function countRecordsByUser($tableName, $userNum = null) { if (!$userNum) { $userNum = @$GLOBALS['CURRENT_USER']['num']; } return mysql_count($tableName, "`createdByUserNum` = '" . mysql_escape($userNum) . "'"); }
function getTableDetails() { global $tableName; $tableDetails = array(); $tableDetails['rowCount'] = mysql_count($tableName); return $tableDetails; }
function getTableList() { global $TABLE_PREFIX, $APP; // get table names $mysqlTables = getMysqlTablesWithPrefix(); $schemaTables = getSchemaTables(); // create multi query $tables = array(); $tableRowCounts = array(); foreach ($schemaTables as $tableName) { $tableNameWithPrefix = getTableNameWithPrefix($tableName); if (in_array($tableNameWithPrefix, $mysqlTables)) { $rowCount = mysql_count($tableNameWithPrefix); } $localTableSchema = loadSchema($tableName); array_push($tables, array('tableName' => $tableName, 'menuName' => @$localTableSchema['menuName'], 'menuType' => @$localTableSchema['menuType'], 'menuOrder' => @$localTableSchema['menuOrder'], 'menuHidden' => @$localTableSchema['menuHidden'], 'tableHidden' => @$localTableSchema['tableHidden'], '_indent' => @$localTableSchema['_indent'], 'recordCount' => $rowCount)); } // sort table list uasort($tables, '_sortMenusByOrder'); // return $tables; }
function list_functions_init($options = array()) { global $CURRENT_USER, $isRelatedRecords; // set defaults $isRelatedRecords = @$options['isRelatedRecords']; $tableName = @$options['tableName'] ? $options['tableName'] : $GLOBALS['tableName']; $schema = @$options['tableName'] ? loadSchema(@$options['tableName']) : $GLOBALS['schema']; $accessWhere = @$options['where'] ? $options['where'] : 'true'; $perPage = @$options['perPage']; // Perform search // if the search form was submitted, we need to reset page=1 if (@$_REQUEST['_defaultAction']) { $_REQUEST['page'] = 1; } // Reset Search (and clear saved editor state) if (@$_REQUEST['_resetSearch'] || @$_REQUEST['_resetSavedSearch']) { // clear last state and request on resetSearch. _resetSavedSearch is for custom links where you don't want previously saved search info to interfere $_SESSION['lastRequest'][$tableName] = array('showAdvancedSearch' => @$_SESSION['lastRequest'][$tableName]['showAdvancedSearch'], 'perPage' => @$_SESSION['lastRequest'][$tableName]['perPage'], 'page' => 1); } if (@$_REQUEST['_resetSearch']) { // clear last state and request on resetSearch $_REQUEST = array('menu' => @$_REQUEST['menu'], 'perPage' => @$_REQUEST['perPage'], 'page' => 1); } // Load last _REQUEST from _SESSION (current _REQUEST values override old ones) if (@$_SESSION['lastRequest'][$tableName] && !$isRelatedRecords && !@$_REQUEST['_ignoreSavedSearch']) { $sortByField = @$_SESSION['lastRequest'][$tableName]['sortBy']; $invalidSortByField = $sortByField && !@$schema[$sortByField]; if ($invalidSortByField) { unset($_SESSION['lastRequest'][$tableName]['sortBy']); } // v2.52 remove invalid sort by fields $_REQUEST += $_SESSION['lastRequest'][$tableName]; } // get user where (to limit to records user has access to) $showAllRecords = false; if (!@$schema['createdByUserNum']) { $showAllRecords = true; } elseif ($GLOBALS['hasEditorAccess']) { $showAllRecords = true; } elseif ($GLOBALS['hasViewerAccessOnly']) { $showAllRecords = true; } elseif ($GLOBALS['hasAuthorViewerAccess']) { $showAllRecords = true; } // viewers can see all records if (!$showAllRecords) { $accessWhere = "({$accessWhere}) AND `createdByUserNum` = '{$CURRENT_USER['num']}'"; } if ($tableName == 'accounts' && !@$CURRENT_USER['isAdmin']) { $accessWhere = "({$accessWhere}) AND `isAdmin` = '0'"; } // get ORDER BY $orderBy = $schema['listPageOrder']; if (@$_REQUEST['sortBy']) { if (!