');
}
$js_showarchivedisabled = 'true';
}
$story_templates->set_var('lang_archivetitle', $LANG24[58]);
$story_templates->set_var('lang_option', $LANG24[59]);
$story_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']);
$story_templates->set_var('lang_story_stats', $LANG24[87]);
if ($have_archive_topic) {
$story_templates->set_var('lang_optionarchive', $LANG24[61]);
} else {
$story_templates->set_var('lang_optionarchive', '');
}
$story_templates->set_var('lang_optiondelete', $LANG24[62]);
$story_templates->set_var('lang_title', $LANG_ADMIN['title']);
$story_templates->set_var('story_title', $story->EditElements('title'));
$story_templates->set_var('lang_page_title', $LANG_ADMIN['page_title']);
$story_templates->set_var('page_title', $story->EditElements('page_title'));
$story_templates->set_var('lang_metadescription', $LANG_ADMIN['meta_description']);
$story_templates->set_var('meta_description', $story->EditElements('meta_description'));
$story_templates->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']);
$story_templates->set_var('meta_keywords', $story->EditElements('meta_keywords'));
if ($_CONF['meta_tags'] > 0) {
$story_templates->set_var('hide_meta', '');
} else {
$story_templates->set_var('hide_meta', ' style="display:none;"');
}
$story_templates->set_var('lang_topic', $LANG_ADMIN['topic']);
if ($mode == 'preview') {
$tlist = TOPIC_getTopicSelectionControl('article', '', false, true, true);
} else {
$tlist = TOPIC_getTopicSelectionControl('article', $oldsid, false, true, true);
}
if (empty($tlist)) {
$display .= COM_showMessage(101);
return $display;
}
$story_templates->set_var('topic_selection', $tlist);
$story_templates->set_var('lang_show_topic_icon', $LANG24[56]);
if ($story->EditElements('show_topic_icon') == 1) {
$story_templates->set_var('show_topic_icon_checked', 'checked="checked"');
} else {
$story_templates->set_var('show_topic_icon_checked', '');
}
$story_templates->set_var('lang_cachetime', $LANG24['cache_time']);
$story_templates->set_var('lang_cachetime_desc', $LANG24['cache_time_desc']);
$story_templates->set_var('cache_time', $story->EditElements('cache_time'));
$story_templates->set_var('lang_draft', $LANG24[34]);
if ($story->EditElements('draft_flag')) {
$story_templates->set_var('is_checked', 'checked="checked"');
}
$story_templates->set_var('lang_mode', $LANG24[3]);
$story_templates->set_var('status_options', COM_optionList($_TABLES['statuscodes'], 'code,name', $story->EditElements('statuscode')));
$story_templates->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $story->EditElements('commentcode')));
$story_templates->set_var('trackback_options', COM_optionList($_TABLES['trackbackcodes'], 'code,name', $story->EditElements('trackbackcode')));
// comment expire
$story_templates->set_var('lang_cmt_disable', $LANG24[63]);
if ($story->EditElements('cmt_close')) {
$story_templates->set_var('is_checked5', 'checked="checked"');
$js_showcmtclosedisabled = 'false';
} else {
$js_showcmtclosedisabled = 'true';
}
$month_options = COM_getMonthFormOptions($story->EditElements('cmt_close_month'));
$story_templates->set_var('cmt_close_month_options', $month_options);
$day_options = COM_getDayFormOptions($story->EditElements('cmt_close_day'));
$story_templates->set_var('cmt_close_day_options', $day_options);
// ensure that the year dropdown includes the close year
$endtm = mktime(0, 0, 0, date('m'), date('d') + $_CONF['article_comment_close_days'], date('Y'));
$yoffset = date('Y', $endtm) - date('Y');
$close_year = $story->EditElements('cmt_close_year');
if ($yoffset < -1) {
$year_options = COM_getYearFormOptions($close_year, $yoffset);
