$_CONF['path_layout'] = $_CONF['path_themes'] . $_USER['theme'] . '/'; $_CONF['layout_url'] = $_CONF['site_url'] . '/layout/' . $_USER['theme']; if ($_CONF['allow_user_themes'] == 1) { if (isset($_COOKIE[$_CONF['cookie_theme']])) { $theme = COM_sanitizeFilename($_COOKIE[$_CONF['cookie_theme']], true); if (is_dir($_CONF['path_themes'] . $theme)) { $_USER['theme'] = $theme; $_CONF['path_layout'] = $_CONF['path_themes'] . $theme . '/'; $_CONF['layout_url'] = $_CONF['site_url'] . '/layout/' . $theme; } } } } COM_resetSpeedlimit('login'); // we are now fully logged in, let's see if there is someplace we need to go.... if (SESS_isSet('login_referer')) { $_SERVER['HTTP_REFERER'] = SESS_getVar('login_referer'); SESS_unSet('login_referer'); } if (!empty($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], '/users.php') === false && substr($_SERVER['HTTP_REFERER'], 0, strlen($_CONF['site_url'])) == $_CONF['site_url']) { $indexMsg = $_CONF['site_url'] . '/index.php?msg='; if (substr($_SERVER['HTTP_REFERER'], 0, strlen($indexMsg)) == $indexMsg) { echo COM_refresh($_CONF['site_url'] . '/index.php'); } else { // If user is trying to login - force redirect to index.php if (strstr($_SERVER['HTTP_REFERER'], 'mode=login') === false) { // if article - we need to ensure we have the story if (substr($_SERVER['HTTP_REFERER'], 0, strlen($_CONF['site_url'])) == $_CONF['site_url']) { echo COM_refresh(COM_sanitizeUrl($_SERVER['HTTP_REFERER'])); } else { echo COM_refresh($_CONF['site_url'] . '/index.php');
/** * Plugin function that is called after comment form is submitted. * Needs to at least save the comment and check return value. * Add any additional logic your plugin may need to perform on comments. * * $title comment title * $comment comment text * $id Item id to which $cid belongs * $pid comment parent * $postmode 'html' or 'text' * */ function _mg_savecomment($title, $comment, $id, $pid, $postmode) { global $_CONF, $_MG_CONF, $_TABLES, $LANG03; $retval = ''; $title = strip_tags($title); $pid = COM_applyFilter($pid, true); $postmode = COM_applyFilter($postmode); $ret = CMT_saveComment($title, $comment, $id, $pid, 'mediagallery', $postmode); if ($ret > 0) { $retval = ''; if (SESS_isSet('glfusion.commentpresave.error')) { $retval = COM_showMessageText(SESS_getVar('glfusion.commentpresave.error'), '', true); SESS_unSet('glfusion.commentpresave.error'); } $retval .= CMT_commentform($title, $comment, $id, $pid, 'mediagallery', $LANG03[14], $postmode); return $retval; } else { $comments = DB_count($_TABLES['comments'], array('sid', 'type'), array(DB_escapeString($id), 'mediagallery')); DB_change($_TABLES['mg_media'], 'media_comments', $comments, 'media_id', DB_escapeString($id)); return COM_refresh($_MG_CONF['site_url'] . "/media.php?s={$id}#comments"); } }
} elseif (isset($_GET[$provided])) { $action = $provided; } } $uid = 0; if (isset($_POST['uid'])) { $uid = COM_applyFilter($_POST['uid'], true); } elseif (isset($_GET['uid'])) { $uid = COM_applyFilter($_GET['uid'], true); } $grp_id = 0; if (isset($_POST['grp_id'])) { $grp_id = COM_applyFilter($_POST['grp_id'], true); } elseif (isset($_GET['grp_id'])) { $grp_id = COM_applyFilter($_GET['grp_id'], true); } elseif (SESS_isSet('grp_id')) { $grp_id = SESS_getVar('grp_id'); } SESS_setVar('grp_id', $grp_id); $msg = COM_getMessage(); switch ($action) { case 'edit': $display .= COM_siteHeader('menu', $LANG28[1]); if ($uid == 1) { $display .= COM_siteHeader('menu', $LANG28[11]); $display .= COM_showMessageFromParameter(); $display .= USER_list(); $display .= COM_siteFooter(); } else { $display .= USER_edit($uid, $msg); $display .= COM_siteFooter();
/** * Returns the groups a user belongs to * * This is part of the GL security implementation. This function returns * all the groups a user belongs to. This function is called recursively * as groups can belong to other groups * * Note: this is an expensive function -- if you are concerned about speed it should only * be used once at the beginning of a page. The resulting array $_GROUPS can then be * used through out the page. * * @param int $uid User ID to get information for. If empty current user. * @return array Associative Array grp_name -> ug_main_grp_id of group ID's user belongs to * */ function SEC_getUserGroups($uid = '') { global $_TABLES, $_USER, $_SEC_VERBOSE; static $runonce = array(); if ($_SEC_VERBOSE) { COM_errorLog("****************in getusergroups(uid={$uid},usergroups={$usergroups},cur_grp_id={$cur_grp_id})***************", 1); } $cache = false; $groups = array(); if (empty($uid)) { if (COM_isAnonUser()) { $uid = 1; } else { $uid = $_USER['uid']; $cache = true; } } else { $uid = (int) $uid; } if ($uid == 1) { $cache = true; } if (array_key_exists($uid, $runonce)) { return $runonce[$uid]; } if ($cache && SESS_isSet('glfusion.user_groups.' . $uid)) { return unserialize(SESS_getVar('glfusion.user_groups.' . $uid)); } $result = DB_query("SELECT ug_main_grp_id,grp_name FROM {$_TABLES['group_assignments']},{$_TABLES['groups']}" . " WHERE grp_id = ug_main_grp_id AND ug_uid = " . (int) $uid, 1); if ($result == FALSE) { $runonce[$uid] = $groups; return $groups; } $nrows = DB_numRows($result); if ($_SEC_VERBOSE) { COM_errorLog("got {$nrows} rows", 1); } while ($nrows > 0) { $cgroups = array(); for ($i = 1; $i <= $nrows; $i++) { $A = DB_fetchArray($result); if ($_SEC_VERBOSE) { COM_errorLog('user is in group ' . $A['grp_name'], 1); } if (!in_array($A['ug_main_grp_id'], $groups)) { array_push($cgroups, $A['ug_main_grp_id']); $groups[ucfirst($A['grp_name'])] = $A['ug_main_grp_id']; } } if (sizeof($cgroups) > 0) { $glist = join(',', $cgroups); $result = DB_query("SELECT ug_main_grp_id,grp_name FROM {$_TABLES["group_assignments"]},{$_TABLES["groups"]}" . " WHERE grp_id = ug_main_grp_id AND ug_grp_id IN ({$glist})", 1); $nrows = DB_numRows($result); } else { $nrows = 0; } } if (count($groups) == 0) { $groups = array('All Users' => 2); } ksort($groups); if ($_SEC_VERBOSE) { COM_errorLog("****************leaving getusergroups(uid={$uid})***************", 1); } $runonce[$uid] = $groups; if ($cache) { SESS_setVar('glfusion.user_groups.' . $uid, serialize($groups)); } return $groups; }