@$schema[$_REQUEST['sortBy']]) { die("Can't sortBy '" . htmlencode($_REQUEST['sortBy']) . "'. Not a valid field!"); } $orderBy = "`{$_REQUEST['sortBy']}` "; if (@$_REQUEST['sortDir'] == 'desc') { $orderBy .= " DESC"; } } // $accessWhere - This is for access control, records filtered out here aren't included in the record count (Total Record: 123) $accessWhere = applyFilters('list_where', $accessWhere, $tableName); // This is for searching, records filtered out here _are_ included in the record count (Total Record: 123) $accessWhere = applyFilters('record_access_where', $accessWhere, $tableName); // same as above, but this filter is also called in _displayRecordAccessErrors() $orderBy = applyFilters('list_orderBy', $orderBy, $tableName); // This is for modifying the orderBy option $searchWhere = $accessWhere; // load records list($records, $metaData) = getRecords(array('tableName' => $tableName, 'perPage' => $isRelatedRecords ? $perPage : getFirstDefinedValue(@$_REQUEST['perPage'], @$schema['_perPageDefault'], 25), 'pageNum' => $isRelatedRecords ? 1 : intval(@$_REQUEST['page']), 'orderBy' => $orderBy, 'where' => $searchWhere, 'allowSearch' => $isRelatedRecords ? false : true, 'requireSearchSuffix' => 'true', 'ignoreHidden' => true, 'ignorePublishDate' => true, 'ignoreRemoveDate' => true, 'includeDisabledAccounts' => true, 'loadPseudoFields' => false)); $metaData['totalMatches'] = $metaData['totalRecords']; $metaData['totalRecords'] = mysql_count($tableName, $accessWhere); // save _REQUEST to _SESSION (this is how we maintain state when user returns to list page) if (!$isRelatedRecords) { $skipFields = array('menu'); foreach ($_REQUEST as $key => $value) { // save all submitted values if (preg_match('/^_/', $key)) { continue; } // skip program command fields: _defaultAction, _advancedAction, etc if (in_array($key, $skipFields)) { continue; } // $_SESSION['lastRequest'][$tableName][$key] = $value; } $_SESSION['lastRequest'][$tableName]['page'] = $metaData['page']; // override page with calculated actual page from getRecords() $_SESSION['lastRequest'][$tableName]['perPage'] = $metaData['perPage']; // override perPage with actual perPage from getRecords() } // $listFields = preg_split("/\\s*,\\s*/", $schema['listPageFields']); // fields to show on list page return array($listFields, $records, $metaData); }
function showMaxRecordsError($returnText = false) { global $CURRENT_USER, $tableName, $escapedTableName, $schema, $hasEditorAccess; $errors = ''; // check section record limit if (@$schema['_maxRecords'] != '') { $recordCount = mysql_count($tableName); if ($recordCount >= $schema['_maxRecords']) { $errors .= sprintf(t('This section only allows a total of \'%s\' records (section limit).'), $schema['_maxRecords']) . "<br/>\n"; } } // check user records limit (regular users only) if (!$hasEditorAccess && @$schema['createdByUserNum']) { $recordCount = mysql_count($tableName, "`createdByUserNum` = '{$CURRENT_USER['num']}'"); if (@$schema['_maxRecordsPerUser'] && $recordCount >= $schema['_maxRecordsPerUser']) { $errors .= sprintf(t('You are only allowed to have \'%s\' records in this section (Section Editor Limit).'), $schema['_maxRecordsPerUser']) . "<br/>\n"; } elseif (@$CURRENT_USER['accessList'][$tableName]['maxRecords'] && $recordCount >= $CURRENT_USER['accessList'][$tableName]['maxRecords']) { $errors .= sprintf(t('You are only allowed to have \'%s\' records in this section (User Account Limit).'), $CURRENT_USER['accessList'][$tableName]['maxRecords']) . "<br/>\n"; } } // display errors if ($errors) { if ($returnText) { return $errors; } else { alert($errors); include 'lib/menus/default/list.php'; exit; } } }
