public function checkCSRFCode($actionCode)
{
if (!isset($_SESSION['login-token'])) {
stopError(bw::$conf['l']['admin:msg:NeedLogin']);
} elseif (!isset($_REQUEST['CSRFCode'])) {
stopError(bw::$conf['l']['admin:msg:CSRF']);
} elseif (substr(md5(bw::$conf['myUA'] . bw::$conf['siteKey'] . $actionCode), 0, 8) != $_REQUEST['CSRFCode']) {
stopError(bw::$conf['l']['admin:msg:CSRF']);
}
}
public function deleteCategories($deletedCates)
{
foreach ($deletedCates as $delCate => $delCateName) {
$delLine = bw::$db->getSingleRow('SELECT * FROM categories WHERE aCateURLName=:delCate', array(':delCate' => $delCate));
if ($delLine['aCateCount'] == 0) {
bw::$db->dbExec('DELETE FROM categories WHERE aCateURLName=:delCate', array(':delCate' => $delCate));
} else {
stopError(bw::$conf['l']['admin:msg:CategoryNotEmpty']);
}
}
if ($this->cacheClear) {
$this->getCategories();
//Refresh immediately
clearCache();
//Clear all cache
}
hook('deleteCategories', 'Execute', $deletedCates);
}
<?php
/**
*
* @link http://bw.bo-blog.com
* @copyright (c) 2016 bW Development Team
* @license MIT
*/
if (!defined('P')) {
die('Access Denied.');
}
loadServices();
if (isset(bw::$conf['APIOpen'])) {
if (!bw::$conf['APIOpen']) {
stopError('API disabled.');
}
} else {
stopError('API disabled.');
}
$api = new bwApi();
$api->auth(bw::$conf['basicAPI'], bw::$conf['advancedAPI']);
$api->go($canonical->currentArgs['mainAPI'], $canonical->currentArgs['subAPI'], $canonical->currentArgs['pref']);
/**
* Builds newletter template using the assigned template replacing universal variables with their content.
*
* @param int $nID Newsletter ID
* @return string
*/
function buildUniversal($nID)
{
global $hc_lang_news, $hc_cfg;
$tmplCache = HCPATH . '/cache/news' . date("ymd") . '_' . $nID . '.txt';
if (!file_exists($tmplCache)) {
foreach (glob(HCPATH . '/cache/news*_' . $nID . '.txt') as $filename) {
unlink($filename);
}
$result = doQuery("SELECT tn.TemplateSource, n.Message, n.IsArchive\r\n\t\t\t\t\t\t\tFROM " . HC_TblPrefix . "newsletters n\r\n\t\t\t\t\t\t\t\tLEFT JOIN " . HC_TblPrefix . "templatesnews tn ON (n.TemplateID = tn.PkID)\r\n\t\t\t\t\t\t\tWHERE n.PkID = '" . $nID . "' AND n.IsActive = 1 AND tn.IsActive = 1");
$template = $message = $archive = '';
$doArchive = 0;
if (hasRows($result)) {
$template = cOut(mysql_result($result, 0, 0));
$message = cOut(mysql_result($result, 0, 1));
$doArchive = cOut(mysql_result($result, 0, 2));
$archive = CalRoot . '/newsletter/index.php?n=' . md5($nID);
} else {
stopError($hc_lang_news['Err01']);
}
$template = str_replace('[message]', $message, $template);
if (stristr($template, '[billboard]')) {
$query = "SELECT PkID, Title, StartDate, StartTime, IsBillboard, SeriesID, TBD, EndTime FROM " . HC_TblPrefix . "events WHERE IsActive = 1 AND IsApproved = 1 AND StartDate >= '" . SYSDATE . "' AND IsBillboard = 1 ORDER BY IsBillboard DESC, StartDate, StartTime, Title LIMIT " . $hc_cfg[12];
$template = str_replace('[billboard]', getEventList($query), $template);
}
if (stristr($template, '[popular]')) {
$query = "SELECT PkID, Title, StartDate, StartTime, IsBillboard, SeriesID, TBD, EndTime, (Views / (DATEDIFF('" . SYSDATE . "', PublishDate)+1)) as Ave FROM " . HC_TblPrefix . "events WHERE IsActive = 1 AND IsApproved = 1 AND StartDate >= '" . SYSDATE . "' ORDER BY Ave DESC, StartDate, StartTime, Title LIMIT " . $hc_cfg[10];
$template = str_replace('[popular]', getEventList($query), $template);
}
if (stristr($template, '[newest]')) {
$query = "SELECT PkID, Title, StartDate, StartTime, IsBillboard, SeriesID, TBD, EndTime FROM " . HC_TblPrefix . "events WHERE IsActive = 1 AND IsApproved = 1 AND StartDate >= '" . SYSDATE . "' ORDER BY PublishDate DESC, StartDate LIMIT " . $hc_cfg[66];
$template = str_replace('[newest]', getEventList($query), $template);
}
if (stristr($template, '[updated]')) {
$query = "SELECT PkID, Title, StartDate, StartTime, IsBillboard, SeriesID, TBD, EndTime FROM " . HC_TblPrefix . "events WHERE IsActive = 1 AND IsApproved = 1 AND StartDate >= '" . SYSDATE . "' ORDER BY LastMod DESC, StartDate LIMIT " . $hc_cfg[66];