} elseif ($yoffset > 5) {
$year_options = COM_getYearFormOptions($close_year, -1, $yoffset);
} else {
$year_options = COM_getYearFormOptions($close_year);
}
$story_templates->set_var('cmt_close_year_options', $year_options);
$cmt_close_ampm = '';
$cmt_close_hour = $story->EditElements('cmt_close_hour');
//correct hour
if ($cmt_close_hour >= 12) {
if ($cmt_close_hour > 12) {
$cmt_close_hour = $cmt_close_hour - 12;
}
$ampm = 'pm';
} else {
$ampm = 'am';
}
$ampm_select = COM_getAmPmFormSelection('cmt_close_ampm', $ampm);
if (empty($ampm_select)) {
// have a hidden field to 24 hour mode to prevent JavaScript errors
$ampm_select = '<input type="hidden" name="cmt_close_ampm" value=""' . XHTML . '>';
}
$story_templates->set_var('cmt_close_ampm_selection', $ampm_select);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('cmt_close_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($cmt_close_hour);
}
$story_templates->set_var('cmt_close_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('cmt_close_minute'));
$story_templates->set_var('cmt_close_minute_options', $minute_options);
$story_templates->set_var('cmt_close_second', $story->EditElements('cmt_close_second'));
if ($_CONF['onlyrootfeatures'] == 1 && SEC_inGroup('Root') or $_CONF['onlyrootfeatures'] !== 1) {
$featured_options = "<select name=\"featured\">" . LB . COM_optionList($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured')) . "</select>" . LB;
} else {
$featured_options = "<input type=\"hidden\" name=\"featured\" value=\"0\"" . XHTML . ">";
}
$story_templates->set_var('featured_options', $featured_options);
$story_templates->set_var('frontpage_options', COM_optionList($_TABLES['frontpagecodes'], 'code,name', $story->EditElements('frontpage')));
$story_templates->set_var('story_introtext', $story->EditElements('introtext'));
$story_templates->set_var('story_bodytext', $story->EditElements('bodytext'));
$story_templates->set_var('lang_introtext', $LANG24[16]);
$story_templates->set_var('lang_bodytext', $LANG24[17]);
$story_templates->set_var('lang_postmode', $LANG24[4]);
$story_templates->set_var('lang_publishoptions', $LANG24[76]);
$story_templates->set_var('noscript', COM_getNoScript(false, $LANG24[77], sprintf($LANG24[78], $_CONF['site_admin_url'], $sid)));
$postmode = $story->EditElements('postmode');
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') {
$postmode = '';
}
}
$post_options = COM_optionList($_TABLES['postmodes'], 'code,name', $postmode);
$postmode_list = 'plaintext,html';
// If Advanced Mode - add post option and set default if editing story created with Advanced Editor
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
$postmode_list .= ',adveditor';
if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') {
$post_options .= '<option value="adveditor" selected="selected">' . $LANG24[86] . '</option>';
} else {
$post_options .= '<option value="adveditor">' . $LANG24[86] . '</option>';
}
}
if ($_CONF['wikitext_editor']) {
$postmode_list .= ',wikitext';
if ($story->EditElements('postmode') == 'wikitext') {
$post_options .= '<option value="wikitext" selected="selected">' . $LANG24[88] . '</option>';
} else {
$post_options .= '<option value="wikitext">' . $LANG24[88] . '</option>';
}
}
$story_templates->set_var('post_options', $post_options);
$postmode_array = explode(',', $postmode_list);
$allowed_html = '';
foreach ($postmode_array as $pm) {
$allowed_html .= COM_allowedHTML('story.edit', false, 1, $pm);
}
$allowed_tags = array('code', 'raw');
if ($_CONF['allow_page_breaks'] == 1) {
$allowed_tags = array_merge($allowed_tags, array('page_break'));
}