function _errorlog_sendEmailAlert() { if (!$GLOBALS['SETTINGS']['advanced']['phpEmailErrors']) { return; } // once run function once per page-view static $alreadySent = false; if ($alreadySent) { return; } $alreadySent = true; // check if email sent in last hour $sentInLastHour = mysql_count('_error_log', " `dateLogged` > (NOW() - INTERVAL 1 HOUR) AND email_sent = 1"); // send hourly alert if (!$sentInLastHour) { // send email $secondsAgo = time() - $GLOBALS['SETTINGS']['bgtasks_lastEmail']; if ($secondsAgo >= 60 * 60) { // don't email more than once an hour // get date format if ($GLOBALS['SETTINGS']['dateFormat'] == 'dmy') { $dateFormat = "jS M, Y - h:i:s A"; } elseif ($GLOBALS['SETTINGS']['dateFormat'] == 'mdy') { $dateFormat = "M jS, Y - h:i:s A"; } else { $dateFormat = "M jS, Y - h:i:s A"; } // load latest error list $latestErrors = mysql_select('_error_log', "`dateLogged` > (NOW() - INTERVAL 1 HOUR) ORDER BY `dateLogged` DESC LIMIT 25"); $latestErrorsList = ''; foreach ($latestErrors as $thisError) { $latestErrorsList .= date($dateFormat, strtotime($thisError['dateLogged'])) . "\n"; $latestErrorsList .= $thisError['error'] . "\n"; $latestErrorsList .= $thisError['filepath'] . " (line " . $thisError['line_num'] . ")\n"; $latestErrorsList .= $thisError['url'] . "\n\n"; } // set email_sent flag for ALL records mysql_update('_error_log', null, 'TRUE', array('email_sent' => 1)); // send email message $placeholders = array('error.hostname' => parse_url($GLOBALS['SETTINGS']['adminUrl'], PHP_URL_HOST), 'error.latestErrorsList' => nl2br(htmlencode($latestErrorsList)), 'error.errorLogUrl' => realUrl("?menu=_error_log", $GLOBALS['SETTINGS']['adminUrl'])); $errors = sendMessage(emailTemplate_loadFromDB(array('template_id' => 'CMS-ERRORLOG-ALERT', 'placeholders' => $placeholders))); // log/display email sending errors if ($errors) { trigger_error("Unable to send error notification email from " . __FUNCTION__ . ": {$errors}", E_USER_NOTICE); die(__FUNCTION__ . ": {$errors}"); } } } }
function _getAdminMenus(&$menuOrder) { global $CURRENT_USER; if (!@$CURRENT_USER['isAdmin']) { return array(); } $menu = @$_REQUEST['menu']; $action = getRequestedAction(); $adminMenus = array(); $adminMenus[] = array('menuType' => 'menugroup', 'menuName' => t('Admin'), 'menuOrder' => ++$menuOrder, 'tableName' => '', 'link' => '', 'isSelected' => ''); $adminMenus[] = array('menuType' => 'custom', 'menuName' => t('General Settings'), 'menuOrder' => ++$menuOrder, 'link' => '?menu=admin&action=general', 'isSelected' => $menu == 'admin' && ($action == 'general' || $action == 'vendor' || $action == 'adminSave')); $adminMenus[] = array('menuType' => 'custom', 'menuName' => t('Section Editors'), 'menuOrder' => ++$menuOrder, 'link' => '?menu=database', 'isSelected' => $menu == 'database'); $adminMenus[] = array('menuType' => 'custom', 'menuName' => t('Code Generator'), 'menuOrder' => ++$menuOrder, 'link' => '?menu=_codeGenerator', 'isSelected' => $menu == '_codeGenerator'); $adminMenus[] = array('menuType' => 'custom', 'menuName' => t('Plugins'), 'menuOrder' => ++$menuOrder, 'link' => '?menu=admin&action=plugins', 'isSelected' => $menu == 'admin' && $action == 'plugins'); $adminMenus[] = array('menuType' => 'custom', 'menuName' => t('Email Templates'), 'menuOrder' => ++$menuOrder, 'link' => '?menu=_email_templates', 'isSelected' => $menu == '_email_templates'); if (@$GLOBALS['SETTINGS']['advanced']['outgoingMail'] != 'sendOnly') { // only show outgoing mail menu if logging is enabled $count = mysql_count('_outgoing_mail'); $countText = $count ? " ({$count})" : ""; $adminMenus[] = array('menuType' => 'custom', 'menuName' => t('Outgoing Mail') . $countText, 'menuOrder' => ++$menuOrder, 'link' => '?menu=_outgoing_mail', 'isSelected' => $menu == '_outgoing_mail'); } // $errorCount = mysql_count('_error_log'); $adminMenus[] = array('menuType' => 'custom', 'menuName' => t('Error Log') . " ({$errorCount})", 'menuOrder' => ++$menuOrder, 'link' => '?menu=_error_log', 'isSelected' => $menu == '_error_log', 'tableName' => '_error_log', 'recordCount' => $errorCount); //array_pop($adminMenus); // remove "Error Log" from menu // return $adminMenus; }
