// Display <html><head>...</head> section! (Note: should be done early if actions do not redirect)
$AdminUI->disp_html_head();
// Display title, menu, messages, etc. (Note: messages MUST be displayed AFTER the actions)
$AdminUI->disp_body_top();
$AdminUI->disp_payload_begin();
/**
* Display payload:
*/
switch ($action) {
case 'nil':
// Do nothing
break;
case 'delete':
if ($perm_abuse_management) {
// Save a tab param for hidden fields of the form
memorize_param('tab', 'string', 'abuse');
}
// We need to ask for confirmation:
$edited_Message->confirm_delete(T_('Delete message?'), 'messaging_messages', $action, get_memorized('action'));
default:
// No specific request, list all messages:
// Cleanup context:
forget_param('msg_ID');
// Display messages list:
$action = $action == 'preview' ? $action : 'create';
$AdminUI->disp_view('messaging/views/_message_list.view.php', array('messages_list_form_start' => '', 'messages_list_form_end' => '', 'messages_list_body_start' => '', 'messages_list_body_end' => ''));
break;
}
$AdminUI->disp_payload_end();
// Display body bottom, debug info and close </html>:
$AdminUI->disp_global_footer();
/**
* Set/Activate filterset
*
* This will also set back the GLOBALS !!! needed for regenerate_url().
*
* @param array Filters
*/
function set_filters($filters)
{
if (!empty($filters)) {
// Activate the filterset (fallback to default filter when a value is not set):
$this->filters = array_merge($this->default_filters, $filters);
}
// Activate preset filters if necessary:
$this->activate_preset_filters();
// Page
$this->page = param($this->page_param, 'integer', 1);
// Country
if (has_cross_country_restriction('users', 'list')) {
// In case of cross country restrionction we always have to set the ctry filter
// In this case we always have a logged in user
global $current_User;
if (!empty($current_User->ctry_ID) && $current_User->ctry_ID != $this->filters['country']) {
// current country filter is not the same
$this->filters['country'] = $current_User->ctry_ID;
$this->refresh_query = true;
}
}
// asimo> memorize is always false for now, because is not fully implemented
if ($this->memorize) {
// set back the GLOBALS !!! needed for regenerate_url() :
/*
* Selected filter preset:
*/
memorize_param('filter_preset', 'string', $this->default_filters['filter_preset'], $this->filters['filter_preset']);
// List of authors to restrict to
/*
* Restrict by membersonly
*/
memorize_param('membersonly', 'integer', $this->default_filters['membersonly'], $this->filters['membersonly']);
/*
* Restrict by keywords
*/
memorize_param('keywords', 'string', $this->default_filters['keywords'], $this->filters['keywords']);
// Search string
/*
* Restrict by gender
*/
memorize_param('gender_men', 'integer', strpos($this->default_filters['gender'], 'M') !== false, strpos($this->filters['gender'], 'M') !== false);
memorize_param('gender_women', 'integer', strpos($this->default_filters['gender'], 'F') !== false, strpos($this->filters['gender'], 'F') !== false);
/*
* Restrict by status
*/
memorize_param('status_activated', 'string', $this->default_filters['status_activated'], $this->filters['status_activated']);
memorize_param('account_status', 'string', $this->default_filters['account_status'], $this->filters['account_status']);
/*
* Restrict by reported state ( was reported or not )
*/
memorize_param('reported', 'integer', $this->default_filters['reported'], $this->filters['reported']);
/*
* Restrict by custom sender email settings
*/
memorize_param('custom_sender_email', 'integer', $this->default_filters['custom_sender_email'], $this->filters['custom_sender_email']);
memorize_param('custom_sender_name', 'integer', $this->default_filters['custom_sender_name'], $this->filters['custom_sender_name']);
/*
* Restrict by user group
*/
memorize_param('group', 'string', $this->default_filters['group'], $this->filters['group']);
/*
* Restrict by locations
*/
memorize_param('country', 'integer', $this->default_filters['country'], $this->filters['country']);
// Search country
memorize_param('region', 'integer', $this->default_filters['region'], $this->filters['region']);
// Search region
memorize_param('subregion', 'integer', $this->default_filters['subregion'], $this->filters['subregion']);
// Search subregion
memorize_param('city', 'integer', $this->default_filters['city'], $this->filters['city']);
// Search city
/*
* Restrict by age group
*/
memorize_param('age_min', 'integer', $this->default_filters['age_min'], $this->filters['age_min']);
memorize_param('age_max', 'integer', $this->default_filters['age_max'], $this->filters['age_max']);
/*
* Restrict by organization
*/
memorize_param('org', 'integer', $this->default_filters['org'], $this->filters['org']);
/*
* Restrict by user fields
*/
$filters_uf_types = array();
$filters_uf_values = array();
$userfields = !empty($this->filters['userfields']) ? $this->filters['userfields'] : $this->default_filters['userfields'];
foreach ($userfields as $field) {
$filters_uf_types[] = $field['type'];
$filters_uf_values[] = $field['value'];
}
memorize_param('criteria_type', 'array', $filters_uf_types, $filters_uf_types);
memorize_param('criteria_value', 'array', $filters_uf_values, $filters_uf_values);
/*
* order:
*/
$order = param($this->order_param, 'string', '');
$this->order = $order != '' ? $order : $this->filters['order'];
if ($this->order != $this->filters['order']) {
// Save order from request
$this->filters['order'] = $this->order;
$this->save_filterset();
$this->refresh_query = true;
}
memorize_param($this->order_param, 'string', $this->default_filters['order'], $this->order);
// Order
// 'paged'
memorize_param($this->page_param, 'integer', 1, $this->page);
// List page number in paged display
}
}
*
* b2evolution - {@link http://b2evolution.net/}
* Released under GNU GPL License - {@link http://b2evolution.net/about/license.html}
* @copyright (c)2003-2013 by Francois Planque - {@link http://fplanque.com/}
*
* {@internal Note: we need at least one file in the main package}}
*
* @package main
*/
/**
* First thing: Do the minimal initializations required for b2evo:
*/
require_once dirname(__FILE__) . '/conf/_config.php';
require_once $inc_path . '_main.inc.php';
if (!init_requested_blog()) {
// No specific blog to be displayed:
echo 'No default blog is set.';
exit;
}
// Memorize that blog param as DEFAULT so that it doesn't get passed in regenerate_url()
memorize_param('blog', 'integer', $blog);
// A blog has been requested... Let's set a few default params:
# You could *force* a specific skin here with this setting:
# $skin = 'basic';
# This setting retricts posts to those published, thus hiding drafts.
# You should not have to change this.
$show_statuses = array();
# Additionnaly, you can set other values (see URL params in the manual)...
# $order = 'ASC'; // This for example would display the blog in chronological order...
// That's it, now let b2evolution do the rest! :)
require $inc_path . '_blog_main.inc.php';
/**
* Set/Activate filterset
*
* This will also set back the GLOBALS !!! needed for regenerate_url().
*
* @param array Filters
* @param boolean TRUE to memorize the filter params
* @param boolean TRUE to use filters from previous request (from array $this->filters if it was defined before)
*/
function set_filters($filters, $memorize = true, $use_previous_filters = false)
{
if (!empty($filters)) {
// Activate the filterset (fallback to default filter when a value is not set):
if ($use_previous_filters) {
// If $this->filters were activated before(e.g. on load from request), they can be saved here
$this->filters = array_merge($this->default_filters, $this->filters, $filters);
} else {
// Don't use the filters from previous request
$this->filters = array_merge($this->default_filters, $filters);
}
}
// Activate preset filters if necessary:
$this->activate_preset_filters();
// Funky oldstyle params:
$this->limit = $this->filters['comments'];
// for compatibility with parent class
$this->page = $this->filters['page'];
// asimo> memorize is always false for now, because is not fully implemented
if ($memorize) {
// set back the GLOBALS !!! needed for regenerate_url() :
/*
* Selected filter preset:
*/
memorize_param($this->param_prefix . 'filter_preset', 'string', $this->default_filters['filter_preset'], $this->filters['filter_preset']);
// List of authors to restrict to
/*
* Restrict to selected authors attribute:
*/
memorize_param($this->param_prefix . 'author_IDs', 'string', $this->default_filters['author_IDs'], $this->filters['author_IDs']);
// List of authors ID to restrict to
memorize_param($this->param_prefix . 'author', 'string', $this->default_filters['author'], $this->filters['author']);
// List of authors ID to restrict to
memorize_param($this->param_prefix . 'author_email', 'string', $this->default_filters['author_email'], $this->filters['author_email']);
// List of authors email to restrict to
memorize_param($this->param_prefix . 'author_url', 'string', $this->default_filters['author_url'], $this->filters['author_url']);
// List of authors url to restrict to
memorize_param($this->param_prefix . 'url_match', 'string', $this->default_filters['url_match'], $this->filters['url_match']);
// List of authors url to restrict to
memorize_param($this->param_prefix . 'include_emptyurl', 'string', $this->default_filters['include_emptyurl'], $this->filters['include_emptyurl']);
// List of authors url to restrict to
memorize_param($this->param_prefix . 'author_IP', 'string', $this->default_filters['author_IP'], $this->filters['author_IP']);
// List of authors ip to restrict to
/*
* Restrict to selected rating:
*/
memorize_param($this->param_prefix . 'rating_toshow', 'array', $this->default_filters['rating_toshow'], $this->filters['rating_toshow']);
// Rating to restrict to
memorize_param($this->param_prefix . 'rating_turn', 'string', $this->default_filters['rating_turn'], $this->filters['rating_turn']);
// Rating to restrict to
memorize_param($this->param_prefix . 'rating_limit', 'integer', $this->default_filters['rating_limit'], $this->filters['rating_limit']);
// Rating to restrict to
/*
* Restrict by keywords
*/
memorize_param($this->param_prefix . 's', 'string', $this->default_filters['keywords'], $this->filters['keywords']);
// Search string
memorize_param($this->param_prefix . 'sentence', 'string', $this->default_filters['phrase'], $this->filters['phrase']);
// Search for sentence or for words
memorize_param($this->param_prefix . 'exact', 'integer', $this->default_filters['exact'], $this->filters['exact']);
// Require exact match of title or contents
/*
* Restrict to selected statuses:
*/
memorize_param($this->param_prefix . 'show_statuses', 'array', $this->default_filters['statuses'], $this->filters['statuses']);
// List of statuses to restrict to
/*
* Restrict to not active/expired comments:
*/
memorize_param($this->param_prefix . 'expiry_statuses', 'array', $this->default_filters['expiry_statuses'], $this->filters['expiry_statuses']);
// List of expiry statuses to restrict to
/*
* Restrict to selected comment type:
*/
memorize_param($this->param_prefix . 'type', 'string', $this->default_filters['types'], $this->filters['types']);
// List of comment types to restrict to
/*
* Restrict to current User specific permission:
*/
memorize_param($this->param_prefix . 'user_perm', 'string', $this->default_filters['user_perm'], $this->filters['user_perm']);
// Restrict to comments with permitted action for the current User
/*
* Restrict to the statuses we want to show:
*/
// Note: oftentimes, $show_statuses will have been preset to a more restrictive set of values
//memorize_param( $this->param_prefix.'show_statuses', 'array', $this->default_filters['visibility_array'], $this->filters['visibility_array'] ); // Array of sharings to restrict to
/*
* OLD STYLE orders:
*/
memorize_param($this->param_prefix . 'order', 'string', $this->default_filters['order'], $this->filters['order']);
// ASC or DESC
// This order style is OK, because sometimes the commentList is not displayed on a table so we cannot say we want to order by a specific column.