$allowed_html .= COM_allowedAutotags(false, $allowed_tags);
$story_templates->set_var('lang_allowed_html', $allowed_html);
$fileinputs = '';
$saved_images = '';
if ($_CONF['maximagesperarticle'] > 0) {
$story_templates->set_var('lang_images', $LANG24[47]);
$icount = DB_count($_TABLES['article_images'], 'ai_sid', $story->getSid());
if ($icount > 0) {
$result_articles = DB_query("SELECT * FROM {$_TABLES['article_images']} WHERE ai_sid = '" . $story->getSid() . "'");
for ($z = 1; $z <= $icount; $z++) {
$I = DB_fetchArray($result_articles);
$saved_images .= $z . ') ' . COM_createLink($I['ai_filename'], $_CONF['site_url'] . '/images/articles/' . $I['ai_filename']) . ' ' . $LANG_ADMIN['delete'] . ': <input type="checkbox" name="delete[' . $I['ai_img_num'] . ']"' . XHTML . '><br' . XHTML . '>';
}
}
$newallowed = $_CONF['maximagesperarticle'] - $icount;
for ($z = $icount + 1; $z <= $_CONF['maximagesperarticle']; $z++) {
$fileinputs .= $z . ') <input type="file" dir="ltr" name="file' . $z . '"' . XHTML . '>';
if ($z < $_CONF['maximagesperarticle']) {
$fileinputs .= '<br' . XHTML . '>';
}
}
$fileinputs .= '<br' . XHTML . '>' . $LANG24[51];
if ($_CONF['allow_user_scaling'] == 1) {
$fileinputs .= $LANG24[27];
}
$fileinputs .= $LANG24[28] . '<br' . XHTML . '>';
}
// Add JavaScript
$_SCRIPTS->setJavaScriptFile('story_editor', '/javascript/story_editor.js');
if ($_CONF['titletoid']) {
$_SCRIPTS->setJavaScriptFile('title_2_id', '/javascript/title_2_id.js');
$story_templates->set_var('titletoid', true);
}
$_SCRIPTS->setJavaScriptFile('postmode_control', '/javascript/postmode_control.js');
// Loads jQuery UI datepicker and timepicker-addon
$_SCRIPTS->setJavaScriptLibrary('jquery.ui.slider');
// $_SCRIPTS->setJavaScriptLibrary('jquery.ui.button');
$_SCRIPTS->setJavaScriptLibrary('jquery.ui.datepicker');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-i18n');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-timepicker-addon');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-timepicker-addon-i18n');
// $_SCRIPTS->setJavaScriptLibrary('jquery-ui-slideraccess');
$_SCRIPTS->setJavaScriptFile('datetimepicker', '/javascript/datetimepicker.js');
$langCode = COM_getLangIso639Code();
$toolTip = $MESSAGE[118];
$imgUrl = $_CONF['site_url'] . '/images/calendar.png';
$_SCRIPTS->setJavaScript("jQuery(function () {" . " geeklog.hour_mode = {$_CONF['hour_mode']};" . " geeklog.datetimepicker.set('publish', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . " geeklog.datetimepicker.set('expire', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . " geeklog.datetimepicker.set('cmt_close', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . "});", TRUE, TRUE);
// Setup Advanced Editor
COM_setupAdvancedEditor('/javascript/storyeditor_adveditor.js');
$story_templates->set_var('saved_images', $saved_images);
$story_templates->set_var('image_form_elements', $fileinputs);
$story_templates->set_var('lang_hits', $LANG24[18]);
$story_templates->set_var('story_hits', $story->EditElements('hits'));
$story_templates->set_var('lang_comments', $LANG24[19]);
$story_templates->set_var('story_comments', $story->EditElements('comments'));
$story_templates->set_var('lang_trackbacks', $LANG24[29]);
$story_templates->set_var('story_trackbacks', $story->EditElements('trackbacks'));
$story_templates->set_var('lang_emails', $LANG24[39]);
$story_templates->set_var('story_emails', $story->EditElements('numemails'));
if ($mode == 'clone') {
$story_templates->set_var('story_id', COM_makesid());
} else {
$story_templates->set_var('story_id', $story->getSid());
$story_templates->set_var('old_story_id', $story->EditElements('originalSid'));