/** * article: saves a comment * * @param string $title comment title * @param string $comment comment text * @param string $id Item id to which $cid belongs * @param int $pid comment parent * @param string $postmode 'html' or 'text' * @return mixed false for failure, HTML string (redirect?) for success */ function plugin_savecomment_article($title, $comment, $id, $pid, $postmode) { global $_CONF, $_TABLES, $LANG03, $_USER; $retval = ''; $commentcode = DB_getItem($_TABLES['stories'], 'commentcode', "(sid = '" . DB_escapeString($id) . "') AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND')); if (!isset($commentcode) || $commentcode != 0) { return COM_refresh($_CONF['site_url'] . '/index.php'); } $ret = CMT_saveComment($title, $comment, $id, $pid, 'article', $postmode); if ($ret > 0) { // failure $msg = ''; if (SESS_isSet('glfusion.commentpresave.error')) { $msg = COM_showMessageText(SESS_getVar('glfusion.commentpresave.error'), '', 1, 'error'); SESS_unSet('glfusion.commentpresave.error'); } else { if (empty($title) || empty($comment)) { $msg = COM_showMessageText($LANG03[12], '', 1, 'error'); } } $retval .= $msg . CMT_commentForm($title, $comment, $id, $pid, 'article', $LANG03[14], $postmode); } else { // success $comments = DB_count($_TABLES['comments'], array('type', 'sid'), array('article', $id)); DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $id); COM_olderStuff(); // update comment count in Older Stories block $retval = COM_refresh(COM_buildUrl($_CONF['site_url'] . "/article.php?story={$id}#comments")); } return $retval; }
exit; } require_once $_CONF['path'] . 'plugins/mediagallery/include/init.php'; MG_initAlbums(); /* * Main Function */ $album_id = 0; if (isset($_GET['aid'])) { $album_id = (int) COM_applyFilter($_GET['aid'], true); } $page = 0; if (isset($_GET['page'])) { $page = (int) COM_applyFilter($_GET['page'], true); } else { if (SESS_isSet('mediagallery.album.page')) { $page = SESS_getVar('mediagallery.album.page'); } } $sortOrder = 0; if (isset($_GET['sort'])) { $sortOrder = (int) COM_applyFilter($_GET['sort'], true); } $media_id = 0; if (isset($_GET['s'])) { $media_id = COM_applyFilter($_GET['s'], true); } if ($page != 0) { $page = $page - 1; } else { if ($media_id != 0) {
/** * Returns message number if set * * @return int $msg message number to display or 0 */ function COM_getMessage() { $msg = 0; if (isset($_POST['msg'])) { $msg = COM_applyFilter($_POST['msg'], true); } elseif (isset($_GET['msg'])) { $msg = COM_applyFilter($_GET['msg'], true); } elseif (SESS_isSet('glfusion.infomessage')) { $msg = COM_applyFilter(SESS_getVar('glfusion.infomessage'), true); SESS_unSet('glfusion.infomessage'); } return $msg; }
function STORY_list() { global $_CONF, $_TABLES, $_IMAGE_TYPE, $LANG09, $LANG_ADMIN, $LANG_ACCESS, $LANG24; USES_lib_admin(); $retval = ''; $form = new Template($_CONF['path_layout'] . 'admin/story/'); $form->set_file('form', 'story_admin.thtml'); if (!empty($_GET['tid'])) { $current_topic = COM_applyFilter($_GET['tid']); } elseif (!empty($_POST['tid'])) { $current_topic = COM_applyFilter($_POST['tid']); } elseif (!empty($_GET['ptid'])) { $current_topic = COM_applyFilter($_GET['ptid']); } else { if (SESS_isSet('story_admin_topic')) { $current_topic = SESS_getVar('story_admin_topic'); } else { $current_topic = $LANG09[9]; } } SESS_setVar('story_admin_topic', $current_topic); if ($current_topic == $LANG09[9]) { $excludetopics = ''; $seltopics = ''; $topicsql = "SELECT tid,topic FROM {$_TABLES['topics']}" . COM_getPermSQL(); $tresult = DB_query($topicsql); $trows = DB_numRows($tresult); if ($trows > 0) { $excludetopics .= ' ('; for ($i = 1; $i <= $trows; $i++) { $T = DB_fetchArray($tresult); if ($i > 1) { $excludetopics .= ' OR '; } $excludetopics .= "tid = '{$T['tid']}'"; $seltopics .= '<option value="' . $T['tid'] . '"'; if ($current_topic == "{$T['tid']}") { $seltopics .= ' selected="selected"'; } $seltopics .= '>' . $T['topic'] . ' (' . $T['tid'] . ')' . '</option>' . LB; } $excludetopics .= ') '; } } else { $excludetopics = " tid = '{$current_topic}' "; $seltopics = COM_topicList('tid,topic', $current_topic, 1, true); } $alltopics = '<option value="' . $LANG09[9] . '"'; if ($current_topic == $LANG09[9]) { $alltopics .= ' selected="selected"'; } $alltopics .= '>' . $LANG09[9] . '</option>' . LB; $filter = $LANG_ADMIN['topic'] . ': <select name="tid" style="width: 125px" onchange="this.form.submit()">' . $alltopics . $seltopics . '</select>'; $header_arr = array(); $header_arr[] = array('text' => $LANG_ADMIN['edit'], 'field' => 'edit', 'sort' => false, 'align' => 'center', 'width' => '35px'); $header_arr[] = array('text' => $LANG_ADMIN['copy'], 'field' => 'copy', 'sort' => false, 'align' => 'center', 'width' => '35px'); $header_arr[] = array('text' => $LANG_ADMIN['title'], 'field' => 'title', 'sort' => true); $header_arr[] = array('text' => $LANG_ADMIN['topic'], 'field' => 'tid', 'sort' => true); $header_arr[] = array('text' => $LANG_ACCESS['access'], 'field' => 'access', 'sort' => false, 'align' => 'center'); $header_arr[] = array('text' => $LANG24[34], 'field' => 'draft_flag', 'sort' => true, 'align' => 'center'); $header_arr[] = array('text' => $LANG24[32], 'field' => 'featured', 'sort' => true, 'align' => 'center'); $header_arr[] = array('text' => $LANG24[7], 'field' => 'username', 'sort' => true); //author $header_arr[] = array('text' => $LANG24[15], 'field' => 'unixdate', 'sort' => true, 'align' => 'center'); //date if (SEC_hasRights('story.ping') && ($_CONF['trackback_enabled'] || $_CONF['pingback_enabled'] || $_CONF['ping_enabled'])) { $header_arr[] = array('text' => $LANG24[20], 