public function checkCSRFCode($actionCode) { if (!isset($_SESSION['login-token'])) { stopError(bw::$conf['l']['admin:msg:NeedLogin']); } elseif (!isset($_REQUEST['CSRFCode'])) { stopError(bw::$conf['l']['admin:msg:CSRF']); } elseif (substr(md5(bw::$conf['myUA'] . bw::$conf['siteKey'] . $actionCode), 0, 8) != $_REQUEST['CSRFCode']) { stopError(bw::$conf['l']['admin:msg:CSRF']); } }
public function deleteCategories($deletedCates) { foreach ($deletedCates as $delCate => $delCateName) { $delLine = bw::$db->getSingleRow('SELECT * FROM categories WHERE aCateURLName=:delCate', array(':delCate' => $delCate)); if ($delLine['aCateCount'] == 0) { bw::$db->dbExec('DELETE FROM categories WHERE aCateURLName=:delCate', array(':delCate' => $delCate)); } else { stopError(bw::$conf['l']['admin:msg:CategoryNotEmpty']); } } if ($this->cacheClear) { $this->getCategories(); //Refresh immediately clearCache(); //Clear all cache } hook('deleteCategories', 'Execute', $deletedCates); }
<?php /** * * @link http://bw.bo-blog.com * @copyright (c) 2016 bW Development Team * @license MIT */ if (!defined('P')) { die('Access Denied.'); } loadServices(); if (isset(bw::$conf['APIOpen'])) { if (!bw::$conf['APIOpen']) { stopError('API disabled.'); } } else { stopError('API disabled.'); } $api = new bwApi(); $api->auth(bw::$conf['basicAPI'], bw::$conf['advancedAPI']); $api->go($canonical->currentArgs['mainAPI'], $canonical->currentArgs['subAPI'], $canonical->currentArgs['pref']);
/** * Builds newletter template using the assigned template replacing universal variables with their content. * * @param int $nID Newsletter ID * @return string */ function buildUniversal($nID) { global $hc_lang_news, $hc_cfg; $tmplCache = HCPATH . '/cache/news' . date("ymd") . '_' . $nID . '.txt'; if (!file_exists($tmplCache)) { foreach (glob(HCPATH . '/cache/news*_' . $nID . '.txt') as $filename) { unlink($filename); } $result = doQuery("SELECT tn.TemplateSource, n.Message, n.IsArchive\r\n\t\t\t\t\t\t\tFROM " . HC_TblPrefix . "newsletters n\r\n\t\t\t\t\t\t\t\tLEFT JOIN " . HC_TblPrefix . "templatesnews tn ON (n.TemplateID = tn.PkID)\r\n\t\t\t\t\t\t\tWHERE n.PkID = '" . $nID . "' AND n.IsActive = 1 AND tn.IsActive = 1"); $template = $message = $archive = ''; $doArchive = 0; if (hasRows($result)) { $template = cOut(mysql_result($result, 0, 0)); $message = cOut(mysql_result($result, 0, 1)); $doArchive = cOut(mysql_result($result, 0, 2)); $archive = CalRoot . '/newsletter/index.php?n=' . md5($nID); } else { stopError($hc_lang_news['Err01']); } $template = str_replace('[message]', $message, $template); if (stristr($template, '[billboard]')) { $query = "SELECT PkID, Title, StartDate, StartTime, IsBillboard, SeriesID, TBD, EndTime FROM " . HC_TblPrefix . "events WHERE IsActive = 1 AND IsApproved = 1 AND StartDate >= '" . SYSDATE . "' AND IsBillboard = 1 ORDER BY IsBillboard DESC, StartDate, StartTime, Title LIMIT " . $hc_cfg[12]; $template = str_replace('[billboard]', getEventList($query), $template); } if (stristr($template, '[popular]')) { $query = "SELECT PkID, Title, StartDate, StartTime, IsBillboard, SeriesID, TBD, EndTime, (Views / (DATEDIFF('" . SYSDATE . "', PublishDate)+1)) as Ave FROM " . HC_TblPrefix . "events WHERE IsActive = 1 AND IsApproved = 1 AND StartDate >= '" . SYSDATE . "' ORDER BY Ave DESC, StartDate, StartTime, Title LIMIT " . $hc_cfg[10]; $template = str_replace('[popular]', getEventList($query), $template); } if (stristr($template, '[newest]')) { $query = "SELECT PkID, Title, StartDate, StartTime, IsBillboard, SeriesID, TBD, EndTime FROM " . HC_TblPrefix . "events WHERE IsActive = 1 AND IsApproved = 1 AND StartDate >= '" . SYSDATE . "' ORDER BY PublishDate DESC, StartDate LIMIT " . $hc_cfg[66]; $template = str_replace('[newest]', getEventList($query), $template); } if (stristr($template, '[updated]')) { $query = "SELECT PkID, Title, StartDate, StartTime, IsBillboard, SeriesID, TBD, EndTime FROM " . HC_TblPrefix . "events WHERE IsActive = 1 AND