}
$story_templates->set_var('lang_sid', $LANG24[12]);
$story_templates->set_var('lang_save', $LANG_ADMIN['save']);
$story_templates->set_var('lang_preview', $LANG_ADMIN['preview']);
$story_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$story_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
$story_templates->set_var('gltoken_name', CSRF_TOKEN);
$token = SEC_createToken();
$story_templates->set_var('gltoken', $token);
$story_templates->parse('output', 'editor');
$display .= COM_startBlock($LANG24[5], '', COM_getBlockTemplate('_admin_block', 'header'));
$display .= SEC_getTokenExpiryNotice($token, $LANG24[91]);
$display .= $story_templates->finish($story_templates->get_var('output'));
$display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $display;
}
function glFusionConf()
{
global $_CONF, $_CK_CONF;
if (SEC_inGroup('Root')) {
$createDir = "php/createdir.php";
$deleteDir = "php/deletedir.php";
$moveDir = "php/movedir.php";
$copyDir = "php/copydir.php";
$renameDir = "php/renamedir.php";
$deleteFile = "php/deletefile.php";
$moveFile = "php/movefile.php";
$copyFile = "php/copyfile.php";
$renameFile = "php/renamefile.php";
$uploadFile = "php/upload.php";
$downloadFile = "php/download.php";
$downloadDir = "php/downloaddir.php";
} else {
$createDir = "";
$deleteDir = "";
$moveDir = "";
$copyDir = "";
$renameDir = "";
$deleteFile = "";
$moveFile = "";
$copyFile = "";
$renameFile = "";
if ($_CK_CONF['filemanager_browse_only']) {
$uploadFile = "";
$downloadFile = "";
$downloadDir = "";
} else {
$uploadFile = "php/upload.php";
$downloadFile = "php/download.php";
$downloadDir = "php/downloaddir.php";
}
}
if ($_CK_CONF['filemanager_default_view_mode'] == 'grid') {
$defaultView = "thumb";
} else {
$defaultView = "list";
}
if (!isset($_CK_CONF['filemanager_fileperm'])) {
$_CK_CONF['filemanager_fileperm'] = '0664';
}
if (!isset($_CK_CONF['filemanager_dirperm'])) {
$_CK_CONF['filemanager_dirperm'] = '0775';
}
$cfgarray = array("FILES_ROOT" => "", "RETURN_URL_PREFIX" => "", "SESSION_PATH_KEY" => "fileman_files_root", "THUMBS_VIEW_WIDTH" => "140", "THUMBS_VIEW_HEIGHT" => "120", "PREVIEW_THUMB_WIDTH" => "100", "PREVIEW_THUMB_HEIGHT" => "100", "MAX_IMAGE_WIDTH" => "1000", "MAX_IMAGE_HEIGHT" => "1000", "INTEGRATION" => "ckeditor", "DIRLIST" => "php/dirtree.php", "CREATEDIR" => $createDir, "DELETEDIR" => $deleteDir, "MOVEDIR" => $moveDir, "COPYDIR" => $copyDir, "RENAMEDIR" => $renameDir, "FILESLIST" => "php/fileslist.php", "UPLOAD" => $uploadFile, "DOWNLOAD" => $downloadFile, "DOWNLOADDIR" => $downloadDir, "DELETEFILE" => $deleteFile, "MOVEFILE" => $moveFile, "COPYFILE" => $copyFile, "RENAMEFILE" => $renameFile, "GENERATETHUMB" => "php/thumb.php", "DEFAULTVIEW" => $defaultView, "FORBIDDEN_UPLOADS" => "tar gz arj bz bz2 bzip 7z zip js jsp jsb html mhtml mht xhtml xht php phtml php3 php4 php5 phps shtml jhtml pl sh py cgi exe application gadget hta cpl msc jar vb jse ws wsf wsc wsh ps1 ps2 psc1 psc2 msh msh1 msh2 inf reg scf msp scr dll msi vbs bat com pif cmd vxd cpl htpasswd htaccess config", "ALLOWED_UPLOADS" => "", "FILEPERMISSIONS" => $_CK_CONF['filemanager_fileperm'], "DIRPERMISSIONS" => $_CK_CONF['filemanager_dirperm'], "LANG" => "auto", "DATEFORMAT" => "dd/MM/yyyy HH =>mm", "OPEN_LAST_DIR" => "yes");
return $cfgarray;
}
$sql = "SELECT * FROM {$_TABLES['ff_topic']} WHERE (subject LIKE '%{$query}%') {$inforum} OR ";
$sql .= "(comment LIKE '%{$query}%') {$inforum} GROUP BY {$orderby} ORDER BY {$orderby} {$direction} LIMIT 100";
$result = DB_query($sql);
$nrows = DB_numRows($result);
$report->set_block('report', 'reportrow', 'rrow');
if ($nrows > 0) {