'field' => 'ping', 'sort' => false, 'align' => 'center'); } $header_arr[] = array('text' => $LANG_ADMIN['delete'], 'field' => 'delete', 'sort' => false, 'align' => 'center'); $defsort_arr = array('field' => 'unixdate', 'direction' => 'desc'); $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/story.php?edit=x', 'text' => $LANG_ADMIN['create_new']), array('url' => $_CONF['site_admin_url'] . '/moderation.php', 'text' => $LANG_ADMIN['submissions'])); if (SEC_inGroup('Root')) { $menu_arr[] = array('url' => $_CONF['site_admin_url'] . '/story.php?global=x', 'text' => 'Global Settings'); } $menu_arr[] = array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']); $form->set_var('block_start', COM_startBlock($LANG24[22], '', COM_getBlockTemplate('_admin_block', 'header'))); $form->set_var('admin_menu', ADMIN_createMenu($menu_arr, $LANG24[23], $_CONF['layout_url'] . '/images/icons/story.' . $_IMAGE_TYPE)); $text_arr = array('has_extras' => true, 'form_url' => $_CONF['site_admin_url'] . '/story.php'); $sql = "SELECT {$_TABLES['stories']}.*, {$_TABLES['users']}.username, {$_TABLES['users']}.fullname, " . "UNIX_TIMESTAMP(date) AS unixdate FROM {$_TABLES['stories']} " . "LEFT JOIN {$_TABLES['users']} ON {$_TABLES['stories']}.uid={$_TABLES['users']}.uid " . "WHERE 1=1 "; if (!empty($excludetopics)) { $excludetopics = 'AND ' . $excludetopics; } $query_arr = array('table' => 'stories', 'sql' => $sql, 'query_fields' => array('title', 'introtext', 'bodytext', 'sid', 'tid'), 'default_filter' => $excludetopics . COM_getPermSQL('AND')); $token = SEC_createToken(); $form_arr = array('bottom' => '<input type="hidden" name="' . CSRF_TOKEN . '" value="' . $token . '"/>'); $form->set_var('admin_list', ADMIN_list('story', 'STORY_getListField', $header_arr, $text_arr, $query_arr, $defsort_arr, $filter, $token, '', $form_arr)); $form->set_var('block_end', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'))); $retval = $form->parse('output', 'form'); return $retval; }
/** * Creates a list of data with a search, filter, clickable headers etc. * * @param string $component name of the list * @param string $fieldfunction name of the function that handles special entries * @param array $header_arr array of header fields with sortables and table fields * @param array $text_arr array with different text strings * @param array $query_arr array with sql-options * @param array $defsort_arr default sorting values * @param string $filter additional drop-down filters * @param string $extra additional values passed to fieldfunction * @param array $options_arr array of options - used for check-all feature * @param array $form_arr optional extra forms at top or bottom * @return string HTML output of function * */ function ADMIN_list($component, $fieldfunction, $header_arr, $text_arr, $query_arr, $defsort_arr, $filter = '', $extra = '', $options_arr = '', $form_arr = '') { global $_CONF, $_TABLES, $LANG_ADMIN, $LANG_ACCESS, $LANG01, $_IMAGE_TYPE, $MESSAGE; // retrieve the query if (isset($_GET['q'])) { $query = strip_tags($_GET['q']); } else { if (isset($_POST['q'])) { $query = strip_tags($_POST['q']); } else { if (SESS_isSet($component . '_q')) { $query = strip_tags(SESS_getVar($component . '_q')); } else { $query = ''; } } } // retrieve the query_limit if (isset($_GET['query_limit'])) { $query_limit = COM_applyFilter($_GET['query_limit'], true); } else { if (isset($_POST['query_limit'])) { $query_limit = COM_applyFilter($_POST['query_limit'], true); } else { if (SESS_isSet($component . '_query_limit')) { $query_limit = COM_applyFilter(SESS_getVar($component . '_query_limit'), true); } else { $query_limit = 50; } } } // get the current page from the interface. The variable is linked to the // component, i.e. the plugin/function calling this here to avoid overlap // the default page number is 1 if (isset($_GET[$component . 'listpage'])) { $page = COM_applyFilter($_GET[$component . 'listpage'], true); $curpage = $page; } else { if (isset($_POST[$component . 'listpage'])) { $page = COM_applyFilter($_POST[$component . 'listpage'], true); $curpage = $page; } else { if (SESS_isSet($component . 'listpage')) { $page = COM_applyFilter(SESS_getVar($component . 'listpage'), true); $curpage = $page; } else { $page = ''; $curpage = 1; } } } $curpage = $curpage <= 0 ? 1 : $curpage; // curpagee has to be > 0 // process text_arr for title, help url and form url $title = (is_array($text_arr) and !empty($text_arr['title'])) ? $text_arr['title'] : ''; $help_url = (is_array($text_arr) and !empty($text_arr['help_url'])) ? $text_arr['help_url'] : ''; $form_url = (is_array($text_arr) and !empty($text_arr['form_url'])) ? $text_arr['form_url'] : ''; // determine what extra options we should use (search, limit, paging) if (isset($text_arr['has_extras']) && $text_arr['has_extras']) { # old option, denotes all $has_search = true; $has_limit = true; $has_paging = true; } else { $has_search = isset($text_arr['has_search']) && $text_arr['has_search'] ? true : false; $has_limit = isset($text_arr['has_limit']) && $text_arr['has_limit'] ? true : false; $has_paging = isset($text_arr['has_paging']) && $text_arr['has_paging'] ? true : false; } // process options_arr for chkdelete/chkselect options if any $chkselect = (is_array($options_arr) and (isset($options_arr['chkselect']) and $options_arr['chkselect'] or isset($options_arr['chkdelete']) and $options_arr['chkdelete'])) ? true : false; $chkall = (is_array($options_arr) and isset($options_arr['chkall'])) ? $options_arr['chkall'] : true; $chkname = (is_array($options_arr) and isset($options_arr['chkname'])) ? $options_arr['chkname'] : 'delitem'; $chkfield = (is_array($options_arr) and isset($options_arr['chkfield'])) ? $options_arr['chkfield'] : ''; $chkactions = (is_array($options_arr) and isset($options_arr['chkactions'])) ? $options_arr['chkactions'] : ''; $chkfunction = (is_array($options_arr) and isset($options_arr['chkfunction'])) ? $options_arr['chkfunction'] : 'ADMIN_chkDefault'; $chkminimum = (is_array($options_arr) and isset($options_arr['chkminimum'])) ? $options_arr['chkminimum'] : 1; # get all template fields. $admin_templates = new Template($_CONF['path_layout'] . 