IsApproved = 1 AND StartDate >= '" . SYSDATE . "' ORDER BY LastMod DESC, StartDate LIMIT " . $hc_cfg[66]; $template = str_replace('[updated]', getEventList($query), $template); } if (stristr($template, '[today]')) { $query = "SELECT PkID, Title, StartDate, StartTime, IsBillboard, SeriesID, TBD, EndTime FROM " . HC_TblPrefix . "events WHERE IsActive = 1 AND IsApproved = 1 AND StartDate = '" . SYSDATE . "' ORDER BY StartDate, StartTime, Title LIMIT " . $hc_cfg[12]; $template = str_replace('[today]', getEventList($query), $template); } if (stristr($template, '[twitter]')) { $template = str_replace('[twitter]', '<a href="http://twitter.com/share?url=' . urlencode($archive) . '" target="_blank"><img src="' . CalRoot . '/newsletter/images/twitter.png" style="border:0px;" /></a>', $template); } if (stristr($template, '[facebook]')) { $template = str_replace('[facebook]', '<a href="http://www.facebook.com/sharer.php?u=' . urlencode($archive) . '" target="_blank"><img src="' . CalRoot . '/newsletter/images/facebook.png" style="border:0px;" /></a>', $template); } if (stristr($template, '[follow]')) { $follow = $hc_cfg[63] != '' ? '<a href="http://www.twitter.com/' . $hc_cfg[63] . '" target="_blank"><img src="' . CalRoot . '/newsletter/images/follow_me.png" style="border:0px;" /></a>' : ''; $template = str_replace('[follow]', $follow, $template); } if (stristr($template, '[calendarurl]')) { $template = str_replace('[calendarurl]', '<a href="' . CalRoot . '/" target="_blank">' . CalRoot . '/</a>', $template); } if (stristr($template, '[editcancel]')) { $template = str_replace('[editcancel]', '<a href="' . CalRoot . '/index.php?com=edit" target="_blank">' . $hc_lang_news['EditLinkTxt'] . '</a>', $template); } if (stristr($template, '[archive]')) { $template = $doArchive == 1 ? str_replace('[archive]', '<a href="' . $archive . '" target="_blank">' . $hc_lang_news['ArchiveLinkTxt'] . '</a>', $template) : str_replace('[archive]', '', $template); } if (stristr($template, '[event-count]')) { $result = doQuery("SELECT COUNT(*) FROM " . HC_TblPrefix . "events WHERE IsActive = 1 AND IsApproved = 1 AND StartDate >= '" . cIn(SYSDATE) . "'"); $eCnt = hasRows($result) ? number_format(mysql_result($result, 0, 0), 0, '.', ',') : 0; $template = str_replace('[event-count]', $eCnt, $template); } if (stristr($template, '[location-count]')) { $result = doQuery("SELECT COUNT(*) FROM " . HC_TblPrefix . "locations WHERE IsActive = 1"); $lCnt = hasRows($result) ? number_format(mysql_result($result, 0, 0), 0, '.', ',') : 0; $template = str_replace('[location-count]', $lCnt, $template); } if (stristr($template, '[track]')) { $template = str_replace('[track]', '<img src="' . CalRoot . '/newsletter/a.php?a=' . md5($nID) . '" width="1" height="1" />', $template); } ob_flush(); ob_start(); $fp = fopen($tmplCache, 'w'); echo $template; fwrite($fp, ob_get_contents()); fclose($fp); ob_end_clean(); } return includeToString(realpath($tmplCache)); }
public function loader() { if ($this->cache) { // Cached content: direct output if (!defined('ajax')) { die($this->cache); } else { die(json_encode(array('error' => 0, 'returnMsg' => $this->cache))); } } else { hook('newIndexPage', 'Execute', $this); if (!file_exists(P . "mode/{$this->loaderID}.mod.php")) { stopError("Invalid parameter."); } return P . "mode/{$this->loaderID}.mod.php"; } }
/** * * @link http://bw.bo-blog.com * @copyright (c) 2014 bW Development Team * @license MIT */ if (!defined('P')) { die('Access Denied.'); } $article = new bwArticle(); $view = new bwView(); if (isset($canonical->currentArgs['tValue'])) { $view->setPageTitle($conf['l']['page:Tags'] . ' - ' . $canonical->currentArgs['tValue']); $view->setActiveNav('index'); } else { stopError($conf['l']['admin:msg:NoContent']); } $article->getArticleListByTag($canonical->currentArgs['tValue']); loadServices(); //Load Duoshuo // Pagination $canonical->calTotalPages($article->totalArticles); $view->doPagination(); $view->setPassData(array('articlesummary' => $article->articleList)); if (defined('ajax')) { $view->setMaster('ajax-article-list'); $view->setWorkFlow(array('summary', 'ajax-article-list')); } else { $view->setPassData(array('navigation' => bw::$cateList, 'sociallink' => bw::getSocialLinks(), 'externallink' => bw::getExternalLinks(), 'tagClound' => bw::getTagCloud())); $view->setMaster('page'); $view->setWorkFlow(array('summary', 'page'));
