Exemple #1
0
 public function checkCSRFCode($actionCode)
 {
     if (!isset($_SESSION['login-token'])) {
         stopError(bw::$conf['l']['admin:msg:NeedLogin']);
     } elseif (!isset($_REQUEST['CSRFCode'])) {
         stopError(bw::$conf['l']['admin:msg:CSRF']);
     } elseif (substr(md5(bw::$conf['myUA'] . bw::$conf['siteKey'] . $actionCode), 0, 8) != $_REQUEST['CSRFCode']) {
         stopError(bw::$conf['l']['admin:msg:CSRF']);
     }
 }
Exemple #2
0
 public function deleteCategories($deletedCates)
 {
     foreach ($deletedCates as $delCate => $delCateName) {
         $delLine = bw::$db->getSingleRow('SELECT * FROM categories WHERE aCateURLName=:delCate', array(':delCate' => $delCate));
         if ($delLine['aCateCount'] == 0) {
             bw::$db->dbExec('DELETE FROM categories WHERE aCateURLName=:delCate', array(':delCate' => $delCate));
         } else {
             stopError(bw::$conf['l']['admin:msg:CategoryNotEmpty']);
         }
     }
     if ($this->cacheClear) {
         $this->getCategories();
         //Refresh immediately
         clearCache();
         //Clear all cache
     }
     hook('deleteCategories', 'Execute', $deletedCates);
 }
Exemple #3
0
<?php

/**
* 
* @link http://bw.bo-blog.com
* @copyright (c) 2016 bW Development Team
* @license MIT
*/
if (!defined('P')) {
    die('Access Denied.');
}
loadServices();
if (isset(bw::$conf['APIOpen'])) {
    if (!bw::$conf['APIOpen']) {
        stopError('API disabled.');
    }
} else {
    stopError('API disabled.');
}
$api = new bwApi();
$api->auth(bw::$conf['basicAPI'], bw::$conf['advancedAPI']);
$api->go($canonical->currentArgs['mainAPI'], $canonical->currentArgs['subAPI'], $canonical->currentArgs['pref']);
/**
 * Builds newletter template using the assigned template replacing universal variables with their content.
 *
 * @param int $nID Newsletter ID
 * @return string
 */
function buildUniversal($nID)
{
    global $hc_lang_news, $hc_cfg;
    $tmplCache = HCPATH . '/cache/news' . date("ymd") . '_' . $nID . '.txt';
    if (!file_exists($tmplCache)) {
        foreach (glob(HCPATH . '/cache/news*_' . $nID . '.txt') as $filename) {
            unlink($filename);
        }
        $result = doQuery("SELECT tn.TemplateSource, n.Message, n.IsArchive\r\n\t\t\t\t\t\t\tFROM " . HC_TblPrefix . "newsletters n\r\n\t\t\t\t\t\t\t\tLEFT JOIN " . HC_TblPrefix . "templatesnews tn ON (n.TemplateID = tn.PkID)\r\n\t\t\t\t\t\t\tWHERE n.PkID = '" . $nID . "' AND n.IsActive = 1 AND tn.IsActive = 1");
        $template = $message = $archive = '';
        $doArchive = 0;
        if (hasRows($result)) {
            $template = cOut(mysql_result($result, 0, 0));
            $message = cOut(mysql_result($result, 0, 1));
            $doArchive = cOut(mysql_result($result, 0, 2));
            $archive = CalRoot . '/newsletter/index.php?n=' . md5($nID);
        } else {
            stopError($hc_lang_news['Err01']);
        }
        $template = str_replace('[message]', $message, $template);
        if (stristr($template, '[billboard]')) {
            $query = "SELECT PkID, Title, StartDate, StartTime, IsBillboard, SeriesID, TBD, EndTime FROM " . HC_TblPrefix . "events WHERE IsActive = 1 AND IsApproved = 1 AND StartDate >= '" . SYSDATE . "' AND IsBillboard = 1 ORDER BY IsBillboard DESC, StartDate, StartTime, Title LIMIT " . $hc_cfg[12];
            $template = str_replace('[billboard]', getEventList($query), $template);
        }
        if (stristr($template, '[popular]')) {
