/** * Submit form contents for an event edit to the DB */ function events_edit_submit() { global $ssc_database; $id = (int) $_POST['id']; if ($id == 0) { $result = $ssc_database->query("INSERT INTO #__events (title, description, uri, flags, date) VALUES ('%s', '%s', '%s', %d, '%s')", $_POST['name'], $_POST['desc'], $_POST['uri'], isset($_POST['link']) && $_POST['link'] == '1' ? 1 : 0, date("Y-m-d", strtotime(ssc_parse_date($_POST['date'])))); $id = $ssc_database->last_id(); } else { $result = $ssc_database->query("UPDATE #__events SET title = '%s', description = '%s', uri = '%s', flags = %d, date = '%s' WHERE id = %d LIMIT 1", $_POST['name'], $_POST['desc'], $_POST['uri'], isset($_POST['link']) && $_POST['link'] == '1' ? 1 : 0, date("Y-m-d", strtotime(ssc_parse_date($_POST['date']))), $id); } if ($result) { ssc_add_message(SSC_MSG_INFO, t('Event saved successfully')); } else { ssc_add_message(SSC_MSG_CRIT, t('Event was unable to be saved - ' . $ssc_database->error())); return; } if ((int) $_POST['id'] == 0) { ssc_redirect('/admin/events/edit/' . $id); } }
/** * Read the data from the tables to recreate a CSV file for download * @param int $id ID number of the sailing series/regatta in the DB * @return string CSV collection when successful, NULL otherwise */ function _ssc_sailing_get_csv($id) { global $ssc_database; // Find heat numbers $result = $ssc_database->query("SELECT heats FROM #__sailing_series WHERE id = %d", $id); if (!$result || $ssc_database->number_rows() != 1) { ssc_add_message(SSC_MSG_CRIT, t('Unable to find specified series within database')); return NULL; } $data = $ssc_database->fetch_assoc($result); if (!$data) { ssc_add_message(SSC_MSG_CRIT, t('Unable to find specified series database details')); return NULL; } // Heat numbers! $heats = explode(',', $data['heats']); // Organise results $result = $ssc_database->query("SELECT r.uid, number, skipper, crew, class, name, club, r.results, r.times, points, division FROM #__sailing_results r LEFT JOIN #__sailing_entries e ON e.id = r.uid WHERE series_id = %d ORDER BY division ASC, number ASC", $id); $csv = 'Sail No., Division, Skipper, Crew, Class, Boat Name, Club, ' . $data['heats'] . ", Position\r\n"; while ($data = $ssc_database->fetch_assoc($result)) { if (count($heats) < strlen($data['times'])) { // Interleave times and results $res = ''; $pos = explode(',', $data['results']); $times = explode(',', $data['times']); for ($i = 0; $i < count($pos); $i++) { if ($times[$i] == '') { $res .= "{$pos[$i]},"; } else { $res .= "{$times[$i]},"; } } $res = substr($res, 0, -1); } else { // Final result only $res = $data['results']; } $csv .= "{$data['number']}, {$data['division']}, {$data['skipper']}, {$data['crew']}, {$data['class']}, {$data['name']}, {$data['club']}, {$res}, {$data['points']}\r\n"; } return $csv; }
/** * Edit link submission */ function nav_add_link_submit() { global $ssc_database; $result = $ssc_database->query("SELECT r FROM #__navigation WHERE bid = %d ORDER BY r DESC LIMIT 1", $_POST['wid']); if (!($data = $ssc_database->fetch_assoc($result))) { return; } $result = $ssc_database->query("INSERT INTO #__navigation SET url = '%s', title = '%s', description = '%s', l = %d, r = %d, bid = %d", $_POST['url'], $_POST['title'], $_POST['desc'], $data['r'] + 1, $data['r'] + 2, $_POST['wid']); if ($result) { ssc_add_message(SSC_MSG_INFO, t('Link was added')); } else { ssc_add_message(SSC_MSG_CRIT, t('Link unable to be added')); } }