$template = str_replace('[updated]', getEventList($query), $template);
}
if (stristr($template, '[today]')) {
$query = "SELECT PkID, Title, StartDate, StartTime, IsBillboard, SeriesID, TBD, EndTime FROM " . HC_TblPrefix . "events WHERE IsActive = 1 AND IsApproved = 1 AND StartDate = '" . SYSDATE . "' ORDER BY StartDate, StartTime, Title LIMIT " . $hc_cfg[12];
$template = str_replace('[today]', getEventList($query), $template);
}
if (stristr($template, '[twitter]')) {
$template = str_replace('[twitter]', '<a href="http://twitter.com/share?url=' . urlencode($archive) . '" target="_blank"><img src="' . CalRoot . '/newsletter/images/twitter.png" style="border:0px;" /></a>', $template);
}
if (stristr($template, '[facebook]')) {
$template = str_replace('[facebook]', '<a href="http://www.facebook.com/sharer.php?u=' . urlencode($archive) . '" target="_blank"><img src="' . CalRoot . '/newsletter/images/facebook.png" style="border:0px;" /></a>', $template);
}
if (stristr($template, '[follow]')) {
$follow = $hc_cfg[63] != '' ? '<a href="http://www.twitter.com/' . $hc_cfg[63] . '" target="_blank"><img src="' . CalRoot . '/newsletter/images/follow_me.png" style="border:0px;" /></a>' : '';
$template = str_replace('[follow]', $follow, $template);
}
if (stristr($template, '[calendarurl]')) {
$template = str_replace('[calendarurl]', '<a href="' . CalRoot . '/" target="_blank">' . CalRoot . '/</a>', $template);
}
if (stristr($template, '[editcancel]')) {
$template = str_replace('[editcancel]', '<a href="' . CalRoot . '/index.php?com=edit" target="_blank">' . $hc_lang_news['EditLinkTxt'] . '</a>', $template);
}
if (stristr($template, '[archive]')) {
$template = $doArchive == 1 ? str_replace('[archive]', '<a href="' . $archive . '" target="_blank">' . $hc_lang_news['ArchiveLinkTxt'] . '</a>', $template) : str_replace('[archive]', '', $template);
}
if (stristr($template, '[event-count]')) {
$result = doQuery("SELECT COUNT(*) FROM " . HC_TblPrefix . "events WHERE IsActive = 1 AND IsApproved = 1 AND StartDate >= '" . cIn(SYSDATE) . "'");
$eCnt = hasRows($result) ? number_format(mysql_result($result, 0, 0), 0, '.', ',') : 0;
$template = str_replace('[event-count]', $eCnt, $template);
}
if (stristr($template, '[location-count]')) {
$result = doQuery("SELECT COUNT(*) FROM " . HC_TblPrefix . "locations WHERE IsActive = 1");
$lCnt = hasRows($result) ? number_format(mysql_result($result, 0, 0), 0, '.', ',') : 0;
$template = str_replace('[location-count]', $lCnt, $template);
}
if (stristr($template, '[track]')) {
$template = str_replace('[track]', '<img src="' . CalRoot . '/newsletter/a.php?a=' . md5($nID) . '" width="1" height="1" />', $template);
}
ob_flush();
ob_start();
$fp = fopen($tmplCache, 'w');
echo $template;
fwrite($fp, ob_get_contents());
fclose($fp);
ob_end_clean();
}
return includeToString(realpath($tmplCache));
}
public function loader()
{
if ($this->cache) {
// Cached content: direct output
if (!defined('ajax')) {
die($this->cache);
} else {
die(json_encode(array('error' => 0, 'returnMsg' => $this->cache)));
}
} else {
hook('newIndexPage', 'Execute', $this);
if (!file_exists(P . "mode/{$this->loaderID}.mod.php")) {
stopError("Invalid parameter.");
}
return P . "mode/{$this->loaderID}.mod.php";
}
}
/**
*
* @link http://bw.bo-blog.com
* @copyright (c) 2014 bW Development Team
* @license MIT
*/
if (!defined('P')) {
die('Access Denied.');
}
$article = new bwArticle();
$view = new bwView();
if (isset($canonical->currentArgs['tValue'])) {
$view->setPageTitle($conf['l']['page:Tags'] . ' - ' . $canonical->currentArgs['tValue']);
$view->setActiveNav('index');
} else {
stopError($conf['l']['admin:msg:NoContent']);
}
$article->getArticleListByTag($canonical->currentArgs['tValue']);
loadServices();
//Load Duoshuo
// Pagination
$canonical->calTotalPages($article->totalArticles);
$view->doPagination();