            $query = "SELECT PkID, Title, StartDate, StartTime, IsBillboard, SeriesID, TBD, EndTime, (Views / (DATEDIFF('" . SYSDATE . "', PublishDate)+1)) as Ave FROM " . HC_TblPrefix . "events WHERE IsActive = 1 AND IsApproved = 1 AND StartDate >= '" . SYSDATE . "' ORDER BY Ave DESC, StartDate, StartTime, Title LIMIT " . $hc_cfg[10];
            $template = str_replace('[popular]', getEventList($query), $template);
        }
        if (stristr($template, '[newest]')) {
            $query = "SELECT PkID, Title, StartDate, StartTime, IsBillboard, SeriesID, TBD, EndTime FROM " . HC_TblPrefix . "events WHERE IsActive = 1 AND IsApproved = 1 AND StartDate >= '" . SYSDATE . "' ORDER BY PublishDate DESC, StartDate LIMIT " . $hc_cfg[66];
            $template = str_replace('[newest]', getEventList($query), $template);
        }
        if (stristr($template, '[updated]')) {
            $query = "SELECT PkID, Title, StartDate, StartTime, IsBillboard, SeriesID, TBD, EndTime FROM " . HC_TblPrefix . "events WHERE IsActive = 1 AND IsApproved = 1 AND StartDate >= '" . SYSDATE . "' ORDER BY LastMod DESC, StartDate LIMIT " . $hc_cfg[66];
            $template = str_replace('[updated]', getEventList($query), $template);
        }
        if (stristr($template, '[today]')) {
            $query = "SELECT PkID, Title, StartDate, StartTime, IsBillboard, SeriesID, TBD, EndTime FROM " . HC_TblPrefix . "events WHERE IsActive = 1 AND IsApproved = 1 AND StartDate = '" . SYSDATE . "' ORDER BY StartDate, StartTime, Title LIMIT " . $hc_cfg[12];
            $template = str_replace('[today]', getEventList($query), $template);
        }
        if (stristr($template, '[twitter]')) {
            $template = str_replace('[twitter]', '<a href="http://twitter.com/share?url=' . urlencode($archive) . '" target="_blank"><img src="' . CalRoot . '/newsletter/images/twitter.png" style="border:0px;" /></a>', $template);
        }
        if (stristr($template, '[facebook]')) {
            $template = str_replace('[facebook]', '<a href="http://www.facebook.com/sharer.php?u=' . urlencode($archive) . '" target="_blank"><img src="' . CalRoot . '/newsletter/images/facebook.png" style="border:0px;" /></a>', $template);
        }
        if (stristr($template, '[follow]')) {
            $follow = $hc_cfg[63] != '' ? '<a href="http://www.twitter.com/' . $hc_cfg[63] . '" target="_blank"><img src="' . CalRoot . '/newsletter/images/follow_me.png" style="border:0px;" /></a>' : '';
            $template = str_replace('[follow]', $follow, $template);
        }
        if (stristr($template, '[calendarurl]')) {
            $template = str_replace('[calendarurl]', '<a href="' . CalRoot . '/" target="_blank">' . CalRoot . '/</a>', $template);
        }
        if (stristr($template, '[editcancel]')) {
            $template = str_replace('[editcancel]', '<a href="' . CalRoot . '/index.php?com=edit" target="_blank">' . $hc_lang_news['EditLinkTxt'] . '</a>', $template);
        }
        if (stristr($template, '[archive]')) {
            $template = $doArchive == 1 ? str_replace('[archive]', '<a href="' . $archive . '" target="_blank">' . $hc_lang_news['ArchiveLinkTxt'] . '</a>', $template) : str_replace('[archive]', '', $template);
        }
        if (stristr($template, '[event-count]')) {
            $result = doQuery("SELECT COUNT(*) FROM " . HC_TblPrefix . "events WHERE IsActive = 1 AND IsApproved = 1 AND StartDate >= '" . cIn(SYSDATE) . "'");