/** * Profile edit saving */ function login_profile_submit() { global $ssc_database, $ssc_user; $admin = $_GET['path'] == '/admin' && login_check_auth("login"); if (!empty($_POST['n2'])) { $hash = new PasswordHash(8, true); $pass = $hash->HashPassword($_POST['n2']); } else { $pass = null; } // Ready to submit if ($_POST['uid'] <= 0 && $admin) { // New user $result = $ssc_database->query("INSERT INTO #__user SET\n\t\tusername = '******', fullname = '%s', displayname = '%s', email = '%s',\n\t\tgid = %d, password = '******', created = %d", $_POST['user'], $_POST['full'], $_POST['disp'], $_POST['email'], $_POST['grp'], $pass, time()); if (!$result) { ssc_add_message(SSC_MSG_CRIT, t('There was an error submitting this form')); return; } $id = $ssc_database->last_id(); ssc_add_message(SSC_MSG_INFO, t('User details saved')); ssc_redirect("/admin/login/edit/{$id}"); } else { // Update existing if ($admin) { if ($pass) { $result = $ssc_database->query("UPDATE #__user SET\n\t\t\t\tusername = '******', fullname = '%s', displayname = '%s', email = '%s',\n\t\t\t\tgid = %d, password = '******' WHERE id = %d", $_POST['user'], $_POST['full'], $_POST['disp'], $_POST['email'], $_POST['grp'], $pass, $_POST['uid']); if ($result) { ssc_add_message(SSC_MSG_INFO, t('User details saved')); } else { ssc_add_message(SSC_MSG_CRIT, t('There was an error submitting this form')); } } else { $result = $ssc_database->query("UPDATE #__user SET\n\t\t\t\tusername = '******', fullname = '%s', displayname = '%s', email = '%s',\n\t\t\t\tgid = %d WHERE id = %d", $_POST['user'], $_POST['full'], $_POST['disp'], $_POST['email'], $_POST['grp'], $_POST['uid']); if ($result) { ssc_add_message(SSC_MSG_INFO, t('User details saved')); } else { ssc_add_message(SSC_MSG_CRIT, t('There was an error submitting this form')); } } } else { if ($pass) { $result = $ssc_database->query("UPDATE #__user SET\n\t\t\t\tusername = '******', fullname = '%s', displayname = '%s', email = '%s',\n\t\t\t\tpassword = '******' WHERE id = %d", $_POST['user'], $_POST['full'], $_POST['disp'], $_POST['email'], $pass, $ssc_user->id); if ($result) { ssc_add_message(SSC_MSG_INFO, t('User details saved')); } else { ssc_add_message(SSC_MSG_CRIT, t('There was an error submitting this form')); } } else { $result = $ssc_database->query("UPDATE #__user SET\n\t\t\t\tusername = '******', fullname = '%s', displayname = '%s', email = '%s'\n\t\t\t\tWHERE id = %d", $_POST['user'], $_POST['full'], $_POST['disp'], $_POST['email'], $ssc_user->id); if ($result) { ssc_add_message(SSC_MSG_INFO, t('User details saved')); } else { ssc_add_message(SSC_MSG_CRIT, t('There was an error submitting this form')); } } } } }
/** * Gallery edit submission */ function gallery_form_submit() { global $ssc_database, $ssc_site_path; if ($_POST['gid'] == 0) { // Insert new $result = $ssc_database->query("INSERT INTO #__handler (status, handler, path) \n\t\t\t\tVALUES (0, %d, '%s')", module_id('gallery'), $_POST['url']); if (!$result) { ssc_add_message(SSC_MSG_CRIT, 'Error inserting into DB'); return; } $id = $ssc_database->last_id(); $result = $ssc_database->query("INSERT INTO #__gallery (id, title, description, visible) \n\t\t\t\tVALUES (%d, '%s', '%s', %d)", $id, $_POST['name'], $_POST['desc'], $_POST['vis']); if (!$result) { $ssc_database->query("DELETE FROM #__handler WHERE id = %d LIMIT 1", $id); ssc_add_message(SSC_MSG_CRIT, 'Error inserting into DB'); return; } mkdir($ssc_site_path . '/images/gallery/' . $id); ssc_add_message(SSC_MSG_INFO, t('Gallery saved')); ssc_redirect('/admin/gallery/edit/' . $id); } else { $result = $ssc_database->query("UPDATE #__gallery g, #__handler h SET title = '%s', description = '%s', \n\t\t\t\tvisible = %d, path = '%s' WHERE g.id = %d AND g.id = h.id ", $_POST['name'], $_POST['desc'], $_POST['vis'], $_POST['url'], $_POST['gid']); if (!