memorize_param($this->param_prefix . 'orderby', 'string', $this->default_filters['orderby'], $this->filters['orderby']);
// list of fields to order by (TODO: change that crap)
/*
* Paging limits:
*/
memorize_param($this->param_prefix . 'comments', 'integer', $this->default_filters['comments'], $this->filters['comments']);
// # of units to display on the page
// 'paged'
memorize_param($this->page_param, 'integer', 1, $this->filters['page']);
// List page number in paged display
}
}
/**
* Set/Activate filterset
*
* This will also set back the GLOBALS !!! needed for regenerate_url().
*
* @param array Filters
* @param boolean TRUE to memorize the filter params
* @param boolean TRUE to use filters from previous request (from array $this->filters if it was defined before)
*/
function set_filters($filters, $memorize = true, $use_previous_filters = false)
{
if (!empty($filters)) {
// Activate the filterset (fallback to default filter when a value is not set):
if ($use_previous_filters) {
// If $this->filters were activated before(e.g. on load from request), they can be saved here
$this->filters = array_merge($this->default_filters, $this->filters, $filters);
} else {
// Don't use the filters from previous request
$this->filters = array_merge($this->default_filters, $filters);
}
}
// Activate preset filters if necessary:
$this->activate_preset_filters();
// Funky oldstyle params:
$this->limit = $this->filters['posts'];
// for compatibility with parent class
$this->page = $this->filters['page'];
if ($memorize) {
// set back the GLOBALS !!! needed for regenerate_url() :
/*
* Selected filter preset:
*/
memorize_param($this->param_prefix . 'filter_preset', 'string', $this->default_filters['filter_preset'], $this->filters['filter_preset']);
// List of authors to restrict to
/*
* Blog & Chapters/categories restrictions:
*/
// Get chapters/categories (and compile those values right away)
if (isset($this->filters['cat_modifier'])) {
// Update cat param with the cat modifier only if it was set explicitly, otherwise it may overwrite the global $cat variable
memorize_param('cat', '/^[*\\-]?([0-9]+(,[0-9]+)*)?$/', $this->default_filters['cat_modifier'], $this->filters['cat_modifier']);
// Category modifier
}
memorize_param('catsel', 'array', $this->default_filters['cat_array'], $this->filters['cat_array']);
memorize_param($this->param_prefix . 'cat_focus', 'string', $this->default_filters['cat_focus'], $this->filters['cat_focus']);
// Categories to search on
// TEMP until we get this straight:
// fp> this would only be used for the categories widget and setting it here overwtrites the interesting values when a post list widget is tirggered
// fp> if we need it here we want to use a $set_globals params to this function
// global $cat_array, $cat_modifier;
// $cat_array = $this->default_filters['cat_array'];
// $cat_modifier = $this->default_filters['cat_modifier'];
/*
* Restrict to selected tags:
*/
memorize_param($this->param_prefix . 'tags', 'string', $this->default_filters['tags'], $this->filters['tags']);
/*
* Restrict to selected authors:
*/
// List of authors users IDs to restrict to
memorize_param($this->param_prefix . 'author', 'string', $this->default_filters['authors'], $this->filters['authors']);
// List of authors users logins to restrict to
memorize_param($this->param_prefix . 'author_login', 'string', $this->default_filters['authors_login'], $this->filters['authors_login']);
/*
* Restrict to selected assignees:
*/
// List of assignees users IDs to restrict to
memorize_param($this->param_prefix . 'assgn', 'string', $this->default_filters['assignees'], $this->filters['assignees']);
// List of assignees users logins to restrict to
memorize_param($this->param_prefix . 'assgn_login', 'string', $this->default_filters['assignees_login'], $this->filters['assignees_login']);
/*
* Restrict to selected author OR assignee:
*/
memorize_param($this->param_prefix . 'author_assignee', 'string', $this->default_filters['author_assignee'], $this->filters['author_assignee']);
/*
* Restrict to selected locale:
*/
memorize_param($this->param_prefix . 'lc', 'string', $this->default_filters['lc'], $this->filters['lc']);
// Locale to restrict to
/*
* Restrict to selected statuses:
*/
memorize_param($this->param_prefix . 'status', 'string', $this->default_filters['statuses'], $this->filters['statuses']);
// List of statuses to restrict to
/*
* Restrict to selected post type:
*/
memorize_param($this->param_prefix . 'types', 'integer', $this->default_filters['types'], $this->filters['types']);
// List of post types to restrict to
/*
* Restrict by keywords
*/
memorize_param($this->param_prefix . 's', 'string', $this->default_filters['keywords'], $this->filters['keywords']);
// Search string
memorize_param($this->param_prefix . 'scope', 'string', $this->default_filters['keyword_scope'], $this->filters['keyword_scope']);
// Scope of search string
memorize_param($this->param_prefix . 'sentence', 'string', $this->default_filters['phrase'], $this->filters['phrase']);
// Search for sentence or for words
memorize_param($this->param_prefix . 'exact', 'integer', $this->default_filters['exact'], $this->filters['exact']);
// Require exact match of title or contents
/*
* Specific Item selection?
*/
memorize_param($this->param_prefix . 'm', '/^\\d{4}(0[1-9]|1[0-2])?(?(1)(0[1-9]|[12][0-9]|3[01])?)(?(2)([01][0-9]|2[0-3])?)(?(3)([0-5][0-9]){0,2})$/', $this->default_filters['ymdhms'], $this->filters['ymdhms']);
// YearMonth(Day) to display
memorize_param($this->param_prefix . 'w', '/^(0?[0-9]|[1-4][0-9]|5[0-3])$/', $this->default_filters['week'], $this->filters['week']);
// Week number
memorize_param($this->param_prefix . 'dstart', 'integer', $this->default_filters['ymdhms_min'], $this->filters['ymdhms_min']);
// YearMonth(Day) to start at
memorize_param($this->param_prefix . 'dstop', 'integer', $this->default_filters['ymdhms_max'], $this->filters['ymdhms_max']);
// YearMonth(Day) to start at
// TODO: show_past/future should probably be wired on dstart/dstop instead on timestamps -> get timestamps out of filter perimeter
if (is_null($this->default_filters['ts_min']) && is_null($this->default_filters['ts_max'])) {
// We have not set a strict default -> we allow overridding:
memorize_param($this->param_prefix . 'show_past', 'integer', 0, $this->filters['ts_min'] == 'now' ? 0 : 1);
memorize_param($this->param_prefix . 'show_future', 'integer', 0, $this->filters['ts_max'] == 'now' ? 0 : 1);
}
/*
* Restrict to the statuses we want to show:
*/
// Note: oftentimes, $show_statuses will have been preset to a more restrictive set of values
memorize_param($this->param_prefix . 'show_statuses', 'array', $this->default_filters['visibility_array'], $this->filters['visibility_array']);
// Array of sharings to restrict to
/*
* OLD STYLE orders:
*/
memorize_param($this->param_prefix . 'order', 'string', $this->default_filters['order'], $this->filters['order']);
// ASC or DESC
// This order style is OK, because sometimes the commentList is not displayed on a table so we cannot say we want to order by a specific column. It's not a crap.