if ($_FF_CONF['enable_user_rating_system'] && !COM_isAnonUser()) {
$user_rating = intval(DB_getItem($_TABLES['ff_userinfo'], 'rating', 'uid=' . (int) $_USER['uid']));
}
$csscode = 1;
for ($i = 1; $i <= $nrows; $i++) {
$P = DB_fetchArray($result);
$fres = DB_query("SELECT grp_id,rating_view FROM {$_TABLES['ff_forums']} WHERE forum_id=" . (int) $P['forum']);
list($forumgrpid, $view_rating) = DB_fetchArray($fres);
$groupname = DB_getItem($_TABLES['groups'], 'grp_name', "grp_id=" . (int) $forumgrpid);
if (SEC_inGroup($groupname)) {
if ($_FF_CONF['enable_user_rating_system'] && !COM_isAnonUser()) {
if ($view_rating > $user_rating) {
continue;
}
}
if ($_FF_CONF['use_censor']) {
$P['subject'] = COM_checkWords($P['subject']);
}
$postdate = COM_getUserDateTimeFormat($P['date']);
$link = '<a href="' . $_CONF['site_url'] . '/forum/viewtopic.php?forum=' . $P['forum'] . '&showtopic=' . $P['id'] . '&highlight=' . htmlentities($html_query, ENT_QUOTES, COM_getEncodingt()) . '">';
$report->set_var(array('post_start_ahref' => $link, 'post_subject' => $P['subject'], 'post_end_ahref' => '</a>', 'post_date' => $postdate[0], 'post_replies' => $P['replies'], 'post_views' => $P['views'], 'csscode' => $csscode));
$report->parse('rrow', 'reportrow', true);
if ($csscode == 2) {
$csscode = 1;
} else {
function testIfUserCanApprove($useriddoingtheapproving, $useridtoapprove)
{
global $CONF_NEXTIME, $_USER;
$useriddoingtheapproving = intval($useriddoingtheapproving);
if ($useriddoingtheapproving == 0) {
$useriddoingtheapproving = $_USER['uid'];
}
$list = nexlistOptionList('alist', '', $CONF_NEXTIME['nexlist_employee_to_supervisor'], 0, '', '0:' . $useridtoapprove . ',1:' . $useriddoingtheapproving);
if (count($list) < 1) {
$list = nexlistOptionList('alist', '', $CONF_NEXTIME['nexlist_employee_to_delegate'], 0, '', '0:' . $useridtoapprove . ',1:' . $useriddoingtheapproving);
}
$isNextimeAdmin = SEC_inGroup('nexTime Admin', $useriddoingtheapproving);
if (count($list) > 0 || $isNextimeAdmin) {
return true;
} else {
return false;
}
}
/**
* Save topic to the database
*
* @param string $tid Topic ID
* @param string $topic Name of topic (what the user sees)
* @param int $inherit whether to inherit
* @param int $hidden whether to hide
* @param string $parent_id Parent ID
* @param string $imageUrl (partial) URL to topic image
* @param string $meta_description Topic meta description
* @param string $meta_keywords Topic meta keywords
* @param int $sortNum number for sort order in "Topics" block
* @param int $limitNews number of stories per page for this topic
* @param int $owner_id ID of owner
* @param int $group_id ID of group topic belongs to
* @param int $perm_owner Permissions the owner has
* @param int $perm_group Permissions the group has
* @param int $perm_members Permissions members have
* @param int $perm_anon Permissions anonymous users have
* @param string $is_default 'on' if this is the default topic
* @param string $is_archive 'on' if this is the archive topic
* @return string HTML redirect or error message
*/
function savetopic($tid, $topic, $inherit, $hidden, $parent_id, $imageUrl, $meta_description, $meta_keywords, $sortNum, $limitNews, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_default, $is_archive)
{
global $_CONF, $_TABLES, $_USER, $LANG27, $MESSAGE;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$tid = COM_sanitizeID($tid);
// Check if tid is a restricted name
$restricted_tid = false;
if (!strcasecmp($tid, TOPIC_ALL_OPTION) || !strcasecmp($tid, TOPIC_NONE_OPTION) || !strcasecmp($tid, TOPIC_HOMEONLY_OPTION) || !strcasecmp($tid, TOPIC_SELECTED_OPTION) || !strcasecmp($tid, TOPIC_ROOT)) {