private function throwError() { if (!$this->silent) { stopError('Database Error: ' . implode(', ', $this->errorMsg)); exit; } }
$view->finalize(); } elseif ($canonical->currentArgs['subAction'] == 'installpkg') { $returnError = true; if (isset($_SESSION['enable_load_market']) && $admin->getCSRFCode('install' . $_SESSION['enable_load_market']) == $_REQUEST['CSRFCode'] && isset($_REQUEST['dl'])) { $returnError = false; } if ($returnError) { $view->setMaster('marketinstallfailure'); $view->setWorkFlow(array('marketinstallfailure')); $view->finalize(); } else { $view->setMaster('marketinstallsuccess'); $view->setWorkFlow(array('marketinstallsuccess')); $view->finalize(); } } else { if (!isset($_SESSION['enable_load_market'])) { $_SESSION['enable_load_market'] = $rndCode = rand(1000, 9999); } else { $rndCode = $_SESSION['enable_load_market']; } $admin->checkCSRFCode('navibar'); $view->setMaster('admin'); $view->setPassData(array('installCSRFCode' => $admin->getCSRFCode('install' . $rndCode))); $view->setWorkFlow(array('adminmarket', 'admin')); $view->finalize(); } } hook('newAdminCategory', 'Execute', $canonical, $admin, $view); stopError($conf['l']['admin:msg:NeedLogin']);
private function checkComData($smt) { $acceptedKeys = array('userName', 'userURL', 'userContent', 'aID', 'comkey', 'socialkey', 'userAvatar'); $smt = dataFilter($acceptedKeys, $smt); if (empty($smt['aID']) || $smt['userName'] === '' || empty($smt['userContent']) || empty($smt['comkey'])) { stopError(bw::$conf['l']['admin:msg:NoData']); } $smt['userName'] = htmlspecialchars($smt['userName'], ENT_QUOTES, 'UTF-8'); $smt['userURL'] = htmlspecialchars($smt['userURL'], ENT_QUOTES, 'UTF-8'); $smt['userContent'] = htmlspecialchars($smt['userContent'], ENT_QUOTES, 'UTF-8'); return $smt; }
$token = $o->getAccessToken('code', $keys); } catch (OAuthException $e) { stopError(bw::$conf['l']['page:SinaError']); } if ($token) { $_SESSION['sina_token'] = $token; setcookie('weibojs_' . $o->client_id, http_build_query($token)); header('Location: ' . bw::$conf['siteURL'] . '/read.php/' . $_REQUEST['aID'] . '/'); exit; } else { stopError(bw::$conf['l']['page:SinaError']); } } if ($canonical->currentArgs['subAction'] == 'check') { if (!isset($_SESSION['sina_token'])) { stopError('Not logged in.'); } $c = new SaeTClientV2(WB_AKEY, WB_SKEY, $_SESSION['sina_token']['access_token']); $uid_get = $c->get_uid(); $user_message = $c->show_user_by_id($uid_get['uid']); ajaxSuccess($user_message); } if ($canonical->currentArgs['subAction'] == 'end') { if (!isset($_REQUEST['aID'])) { stopError(bw::$conf['l']['page:SinaError']); } unset($_SESSION['sina_token']); header('Location: ' . bw::$conf['siteURL'] . '/read.php/' . $_REQUEST['aID'] . '/'); exit; } }
private function checkArticleData($smt) { $acceptedKeys = array('aTitle', 'aID', 'aContent', 'aCateURLName', 'aTime', 'aTags'); if (isset($smt['originID'])) { $acceptedKeys[] = 'originID'; } $smt = dataFilter($acceptedKeys, $smt); if (empty($smt['aTitle']) || $smt['aID'] === '' || empty($smt['aContent'])) { stopError(bw::$conf['l']['admin:msg:NoData']); } if (!array_key_exists($smt['aCateURLName'], bw::$cateData) && $smt['aCateURLName'] != '_trash' && $smt['aCateURLName'] != '_page') { stopError(bw::$conf['l']['admin:msg:NotExist'] . ': ' . $smt['aCateURLName']); } if (empty($smt['aTime'])) { $smt['aTime'] = $this->cutTime; } else { $smt['aTime'] = date('Y-m-d H:i:s', strtotime($smt['aTime'])); } $smt['aTitle'] = htmlspecialchars($smt['aTitle'], ENT_QUOTES, 'UTF-8'); $smt['aID'] = urlencode($smt['aID']); return $smt; }