'admin/lists'); $admin_templates->set_file(array('search' => 'searchmenu.thtml', 'list' => 'list.thtml', 'header' => 'header.thtml', 'row' => 'listitem.thtml', 'field' => 'field.thtml', 'arow' => 'actionrow.thtml')); # insert std. values into the template $admin_templates->set_var('form_url', $form_url); $admin_templates->set_var('lang_edit', $LANG_ADMIN['edit']); $admin_templates->set_var('lang_delconfirm', $LANG01[125]); if (isset($form_arr['top'])) { $admin_templates->set_var('formfields_top', $form_arr['top']); } if (isset($form_arr['bottom'])) { $admin_templates->set_var('formfields_bottom', $form_arr['bottom']); } // Check if the delete checkbox and support for the delete all feature should be displayed if ($chkselect) { if ($chkall) { $admin_templates->set_var('header_text', '<input type="checkbox" name="chk_selectall" title="' . $LANG01[126] . '" onclick="caItems(this.form,\'' . $chkname . '\');"/>'); } else { $admin_templates->set_var('header_text', '<input type="checkbox" name="disabled" value="x" style="visibility:hidden" disabled="disabled" />'); } $admin_templates->set_var('class', 'admin-list-field'); $admin_templates->set_var('header_column_style', 'style="text-align:center;width:25px;"'); // always center checkbox $admin_templates->parse('header_row', 'header', true); } $icon_arr = ADMIN_getIcons(); if ($has_search) { // show search $admin_templates->set_var('lang_search', $LANG_ADMIN['search']); $admin_templates->set_var('lang_submit', $LANG_ADMIN['submit']); $admin_templates->set_var('last_query', htmlspecialchars($query)); $admin_templates->set_var('filter', $filter); } $sql = $query_arr['sql']; // get sql from array that builds data if (isset($_GET['orderby']) || SESS_isSet($component . '_orderby')) { if (isset($_GET['orderby'])) { $orderbyidx = COM_applyFilter($_GET['orderby'], true); } else { $orderbyidx = COM_applyFilter(SESS_getVar($component . '_orderby'), true); } if (isset($header_arr[$orderbyidx]['field']) && $header_arr[$orderbyidx]['sort'] != false) { $orderidx_link = "&orderby={$orderbyidx}"; // preserve the value for paging $orderby = $header_arr[$orderbyidx]['field']; // get the field name to sort by } else { $orderby = $defsort_arr['field']; // not set - use default (this could be null) $orderidx_link = ''; $orderbyidx = ''; } } else { $orderby = $defsort_arr['field']; // not set - use default (this could be null) $orderidx_link = ''; $orderbyidx = ''; } // set sort direction. defaults to ASC if (isset($_GET['direction'])) { $direction = COM_applyFilter($_GET['direction']); } else { if (SESS_isSet($component . '_direction')) { $direction = SESS_getVar($component . '_direction'); } else { $direction = $defsort_arr['direction']; } } $direction = strtoupper($direction) == 'DESC' ? 'DESC' : 'ASC'; // retrieve previous sort order field if (isset($_GET['prevorder'])) { $prevorder = COM_applyFilter($_GET['prevorder']); } else { $prevorder = ''; } // reverse direction if previous order field was the same (this is a toggle) if ($orderby == $prevorder) { // reverse direction if prev. order was the same $direction = $direction == 'DESC' ? 'ASC' : 'DESC'; } SESS_setVar($component . 'listpage', $page); SESS_setVar($component . '_q', $query); SESS_setVar($component . '_query_limit', $query_limit); SESS_setVar($component . '_direction', $direction); SESS_setVar($component . '_orderby', $orderbyidx); // ok now let's build the order sql $orderbysql = !empty($orderby) ? "ORDER BY {$orderby} {$direction}" : ''; // assign proper arrow img based upon order $arrow_img = $direction == 'ASC' ? 'ascending' : 'descending'; $img_arrow_url = "{$_CONF['layout_url']}/images/admin/{$arrow_img}.{$_IMAGE_TYPE}"; $attr['style'] = "vertical-align:text-top;"; $img_arrow = ' ' . COM_createImage($img_arrow_url, $arrow_img, $attr); # HEADER FIELDS array(text, field, sort, align, class) ===================== // number of columns in each row $ncols = count($header_arr); for ($i = 0; $i < $ncols; $i++) { $header_text = isset($header_arr[$i]['text']) && !empty($header_arr[$i]['text']) ? $header_arr[$i]['text'] : ''; // check to see if field is sortable if (isset($header_arr[$i]['sort']) && $header_arr[$i]['sort'] != false) { // add the sort indicator $header_text .= $orderby == $header_arr[$i]['field'] ? $img_arrow : ''; // change the mouse to a pointer $th_subtags = " onmouseover=\"this.style.cursor='pointer';\""; // create an index so we know what to sort $separator = strpos($form_url, '?') > 0 ? '&' : '?'; // ok now setup the parameters to preserve: // sort field and direction $th_subtags .= " onclick=\"window.location.href='{$form_url}{$separator}" . "orderby={$i}&prevorder={$orderby}&direction={$direction}"; // page number $th_subtags .= !empty($page) ? '&' . $component . 'listpage=' . $page : ''; // query $th_subtags .= !empty($query) ? '&q=' . urlencode($query) : ''; // query limit $th_subtags .= !empty($query_limit) ? '&query_limit=' . $query_limit : ''; $th_subtags .= "';\""; } else { $th_subtags = ''; } // apply field styling if specified if (!empty($header_arr[$i]['header_class'])) { $admin_templates->set_var('class', $header_arr[$i]['header_class']); } else { $admin_templates->set_var('class', 'admin-list-headerfield'); } // apply field alignment options if specified $header_column_style = ''; if (!empty($header_arr[$i]['align'])) { if ($header_arr[$i]['align'] == 'center') { $header_column_style = 'text-align:center;'; } elseif ($header_arr[$i]['align'] == 'right') { $header_column_style = 'text-align:right;'; } } // apply field wrap option if specified $header_column_style .