            $eCnt = hasRows($result) ? number_format(mysql_result($result, 0, 0), 0, '.', ',') : 0;
            $template = str_replace('[event-count]', $eCnt, $template);
        }
        if (stristr($template, '[location-count]')) {
            $result = doQuery("SELECT COUNT(*) FROM " . HC_TblPrefix . "locations WHERE IsActive = 1");
            $lCnt = hasRows($result) ? number_format(mysql_result($result, 0, 0), 0, '.', ',') : 0;
            $template = str_replace('[location-count]', $lCnt, $template);
        }
        if (stristr($template, '[track]')) {
            $template = str_replace('[track]', '<img src="' . CalRoot . '/newsletter/a.php?a=' . md5($nID) . '" width="1" height="1" />', $template);
        }
        ob_flush();
        ob_start();
        $fp = fopen($tmplCache, 'w');
        echo $template;
        fwrite($fp, ob_get_contents());
        fclose($fp);
        ob_end_clean();
    }
    return includeToString(realpath($tmplCache));
}
Exemple #5
0
 public function loader()
 {
     if ($this->cache) {
         // Cached content: direct output
         if (!defined('ajax')) {
             die($this->cache);
         } else {
             die(json_encode(array('error' => 0, 'returnMsg' => $this->cache)));
         }
     } else {
         hook('newIndexPage', 'Execute', $this);
         if (!file_exists(P . "mode/{$this->loaderID}.mod.php")) {
             stopError("Invalid parameter.");
         }
         return P . "mode/{$this->loaderID}.mod.php";
     }
 }
Exemple #6
0
/**
* 
* @link http://bw.bo-blog.com
* @copyright (c) 2014 bW Development Team
* @license MIT
*/
if (!defined('P')) {
    die('Access Denied.');
}
$article = new bwArticle();
$view = new bwView();
if (isset($canonical->currentArgs['tValue'])) {
    $view->setPageTitle($conf['l']['page:Tags'] . ' - ' . $canonical->currentArgs['tValue']);
    $view->setActiveNav('index');
} else {
    stopError($conf['l']['admin:msg:NoContent']);
}
$article->getArticleListByTag($canonical->currentArgs['tValue']);
loadServices();
//Load Duoshuo
// Pagination
$canonical->calTotalPages($article->totalArticles);
$view->doPagination();
$view->setPassData(array('articlesummary' => $article->articleList));
if (defined('ajax')) {
    $view->setMaster('ajax-article-list');
    $view->setWorkFlow(array('summary', 'ajax-article-list'));
} else {
    $view->setPassData(array('navigation' => bw::$cateList, 'sociallink' => bw::getSocialLinks(), 'externallink' => bw::getExternalLinks(), 'tagClound' => bw::getTagCloud()));
    $view->setMaster('page');
    $view->setWorkFlow(array('summary', 'page'));
Exemple #7
0
 private function throwError()
 {
     if (!$this->silent) {
         stopError('Database Error: ' . implode(', ', $this->errorMsg));
         exit;
     }
 }
Exemple #8
0
        $view->finalize();
    } elseif ($canonical->currentArgs['subAction'] == 'installpkg') {
        $returnError = true;
        if (isset($_SESSION['enable_load_market']) && $admin->getCSRFCode('install' . $_SESSION['enable_load_market']) == $_REQUEST['CSRFCode'] && isset($_REQUEST['dl'])) {
            $returnError = false;
        }
        if ($returnError) {
            $view->setMaster('marketinstallfailure');
            $view->setWorkFlow(array('marketinstallfailure'));
            $view->finalize();
        } else {
            $view->setMaster('marketinstallsuccess');
            $view->setWorkFlow(array('marketinstallsuccess'));
            $view->finalize();