$restricted_tid = true;
}
// Check if tid is used by another topic
$duplicate_tid = false;
$old_tid = '';
if (isset($_POST['old_tid'])) {
$old_tid = COM_applyFilter($_POST['old_tid']);
if (!empty($old_tid)) {
$old_tid = COM_sanitizeID($old_tid);
// See if new topic id
if (strcasecmp($tid, $old_tid)) {
if (!strcasecmp($tid, DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'"))) {
$duplicate_tid = true;
}
}
} else {
if (!strcasecmp($tid, DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'"))) {
$duplicate_tid = true;
}
}
}
// Make sure parent id exists
$parent_id_found = false;
if ($parent_id == DB_getItem($_TABLES['topics'], 'tid', "tid = '{$parent_id}'") || $parent_id == TOPIC_ROOT) {
$parent_id_found = true;
}
// Check if parent archive topic, if so bail
$archive_parent = false;
$archive_tid = DB_getItem($_TABLES['topics'], 'tid', 'archive_flag = 1');
if ($parent_id == $archive_tid) {
$archive_parent = true;
}
// If archive topic, make sure no child topics else bail
$archive_child = false;
$is_archive = $is_archive == 'on' ? 1 : 0;
if ($is_archive) {
if ($tid == DB_getItem($_TABLES['topics'], 'parent_id', "parent_id = '{$tid}'")) {
$archive_child = true;
}
}
if (DB_count($_TABLES['topics'], 'tid', $tid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
} else {
// Now check access to parent topic
if ($parent_id != TOPIC_ROOT) {
if (DB_count($_TABLES['topics'], 'tid', $parent_id) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$parent_id}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
}
$in_Group = SEC_inGroup($A['group_id']);
} else {
$access = 3;
$in_Group = true;
}
if ($access < 3 || !$in_Group) {
$retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally assign topic {$tid} to {$parent_id}.");
} elseif (!empty($tid) && !empty($topic) && !$restricted_tid && !$duplicate_tid && !$archive_parent && !$archive_child && $parent_id_found) {
if ($imageUrl === '/images/topics/') {
$imageUrl = '';
}
$topic = GLText::remove4byteUtf8Chars(strip_tags($topic));
$topic = DB_escapeString($topic);
$meta_description = GLText::remove4byteUtf8Chars(strip_tags($meta_description));
$meta_description = DB_escapeString($meta_description);
$meta_keywords = GLText::remove4byteUtf8Chars(strip_tags($meta_keywords));
$meta_keywords = DB_escapeString($meta_keywords);
if ($is_default == 'on') {
$is_default = 1;
DB_query("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1");
} else {
$is_default = 0;
}
if ($is_archive) {
// $tid is the archive topic
// - if it wasn't already, mark all its stories "archived" now
if ($archive_tid != $tid) {
$sql = "UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n SET s.featured = 0, s.frontpage = 0, s.statuscode = " . STORY_ARCHIVE_ON_EXPIRE . "\n WHERE ta.type = 'article' AND ta.tid = '{$tid}' AND ta.id = s.sid";
DB_query($sql);
$sql = "UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1";
DB_query($sql);
}
// Set hidden and inherit to false since archive topic now
$inherit = '';
$hidden = '';
} else {
// $tid is not the archive topic
// - if it was until now, reset the "archived" status of its stories
if ($archive_tid == $tid) {
$sql = "UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n SET s.statuscode = 0\n WHERE ta.type = 'article' AND ta.tid = '{$tid}' AND ta.id = s.sid";
DB_query($sql);
$sql = "UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1";
DB_query($sql);
}
}
$inherit = $inherit == 'on' ? 1 : 0;
$hidden = $hidden == 'on' ? 1 : 0;
// Cannot hide root topics so switch if needed
if ($parent_id == TOPIC_ROOT && $hidden == 1) {
$hidden = 0;
}
// If not a new topic and id change then...