$result) { ssc_add_message(SSC_MSG_CRIT, 'Gallery details were not saved'); } else { ssc_add_message(SSC_MSG_INFO, 'Gallery details updated'); } } if (isset($_FILES['single'])) { // Uploading single file $ext = pathinfo($_FILES['single']['name']); $ext = "." . $ext['extension']; $file = $ssc_site_path . '/tmp/' . time() . "{$ext}"; if (!move_uploaded_file($_FILES['single']['tmp_name'], $file)) { return; } $image = new sscImage($file); // Possibly messy, but insert before resizing $result = $ssc_database->query("INSERT INTO #__gallery_content (gallery_id, caption, mid) VALUES (%d, '', 0)", $_POST['gid']); if (!$result) { ssc_add_message(SSC_MSG_CRIT, 'Unable to insert new image'); return; } $id = $ssc_database->last_id(); $path = $ssc_site_path . '/images/gallery/' . $_POST['gid'] . '/'; if (!$image->resize($path . $id . $ext, 1024, -1)) { $ssc_database->query("DELETE FROM #__gallery_content WHERE id = %d LIMIT 1", $id); unlink($file); ssc_add_message(SSC_MSG_CRIT, 'Unable to insert new image'); return; } if (!$image->resize($path . $id . "_m{$ext}", 350, -1)) { $ssc_database->query("DELETE FROM #__gallery_content WHERE id = %d LIMIT 1", $id); unlink($file); unlink($path . $id . $ext); ssc_add_message(SSC_MSG_CRIT, 'Unable to insert new image'); return; } if (!$image->resize($path . $id . "_t{$ext}", 150, -1)) { $ssc_database->query("DELETE FROM #__gallery_content WHERE id = %d LIMIT 1", $id); unlink($file); unlink($path . $id . $ext); unlink($path . $id . "_m.{$ext}"); ssc_add_message(SSC_MSG_CRIT, 'Unable to insert new image'); return; } ssc_add_message(SSC_MSG_INFO, t('Image uploaded')); unlink($file); } }
/** * Comment submission */ function blog_guest_comment_submit() { global $ssc_database, $ssc_site_url; $details['n'] = $_POST['n']; $details['s'] = $_POST['s']; $details['e'] = $_POST['e']; ssc_cookie('comment_details', serialize($details), 15552000); // Load antispam if (ssc_load_library('sscAkismet')) { $spam = new sscAkismet($ssc_site_url, ssc_var_get('wordpress_api', '')); if (!$spam) { // No API key - submit but mark for moderation $is_spam = SSC_BLOG_COMMENT_SPAM; } else { $spam->setContent($_POST['c'], 'comment'); $spam->setAuthor($_POST['n'], $_POST['e'], $_POST['s']); $spam->setRemote($_SERVER['REMOTE_ADDR'], $_SERVER['HTTP_USER_AGENT']); $spam->setBlog($_POST['perma']); $is_spam = $spam->isSpam() ? SSC_BLOG_COMMENT_SPAM | SSC_BLOG_COMMENT_CAN_SPAM : SSC_BLOG_COMMENT_CAN_SPAM; // Increment caught count if ($is_spam & SSC_BLOG_COMMENT_SPAM) { ssc_var_set('akismet_count', (int) ssc_var_get('akismet_count', 1) + 1); } } } else { // No Akismet library - submit but mark for moderation $is_spam = SSC_BLOG_COMMENT_SPAM; } if ($is_spam & SSC_BLOG_COMMENT_SPAM && ssc_var_get('blog.discard_spam', false)) { ssc_add_message(SSC_MSG_WARN, t('Your post was marked as spam and permanently discarded - please try to reduce it\'s "spammyness" and try again')); $_POST['spammed'] = true; } else { $_POST['spammed'] = false; $result = $ssc_database->query("INSERT INTO #__blog_comment (post_id, author, email, site, created, status, body, ip)\n\t\t\tVALUES (%d, '%s', '%s', '%s', %d, %d, '%s', '%s')", $_POST['i'], $_POST['n'], $_POST['e'], $_POST['s'], time(), $is_spam, $_POST['c'], $_SERVER['REMOTE_ADDR']); // Result tree if ($result) { // Submission successful if ($is_spam & SSC_BLOG_COMMENT_SPAM) { // Comment was marked as spam if ($is_spam & SSC_BLOG_COMMENT_CAN_SPAM) { // ... by Akismet ssc_add_message(SSC_MSG_WARN, t('Your comment has been submitted but marked as spam and queued for moderation. Do not resubmit your comment.')); } else { // Akisment unavailable - manual moderation ssc_add_message(SSC_MSG_INFO, t('Your comment has been submitted and queued for moderation. Do not resubmit as it should be checked soon.')); } } else { ssc_add_message(SSC_MSG_INFO, t('Your comment was successfully added')); } } else { ssc_add_message(SSC_MSG_CRIT, t('There was a server error encountered while submitting your comment')); } } }