memorize_param($this->param_prefix . 'orderby', 'string', $this->default_filters['orderby'], $this->filters['orderby']);
// list of fields to order by (TODO: change that crap)
/*
* Paging limits:
*/
memorize_param($this->param_prefix . 'unit', 'string', $this->default_filters['unit'], $this->filters['unit']);
// list unit: 'posts' or 'days'
memorize_param($this->param_prefix . 'posts', 'integer', $this->default_filters['posts'], $this->filters['posts']);
// # of units to display on the page
// 'paged'
memorize_param($this->page_param, 'integer', 1, $this->filters['page']);
// List page number in paged display
}
}
die('Please, do not access this page directly.');
}
global $blog, $admin_url, $UserSettings;
global $datestartinput, $datestart, $datestopinput, $datestop, $email;
if (param_date('datestartinput', T_('Invalid date'), false, NULL) !== NULL) {
// We have a user provided localized date:
memorize_param('datestart', 'string', NULL, trim(form_date($datestartinput)));
memorize_param('datestartinput', 'string', NULL, empty($datestartinput) ? NULL : date(locale_datefmt(), strtotime($datestartinput)));
} else {
// We may have an automated param transmission date:
param('datestart', 'string', '', true);
}
if (param_date('datestopinput', T_('Invalid date'), false, NULL) !== NULL) {
// We have a user provided localized date:
memorize_param('datestop', 'string', NULL, trim(form_date($datestopinput)));
memorize_param('datestopinput', 'string', NULL, empty($datestopinput) ? NULL : date(locale_datefmt(), strtotime($datestopinput)));
} else {
// We may have an automated param transmission date:
param('datestop', 'string', '', true);
}
param('email', 'string', '', true);
// Create result set:
$SQL = new SQL();
$SQL->SELECT('SQL_NO_CACHE emlog_ID, emlog_timestamp, emlog_user_ID, emlog_to, emlog_result, emlog_subject');
$SQL->FROM('T_email__log');
$count_SQL = new SQL();
$count_SQL->SELECT('SQL_NO_CACHE COUNT(emlog_ID)');
$count_SQL->FROM('T_email__log');
if (!empty($datestart)) {
// Filter by start date
$SQL->WHERE_and('emlog_timestamp >= ' . $DB->quote($datestart . ' 00:00:00'));
/**
* Get a param from Request and save it to UserSettings, or default to previously saved user setting.
*
* If the user setting was not set before (and there's no default given that gets returned), $default gets used.
*
* @todo Move this to _abstractsettings.class.php - the other Settings object can also make use of it!
*
* @param string Request param name
* @param string User setting name. Make sure this is unique!
* @param string Force value type to one of:
* - integer
* - float
* - string (strips (HTML-)Tags, trims whitespace)
* - array
* - object
* - null
* - html (does nothing)
* - '' (does nothing)
* - '/^...$/' check regexp pattern match (string)
* - boolean (will force type to boolean, but you can't use 'true' as a default since it has special meaning. There is no real reason to pass booleans on a URL though. Passing 0 and 1 as integers seems to be best practice).
* Value type will be forced only if resulting value (probably from default then) is !== NULL
* @param mixed Default value or TRUE if user input required
* @param boolean Do we need to memorize this to regenerate the URL for this page?
* @param boolean Override if variable already set
* @return NULL|mixed NULL, if neither a param was given nor {@link $UserSettings} knows about it.
*/
function param_Request($param_name, $uset_name, $type = '', $default = '', $memorize = false, $override = false)
{
$value = param($param_name, $type, NULL, $memorize, $override, false);
// we pass NULL here, to see if it got set at all
if ($value !== false) {
// we got a value
$this->set($uset_name, $value);
$this->dbupdate();
} else {
// get the value from user settings
$value = $this->get($uset_name);
if (is_null($value)) {
// it's not saved yet and there's not default defined ($_defaults)
$value = $default;
}
if ($memorize) {
// Memorize param
memorize_param($param_name, $type, $default, $value);
}
}
set_param($param_name, $value);
return get_param($param_name);
}
$AdminUI->disp_payload_end();
break;
case 'view':
case 'delete':
// View a single post:
// Memorize 'p' in case we reload while changing some display settings
memorize_param('p', 'integer', NULL);
// Begin payload block:
$AdminUI->disp_payload_begin();
// We use the "full" view for displaying single posts:
$AdminUI->disp_view('items/views/_item_list_full.view.php');
// End payload block:
$AdminUI->disp_payload_end();
break;
case 'history':
memorize_param('action', 'string', NULL);
// Begin payload block:
$AdminUI->disp_payload_begin();
// view:
$AdminUI->disp_view('items/views/_item_history.view.php');
// End payload block:
$AdminUI->disp_payload_end();
break;
case 'history_details':
// Begin payload block:
$AdminUI->disp_payload_begin();
// view:
$AdminUI->disp_view('items/views/_item_history_details.view.php');
// End payload block:
$AdminUI->disp_payload_end();
break;
if ($edited_Group->ID == $Settings->get('newusers_grp_ID')) {
$Messages->add(T_('You can\'t delete the default group for new users!'), 'error');
$action = 'view_group';
break;
}
if (param('confirm', 'integer', 0)) {
// confirmed, Delete from DB:
$msg = sprintf(T_('Group «%s» deleted.'), $edited_Group->dget('name'));
$edited_Group->dbdelete($Messages);
unset($edited_Group);
forget_param('grp_ID');
$Messages->add($msg, 'success');
$action = 'list';
} else {
// not confirmed, Check for restrictions:
memorize_param('grp_ID', 'integer', true);
if (!$edited_Group->check_delete(sprintf(T_('Cannot delete Group «%s»'), $edited_Group->dget('name')))) {
// There are restrictions:
$action = 'view_group';
}
}
break;
}
}
// We might delegate to this action from above:
if ($action == 'edit_user') {
$Plugins->trigger_event('PluginUserSettingsEditAction', $tmp_params = array('User' => &$edited_User));
$Session->delete('core.changepwd.request_id');
// delete the request_id for password change request (from /htsrv/login.php)
}
// Display <html><head>...</head> section! (Note: should be done early if actions do not redirect)
// Set revision from request
if ($phpsvnclient->getVersion() < $svn_revision) {
// Incorrect revision number
echo '<p class="red">' . sprintf(T_('Please select a correct revision number. The latest revision is %s.'), $phpsvnclient->getVersion()) . '</p>';
evo_flush();
$action = 'start';
break;
// Stop an upgrade from SVN
} else {
// Use only correct revision
$phpsvnclient->setVersion($svn_revision);
}
}
$repository_version = $phpsvnclient->getVersion();
$upgrade_name = 'export_svn_' . $repository_version;
memorize_param('upd_name', 'string', '', $upgrade_name);
$upgrade_folder = $upgrade_path . $upgrade_name;
if (file_exists($upgrade_path . $upgrade_name)) {
// Current version already is downloaded
echo '<p class="green">' . sprintf(T_('Revision %s has already been downloaded. Using: %s'), $repository_version, $upgrade_path . $upgrade_name);
} else {
// Download files
echo '<p>' . sprintf(T_('Downloading package to «<strong>%s</strong>»...'), $upgrade_folder);
evo_flush();
// Export all files in temp folder for following coping
$svn_result = $phpsvnclient->checkOut($svn_folder, $upgrade_folder, false, true);
echo '</p>';
if ($svn_result === false) {
// Checkout is failed
echo '<p style="color:red">' . sprintf(T_('Unable to download package from «%s»'), $svn_url) . '</p>';
evo_flush();
/**
* Display hits results table
*/
function hits_results_block($params = array())
{
if (!is_logged_in()) {
// Only logged in users can access to this function
return;
}
global $current_User;
if (!$current_User->check_perm('stats', 'view')) {
// Current user has no permission to view all stats (aggregated stats)
return;
}
/**
* View funcs
*/
load_funcs('sessions/views/_stats_view.funcs.php');
global $blog, $admin_url, $rsc_url;
global $Session, $UserSettings, $DB;
global $datestartinput, $datestart, $datestopinput, $datestop;
global $preset_referer_type, $preset_agent_type;
$tab = param('tab', 'string', 'summary', true);
$tab3 = param('tab3', 'string', '', true);
switch ($tab) {
case 'other':
$preset_results_title = T_('Direct browser hits');
$preset_referer_type = 'direct';
$preset_agent_type = 'browser';
$preset_filter_all_url = '?ctrl=stats&tab=referers&blog=' . $blog;
$hide_columns = 'referer';
break;
case 'referers':
$preset_results_title = T_('Refered browser hits');
$preset_referer_type = 'referer';
$preset_agent_type = 'browser';
$preset_filter_all_url = '?ctrl=stats&tab=referers&blog=' . $blog;
break;
case 'refsearches':
if ($tab3 == 'hits') {
$preset_results_title = T_('Search hits');
$preset_referer_type = 'search';
$preset_agent_type = 'browser';
$preset_filter_all_url = '?ctrl=stats&tab=refsearches&tab3=hits&blog=' . $blog;
}
break;
}