= isset($header_arr[$i]['nowrap']) ? ' white-space:nowrap;' : ''; // apply field width option if specified $header_column_style .= isset($header_arr[$i]['width']) ? ' width:' . $header_arr[$i]['width'] . ';' : ''; // apply field style option if specified if (!empty($header_column_style)) { $admin_templates->set_var('header_column_style', 'style="' . $header_column_style . '"'); } else { $admin_templates->clear_var('header_column_style'); } // output the header field $admin_templates->set_var('header_text', $header_text); $admin_templates->set_var('th_subtags', $th_subtags); $admin_templates->parse('header_row', 'header', true); // clear all for next header $admin_templates->clear_var('th_subtags'); $admin_templates->clear_var('class'); $admin_templates->clear_var('header_text'); } if ($has_limit) { $admin_templates->set_var('lang_limit_results', $LANG_ADMIN['limit_results']); $limit = !empty($query_limit) ? $query_limit : 50; // query limit (default=50) if ($query != '') { # set query into form after search $admin_templates->set_var('query', urlencode($query)); } else { $admin_templates->set_var('query', ''); } $admin_templates->set_var('query_limit', $query_limit); # choose proper dropdown field for query limit $admin_templates->set_var($limit . '_selected', 'selected="selected"'); // set the default sql filter (if any) $filtersql = isset($query_arr['default_filter']) && !empty($query_arr['default_filter']) ? " {$query_arr['default_filter']}" : ''; // now add the query fields if (!empty($query)) { # add query fields with search term $filtersql .= " AND ("; for ($f = 0; $f < count($query_arr['query_fields']); $f++) { $filtersql .= $query_arr['query_fields'][$f] . " LIKE '%" . DB_escapeString($query) . "%'"; if ($f < count($query_arr['query_fields']) - 1) { $filtersql .= " OR "; } } $filtersql .= ")"; } $num_pagessql = $sql . $filtersql; $num_pagesresult = DB_query($num_pagessql); $num_rows = DB_numRows($num_pagesresult); $num_pages = ceil($num_rows / $limit); $curpage = $num_pages < $curpage ? 1 : $curpage; // don't go beyond possible results $offset = ($curpage - 1) * $limit; $limitsql = "LIMIT {$offset},{$limit}"; // get only current page data $admin_templates->set_var('lang_records_found', $LANG_ADMIN['records_found']); $admin_templates->set_var('records_found', COM_numberFormat($num_rows)); } if ($has_search || $has_limit || $has_paging) { $admin_templates->parse('search_menu', 'search', true); } else { $admin_templates->set_var('search_menu', ''); } # form the sql query to retrieve the data if (!isset($filtersql)) { $filtersql = ''; } if (!isset($orderbysql)) { $orderbysql = ''; } if (!isset($limitsql)) { $limitsql = ''; } $sql .= "{$filtersql} {$orderbysql} {$limitsql};"; $result = DB_query($sql); // number of rows/records to display $nrows = DB_numRows($result); $r = 1; # r is the counter for the actual displayed rows for correct coloring for ($i = 0; $i < $nrows; $i++) { # now go through actual data $A = DB_fetchArray($result); $row_output = false; # as long as no fields are returned, dont print row if ($chkselect) { $admin_templates->set_var('class', 'admin-list-field'); $admin_templates->set_var('column_style', 'style="text-align:center;"'); // always center checkbox if ($chkfunction($A)) { $admin_templates->set_var('itemtext', '<input type="checkbox" name="' . $chkname . '[]" value="' . $A[$chkfield] . '" title="' . $LANG_ADMIN['select'] . '"/>'); } else { $admin_templates->set_var('itemtext', '<input type="checkbox" name="disabled" value="x" style="visibility:hidden" disabled="disabled" />'); } $admin_templates->parse('item_field', 'field', true); } for ($j = 0; $j < $ncols; $j++) { $fieldname = $header_arr[$j]['field']; # get field name from headers $fieldvalue = ''; if (!empty($A[$fieldname])) { # is there a field in data like that? $fieldvalue = $A[$fieldname]; # yes, get its data } if (!empty($fieldfunction) && !empty($extra)) { $fieldvalue = $fieldfunction($fieldname, $fieldvalue, $A, $icon_arr, $extra); } else { if (!empty($fieldfunction)) { # do we have a fieldfunction? $fieldvalue = $fieldfunction($fieldname, $fieldvalue, $A, $icon_arr); } else { # if not just take the value $fieldvalue = $fieldvalue; } } if ($fieldvalue !== false) { # return was there, so write line $row_output = true; } else { $fieldvalue = ''; // dont give empty fields } if (!empty($header_arr[$j]['field_class'])) { $admin_templates->set_var('class', $header_arr[$j]['field_class']); } else { $admin_templates->set_var('class', 'admin-list-field'); } // process field alignment option if specified $column_style = ''; if (!empty($header_arr[$j]['align'])) { if ($header_arr[$j]['align'] == 'center') { $column_style = 'text-align:center;'; } elseif ($header_arr[$j]['align'] == 'right') { $column_style = 'text-align:right;'; } } $column_style .= isset($header_arr[$j]['nowrap']) ? ' white-space:nowrap;' : ''; if (!empty($column_style)) { $admin_templates->set_var('column_style', 'style="' . $column_style . '"'); } else { $admin_templates->clear_var('column_style'); } $admin_templates->set_var('itemtext', $fieldvalue); # write field $admin_templates->parse('item_field', 'field', true); } if ($row_output) { # there was data in at least one field, so print line $r++; # switch to next color $admin_templates->set_var('cssid', $r % 2 + 1); # make alternating table color $admin_templates->parse('item_row', 'row', true); # process the complete row } $admin_templates->clear_var('item_field'); # clear field } if ($nrows == 0) { # there is no data. return notification message. $message = isset($no_data) ? $text_arr['no_data'] : $LANG_ADMIN['no_results']; $admin_templates->set_var('message', $message); } else { // $footer_cols = ($chkselect) ? $ncols + 1 : $ncols; // $admin_templates->set_var('footer_row', '<tr><td colspan="' . $footer_cols . '"><div style="margin:2px 0 2px 0;border-top:1px solid #cccccc"></div></td></tr>'); } // if we displayed data, and chkselect option is available, display the // actions row for all selected items. provide a delete action as a minimum if ($nrows > 0 and $chkselect) { $actions = '<td style="text-align:center;">' . '<img src="' . $_CONF['layout_url'] . '/images/admin/action.' . $_IMAGE_TYPE . '" alt="" /></td>'; $actions .