function emailTemplate_addToDB($record) { if (!$record['template_id']) { dieAsCaller(__FUNCTION__ . ": No 'template_id' set in options"); } // check if template id exists $templateExists = mysql_count('_email_templates', array('template_id' => $record['template_id'])); if ($templateExists) { return false; } // get placeholder text $placeholderText = ''; if (is_array($record['placeholders'])) { if ($record['placeholders']) { // if array isn't empty // hijack emailTemplate_replacePlaceholders() get us a placeholder list (including server placeholders) from placeholder array $placeholderText = array_value(emailTemplate_replacePlaceholders(array(), array_combine($record['placeholders'], $record['placeholders'])), 1); } } else { $placeholderText = $record['placeholders']; } // add template $colsToValues = array('createdDate=' => 'NOW()', 'createdByUserNum' => '0', 'updatedDate=' => 'NOW()', 'updatedByUserNum' => '0', 'template_id' => $record['template_id'], 'description' => $record['description'], 'from' => $record['from'], 'reply-to' => @$record['from'], 'to' => $record['to'], 'cc' => @$record['cc'], 'bcc' => @$record['bcc'], 'subject' => $record['subject'], 'html' => $record['html'], 'placeholders' => $placeholderText); mysql_insert('_email_templates', $colsToValues, true); // set notice //if ($showNotice) { // notice(t("Adding email template:"). htmlencode($colsToValues['template_id']). "<br/>\n"); //} }
function __getUniqueFieldErrors($fieldLabel, $fieldName, $fieldValue, $recordNum) { global $escapedTableName, $tableName; $error = ''; // check if value already in use $where = "`{$fieldName}` = '" . mysql_escape($fieldValue) . "'"; if ($recordNum) { $where .= " AND num != '" . mysql_escape($recordNum) . "'"; } # ignore records existing value (which might be the same) $count = mysql_count($tableName, $where); if ($count > 0) { $error = sprintf(t("'%s' value must be unique. The selected value is already in use!"), $fieldLabel) . "\n"; } // return $error; }
function installIfNeeded() { global $SETTINGS, $APP, $TABLE_PREFIX; if (isInstalled()) { return; } // skip if already installed // rename default files renameOrRemoveDefaultFiles(); // error checking if ($SETTINGS['uploadDir'] && !is_dir($SETTINGS['uploadDir'])) { print "Upload directory doesn't exist, please update 'uploadDir' in /data/" . SETTINGS_FILENAME . "<br/>\n"; print "Current uploadDir value: " . htmlencode($SETTINGS['uploadDir']) . "<br/>\n"; print "Suggested uploadDir value: uploads/ or ../uploads/<br/>\n"; exit; } // error checking checkFilePermissions(); // display license if (@$_REQUEST['menu'] == 'license') { showInterface('license.php'); } // save if (@$_REQUEST['save']) { // error checking if (!$_REQUEST['licenseCompanyName']) { alert("Please enter your 'Company Name'<br/>\n"); } if (!$_REQUEST['licenseDomainName']) { alert("Please enter your 'Domain Name'<br/>\n"); } if (!$_REQUEST['licenseProductId']) { alert("Please enter your 'Product Id'<br/>\n"); } else { if (!isValidProductId($_REQUEST['licenseProductId'])) { alert("Invalid Product Id!<br/>\n"); } } if (!$_REQUEST['agreeToOneInstall']) { alert("Please check 'I agree not to use this 'Product Id' for multiple installs'<br/>\n"); } if (!$_REQUEST['understandTermination']) { alert("Please check 'I understand doing so may cause be to lose my right to use this software'<br/>\n"); } if (!$_REQUEST['agreeToLicense']) { alert("Please check 'I accept the terms of the License Agreement'<br/>\n"); } if (!