        }
    } else {
        if (!isset($_SESSION['enable_load_market'])) {
            $_SESSION['enable_load_market'] = $rndCode = rand(1000, 9999);
        } else {
            $rndCode = $_SESSION['enable_load_market'];
        }
        $admin->checkCSRFCode('navibar');
        $view->setMaster('admin');
        $view->setPassData(array('installCSRFCode' => $admin->getCSRFCode('install' . $rndCode)));
        $view->setWorkFlow(array('adminmarket', 'admin'));
        $view->finalize();
    }
}
hook('newAdminCategory', 'Execute', $canonical, $admin, $view);
stopError($conf['l']['admin:msg:NeedLogin']);
Exemple #9
0
 private function checkComData($smt)
 {
     $acceptedKeys = array('userName', 'userURL', 'userContent', 'aID', 'comkey', 'socialkey', 'userAvatar');
     $smt = dataFilter($acceptedKeys, $smt);
     if (empty($smt['aID']) || $smt['userName'] === '' || empty($smt['userContent']) || empty($smt['comkey'])) {
         stopError(bw::$conf['l']['admin:msg:NoData']);
     }
     $smt['userName'] = htmlspecialchars($smt['userName'], ENT_QUOTES, 'UTF-8');
     $smt['userURL'] = htmlspecialchars($smt['userURL'], ENT_QUOTES, 'UTF-8');
     $smt['userContent'] = htmlspecialchars($smt['userContent'], ENT_QUOTES, 'UTF-8');
     return $smt;
 }
Exemple #10
0
            $token = $o->getAccessToken('code', $keys);
        } catch (OAuthException $e) {
            stopError(bw::$conf['l']['page:SinaError']);
        }
        if ($token) {
            $_SESSION['sina_token'] = $token;
            setcookie('weibojs_' . $o->client_id, http_build_query($token));
            header('Location: ' . bw::$conf['siteURL'] . '/read.php/' . $_REQUEST['aID'] . '/');
            exit;
        } else {
            stopError(bw::$conf['l']['page:SinaError']);
        }
    }
    if ($canonical->currentArgs['subAction'] == 'check') {
        if (!isset($_SESSION['sina_token'])) {
            stopError('Not logged in.');
        }
        $c = new SaeTClientV2(WB_AKEY, WB_SKEY, $_SESSION['sina_token']['access_token']);
        $uid_get = $c->get_uid();
        $user_message = $c->show_user_by_id($uid_get['uid']);
        ajaxSuccess($user_message);
    }
    if ($canonical->currentArgs['subAction'] == 'end') {
        if (!isset($_REQUEST['aID'])) {
            stopError(bw::$conf['l']['page:SinaError']);
        }
        unset($_SESSION['sina_token']);
        header('Location: ' . bw::$conf['siteURL'] . '/read.php/' . $_REQUEST['aID'] . '/');
        exit;
    }
}
Exemple #11
0
 private function checkArticleData($smt)
 {
     $acceptedKeys = array('aTitle', 'aID', 'aContent', 'aCateURLName', 'aTime', 'aTags');
     if (isset($smt['originID'])) {
         $acceptedKeys[] = 'originID';
     }
     $smt = dataFilter($acceptedKeys, $smt);
     if (empty($smt['aTitle']) || $smt['aID'] === '' || empty($smt['aContent'])) {
         stopError(bw::$conf['l']['admin:msg:NoData']);
     }
     if (!array_key_exists($smt['aCateURLName'], bw::$cateData) && $smt['aCateURLName'] != '_trash' && $smt['aCateURLName'] != '_page') {
         stopError(bw::$conf['l']['admin:msg:NotExist'] . ': ' . $smt['aCateURLName']);
     }
     if (empty($smt['aTime'])) {
         $smt['aTime'] = $this->cutTime;
     } else {
         $smt['aTime'] = date('Y-m-d H:i:s', strtotime($smt['aTime']));
     }
     $smt['aTitle'] = htmlspecialchars($smt['aTitle'], ENT_QUOTES, 'UTF-8');
     $smt['aID'] = urlencode($smt['aID']);
     return $smt;
 }