= '<td colspan="' . $ncols . '">' . $LANG_ADMIN['action'] . ' '; if (empty($chkactions)) { $actions .= '<input name="delbutton" type="image" src="' . $_CONF['layout_url'] . '/images/admin/delete.' . $_IMAGE_TYPE . '" style="vertical-align:text-bottom;" title="' . $LANG01[124] . '" onclick="return confirm(\'' . $LANG01[125] . '\');"' . '/> ' . $LANG_ADMIN['delete']; } else { $actions .= $chkactions; } $actions .= '</td>'; $admin_templates->set_var('actions', $actions); $admin_templates->parse('action_row', 'arow', true); } // perform the paging if ($has_paging) { $hasargs = strstr($form_url, '?'); if ($hasargs) { $sep = '&'; } else { $sep = '?'; } if (!empty($query)) { # port query to next page $base_url = $form_url . $sep . 'q=' . urlencode($query) . "&query_limit={$query_limit}{$orderidx_link}&direction={$direction}"; } else { $base_url = $form_url . $sep . "query_limit={$query_limit}{$orderidx_link}&direction={$direction}"; } if ($num_pages > 1) { # print actual google-paging $admin_templates->set_var('google_paging', COM_printPageNavigation($base_url, $curpage, $num_pages, $component . 'listpage=')); } else { $admin_templates->set_var('google_paging', ''); } } // return the html output $admin_templates->parse('output', 'list'); $retval = !empty($title) ? COM_startBlock($title, $help_url, COM_getBlockTemplate('_admin_block', 'header')) : ''; $retval .= $admin_templates->finish($admin_templates->get_var('output')); $retval .= !empty($title) ? COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')) : ''; return $retval; }
function FF_saveTopic($forumData, $postData, $action) { global $_CONF, $_TABLES, $_FF_CONF, $_USER, $LANG03, $LANG_GF01, $LANG_GF02; $retval = ''; $uploadErrors = ''; $msg = ''; $errorMessages = ''; $email = ''; $forumfiles = array(); $okToSave = true; $dt = new Date('now', $_USER['tzid']); $date = $dt->toUnix(); $REMOTE_ADDR = $_SERVER['REMOTE_ADDR']; if (COM_isAnonUser()) { $uid = 1; } else { $uid = $_USER['uid']; } // verify postmode is allowed if (strtolower($postData['postmode']) == 'html') { if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) { $postData['postmode'] = 'html'; } else { $postData['postmode'] = 'text'; } } // is forum readonly? if ($forumData['is_readonly'] == 1) { // Check if this user has moderation rights now to allow a post to a locked topic if (!forum_modPermission($forumData['forum'], $uid, 'mod_edit')) { _ff_accessError(); } } if ($action == 'saveedit') { // does the forum match the forum id of the posted data? if ($forumData['forum'] != 0 && $forumData['forum'] != $postData['forum']) { _ff_accessError(); } $editid = COM_applyFilter($postData['editid'], true); $forum = COM_applyFilter($postData['forum'], true); $editAllowed = false; if (forum_modPermission($forumData['forum'], $_USER['uid'], 'mod_edit')) { $editAllowed = true; } else { if ($_FF_CONF['allowed_editwindow'] > 0) { $t1 = DB_getItem($_TABLES['ff_topic'], 'date', "id=" . (int) $postData['id']); $t2 = $_FF_CONF['allowed_editwindow']; $time = time(); if (time() - $t2 < $t1) { $editAllowed = true; } } else { $editAllowed = true; } } if ($postData['editpid'] < 1 && trim($postData['subject']) == '') { $retval .= FF_BlockMessage('', $LANG_GF02['msg18'], false); $okToSave = false; } elseif (!$editAllowed) { $link = $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . (int) $postData['$id']; $retval .= _ff_alertMessage('', $LANG_GF02['msg189'], sprintf($LANG_GF02['msg187'], $link)); $okToSave = false; } } else { if (!COM_isAnonUser() && $_FF_CONF['use_sfs']) { $email = isset($_USER['email']) ? $_USER['email'] : ''; } } if (isset($postData['name']) && $postData['name'] != '') { $name = _ff_preparefordb(@htmlspecialchars(strip_tags(trim(COM_checkWords(USER_sanitizeName($postData['name'])))), ENT_QUOTES, COM_getEncodingt()), 'text'); $name = urldecode($name); } else { $okToSave = false; $errorMessages .= $LANG_GF02['invalid_name'] . '<br />'; } // speed limit check if (!SEC_hasRights('forum.edit')) { COM_clearSpeedlimit($_FF_CONF['post_speedlimit'], 'forum'); $last = COM_checkSpeedlimit('forum'); if ($last > 0) { $errorMessages .= sprintf($LANG_GF01['SPEEDLIMIT'], $last, $_FF_CONF['post_speedlimit']) . '<br/>'; $okToSave = false; } } // standard edit checks if (strlen(trim($postData['name'])) < $_FF_CONF['min_username_length'] || strlen(trim($postData['subject'])) < $_FF_CONF['min_subject_length'] || strlen(trim($postData['comment'])) < $_FF_CONF['min_comment_length']) { $errorMessages .= $LANG_GF02['msg18'] . '<br/>'; $okToSave = false; } // CAPTCHA check if (function_exists('plugin_itemPreSave_captcha') && $okToSave == true) { if (!isset($postData['captcha'])) { $postData['captcha'] = ''; } $msg = plugin_itemPreSave_captcha('forum', $postData['captcha']); if ($msg != '') { $errorMessages .= $msg . '<br/>'; $okToSave = false; } } $status = 0; if (isset($postData['disable_bbcode']) && $postData['disable_bbcode'] == 1) { $status += DISABLE_BBCODE; } if (isset($postData['disable_smilies']) && $postData['disable_smilies'] == 1) { $status += DISABLE_SMILIES; } if (isset($postData['disable_urlparse']) && $postData['disable_urlparse'] == 1) { $status += DISABLE_URLPARSE; } // spamx check if ($_FF_CONF['use_spamx_filter'] == 1 && $okToSave == true) { SESS_unSet('spamx_msg'); // clear out the message. // Check for SPAM $spamcheck = '<h1>' . $postData['subject'] . '</h1><p>' . FF_formatTextBlock($postData['comment'], $postData['postmode'], 'preview', $status) . '</p>'; $result = PLG_checkforSpam($spamcheck, $_CONF['spamx']); // Now check the result and redirect to index.php if spam action was taken if ($result > 0) { // then tell them to get lost ... $errorMessages .