$_REQUEST['mysqlHostname']) { alert("Please enter your 'MySQL Hostname'<br/>\n"); } if (!$_REQUEST['mysqlDatabase']) { alert("Please enter your 'MySQL Database'<br/>\n"); } if (!$_REQUEST['mysqlUsername']) { alert("Please enter your 'MySQL Username'<br/>\n"); } if (!$_REQUEST['mysqlTablePrefix']) { alert("Please enter your 'MySQL Table Prefix'<br/>\n"); } elseif (preg_match("/[A-Z]/", $_REQUEST['mysqlTablePrefix'])) { alert("Value for 'MySQL Table Prefix' must be lowercase.<br/>\n"); } elseif (!preg_match("/^[a-z]/i", $_REQUEST['mysqlTablePrefix'])) { alert("Value for 'MySQL Table Prefix' must start with a letter.<br/>\n"); } elseif (!preg_match("/_\$/", $_REQUEST['mysqlTablePrefix'])) { alert("Value for 'MySQL Table Prefix' must end in underscore.<br/>\n"); } // New Installation if (!@$_REQUEST['restoreFromBackup']) { if (!$_REQUEST['adminFullname']) { alert("Please enter 'Admin Full Name'<br/>\n"); } if (!$_REQUEST['adminEmail']) { alert("Please enter 'Admin Email'<br/>\n"); } elseif (!isValidEmail($_REQUEST['adminEmail'])) { alert("Please enter a valid email for 'Admin Email' (Example: user@example.com)<br/>\n"); } if (!$_REQUEST['adminUsername']) { alert("Please enter 'Admin Username'<br/>\n"); } $passwordErrors = getNewPasswordErrors($_REQUEST['adminPassword1'], $_REQUEST['adminPassword2'], $_REQUEST['adminUsername']); // v2.52 if ($passwordErrors) { alert(nl2br(htmlencode($passwordErrors))); } } // Restore from Backup if (@$_REQUEST['restoreFromBackup']) { if (!$_REQUEST['restore']) { alert("Please select a backup file to restore<br/>\n"); } } // Advanced - v2.53 if (!@$_REQUEST['useCustomSettingsFile']) { if (is_file(SETTINGS_DEV_FILEPATH)) { alert(t("You must select 'Use Custom Settings File' since a custom settings file for this domain already exists!") . "<br/>\n"); } elseif (isDevServer()) { alert("This is a development server, you must select 'Use Custom Settings File'." . "<br/>\n"); } } if (@$_REQUEST['webPrefixUrl'] != '') { if (!preg_match("|^(\\w+:/)?/|", $_REQUEST['webPrefixUrl'])) { alert(t("Website Prefix URL must start with /") . "<br/>\n"); } if (preg_match("|/\$|", $_REQUEST['webPrefixUrl'])) { alert(t("Website Prefix URL cannot end with /") . "<br/>\n"); } } // update settings (not saved unless there are no errors) $SETTINGS['cookiePrefix'] = substr(md5(mt_rand()), 0, 5) . '_'; //v2.51 shortened prefix so it's easy to see full cookie names in browser cookie list $SETTINGS['adminEmail'] = @$SETTINGS['adminEmail'] ? $SETTINGS['adminEmail'] : $_REQUEST['adminEmail']; $SETTINGS['licenseCompanyName'] = $_REQUEST['licenseCompanyName']; $SETTINGS['licenseDomainName'] = $_REQUEST['licenseDomainName']; $SETTINGS['licenseProductId'] = $_REQUEST['licenseProductId']; $SETTINGS['webRootDir'] = @$SETTINGS['webRootDir'] ? $SETTINGS['webRootDir'] : @$_SERVER['DOCUMENT_ROOT']; $SETTINGS['mysql']['hostname'] = $_REQUEST['mysqlHostname']; $SETTINGS['mysql']['database'] = $_REQUEST['mysqlDatabase']; $SETTINGS['mysql']['username'] = $_REQUEST['mysqlUsername']; $SETTINGS['mysql']['password'] = $_REQUEST['mysqlPassword']; $SETTINGS['mysql']['tablePrefix'] = $_REQUEST['mysqlTablePrefix']; $TABLE_PREFIX = $_REQUEST['mysqlTablePrefix']; // update TABLE_PREFIX global as well. $SETTINGS['webPrefixUrl'] = $_REQUEST['webPrefixUrl']; // display errors if (alert()) { require "lib/menus/install.php"; exit; } // connect to mysql $errors = connectToMySQL('returnErrors'); if ($errors) { alert($errors); require "lib/menus/install.php"; exit; } else { connectToMySQL(); } // create schema tables createMissingSchemaTablesAndFields(); clearAlertsAndNotices(); // don't show "created table/field" alerts // New Installation: check if admin user already exists if (!