if (param_date('datestartinput', T_('Invalid date'), false, NULL) !== NULL) {
// We have a user provided localized date:
memorize_param('datestart', 'string', NULL, trim(form_date($datestartinput)));
} else {
// We may have an automated param transmission date:
param('datestart', 'string', '', true);
}
if (param_date('datestopinput', T_('Invalid date'), false, NULL) !== NULL) {
// We have a user provided localized date:
memorize_param('datestop', 'string', NULL, trim(form_date($datestopinput)));
} else {
// We may have an automated param transmission date:
param('datestop', 'string', '', true);
}
$exclude = param('exclude', 'integer', 0, true);
$sess_ID = param('sess_ID', 'integer', NULL, true);
$remote_IP = param('remote_IP', 'string', NULL, true);
$referer_type = isset($preset_referer_type) ? $preset_referer_type : param('referer_type', 'string', NULL, true);
$agent_type = isset($preset_agent_type) ? $preset_agent_type : param('agent_type', 'string', NULL, true);
$device = param('device', 'string', NULL, true);
$hit_type = param('hit_type', 'string', NULL, true);
$reqURI = param('reqURI', 'string', NULL, true);
// Create result set:
$SQL = new SQL();
$SQL->SELECT('SQL_NO_CACHE hit_ID, sess_ID, sess_device, hit_datetime, hit_type, hit_referer_type, hit_uri, hit_disp, hit_ctrl, hit_action, hit_blog_ID, hit_referer, hit_remote_addr,' . 'user_login, hit_agent_type, blog_shortname, dom_name, goal_name, hit_keyphrase, hit_serprank, hit_response_code');
$SQL->FROM('T_hitlog LEFT JOIN T_basedomains ON dom_ID = hit_referer_dom_ID' . ' LEFT JOIN T_sessions ON hit_sess_ID = sess_ID' . ' LEFT JOIN T_blogs ON hit_blog_ID = blog_ID' . ' LEFT JOIN T_users ON sess_user_ID = user_ID' . ' LEFT JOIN T_track__goalhit ON hit_ID = ghit_hit_ID' . ' LEFT JOIN T_track__goal ON ghit_goal_ID = goal_ID');
$CountSQL = new SQL();
$CountSQL->SELECT('SQL_NO_CACHE COUNT(hit_ID)');
$CountSQL->FROM('T_hitlog');
$operator = $exclude ? ' <> ' : ' = ';
if (!empty($sess_ID)) {
// We want to filter on the session ID:
$filter = 'hit_sess_ID' . $operator . $sess_ID;
$SQL->WHERE($filter);
$CountSQL->WHERE($filter);
} elseif (!empty($remote_IP)) {
// We want to filter on the goal name:
$filter = 'hit_remote_addr' . $operator . $DB->quote($remote_IP);
$SQL->WHERE($filter);
$CountSQL->WHERE($filter);
}
if (!empty($referer_type)) {
$filter = 'hit_referer_type = ' . $DB->quote($referer_type);
$SQL->WHERE_and($filter);
$CountSQL->WHERE_and($filter);
}
if (!empty($agent_type)) {
$filter = 'hit_agent_type = ' . $DB->quote($agent_type);
$SQL->WHERE_and($filter);
$CountSQL->WHERE_and($filter);
}
if (!empty($device)) {
if ($device == 'other') {
// Unknown device
$device = '';
}
$filter = 'sess_device = ' . $DB->quote($device);
$SQL->WHERE_and($filter);
$CountSQL->WHERE_and($filter);
$CountSQL->FROM_add('LEFT JOIN T_sessions ON hit_sess_ID = sess_ID');
}
if (!empty($hit_type)) {
$filter = 'hit_type = ' . $DB->quote($hit_type);
$SQL->WHERE_and($filter);
$CountSQL->WHERE_and($filter);
}
if (!empty($reqURI)) {
$filter = 'hit_uri LIKE ' . $DB->quote($reqURI);
$SQL->WHERE_and($filter);
$CountSQL->WHERE_and($filter);
}
if (!empty($datestart)) {
$SQL->WHERE_and('hit_datetime >= ' . $DB->quote($datestart . ' 00:00:00'));
$CountSQL->WHERE_and('hit_datetime >= ' . $DB->quote($datestart . ' 00:00:00'));
}
if (!empty($datestop)) {
$SQL->WHERE_and('hit_datetime <= ' . $DB->quote($datestop . ' 23:59:59'));
$CountSQL->WHERE_and('hit_datetime <= ' . $DB->quote($datestop . ' 23:59:59'));
}
if (!empty($blog)) {
$filter = 'hit_blog_ID = ' . $DB->escape($blog);
$SQL->WHERE_and($filter);
$CountSQL->WHERE_and($filter);
}
$resuts_param_prefix = 'hits_';
if (!empty($preset_referer_type)) {
$resuts_param_prefix = substr($preset_referer_type, 0, 8) . '_' . $resuts_param_prefix;
}
$Results = new Results($SQL->get(), $resuts_param_prefix, '--D', $UserSettings->get('results_per_page'), $CountSQL->get());
// Initialize Results object
hits_results($Results);
if (is_ajax_content()) {
// init results param by template name
if (!isset($params['skin_type']) || !isset($params['skin_name'])) {
debug_die('Invalid ajax results request!');
}
$Results->init_params_by_skin($params['skin_type'], $params['skin_name']);
}
// Display results:
$Results->display();
if (!is_ajax_content()) {
// Create this hidden div to get a function name for AJAX request
echo '<div id="' . $resuts_param_prefix . 'ajax_callback" style="display:none">' . __FUNCTION__ . '</div>';
}
}
require_once dirname(__FILE__) . '/_stats_view.funcs.php';
$user_ID = param('user_ID', 'integer', 0, true);
// Create result set:
$SQL = new SQL();
$SQL->SELECT('SQL_NO_CACHE sess_ID, user_login, TIMESTAMPDIFF( SECOND, sess_start_ts, sess_lastseen_ts ) as sess_length, sess_lastseen_ts, sess_ipaddress');
$SQL->FROM('T_sessions LEFT JOIN T_users ON sess_user_ID = user_ID');
$Count_SQL = new SQL();
$Count_SQL->SELECT('SQL_NO_CACHE COUNT(sess_ID)');
$Count_SQL->FROM('T_sessions LEFT JOIN T_users ON sess_user_ID = user_ID');
if (empty($user_ID)) {
// display only this user sessions in user tab
$user_ID = $edited_User->ID;
}
$SQL->WHERE('user_ID = ' . $user_ID);
$Count_SQL->WHERE('user_ID = ' . $user_ID);
memorize_param('user_tab', 'string', '', $user_tab);
// Begin payload block:
$this->disp_payload_begin();
// ------------------- PREV/NEXT USER LINKS -------------------
user_prevnext_links(array('user_tab' => 'sessions'));
// ------------- END OF PREV/NEXT USER LINKS -------------------
$Results = new Results($SQL->get(), 'sess_', 'D', $UserSettings->get('results_per_page'), $Count_SQL->get());
// echo user edit action icons
echo_user_actions($Results, $edited_User, 'edit');
echo '<span class="floatright">' . $Results->gen_global_icons() . '</span>';
$Results->global_icons = array();
// echo user tabs
echo '<div>' . get_usertab_header($edited_User, $user_tab, T_('Sessions') . get_manual_link('user-sessions-tab')) . '</div>';
$Results->title = T_('Recent sessions') . get_manual_link('user-sessions-tab');
/**
* Callback to add filters on top of the result set
/**
* Sets a parameter with values from the request or to provided default,
* except if param is already set!
*
* Also removes magic quotes if they are set automatically by PHP.
* Also forces type.
* Priority order: POST, GET, COOKIE, DEFAULT.
*
* @todo when bad_request_die() gets called, the GLOBAL should not be left set to the invalid value!
* fp> Why? if the process dies anyway
*
* @param string Variable to set
* @param string Force value type to one of:
* - integer
* - float, double
* - string (strips (HTML-)Tags, trims whitespace)
* - text like string but allows multiple lines
* - array (it may contains arbitrary array elements) NOTE: If there is one way to avoid and use some other array type then it should not be used
* - array:integer (elements of array must be integer)
* - array:string (strips (HTML-)Tags, trims whitespace of array's elements)
* - array:/regexp/ (elements of array must match to the given regular expression) e.g. 'array:/^[a-z]*$/'
* - array:array:integer (two dimensional array and the elements must be integers)
* - array:array:string (strips (HTML-)Tags, trims whitespace of the two dimensional array's elements)
* - html (does nothing, for now)
* - raw (does nothing)
* - '' (does nothing) -- DEPRECATED, use "raw" instead
* - '/^...$/' check regexp pattern match (string)
* - boolean (will force type to boolean, but you can't use 'true' as a default since it has special meaning. There is no real reason to pass booleans on a URL though. Passing 0 and 1 as integers seems to be best practice).
* - url (like string but dies on illegal urls)
* Value type will be forced only if resulting value (probably from default then) is !== NULL
* @param mixed Default value or TRUE if user input required
* @param boolean Do we need to memorize this to regenerate the URL for this page?
* @param boolean Override if variable already set
* @param boolean Force setting of variable to default if no param is sent and var wasn't set before
* @param mixed true will refuse illegal values,
* false will try to convert illegal to legal values,
* 'allow_empty' will refuse illegal values but will always accept empty values (This helps blocking dirty spambots or borked index bots. Saves a lot of processor time by killing invalid requests)
* @return mixed Final value of Variable, or false if we don't force setting and did not set
*/
function param($var, $type = 'raw', $default = '', $memorize = false, $override = false, $use_default = true, $strict_typing = 'allow_empty')
{
global $Debuglog, $debug, $evo_charset, $io_charset;
// NOTE: we use $GLOBALS[$var] instead of $$var, because otherwise it would conflict with param names which are used as function params ("var", "type", "default", ..)!