= $LANG_GF02['spam_detected']; if (SESS_isSet('spamx_msg')) { $errorMessages .= '<br>' . SESS_getVar('spamx_msg') . '<br>'; SESS_unSet('spamx_msg'); } $okToSave = false; } } if ($_FF_CONF['use_sfs'] == 1 && COM_isAnonUser() && function_exists('plugin_itemPreSave_spamx')) { $spamCheckData = array('username' => $postData['name'], 'email' => $email, 'ip' => $REMOTE_ADDR); $msg = plugin_itemPreSave_spamx('forum', $spamCheckData); if ($msg) { $errorMessages .= $msg; $okToSave = false; } } if ($okToSave == false) { $retval .= _ff_alertMessage($errorMessages, $LANG_GF01['ERROR'], ' '); return array(false, $retval); } if ($okToSave == true) { if (!isset($postData['postmode_switch'])) { $postData['postmode_switch'] = 0; } $postmode = _ff_chkpostmode($postData['postmode'], $postData['postmode_switch']); // validate postmode if ($postmode == 'html' || $postmode == 'HTML') { if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) { $postmode = 'html'; } else { $postmode = 'text'; } } $subject = _ff_preparefordb(strip_tags($postData['subject']), 'text'); $comment = _ff_preparefordb($postData['comment'], $postmode); $mood = isset($postData['mood']) ? COM_applyFilter($postData['mood']) : ''; $id = COM_applyFilter($postData['id'], true); $forum = COM_applyFilter($postData['forum'], true); $notify = isset($postData['notify']) ? COM_applyFilter($postData['notify']) : ''; // If user has moderator edit rights only $locked = 0; $sticky = 0; if (isset($postData['modedit']) && $postData['modedit'] == 1) { if (isset($postData['locked_switch']) && $postData['locked_switch'] == 1) { $locked = 1; } if (isset($postData['sticky_switch']) && $postData['sticky_switch'] == 1) { $sticky = 1; } } if ($action == 'savetopic') { $fields = "forum,name,email,date,lastupdated,subject,comment,postmode,ip,mood,uid,pid,sticky,locked,status"; $sql = "INSERT INTO {$_TABLES['ff_topic']} ({$fields}) "; $sql .= "VALUES (" . (int) $forum . "," . "'" . DB_escapeString($name) . "'," . "'" . DB_escapeString($email) . "'," . "'" . DB_escapeString($date) . "'," . "'" . DB_escapeString($date) . "'," . "'" . $subject . "'," . "'" . $comment . "'," . "'" . DB_escapeString($postmode) . "'," . "'" . DB_escapeString($REMOTE_ADDR) . "'," . "'" . DB_escapeString($mood) . "'," . (int) $uid . "," . "0," . (int) $sticky . "," . (int) $locked . "," . (int) $status . ")"; DB_query($sql); // Find the id of the last inserted topic list($lastid) = DB_fetchArray(DB_query("SELECT max(id) FROM {$_TABLES['ff_topic']} ")); $savedPostID = $lastid; $topicPID = $lastid; /* Check for any uploaded files - during add of new topic */ $uploadErrors = _ff_check4files($lastid); // Check and see if there are no [file] bbcode tags in content and reset the show_inline value // This is needed in case user had used the file bbcode tag and then removed it $imagerecs = ''; $imagerecs = implode(',', $forumfiles); $sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $lastid . " "; if ($imagerecs != '') { $sql .= "AND id NOT IN ({$imagerecs})"; } DB_query($sql); // Update forums record DB_query("UPDATE {$_TABLES['ff_forums']} SET post_count=post_count+1, topic_count=topic_count+1, last_post_rec=" . (int) $lastid . " WHERE forum_id=" . (int) $forum); if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $lastid)) { DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $lastid); } DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0"); } else { if ($action == 'savereply') { $fields = "name,email,date,subject,comment,postmode,ip,mood,uid,pid,forum,status"; $sql = "INSERT INTO {$_TABLES['ff_topic']} ({$fields}) "; $sql .= "VALUES (" . "'" . DB_escapeString($name) . "'," . "'" . DB_escapeString($email) . "'," . "'" . DB_escapeString($date) . "'," . "'{$subject}'," . "'{$comment}'," . "'" . DB_escapeString($postmode) . "'," . "'" . DB_escapeString($REMOTE_ADDR) . "'," . "'" . DB_escapeString($mood) . "'," . (int) $uid . "," . (int) $id . "," . (int) $forum . "," . (int) $status . ")"; DB_query($sql); // Find the id of the last inserted topic list($lastid) = DB_fetchArray(DB_query("SELECT max(id) FROM {$_TABLES['ff_topic']} ")); $savedPostID = $lastid; $topicPID = $id; /* Check for any uploaded files - during adding reply post */ $uploadErrors = _ff_check4files($lastid); // Check and see if there are no [file] bbcode tags in content and reset the show_inline value // This is needed in case user had used the file bbcode tag and then removed it $imagerecs = ''; $imagerecs = implode(',', $forumfiles); $sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $lastid; if ($imagerecs != '') { $sql .= " AND id NOT IN ({$imagerecs})"; } DB_query($sql); DB_query("UPDATE {$_TABLES['ff_topic']} SET replies=replies+1, lastupdated='" . DB_escapeString($date) . "',last_reply_rec=" . (int) $lastid . " WHERE id=" . (int) $id); DB_query("UPDATE {$_TABLES['ff_forums']} SET post_count=post_count+1, last_post_rec=" . (int) $lastid . " WHERE forum_id=" . (int) $forum); if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $lastid)) { DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $id); } DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0"); } elseif ($action == 'saveedit') { $sql = "UPDATE {$_TABLES['ff_topic']} SET " . "subject='{$subject}'," . "comment='{$comment}'," . "postmode='" . DB_escapeString($postmode) . "'," . "mood='" . DB_escapeString($mood) . "'," . "sticky=" . (int) $sticky . "," . "locked=" . (int) $locked . "," . "status=" . (int) $status . " " . "WHERE (id=" . (int) $editid . ")"; DB_query($sql); /* Check for any uploaded files - during save of edit */ $uploadErrors = _ff_check4files($editid); // Check and see if there are no [file] bbcode tags in content and reset the show_inline value // This is needed in case user had used the file bbcode tag and then removed it $imagerecs = ''; $imagerecs = implode(',', $forumfiles); $sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $editid . " "; if ($imagerecs != '') { $sql .