$view->setPassData(array('articlesummary' => $article->articleList));
if (defined('ajax')) {
$view->setMaster('ajax-article-list');
$view->setWorkFlow(array('summary', 'ajax-article-list'));
} else {
$view->setPassData(array('navigation' => bw::$cateList, 'sociallink' => bw::getSocialLinks(), 'externallink' => bw::getExternalLinks(), 'tagClound' => bw::getTagCloud()));
$view->setMaster('page');
$view->setWorkFlow(array('summary', 'page'));
private function throwError()
{
if (!$this->silent) {
stopError('Database Error: ' . implode(', ', $this->errorMsg));
exit;
}
}
$view->finalize();
} elseif ($canonical->currentArgs['subAction'] == 'installpkg') {
$returnError = true;
if (isset($_SESSION['enable_load_market']) && $admin->getCSRFCode('install' . $_SESSION['enable_load_market']) == $_REQUEST['CSRFCode'] && isset($_REQUEST['dl'])) {
$returnError = false;
}
if ($returnError) {
$view->setMaster('marketinstallfailure');
$view->setWorkFlow(array('marketinstallfailure'));
$view->finalize();
} else {
$view->setMaster('marketinstallsuccess');
$view->setWorkFlow(array('marketinstallsuccess'));
$view->finalize();
}
} else {
if (!isset($_SESSION['enable_load_market'])) {
$_SESSION['enable_load_market'] = $rndCode = rand(1000, 9999);
} else {
$rndCode = $_SESSION['enable_load_market'];
}
$admin->checkCSRFCode('navibar');
$view->setMaster('admin');
$view->setPassData(array('installCSRFCode' => $admin->getCSRFCode('install' . $rndCode)));
$view->setWorkFlow(array('adminmarket', 'admin'));
$view->finalize();
}
}
hook('newAdminCategory', 'Execute', $canonical, $admin, $view);
stopError($conf['l']['admin:msg:NeedLogin']);
private function checkComData($smt)
{
$acceptedKeys = array('userName', 'userURL', 'userContent', 'aID', 'comkey', 'socialkey', 'userAvatar');
$smt = dataFilter($acceptedKeys, $smt);
if (empty($smt['aID']) || $smt['userName'] === '' || empty($smt['userContent']) || empty($smt['comkey'])) {
stopError(bw::$conf['l']['admin:msg:NoData']);
}
$smt['userName'] = htmlspecialchars($smt['userName'], ENT_QUOTES, 'UTF-8');
$smt['userURL'] = htmlspecialchars($smt['userURL'], ENT_QUOTES, 'UTF-8');
$smt['userContent'] = htmlspecialchars($smt['userContent'], ENT_QUOTES, 'UTF-8');
return $smt;
}
$token = $o->getAccessToken('code', $keys);
} catch (OAuthException $e) {
stopError(bw::$conf['l']['page:SinaError']);
}
if ($token) {
$_SESSION['sina_token'] = $token;
setcookie('weibojs_' . $o->client_id, http_build_query($token));
header('Location: ' . bw::$conf['siteURL'] . '/read.php/' . $_REQUEST['aID'] . '/');
exit;
} else {
stopError(bw::$conf['l']['page:SinaError']);
}
}
if ($canonical->currentArgs['subAction'] == 'check') {
if (!isset($_SESSION['sina_token'])) {
stopError('Not logged in.');
}
$c = new SaeTClientV2(WB_AKEY, WB_SKEY, $_SESSION['sina_token']['access_token']);
$uid_get = $c->get_uid();
$user_message = $c->show_user_by_id($uid_get['uid']);
ajaxSuccess($user_message);
}
if ($canonical->currentArgs['subAction'] == 'end') {
if (!isset($_REQUEST['aID'])) {
stopError(bw::$conf['l']['page:SinaError']);
}
unset($_SESSION['sina_token']);
header('Location: ' . bw::$conf['siteURL'] . '/read.php/' . $_REQUEST['aID'] . '/');
exit;
}
}
private function checkArticleData($smt)
{
$acceptedKeys = array('aTitle', 'aID', 'aContent', 'aCateURLName', 'aTime', 'aTags');
if (isset($smt['originID'])) {
$acceptedKeys[] = 'originID';
}
$smt = dataFilter($acceptedKeys, $smt);
if (empty($smt['aTitle']) || $smt['aID'] === '' || empty($smt['aContent'])) {
stopError(bw::$conf['l']['admin:msg:NoData']);
}
if (!array_key_exists($smt['aCateURLName'], bw::$cateData) && $smt['aCateURLName'] != '_trash' && $smt['aCateURLName'] != '_page') {
stopError(bw::$conf['l']['admin:msg:NotExist'] . ': ' . $smt['aCateURLName']);
}
if (empty($smt['aTime'])) {
$smt['aTime'] = $this->cutTime;
} else {
$smt['aTime'] = date('Y-m-d H:i:s', strtotime($smt['aTime']));
}
$smt['aTitle'] = htmlspecialchars($smt['aTitle'], ENT_QUOTES, 'UTF-8');
$smt['aID'] = urlencode($smt['aID']);
return $smt;
}