/*
* STEP 1 : Set the variable
*
* Check if already set
* WARNING: when PHP register globals is ON, COOKIES get priority over GET and POST with this!!!
* dh> I never understood that comment.. does it refer to "variables_order" php.ini setting?
* fp> I guess
*/
if (!isset($GLOBALS[$var]) || $override) {
if (isset($_POST[$var])) {
$GLOBALS[$var] = remove_magic_quotes($_POST[$var]);
// if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.'='.$GLOBALS[$var].' set by POST', 'params' );
} elseif (isset($_GET[$var])) {
$GLOBALS[$var] = remove_magic_quotes($_GET[$var]);
// if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.'='.$GLOBALS[$var].' set by GET', 'params' );
} elseif (isset($_COOKIE[$var])) {
$GLOBALS[$var] = remove_magic_quotes($_COOKIE[$var]);
// if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.'='.$GLOBALS[$var].' set by COOKIE', 'params' );
} elseif ($default === true) {
bad_request_die(sprintf(T_('Parameter «%s» is required!'), $var));
} elseif ($use_default) {
// We haven't set any value yet and we really want one: use default:
if (in_array($type, array('array', 'array:integer', 'array:string', 'array:array:integer', 'array:array:string')) && $default === '') {
// Change default '' into array() (otherwise there would be a notice with settype() below)
$default = array();
}
$GLOBALS[$var] = $default;
// echo '<br>param(-): '.$var.'='.$GLOBALS[$var].' set by default';
// if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.'='.$GLOBALS[$var].' set by default', 'params' );
} else {
// param not found! don't set the variable.
// Won't be memorized nor type-forced!
return false;
}
} else {
// Variable was already set but we need to remove the auto quotes
$GLOBALS[$var] = remove_magic_quotes($GLOBALS[$var]);
// if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.' already set to ['.var_export($GLOBALS[$var], true).']!', 'params' );
}
if (isset($io_charset) && !empty($evo_charset)) {
$GLOBALS[$var] = convert_charset($GLOBALS[$var], $evo_charset, $io_charset);
}
// Check if the type is the special array or regexp
if (substr($type, 0, 7) == 'array:/') {
// It is an array type param which may contains elements mathcing to the given regular expression
$elements_regexp = substr($type, 6);
$elements_type = 'string';
$type = 'array:regexp';
}
/*
* STEP 2: make sure the data fits the expected type
*
* type will be forced even if it was set before and not overriden
*/
if (!empty($type) && $GLOBALS[$var] !== NULL) {
// Force the type
// echo "forcing type!";
switch ($type) {
case 'html':
// Technically does the same as "raw", but may do more in the future.
// Technically does the same as "raw", but may do more in the future.
case 'raw':
if (!is_scalar($GLOBALS[$var])) {
// This happens if someone uses "foo[]=x" where "foo" is expected as string
debug_die('param(-): <strong>' . $var . '</strong> is not scalar!');
}
// Clean utf8:
$GLOBALS[$var] = utf8_clean($GLOBALS[$var]);
// do nothing
if (isset($Debuglog)) {
$Debuglog->add('param(-): <strong>' . $var . '</strong> as RAW Unsecure HTML', 'params');
}
break;
case 'htmlspecialchars':
if (!is_scalar($GLOBALS[$var])) {
// This happens if someone uses "foo[]=x" where "foo" is expected as string
debug_die('param(-): <strong>' . $var . '</strong> is not scalar!');
}
// convert all html to special characters:
$GLOBALS[$var] = utf8_trim(htmlspecialchars($GLOBALS[$var], ENT_COMPAT, $evo_charset));
// cross-platform newlines:
$GLOBALS[$var] = preg_replace("~(\r\n|\r)~", "\n", $GLOBALS[$var]);
$Debuglog->add('param(-): <strong>' . $var . '</strong> as text with html special chars', 'params');
break;
case 'text':
if (!is_scalar($GLOBALS[$var])) {
// This happens if someone uses "foo[]=x" where "foo" is expected as string
debug_die('param(-): <strong>' . $var . '</strong> is not scalar!');
}
// strip out any html:
$GLOBALS[$var] = utf8_trim(utf8_strip_tags($GLOBALS[$var]));
// cross-platform newlines:
$GLOBALS[$var] = preg_replace("~(\r\n|\r)~", "\n", $GLOBALS[$var]);
$Debuglog->add('param(-): <strong>' . $var . '</strong> as text', 'params');
break;
case 'string':
if (!is_scalar($GLOBALS[$var])) {
// This happens if someone uses "foo[]=x" where "foo" is expected as string
debug_die('param(-): <strong>' . $var . '</strong> is not scalar!');
}
// echo $var, '=', $GLOBALS[$var], '<br />';
// Make sure the string is a single line
$GLOBALS[$var] = preg_replace('~\\r|\\n~', '', $GLOBALS[$var]);
// strip out any html:
$GLOBALS[$var] = utf8_strip_tags($GLOBALS[$var]);
// echo "param $var=".$GLOBALS[$var]."<br />\n";
$GLOBALS[$var] = utf8_trim($GLOBALS[$var]);
// echo "param $var=".$GLOBALS[$var]."<br />\n";
$Debuglog->add('param(-): <strong>' . $var . '</strong> as string', 'params');
break;
case 'url':
if (!is_scalar($GLOBALS[$var])) {
// This happens if someone uses "foo[]=x" where "foo" is expected as string
debug_die('param(-): <strong>' . $var . '</strong> is not scalar!');
}
// Decode url:
$GLOBALS[$var] = urldecode($GLOBALS[$var]);
// strip out any html:
$GLOBALS[$var] = utf8_trim(utf8_strip_tags($GLOBALS[$var]));
// Remove new line chars and double quote from url
$GLOBALS[$var] = preg_replace('~\\r|\\n|"~', '', $GLOBALS[$var]);
if (!empty($GLOBALS[$var]) && !preg_match('#^(/|\\?|https?://)#i', $GLOBALS[$var])) {
// We cannot accept this MISMATCH:
bad_request_die(sprintf(T_('Illegal value received for parameter «%s»!'), $var));
}
$Debuglog->add('param(-): <strong>' . $var . '</strong> as url', 'params');
break;
case 'array:integer':
case 'array:array:integer':
// Set elements type to integer, and set the corresponding regular expression
$elements_type = 'integer';
$elements_regexp = '/^(\\+|-)?[0-9]+$/';
case 'array':
case 'array:string':
case 'array:regexp':
case 'array:array:string':
if (!is_array($GLOBALS[$var])) {
// This param must be array
debug_die('param(-): <strong>' . $var . '</strong> is not array!');
}
// Store current array in temp var for checking and preparing
$globals_var = $GLOBALS[$var];
// Check if the given array type is one dimensional array
$one_dimensional = $type == 'array' || $type == 'array:integer' || $type == 'array:string' || $type == 'array:regexp';
// Check if the given array type should contains string elements
$contains_strings = $type == 'array:string' || $type == 'array:array:string';
if ($one_dimensional) {
// Convert to a two dimensional array to handle one and two dimensional arrays the same way
$globals_var = array($globals_var);
}
foreach ($globals_var as $i => $var_array) {
if (!is_array($var_array)) {
// This param must be array
// Note: In case of one dimensional array params this will never happen
debug_die('param(-): <strong>' . $var . '[' . $i . ']</strong> is not array!');
}
if ($type == 'array') {
// This param may contain any kind of elements we need to check and validate it recursively
$globals_var[$i] = param_check_general_array($var_array);
break;
}
foreach ($var_array as $j => $var_value) {
if (!is_scalar($var_value)) {
// This happens if someone uses "foo[][]=x" where "foo[]" is expected as string
debug_die('param(-): element of array <strong>' . $var . '</strong> is not scalar!');
}
if ($contains_strings) {
// Prepare string elements of array
// Make sure the string is a single line
$var_value = preg_replace('~\\r|\\n~', '', $var_value);
// strip out any html:
$globals_var[$i][$j] = utf8_trim(utf8_strip_tags($var_value));
continue;
}
if (isset($elements_regexp)) {
// Array contains elements which must match to the given regular expression
if (preg_match($elements_regexp, $var_value)) {
// OK match, set the corresponding type
settype($globals_var[$i][$j], $elements_type);
} else {
// No match, cannot accept this MISMATCH
// Note: In case of array:integer or array:regexp we always use strict typing for the array elements
bad_request_die(sprintf(T_('Illegal value received for parameter «%s»!'), $var));
}
}
}
}
if ($one_dimensional) {
// Extract real array from temp array
$globals_var = $globals_var[0];
}
// Restore current array with prepared data
$GLOBALS[$var] = $globals_var;
$Debuglog->add('param(-): <strong>' . $var . '</strong> as ' . $type, 'params');
if ($GLOBALS[$var] === array() && $strict_typing === false && $use_default) {
// We want to consider empty values as invalid and fall back to the default value:
$GLOBALS[$var] = $default;
}
break;
default:
if (utf8_substr($type, 0, 1) == '/') {
// We want to match against a REGEXP:
if (!is_scalar($GLOBALS[$var])) {
// This happens if someone uses "foo[]=x" where "foo" is expected as string
debug_die('param(-): <strong>' . $var . '</strong> is not scalar!');
} elseif (preg_match($type, $GLOBALS[$var])) {
// Okay, match
if (isset($Debuglog)) {
$Debuglog->add('param(-): <strong>' . $var . '</strong> matched against ' . $type, 'params');
}
} elseif ($strict_typing == 'allow_empty' && empty($GLOBALS[$var])) {
// No match but we accept empty value:
if (isset($Debuglog)) {
$Debuglog->add('param(-): <strong>' . $var . '</strong> is empty: ok', 'params');
}
} elseif ($strict_typing) {
// We cannot accept this MISMATCH:
bad_request_die(sprintf(T_('Illegal value received for parameter «%s»!'), $var));
} else {
// Fall back to default:
$GLOBALS[$var] = $default;
if (isset($Debuglog)) {
$Debuglog->add('param(-): <strong>' . $var . '</strong> DID NOT match ' . $type . ' set to default value=' . $GLOBALS[$var], 'params');
}
}
// From now on, consider this as a string: (we need this when memorizing)
$type = 'string';
} elseif ($GLOBALS[$var] === '') {
// Special handling of empty values.