@$_REQUEST['restoreFromBackup']) { $passwordHash = getPasswordDigest($_REQUEST['adminPassword1']); $identicalUserExists = mysql_count('accounts', array('username' => $_REQUEST['adminUsername'], 'password' => $passwordHash, 'isAdmin' => '1')); if (!$identicalUserExists) { // if the don't exist, check if a user with the same username exists and show an error if they do $count = mysql_count('accounts', array('username' => $_REQUEST['adminUsername'])); if (!$identicalUserExists && $count > 0) { alert("Admin username already exists, please choose another.<br/>\n"); } } // create admin user if (!$identicalUserExists && !alert()) { mysqlStrictMode(false); // disable Mysql strict errors for when a field isn't defined below (can be caused when fields are added later) mysql_query("INSERT INTO `{$TABLE_PREFIX}accounts` SET\n createdDate = NOW(),\n createdByUserNum = '0',\n updatedDate = NOW(),\n updatedByUserNum = '0',\n fullname = '" . mysql_escape($_REQUEST['adminFullname']) . "', email = '" . mysql_escape($_REQUEST['adminEmail']) . "',\n username = '******'adminUsername']) . "', password = '******',\n disabled = '0',\n isAdmin = '1',\n expiresDate = '0000-00-00 00:00:00',\n neverExpires = '1'") or alert("MySQL Error Creating Admin User:<br/>\n" . htmlencode(mysql_error()) . "\n"); // create accesslist entry mysql_query("INSERT INTO `{$TABLE_PREFIX}_accesslist` (userNum, tableName, accessLevel, maxRecords, randomSaveId)\n VALUES (LAST_INSERT_ID(), 'all', '9', NULL, '1234567890')") or alert("MySQL Error Creating Admin Access List:<br/>\n" . htmlencode(mysql_error()) . "\n"); } } // Restore from Backup: Restore backup file if (@$_REQUEST['restoreFromBackup']) { $userCount = mysql_count('accounts'); if ($userCount) { $userTable = $TABLE_PREFIX . 'accounts'; $errorMessage = sprintf("Can't restore from backup because it would overwrite the %s existing user accounts in the specified database location.<br/>\n", $userCount); $errorMessage .= sprintf("Try changing the MySQL Database or Table Prefix to restore to a different location, or remove existing users from '%s'.<br/>\n", $userTable); alert($errorMessage); } else { // restore database $filename = @$_REQUEST['restore']; mysqlStrictMode(false); // disable Mysql strict errors restoreDatabase(DATA_DIR . '/backups/' . $filename); notice("Restored backup file /data/backups/{$filename}"); makeAllUploadRecordsRelative(); } } // save settings if (!alert()) { saveSettings(@$_REQUEST['useCustomSettingsFile']); isInstalled(true); // save installed status redirectBrowserToURL('?menu=home', true); // refresh page exitl; } } // set defaults if (!array_key_exists('licenseDomainName', $_REQUEST)) { $_REQUEST['licenseDomainName'] = $_SERVER['HTTP_HOST']; } if (!array_key_exists('mysqlHostname', $_REQUEST)) { $_REQUEST['mysqlHostname'] = $SETTINGS['mysql']['hostname']; } if (!array_key_exists('mysqlDatabase', $_REQUEST)) { $_REQUEST['mysqlDatabase'] = $SETTINGS['mysql']['database']; } if (!array_key_exists('mysqlUsername', $_REQUEST)) { $_REQUEST['mysqlUsername'] = $SETTINGS['mysql']['username']; } if (!array_key_exists('mysqlTablePrefix', $_REQUEST)) { $_REQUEST['mysqlTablePrefix'] = $SETTINGS['mysql']['tablePrefix']; } // show form require "lib/menus/install.php"; exit; }