if (!empty($old_tid)) {
if ($tid != $old_tid) {
changetopicid($tid, $old_tid);
$old_tid = DB_escapeString($old_tid);
DB_delete($_TABLES['topics'], 'tid', $old_tid);
}
}
DB_save($_TABLES['topics'], 'tid, topic, inherit, hidden, parent_id, imageurl, meta_description, meta_keywords, sortnum, limitnews, is_default, archive_flag, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon', "'{$tid}', '{$topic}', {$inherit}, {$hidden}, '{$parent_id}', '{$imageUrl}', '{$meta_description}', '{$meta_keywords}','{$sortNum}','{$limitNews}',{$is_default},'{$is_archive}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
if ($old_tid != $tid) {
PLG_itemSaved($tid, 'topic', $old_tid);
} else {
PLG_itemSaved($tid, 'topic');
}
// Reorder Topics, Delete topic cache and reload topic tree
reorderTopics();
// update feed(s)
COM_rdfUpToDateCheck('article', $tid);
COM_redirect($_CONF['site_admin_url'] . '/topic.php?msg=13');
} elseif ($restricted_tid) {
$retval .= COM_errorLog($LANG27[31], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} elseif ($duplicate_tid) {
$retval .= COM_errorLog($LANG27[49], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} elseif ($archive_parent) {
$retval .= COM_errorLog($LANG27[46], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} elseif ($archive_child) {
$retval .= COM_errorLog($LANG27[47], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} elseif (!$parent_id_found) {
$retval .= COM_errorLog($LANG27[48], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} else {
$retval .= COM_errorLog($LANG27[7], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
}
}
return $retval;
}
//Reload the session.
session_id($_COOKIE['sessionID']);
session_start();
} else {
//Create new session and set the cookie for sessionID
session_start();
setcookie("sessionID", session_id(), time() + 31436000);
//one year
echo "<script>window.location='products.php';</script>";
}
} else {
session_start();
}
require_once '../lib-common.php';
require_once 'user_shipping_functions.php';
if (!SEC_inGroup('Logged-in Users')) {
echo "You must be logged in, inorder to see this page.";
exit;
}
echo COM_siteHeader();
if (isset($_POST['update_shipping_address'])) {
$error = update_address(COM_applyFilter($_GET['id']));
} else {
if (isset($_POST['add_shipping_address'])) {
$error = add_shipping_address($_USER['uid']);
} else {
if (isset($_POST['delete_shipping_address'])) {
$error = delete_shipping_address(COM_applyFilter($_GET['id']), "index.php?op=shipping_address");
} else {
if (isset($_GET['delete_id'])) {
$error = delete_shipping_address(COM_applyFilter($_GET['delete_id']), "index.php?op=shipping_address");
/**
* This function checks html tags.
*
* Checks to see that the HTML tags are on the approved list and
* removes them if not.