if ($strict_typing === false && $use_default) {
// ADDED BY FP 2006-07-06
// We want to consider empty values as invalid and fall back to the default value:
$GLOBALS[$var] = $default;
} else {
// We memorize the empty value as NULL:
// fplanque> note: there might be side effects to this, but we need
// this to distinguish between 0 and 'no input'
// Note: we do this after regexps because we may or may not want to allow empty strings in regexps
$GLOBALS[$var] = NULL;
if (isset($Debuglog)) {
$Debuglog->add('param(-): <strong>' . $var . '</strong> set to NULL', 'params');
}
}
} else {
if ($strict_typing) {
// We want to make sure the value is valid:
$regexp = '';
switch ($type) {
case 'boolean':
$regexp = '/^(0|1|false|true)$/i';
break;
case 'integer':
$regexp = '/^(\\+|-)?[0-9]+$/';
break;
case 'float':
case 'double':
$regexp = '/^(\\+|-)?[0-9]+(.[0-9]+)?$/';
break;
default:
// Note: other types are not tested and they are not allowed without testing.
debug_die('Invalid parameter type!');
}
if ($strict_typing == 'allow_empty' && empty($GLOBALS[$var])) {
// We have an empty value and we accept it
// ok..
} elseif (!empty($regexp)) {
if ($type == 'boolean' && strtolower($GLOBALS[$var]) == 'false') {
// 'false' string must be interpreted as boolean false value
$GLOBALS[$var] = false;
} elseif (!is_scalar($GLOBALS[$var]) || !preg_match($regexp, $GLOBALS[$var])) {
// Value of scalar var does not match!
bad_request_die(sprintf(T_('Illegal value received for parameter «%s»!'), $var));
}
}
}
// Change the variable type:
settype($GLOBALS[$var], $type);
if (isset($Debuglog)) {
$Debuglog->add('param(-): <strong>' . var_export($var, true) . '</strong> typed to ' . $type . ', new value=' . var_export($GLOBALS[$var], true), 'params');
}
}
}
}
/*
* STEP 3: memorize the value for later url regeneration
*/
if ($memorize) {
// Memorize this parameter
memorize_param($var, $type, $default);
}
// echo $var, '(', gettype($GLOBALS[$var]), ')=', $GLOBALS[$var], '<br />';
return $GLOBALS[$var];
}
/**
* @var current action
*/
global $action;
/**
* @var user permission, if user is only allowed to edit his profile
*/
global $user_profile_only;
global $user_tab, $user_ID;
global $current_User, $UserSettings;
if (!$current_User->check_perm('users', 'edit')) {
// Check permission:
debug_die(T_('You have no permission to see this tab!'));
}
memorize_param('user_tab', 'string', '', $user_tab);
memorize_param('user_ID', 'integer', 0, $user_ID);
// ------------------- PREV/NEXT USER LINKS -------------------
user_prevnext_links(array('block_start' => '<table class="prevnext_user"><tr>', 'prev_start' => '<td width="33%">', 'prev_end' => '</td>', 'prev_no_user' => '<td width="33%"> </td>', 'back_start' => '<td width="33%" class="back_users_list">', 'back_end' => '</td>', 'next_start' => '<td width="33%" class="right">', 'next_end' => '</td>', 'next_no_user' => '<td width="33%"> </td>', 'block_end' => '</tr></table>', 'user_tab' => 'activity'));
// ------------- END OF PREV/NEXT USER LINKS -------------------
if (!$user_profile_only) {
// echo user edit action icons
$Widget = new Widget();
echo_user_actions($Widget, $edited_User, 'edit');
echo '<span class="floatright">' . $Widget->gen_global_icons() . '</span>';
}
echo '<div>' . get_usertab_header($edited_User, $user_tab, $current_User->ID == $edited_User->ID ? T_('My Activity') : T_('User Activity')) . '</div>';
// Display IP address from where this user was created
echo '<div style="margin-top:25px;font-weight:bold;"><span>' . T_('User created from IP') . ': ' . int2ip($UserSettings->get('created_fromIPv4', $edited_User->ID)) . '</span></div>';
/**** Reports from edited user ****/
user_reports_results_block(array('edited_User' => $edited_User));
evo_flush();
/**
* Sets a parameter with values from the request or to provided default,
* except if param is already set!
*
* Also removes magic quotes if they are set automatically by PHP.
* Also forces type.
* Priority order: POST, GET, COOKIE, DEFAULT.
*
* @param string Variable to set
* @param string Force value type to one of:
* - integer
* - float, double
* - string (strips (HTML-)Tags, trims whitespace)
* - array (TODO: array/integer , array/array/string )
* - html (does nothing)
* - '' (does nothing)
* - '/^...$/' check regexp pattern match (string)
* - boolean (will force type to boolean, but you can't use 'true' as a default since it has special meaning. There is no real reason to pass booleans on a URL though. Passing 0 and 1 as integers seems to be best practice).
* Value type will be forced only if resulting value (probably from default then) is !== NULL
* @param mixed Default value or TRUE if user input required
* @param boolean Do we need to memorize this to regenerate the URL for this page?
* @param boolean Override if variable already set
* @param boolean Force setting of variable to default if no param is sent and var wasn't set before
* @param mixed true will refuse illegal values,
* false will try to convert illegal to legal values,
* 'allow_empty' will refuse illegal values but will always accept empty values (This helps blocking dirty spambots or borked index bots. Saves a lot of processor time by killing invalid requests)
* @return mixed Final value of Variable, or false if we don't force setting and did not set
*/
function param($var, $type = '', $default = '', $memorize = false, $override = false, $use_default = true, $strict_typing = 'allow_empty')
{
global $Debuglog, $debug, $evo_charset, $io_charset;
// NOTE: we use $GLOBALS[$var] instead of $$var, because otherwise it would conflict with param names which are used as function params ("var", "type", "default", ..)!
/*
* STEP 1 : Set the variable
*
* Check if already set
* WARNING: when PHP register globals is ON, COOKIES get priority over GET and POST with this!!!
* dh> I never understood that comment.. does it refer to "variables_order" php.ini setting?
* fp> I guess
*/
if (!isset($GLOBALS[$var]) || $override) {
if (isset($_POST[$var])) {
$GLOBALS[$var] = remove_magic_quotes($_POST[$var]);
// if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.'='.$GLOBALS[$var].' set by POST', 'params' );
} elseif (isset($_GET[$var])) {
$GLOBALS[$var] = remove_magic_quotes($_GET[$var]);
// if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.'='.$GLOBALS[$var].' set by GET', 'params' );
} elseif (isset($_COOKIE[$var])) {
$GLOBALS[$var] = remove_magic_quotes($_COOKIE[$var]);
// if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.'='.$GLOBALS[$var].' set by COOKIE', 'params' );
} elseif ($default === true) {
bad_request_die(sprintf(T_('Parameter «%s» is required!'), $var));
} elseif ($use_default) {
// We haven't set any value yet and we really want one: use default:
$GLOBALS[$var] = $default;
// echo '<br>param(-): '.$var.'='.$GLOBALS[$var].' set by default';
// if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.'='.$GLOBALS[$var].' set by default', 'params' );
} else {
// param not found! don't set the variable.
// Won't be memorized nor type-forced!
return false;
}
} else {
// Variable was already set but we need to remove the auto quotes
$GLOBALS[$var] = remove_magic_quotes($GLOBALS[$var]);
// if( isset($Debuglog) ) $Debuglog->add( 'param(-): '.$var.' already set to ['.var_export($GLOBALS[$var], true).']!', 'params' );
}
if (isset($io_charset) && !empty($evo_charset)) {
$GLOBALS[$var] = convert_charset($GLOBALS[$var], $evo_charset, $io_charset);
}
/*
* STEP 2: make sure the data fits the expected type
*
* type will be forced even if it was set before and not overriden
*/
if (!empty($type) && $GLOBALS[$var] !== NULL) {
// Force the type
// echo "forcing type!";
switch ($type) {
case 'html':
// do nothing
if (isset($Debuglog)) {
$Debuglog->add('param(-): <strong>' . $var . '</strong> as RAW Unsecure HTML', 'params');
}
break;
case 'string':
// strip out any html:
// echo $var, '=', $GLOBALS[$var], '<br />';
if (!is_scalar($GLOBALS[$var])) {
// This happens if someone uses "foo[]=x" where "foo" is expected as string
// TODO: dh> debug_die() instead?