= "AND id NOT IN ({$imagerecs})"; } DB_query($sql); $topicPID = DB_getITEM($_TABLES['ff_topic'], "pid", "id=" . (int) $editid); if ($topicPID == 0) { $topicPID = $editid; } $savedPostID = $editid; if ($postData['silentedit'] != 1) { DB_query("UPDATE {$_TABLES['ff_topic']} SET lastupdated='" . DB_escapeString($date) . "' WHERE id=" . (int) $topicPID); //Remove any lastviewed records in the log so that the new updated topic indicator will appear DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0"); } if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $editid)) { DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $topicPID); } $topicparent = $topicPID; } } COM_updateSpeedLimit('forum'); PLG_itemSaved($savedPostID, 'forum'); CACHE_remove_instance('forumcb'); if (!COM_isAnonUser()) { //NOTIFY - Checkbox variable in form set to "on" when checked and they don't already have subscribed to forum or topic $nid = -$topicPID; $currentForumNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id=0 AND uid=" . (int) $uid); $currentTopicNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id='" . DB_escapeString($topicPID) . "' AND uid=" . (int) $uid); $currentTopicUnNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id='" . DB_escapeString($nid) . "' AND uid=" . (int) $uid); $forum_name = DB_getItem($_TABLES['ff_forums'], 'forum_name', 'forum_id=' . (int) $forum); $topic_name = $subject; if ($notify == 'on' and ($currentForumNotifyRecID < 1 and $currentTopicNotifyRecID < 1)) { $sql = "INSERT INTO {$_TABLES['subscriptions']} (type,category,category_desc,id,id_desc,uid,date_added) "; $sql .= "VALUES ('forum','" . DB_escapeString($forum) . "','" . DB_escapeString($forum_name) . "','" . DB_escapeString($topicPID) . "','" . $subject . "'," . (int) $uid . ",now() )"; DB_query($sql); } elseif ($notify == 'on' and $currentTopicUnNotifyRecID > 1) { // Had un-subcribed to topic and now wants to subscribe DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE sub_id=" . (int) $currentTopicUnNotifyRecID); } elseif ($notify == '' and $currentTopicNotifyRecID > 1) { // Subscribed to topic - but does not want to be notified anymore DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($topicPID) . "'"); } elseif ($notify == '' and $currentForumNotifyRecID > 1) { // Subscribed to forum - but does not want to be notified about this topic DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($topicPID) . "'"); DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($nid) . "'"); DB_query("INSERT INTO {$_TABLES['subscriptions']} (type,category,category_desc,id,id_desc,uid,date_added) VALUES ('forum','" . DB_escapeString($forum) . "','" . DB_escapeString($forum_name) . "','" . DB_escapeString($nid) . "','" . $subject . "'," . (int) $uid . ",now() )"); } } if ($action != 'saveedit') { _ff_chknotifications($forum, $savedPostID, $uid); } $link = $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . $topicPID . '&topic=' . $savedPostID . '#' . $savedPostID; if ($uploadErrors != '') { $autorefresh = false; } else { $autorefresh = true; } $retval .= FF_statusMessage($uploadErrors . $LANG_GF02['msg19'], $link, $LANG_GF02['msg19'], false, '', $autorefresh); } else { $retval .= _ff_alertMessage($LANG_GF02['msg18']); } return array(true, $retval); }
function _rebuild_data() { global $_CONF; $method = ''; if (SESS_isSet('glfusion.auth.method')) { $method = SESS_getVar('glfusion.auth.method'); SESS_unSet('glfusion.auth.method'); } $postdata = ''; if (SESS_isSet('glfusion.auth.post')) { $postdata = SESS_getVar('glfusion.auth.post'); SESS_unSet('glfusion.auth.post'); } $getdata = ''; if (SESS_isSet('glfusion.auth.get')) { $getdata = SESS_getVar('glfusion.auth.get'); SESS_unSet('glfusion.auth.get'); } $filedata = ''; if (SESS_isSet('glfusion.auth.file')) { $filedata = SESS_getVar('glfusion.auth.file'); SESS_unSet('glfusion.auth.file'); $file_array = unserialize($filedata); } $filedata = ''; if (empty($_FILES) && isset($file_array) && is_array($file_array)) { foreach ($file_array as $fkey => $file) { if (isset($file['name']) && is_array($file['name'])) { foreach ($file as $key => $data) { foreach ($data as $offset => $value) { if ($key == 'tmp_name') { $filename = COM_sanitizeFilename(basename($value), true); $value = $_CONF['path_data'] . 'temp/' . $filename; if ($filename == '') { $value = ''; } $_FILES[$fkey]['_data_dir'][$offset] = true; } $_FILES[$fkey][$key][$offset] = $value; if (!isset($_FILES[$fkey]['tmp_name']) || !isset($_FILES[$fkey]['tmp_name'][$offset]) || !file_exists($_FILES[$fkey]['tmp_name'][$offset])) { $_FILES[$fkey]['tmp_name'][$offset] = ''; $_FILES[$fkey]['error'][$offset] = 4; } } } } else { foreach ($file as $key => $value) { if ($key == 'tmp_name') { $filename = COM_sanitizeFilename(basename($value), true); $value = $_CONF['path_data'] . 'temp/' . $filename; if ($filename == '') { $value = ''; } // set _data_dir attribute to key upload class to not use move_uploaded_file() $_FILES[$fkey]['_data_dir'] = true; } $_FILES[$fkey][$key] = $value; } if (!file_exists($_FILES[$fkey]['tmp_name'])) { $_FILES[$fkey]['tmp_name'] = ''; $_FILES[$fkey]['error'] = 4; } } } } $_POST = array(); $_GET = array(); $_SERVER['REQUEST_METHOD'] = $method; $_POST = unserialize($postdata); $_GET = unserialize($getdata); // refresh the token (easier to create new one than try to fake referer) if (@array_key_exists(CSRF_TOKEN, $_POST) || @array_key_exists(CSRF_TOKEN, $_GET)) { $newToken = SEC_createToken(); $_POST[CSRF_TOKEN] = $newToken; $_GET[CSRF_TOKEN] = $newToken; } if (!isset($_GET) || !is_array($_GET)) { $_GET = array(); } if (!isset($_POST) || !is_array($_POST)) { $_POST = array(); } $_REQUEST = array_merge($_GET, $_POST); return; }