/** * Page submission */ function static_form_submit() { global $ssc_database; $id = intval($_POST['id']); if ($id == 0) { // Insert $result = $ssc_database->query("INSERT INTO #__handler (path, handler) VALUES ('%s', %d)", $_POST['url'], module_id('static')); if (!$result) { ssc_add_message(SSC_MSG_CRIT, 'Error inserting into DB'); return; } $id = $ssc_database->last_id(); $result = $ssc_database->query("INSERT INTO #__static (id, title, created, modified, body) VALUES (%d, '%s', %d, %d, '%s')", $id, $_POST['title'], time(), time(), $_POST['body']); if (!$result) { ssc_add_message(SSC_MSG_CRIT, 'Error inserting into DB'); return; } ssc_add_message(SSC_MSG_INFO, t('Page saved')); ssc_redirect('/admin/static/edit/' . $id); } else { // Update $ssc_database->query("UPDATE #__static s, #__handler h SET s.title = '%s', s.body = '%s', h.path = '%s', s.modified = %d WHERE s.id = h.id AND s.id = %d", $_POST['title'], $_POST['body'], $_POST['url'], time(), $id); } ssc_add_message(SSC_MSG_INFO, t('Page saved')); }
function fbapp_mod_blog_post_publish($blog_id, $id, $title) { global $ssc_site_url, $ssc_database, $ssc_site_path; require_once 'facebook.php'; $api_key = "9c476aaa4b1654c09ede303a7d140a36"; $secret_key = ssc_var_get('fbapp_blog_secret', ''); if ($secret_key == '') { ssc_add_message(SSC_MSG_CRIT, "Facebook user secret key has not been set up yet!"); return; } $session_key = ssc_var_get('fbapp_blog_session', ''); if ($session_key == '') { ssc_add_message(SSC_MSG_CRIT, "Facebook user session key has not been set yet!"); return; } $client = new FacebookRestClient($api_key, $secret_key, $session_key); if (!$client->users_getLoggedInUser()) { ssc_add_message(SSC_MSG_CRIT, "Unable to get userid"); return; } $dbres = $ssc_database->query("SELECT body FROM #__blog_post WHERE id = %d LIMIT 1", $id); if (!$dbres) { ssc_add_message(SSC_MSG_CRIT, "Unable to retrieve posted item from database?!"); return; } if (!($data = $ssc_database->fetch_assoc($dbres))) { ssc_add_message(SSC_MSG_CRIT, "Unable to retrieve posted item from database?!"); return; } $img = null; // Extract the first image $i = strpos($data['body'], '[[img'); if ($i !== false) { // Some basic error checking for a valid tag $j = strpos($data['body'], ']]', $i); $k = strpos($data['body'], '[[', $i + 3); if ($j !== false && ($j < $k || $k === FALSE)) { $path = explode("|", substr($data['body'], $i, $j - $i)); if (count($path) > 1) { $path = $path[1]; // Now match it up to the right path if (strpos($path, "://") === false) { if ($path[0] == "/") { $path = substr($path, 1); } // Relative path if (file_exists($ssc_site_path . "/images/{$path}.jpg") || file_exists($ssc_site_path . "/images/{$path}.png") || file_exists($ssc_site_path . "/images/{$path}")) { // Default to image directory base-dir $img = $ssc_site_url . "/images/{$path}"; } elseif (file_exists($ssc_site_path . "/{$path}") || file_exists($ssc_site_path . "/{$path}.jpg") || file_exists($ssc_site_path . "/{$path}.png")) { // Relative to site root instead $img = $ssc_site_url . '/' . $path; } } } } } // Hackish - TODO later for multiple blog paths, non-root based $uri = $ssc_site_url . "/id/{$id}"; //$result = $client->feed_publishUserAction(30881549425, array("title"=>$title, "uri"=>$uri), '', '', 2); $attachment = array('name' => $title, 'href' => $uri, 'caption' => 'A blog post has just been made'); if ($img != null) { $attachment['media'] = array(array('type' => 'image', 'src' => $img, 'href' => $uri)); } $action_links = array(array('text' => 'Read this post', 'href' => $uri)); $target_id = null; //array(); $uid = null; $result = $client->stream_publish(" has been blogging", $attachment, $action_links, $target_id, $uid); if ($result) { ssc_var_set('fbapp_blog_lastid', $id); } else { ssc_add_message("Unable to post to FB"); } }