$GLOBALS[$var] = '';
$Debuglog->add('param(-): <strong>' . $var . '</strong> is not scalar!', 'params');
} else {
$GLOBALS[$var] = trim(strip_tags($GLOBALS[$var]));
// Make sure the string is a single line
$GLOBALS[$var] = preg_replace('¤\\r|\\n¤', '', $GLOBALS[$var]);
}
$Debuglog->add('param(-): <strong>' . $var . '</strong> as string', 'params');
break;
default:
if (substr($type, 0, 1) == '/') {
// We want to match against a REGEXP:
if (preg_match($type, $GLOBALS[$var])) {
// Okay, match
if (isset($Debuglog)) {
$Debuglog->add('param(-): <strong>' . $var . '</strong> matched against ' . $type, 'params');
}
} elseif ($strict_typing == 'allow_empty' && empty($GLOBALS[$var])) {
// No match but we accept empty value:
if (isset($Debuglog)) {
$Debuglog->add('param(-): <strong>' . $var . '</strong> is empty: ok', 'params');
}
} elseif ($strict_typing) {
// We cannot accept this MISMATCH:
bad_request_die(sprintf(T_('Illegal value received for parameter «%s»!'), $var));
} else {
// Fall back to default:
$GLOBALS[$var] = $default;
if (isset($Debuglog)) {
$Debuglog->add('param(-): <strong>' . $var . '</strong> DID NOT match ' . $type . ' set to default value=' . $GLOBALS[$var], 'params');
}
}
// From now on, consider this as a string: (we need this when memorizing)
$type = 'string';
} elseif ($GLOBALS[$var] === '') {
// Special handling of empty values.
if ($strict_typing === false && $use_default) {
// ADDED BY FP 2006-07-06
// We want to consider empty values as invalid and fall back to the default value:
$GLOBALS[$var] = $default;
} else {
// We memorize the empty value as NULL:
// fplanque> note: there might be side effects to this, but we need
// this to distinguish between 0 and 'no input'
// Note: we do this after regexps because we may or may not want to allow empty strings in regexps
$GLOBALS[$var] = NULL;
if (isset($Debuglog)) {
$Debuglog->add('param(-): <strong>' . $var . '</strong> set to NULL', 'params');
}
}
} elseif ($GLOBALS[$var] === array()) {
if ($strict_typing === false && $use_default) {
// ADDED BY FP 2006-09-07
// We want to consider empty values as invalid and fall back to the default value:
$GLOBALS[$var] = $default;
}
} else {
if ($strict_typing) {
// We want to make sure the value is valid:
$regexp = '';
switch ($type) {
case 'boolean':
$regexp = '/^(0|1|false|true)$/i';
break;
case 'integer':
$regexp = '/^(\\+|-)?[0-9]+$/';
break;
case 'float':
case 'double':
$regexp = '/^(\\+|-)?[0-9]+(.[0-9]+)?$/';
break;
// Note: other types are not tested here.
}
if ($strict_typing == 'allow_empty' && empty($GLOBALS[$var])) {
// We have an empty value and we accept it
// ok..
} elseif (!empty($regexp) && (!is_scalar($GLOBALS[$var]) || !preg_match($regexp, $GLOBALS[$var]))) {
// Value does not match!
bad_request_die(sprintf(T_('Illegal value received for parameter «%s»!'), $var));
}
}
// Change the variable type:
settype($GLOBALS[$var], $type);
if (isset($Debuglog)) {
$Debuglog->add('param(-): <strong>' . $var . '</strong> typed to ' . $type . ', new value=' . $GLOBALS[$var], 'params');
}
}
}
}
/*
* STEP 3: memorize the value for later url regeneration
*/
if ($memorize) {
// Memorize this parameter
memorize_param($var, $type, $default);
}
// echo $var, '(', gettype($GLOBALS[$var]), ')=', $GLOBALS[$var], '<br />';
return $GLOBALS[$var];
}
}
$action = param_action();
if ($tab3 == 'quick') {
require_css('quick_upload.css');
//require_js( 'multiupload/sendfile.js' );
//require_js( 'multiupload/quick_upload.js' );
require_js('multiupload/fileuploader.js');
require_css('fileuploader.css');
}
// INIT params:
if (param('root_and_path', 'string', '', false) && strpos($root_and_path, '::')) {
// root and path together: decode and override (used by "radio-click-dirtree")
list($root, $path) = explode('::', $root_and_path, 2);
// Memorize new root:
memorize_param('root', 'string', NULL);
memorize_param('path', 'string', NULL);
} else {
param('root', 'string', NULL, true);
// the root directory from the dropdown box (user_X or blog_X; X is ID - 'user' for current user (default))
param('path', 'string', '', true);
// the path relative to the root dir
if (param('new_root', 'string', '') && $new_root != $root) {
// We have changed root in the select list
$root = $new_root;
$path = '';
}
}
// Get root:
$ads_list_path = false;
// false by default, gets set if we have a valid root
/**
* @copyright (c)2003-2013 by Francois Planque - {@link http://fplanque.com/}.
* Parts of this file are copyright (c)2005 by Daniel HAHLER - {@link http://thequod.de/contact}.
*
* @license http://b2evolution.net/about/license.html GNU General Public License (GPL)
*
* @package admin
*
* {@internal Below is a list of authors who have contributed to design/coding of this file: }}
* @author efy-asimo: Attila Simo.
*
* @version $Id: _broken_slugs.view.php 3328 2013-03-26 11:44:11Z yura $
*/
if (!defined('EVO_MAIN_INIT')) {
die('Please, do not access this page directly.');
}
memorize_param('action', 'string', '', 'find_broken_slugs');
$SQL = new SQL();
$SQL->SELECT('slug_ID, slug_title, slug_itm_ID');
$SQL->FROM('T_slug');
$SQL->WHERE('slug_type = "item" AND slug_itm_ID NOT IN (SELECT post_ID FROM T_items__item )');
$Results = new Results($SQL->get(), 'broken_slugs_');
$Results->title = T_('Broken item slugs with no matching item');
$Results->global_icon(T_('Cancel!'), 'close', regenerate_url('action'));
$Results->cols[] = array('th' => T_('Slug ID'), 'th_class' => 'shrinkwrap', 'td_class' => 'small center', 'order' => 'slug_ID', 'td' => '$slug_ID$');
$Results->cols[] = array('th' => T_('Title'), 'th_class' => 'nowrap', 'td_class' => 'small', 'order' => 'slug_title', 'td' => '$slug_title$');
$Results->cols[] = array('th' => T_('Item ID'), 'th_class' => 'shrinkwrap', 'td_class' => 'small center', 'order' => 'slug_itm_ID', 'td' => '$slug_itm_ID$');
$Results->display(array('page_url' => regenerate_url('blog,ctrl,action,results_' . $Results->param_prefix . 'page', 'action=' . param_action() . '&' . url_crumb('tools'))));
if ($current_User->check_perm('options', 'edit', true) && $Results->get_num_rows()) {
// display Delete link
$redirect_to = regenerate_url('action', 'action=del_broken_slugs&' . url_crumb('tools'));
echo '<p>[<a href="' . $redirect_to . '">' . T_('Delete these slugs') . '</a>]</p>';
*/
if (!defined('EVO_MAIN_INIT')) {
die('Please, do not access this page directly.');
}
global $blog, $admin_url, $UserSettings;
global $datestartinput, $datestart, $datestopinput, $datestop, $email;
if (param_date('datestartinput', T_('Invalid date'), false, NULL) !== NULL) {
// We have a user provided localized date:
memorize_param('datestart', 'string', NULL, trim(form_date($datestartinput)));
} else {
// We may have an automated param transmission date:
param('datestart', 'string', '', true);
}
if (param_date('datestopinput', T_('Invalid date'), false, NULL) !== NULL) {
// We have a user provided localized date:
memorize_param('datestop', 'string', NULL, trim(form_date($datestopinput)));
} else {
// We may have an automated param transmission date:
param('datestop', 'string', '', true);
}
param('email', 'string', '', true);
// Create result set:
$SQL = new SQL();
$SQL->SELECT('SQL_NO_CACHE emlog_ID, emlog_timestamp, emlog_user_ID, emlog_to, emlog_result, emlog_subject');
$SQL->FROM('T_email__log');
$CountSQL = new SQL();
$CountSQL->SELECT('SQL_NO_CACHE COUNT(emlog_ID)');
$CountSQL->FROM('T_email__log');
if (!empty($datestart)) {
// Filter by start date
$SQL->WHERE_and('emlog_timestamp >= ' . $DB->quote($datestart . ' 00:00:00'));
/**
* Set/Activate filterset
*
* This will also set back the GLOBALS !!! needed for regenerate_url().