*
* @param string $str HTML to check
* @param string $permissions comma-separated list of rights which identify the current user as an "Admin"
* @return string Filtered HTML
* @access public
*
*/
public static function checkHTML($str, $permissions = 'story.edit')
{
global $_CONF, $_USER;
// $str = COM_stripslashes($str); // it should not be here
// Get rid of any newline characters
$str = str_replace("\n", '', $str);
$str = self::_handleSpecialTag_callback($str, array('[code]', '[/code]', '<pre><code>', '</code></pre>'), '_escapeSPChars');
$str = self::_handleSpecialTag_callback($str, array('[raw]', '[/raw]', '[raw2]', '[/raw2]'), '_escapeSPChars');
// To begin with, why handle '$' and '\' as the special character?
//
// // replace any \ with \ (HTML equiv)
// $str = str_replace('\\', '\', $str);
//
// // Replace any $ with $ (HTML equiv)
// $str = str_replace( '$', '$', $str);
if (!SEC_hasRights('htmlfilter.skip') && ($_CONF['skip_html_filter_for_root'] != 1 || !SEC_inGroup('Root'))) {
$str = self::_htmLawed($str, $permissions);
}
// Replace [raw][/raw] with <!--raw--><!--/raw-->, note done "late" because
// of the above noted // strip_tags() gets confused by HTML comments ...
$str = str_replace('[raw2]', '<!--raw--><span class="raw">', $str);
$str = str_replace('[/raw2]', '</span><!--/raw-->', $str);
return $str;
}
*
* @author Lee Garner <*****@*****.**>
* @copyright Copyright (c) 2012-2014 Lee Garner <*****@*****.**>
* @package lglib
* @version 0.0.5
* @license http://opensource.org/licenses/gpl-2.0.php
* GNU Public License v2 or later
* @filesource
*/
require_once '../../../lib-common.php';
require_once '../../auth.inc.php';
$display = '';
$pi_title = $_LGLIB_CONF['pi_display_name'] . ' ' . $LANG32[36] . ' ' . $_LGLIB_CONF['pi_version'];
LGLIB_setGlobal('pi_title', $pi_title);
// If user isn't a root user or if the backup feature is disabled, bail.
if (!SEC_inGroup('Root') || GVERSION > '1.6.0') {
COM_accessLog("User {$_USER['username']} tried to illegally access the lglib admin page.");
COM_404();
exit;
}
/**
* Sort backup files with newest first, oldest last.
* For use with usort() function.
* This is needed because the sort order of the backup files, coming from the
* ' readdir' function, might not be that way.
*
* @param string $pFileA First file to compare
* @param string $pFileB Second filename to compare
* @return integer 1 if A newer than B, -1 if B newer than A, 0 if equal
*/
function DBADMIN_compareBackupFiles($pFileA, $pFileB)
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +---------------------------------------------------------------------------+
//
require_once '../lib-common.php';
$project_id = COM_applyFilter($_POST['projectid'], true);
$taskuser = COM_applyFilter($_REQUEST['taskuser'], true);
if ($taskuser > 0 and SEC_inGroup('nexflow Admin')) {
$usermodeUID = $taskuser;
} else {
$usermodeUID = $_USER['uid'];
}
if (DB_count($_TABLES['nf_projects'], 'id', $project_id) == 1) {
if ($CONF_NF['debug']) {
COM_errorLog("Reclaim Project:{$project_id}");
}
$status = DB_getItem($_TABLES['nf_projects'], 'status', "id='{$project_id}'");
$prev_status = DB_getItem($_TABLES['nf_projects'], 'prev_status', "id='{$project_id}'");
if ($prev_status < 1 or $status == $prev_status) {
$prev_status = 1;
}
if ($status == 6) {
// Currently in Recycled State
function _checkHasAccess()
{
global $_USER, $LANG_DLM;
// only users who belong to the Root group can full access
if (!SEC_inGroup('Root')) {
// deny access
COM_accessLog("User {$_USER['username']} tried illegally to edit category {$this->_cid}.");
$display = COM_showMessage(6, 'downloads');
$display = DLM_createHTMLDocument($display, array('pagetitle' => $LANG_DLM['manager']));
COM_output($display);
exit;
}
}