<div style="padding-left: 25px"> <input class="text-input wide-input" type="text" name="restrictByIP_allowed" value="<?php echo htmlencode(@$SETTINGS['advanced']['restrictByIP_allowed']); ?> " size="30" /> </div> </td> </tr> <tr><td colspan="2"> </td></tr> <?php $tips = array(); $errorLogCount = mysql_count('_error_log'); if (!isHTTPS()) { $tips[] = t("Use a secure https:// url to access this program. You are currently using an insecure connection."); } if (!$SETTINGS['advanced']['requireHTTPS']) { $tips[] = t("Enable 'Require HTTPS' above to disallow insecure connections."); } if (ini_get('display_errors')) { $tips[] = t("Hide PHP Errors (for production and live web servers)."); } if (!$SETTINGS['advanced']['phpEmailErrors']) { $tips[] = t("Enable 'Email PHP Errors' to be notified of PHP errors on website."); } if (ini_get('expose_php')) { $tips[] = t(sprintf("%s is currently enabled, disable it in php.ini.", '<a href="http://www.php.net/manual/en/ini.core.php#ini.expose-php">expose_php</a>')); }
function recreateThumbnails() { global $TABLE_PREFIX; $tableNameWithoutPrefix = getTablenameWithoutPrefix($_REQUEST['tablename']); // error checking $stopPrefix = "STOPJS:"; // this tells javascript to stop creating thumbnails $requiredFields = array('tablename', 'fieldname', 'maxHeight', 'maxWidth'); foreach ($requiredFields as $fieldname) { if (!@$_REQUEST[$fieldname]) { die($stopPrefix . "Required fieldname '{$fieldname}' not specified!"); } } if (preg_match('/[^0-9\\_]/i', $_REQUEST['maxHeight'])) { die($stopPrefix . "Invalid value for max height!\n"); } if (preg_match('/[^0-9\\_]/i', $_REQUEST['maxWidth'])) { die($stopPrefix . "Invalid value for max width!\n"); } // get upload count static $count; if ($count == '') { $where = mysql_escapef("tableName = ? AND fieldName = ?", $tableNameWithoutPrefix, $_REQUEST['fieldname']); $totalUploads = mysql_count('uploads', $where); } // load upload $whereEtc = mysql_escapef("tableName = ? AND fieldname = ?", $tableNameWithoutPrefix, $_REQUEST['fieldname']); $whereEtc .= " LIMIT 1 OFFSET " . intval($_REQUEST['offset']); @(list($upload) = mysql_select('uploads', $whereEtc)); // if ($upload) { // get uploadDir and uploadUrl $schema = loadSchema($upload['tableName']); list($uploadDir, $uploadUrl) = getUploadDirAndUrl($schema[$upload['fieldName']]); // get upload's absolute filepath $absoluteFilepath = addUploadPathPrefix($upload['filePath'], $uploadDir); // make path absolute // error checking if (!file_exists($absoluteFilepath)) { $error = "Upload doesn't exist '{$absoluteFilepath}'!<br/>\n"; $error .= "Found in: {$upload['tableName']}, {$upload['fieldName']}, record {$upload['recordNum']}."; die($error); } ### resize image $isImage = preg_match("/\\.(gif|jpg|jpeg|png)\$/i", $absoluteFilepath); if ($isImage) { $thumbNum = $_REQUEST['thumbNum']; $thumbSavePath = preg_replace("|([^/]+)\$|", "thumb{$thumbNum}/\$1", $absoluteFilepath); $thumbUrlPath = preg_replace("|([^/]+)\$|", "thumb{$thumbNum}/\$1", $upload['urlPath']); // erase old thumbnail if (file_exists($thumbSavePath)) { @unlink($thumbSavePath) || die("Can't erase old thumbnail '{$thumbSavePath}': {$php_errormsg}"); } // create new thumbnail list($thumbWidth, $thumbHeight) = saveResampledImageAs($thumbSavePath, $absoluteFilepath, $_REQUEST['maxWidth'], $_REQUEST['maxHeight']); doAction('upload_thumbnail_save', array($tableNameWithoutPrefix, $_REQUEST['fieldname'], $thumbNum, $thumbSavePath)); // update upload database $query = "UPDATE `{$TABLE_PREFIX}uploads`\n"; $query .= " SET `thumbFilepath{$thumbNum}` = '" . mysql_escape(removeUploadPathPrefix($thumbSavePath, $uploadDir)) . "',\n"; $query .= " `thumbUrlPath{$thumbNum}` = '" . mysql_escape(removeUploadPathPrefix($thumbUrlPath, $uploadUrl)) . "',\n"; $query .= " `thumbWidth{$thumbNum}` = '" . mysql_escape($thumbWidth) . "',\n"; $query .= " `thumbHeight{$thumbNum}` = '" . mysql_escape($thumbHeight) . "'\n"; $query .= " WHERE num = '" . mysql_escape($upload['num']) . "'"; mysql_query($query) or die("MySQL Error: " . htmlencode(mysql_error()) . "\n"); } } // print status message $offset = $_REQUEST['offset'] + 1; if ($offset <= $totalUploads) { print "{$offset}/{$totalUploads}"; } else { print "done"; } exit; }