*
* @param array
* @param boolean
*/
function set_filters($filters, $memorize = true)
{
if (!empty($filters)) {
// Activate the filterset (fallback to default filter when a value is not set):
$this->filters = array_merge($this->default_filters, $filters);
}
// Activate preset filters if necessary:
$this->activate_preset_filters();
// Funky oldstyle params:
$this->limit = $this->filters['posts'];
// for compatibility with parent class
$this->page = $this->filters['page'];
if ($memorize) {
// set back the GLOBALS !!! needed for regenerate_url() :
/*
* Selected filter preset:
*/
memorize_param($this->param_prefix . 'filter_preset', 'string', $this->default_filters['filter_preset'], $this->filters['filter_preset']);
// List of authors to restrict to
/*
* Blog & Chapters/categories restrictions:
*/
// Get chapters/categories (and compile those values right away)
memorize_param('cat', '/^[*\\-]?([0-9]+(,[0-9]+)*)?$/', $this->default_filters['cat_modifier'], $this->filters['cat_modifier']);
// List of authors to restrict to
memorize_param('catsel', 'array', $this->default_filters['cat_array'], $this->filters['cat_array']);
memorize_param($this->param_prefix . 'cat_focus', 'string', $this->default_filters['cat_focus'], $this->filters['cat_focus']);
// Categories to search on
// TEMP until we get this straight:
// fp> this would only be used for the categories widget and setting it here overwtrites the interesting values when a post list widget is tirggered
// fp> if we need it here we want to use a $set_globals params to this function
// global $cat_array, $cat_modifier;
// $cat_array = $this->default_filters['cat_array'];
// $cat_modifier = $this->default_filters['cat_modifier'];
/*
* Restrict to selected tags:
*/
memorize_param($this->param_prefix . 'tags', 'string', $this->default_filters['tags'], $this->filters['tags']);
/*
* Restrict to selected authors:
*/
memorize_param($this->param_prefix . 'author', 'string', $this->default_filters['authors'], $this->filters['authors']);
// List of authors to restrict to
/*
* Restrict to selected assignees:
*/
memorize_param($this->param_prefix . 'assgn', 'string', $this->default_filters['assignees'], $this->filters['assignees']);
// List of assignees to restrict to
/*
* Restrict to selected author OR assignee:
*/
memorize_param($this->param_prefix . 'author_assignee', 'string', $this->default_filters['author_assignee'], $this->filters['author_assignee']);
/*
* Restrict to selected locale:
*/
memorize_param($this->param_prefix . 'lc', 'string', $this->default_filters['lc'], $this->filters['lc']);
// Locale to restrict to
/*
* Restrict to selected statuses:
*/
memorize_param($this->param_prefix . 'status', 'string', $this->default_filters['statuses'], $this->filters['statuses']);
// List of statuses to restrict to
/*
* Restrict to selected item type:
*/
memorize_param($this->param_prefix . 'types', 'integer', $this->default_filters['types'], $this->filters['types']);
// List of item types to restrict to
/*
* Restrict by keywords
*/
memorize_param($this->param_prefix . 's', 'string', $this->default_filters['keywords'], $this->filters['keywords']);
// Search string
memorize_param($this->param_prefix . 'sentence', 'string', $this->default_filters['phrase'], $this->filters['phrase']);
// Search for sentence or for words
memorize_param($this->param_prefix . 'exact', 'integer', $this->default_filters['exact'], $this->filters['exact']);
// Require exact match of title or contents
/*
* Specific Item selection?
*/
memorize_param($this->param_prefix . 'm', 'integer', $this->default_filters['ymdhms'], $this->filters['ymdhms']);
// YearMonth(Day) to display
memorize_param($this->param_prefix . 'w', 'integer', $this->default_filters['week'], $this->filters['week']);
// Week number
memorize_param($this->param_prefix . 'dstart', 'integer', $this->default_filters['ymdhms_min'], $this->filters['ymdhms_min']);
// YearMonth(Day) to start at
memorize_param($this->param_prefix . 'dstop', 'integer', $this->default_filters['ymdhms_max'], $this->filters['ymdhms_max']);
// YearMonth(Day) to start at
// TODO: show_past/future should probably be wired on dstart/dstop instead on timestamps -> get timestamps out of filter perimeter
if (is_null($this->default_filters['ts_min']) && is_null($this->default_filters['ts_max'])) {
// We have not set a strict default -> we allow overridding:
memorize_param($this->param_prefix . 'show_past', 'integer', 0, $this->filters['ts_min'] == 'now' ? 0 : 1);
memorize_param($this->param_prefix . 'show_future', 'integer', 0, $this->filters['ts_max'] == 'now' ? 0 : 1);
}
/*
* Restrict to the statuses we want to show:
*/
// Note: oftentimes, $show_statuses will have been preset to a more restrictive set of values
memorize_param($this->param_prefix . 'show_statuses', 'array', $this->default_filters['visibility_array'], $this->filters['visibility_array']);
// Array of sharings to restrict to
/*
* OLD STYLE orders:
*/
memorize_param($this->param_prefix . 'order', 'string', $this->default_filters['order'], $this->filters['order']);
// ASC or DESC
memorize_param($this->param_prefix . 'orderby', 'string', $this->default_filters['orderby'], $this->filters['orderby']);
// list of fields to order by (TODO: change that crap)
/*
* Paging limits:
*/
memorize_param($this->param_prefix . 'unit', 'string', $this->default_filters['unit'], $this->filters['unit']);
// list unit: 'posts' or 'days'
memorize_param($this->param_prefix . 'posts', 'integer', $this->default_filters['posts'], $this->filters['posts']);
// # of units to display on the page
// 'paged'
memorize_param($this->page_param, 'integer', 1, $this->filters['page']);
// List page number in paged display
}
}
return;
}
// Comments counter
$c_number = @generic_ctp_number($Item->ID, 'comments');
$t_number = @generic_ctp_number($Item->ID, 'trackbacks');
$p_number = @generic_ctp_number($Item->ID, 'pingbacks');
global $disp;
if ($disp == 'page') {
$title_links = $Skin->T_('Related Links');
} else {
$title_links = $Skin->T_('Related Posts');
}
echo '<div class="tabbed-content post-tabs clearfix" id="post-tabs"><div class="tabs-wrap clearfix"><ul class="tabs"><li class="related-posts"><a href="#section-relatedPosts"><span>' . $title_links . '</span></a></li>';
if ($Item->can_see_comments()) {
// Set redir=no in order to open comment pages
memorize_param('redir', 'string', '', 'no');
if (empty($c)) {
// Comments not requested
$params['disp_comments'] = false;
// DO NOT Display the comments if not requested
$params['disp_comment_form'] = false;
// DO NOT Display the comments form if not requested
}
if (empty($tb) || !$Blog->get('allowtrackbacks')) {
// Trackback not requested or not allowed
$params['disp_trackbacks'] = false;
// DO NOT Display the trackbacks if not requested
$params['disp_trackback_url'] = false;
// DO NOT Display the trackback URL if not requested
}
if (!empty($t_number)) {
}
/**
* @var Blog
*/
$edited_Blog =& $Blog;
} else {
// We could not find a blog we have edit perms on...
// Note: we may still have permission to edit categories!!
// redirect to blog list:
header_redirect('?ctrl=collections');
// EXITED:
$Messages->add(T_('Sorry, you have no permission to edit blog properties.'), 'error');
$action = 'nil';
$tab = '';
}
memorize_param('blog', 'integer', -1);
// Needed when generating static page for example
if (($tab == 'perm' || $tab == 'permgroup') && (empty($blog) || !$Blog->advanced_perms)) {
// We're trying to access advanced perms but they're disabled!
$tab = 'features';
// the screen where you can enable advanced perms
if ($action == 'update') {
// make sure we don't update anything here
$action = 'edit';
}
}
/**
* Perform action:
*/
switch ($action) {
case 'edit':
// Send an info message to users who reported this deleted user:
user_send_report_message($report_user_IDs, $deleted_user_login);
}
if ($increase_spam_score) {
// Increase spam fighter score for the users who reported the deleted account:
user_increase_spam_score($report_user_IDs);
}
}
$action = 'list';
// Redirect so that a reload doesn't write to the DB twice:
header_redirect('?ctrl=users', 303);
// Will EXIT
// We have EXITed already at this point!!
} else {
// not confirmed, Check for restrictions:
memorize_param('user_ID', 'integer', true);
if (!empty($fullname)) {
$msg = sprintf(T_('Cannot delete User «%s» [%s]'), $fullname, $edited_User->dget('login'));
} else {
$msg = sprintf(T_('Cannot delete User «%s»'), $edited_User->dget('login'));
}
if (!$edited_User->check_delete($msg)) {
// There are restrictions:
$action = 'view';
}
}
break;
case 'del_settings_set':
// Delete a set of an array type setting:
param('plugin_ID', 'integer', true);
param('set_path');
case 'simple':
$AdminUI->disp_view('items/views/_item_simple.form.php');
break;
case 'expert':
default:
$AdminUI->disp_view('items/views/_item_expert.form.php');
break;
}
// End payload block:
$AdminUI->disp_payload_end();
break;
case 'view':
case 'delete':
// View a single post:
// Memorize 'p' in case we reload while changing some display settings
memorize_param('p', 'integer', NULL);
// Begin payload block:
$AdminUI->disp_payload_begin();
// We use the "full" view for displaying single posts:
$AdminUI->disp_view('items/views/_item_list_full.view.php');
// End payload block:
$AdminUI->disp_payload_end();
break;
case 'list':
default:
// Begin payload block:
$AdminUI->disp_payload_begin();
// fplanque> Note: this is depressing, but I have to put a table back here
// just because IE supports standards really badly! :'(
echo '<table class="browse" cellspacing="0" cellpadding="0" border="0"><tr>';
echo '<td class="browse_left_col">';
