Exemple #1
0
$smarty->caching = false;
$smarty->cache_lifetime = 1800;
if (!apcms_CheckAccess('admincenter', $_SESSION['groups'])) {
    $error = $apcms['LANGUAGE']['ERROR_ACCESS_DENIED'];
    $apcms['redirect_url'] = $apcms['referer'];
    $apcms['redirect_time'] = 3;
} else {
    $AdminSideBar = "<a class=\"adminlinks\" href=\"" . $apcms['baseURL'] . "\">" . $apcms['LANGUAGE']['GLOBAL_BACK_TO_APCMS'] . "</a><br />\n";
    $AdminSideBar .= "<a class=\"adminlinks\" href=\"" . $apcms['baseURL'] . "?c=admin\">" . $apcms['LANGUAGE']['ADMIN_MAINPAGE'] . "</a><br />\n";
    $mainbox_content = " <a class=\"adminlinks\" href=\"" . $apcms['baseURL'] . "?c=admin&amp;act=general_config\">" . $apcms['LANGUAGE']['ADMIN_GENERAL_CONFIG'] . "</a><br />\n";
    $mainbox_content .= " <a class=\"adminlinks\" href=\"" . $apcms['baseURL'] . "?c=admin&amp;act=plugins\">" . $apcms['LANGUAGE']['ADMIN_PLUGINS'] . "</a><br />\n";
    $mainbox_content .= " <a class=\"adminlinks\" href=\"" . $apcms['baseURL'] . "?c=admin&amp;act=sidebars\">" . $apcms['LANGUAGE']['ADMIN_SIDEBARMANAGEMENT'] . "</a><br />\n";
    $mainbox_content .= " <a class=\"adminlinks\" href=\"" . $apcms['baseURL'] . "?c=admin&amp;act=user\">" . $apcms['LANGUAGE']['ADMIN_USERMANAGEMENT'] . "</a><br />\n";
    $mainbox_content .= " <a class=\"adminlinks\" href=\"" . $apcms['baseURL'] . "?c=admin&amp;act=groups\">" . $apcms['LANGUAGE']['ADMIN_GROUPMANAGEMENT'] . "</a><br />\n";
    $lnav = new APC_Smarty($apcms['themesdir'] . '/' . $THEME);
    $lnav->assign('navbox_head', $apcms['LANGUAGE']['ADMIN_NAVBOX_MAIN']);
    $lnav->assign('navbox_content', $mainbox_content);
    $lout = $lnav->fetch('navbox.tpl');
    $AdminSideBar .= "\n<br />\n" . $lout;
    $smarty->assign('apcms_adminSideBar', $AdminSideBar);
    if (isset($_GET['act']) && trim($_GET['act']) != "") {
        $act = htmlspecialchars(urldecode(trim($_GET['act'])));
        $act = str_replace("./", "", $act);
        $act = str_replace("../", "", $act);
        $act = str_replace("..", "", $act);
        $ainclude = $act;
        $aincludefile = $PATH . "/includes/" . $act . ".admin.inc.php";
    } else {
        $act = "main";
        $ainclude = "main";
        $aincludefile = $PATH . "/includes/main.admin.inc.php";
 function ReadNews($newsid)
 {
     /** globalising of the needed variables, objects and arrays */
     global $db, $apcms, $hook;
     $NOUT = '';
     $retnews = $db->unbuffered_query_first("SELECT * FROM `" . $this->newstable . "` WHERE `id`='" . intval($newsid) . "'");
     if (isset($retnews) && count($retnews) >= 1) {
         $postdate = intval($retnews[2]);
         $title = apcms_Strip($retnews[3]);
         if ($this->config['use_bbcode'] === true) {
             $body = apcms_TextOut(stripslashes($retnews[4]));
             $extbody = apcms_TextOut(stripslashes($retnews[5]));
         } else {
             $body = apcms_simpleTextOut(stripslashes($retnews[4]));
             $extbody = apcms_simpleTextOut(stripslashes($retnews[5]));
         }
         $views = intval($retnews[6]) + 1;
         $authorname = "";
         $db->unbuffered_query("UPDATE `" . $this->newstable . "` SET `views`='" . $views . "' WHERE `id`='" . intval($newsid) . "'");
         if ($this->config['show_author'] === true) {
             $retuser = $db->unbuffered_query_first("SELECT `nickname` FROM `" . $apcms['table']['global']['users'] . "` WHERE `id`='" . intval($retnews[1]) . "'");
             if (isset($retuser[0]) && trim($retuser[0]) != "") {
                 $authorname .= " @ " . apcms_Strip($retuser[0]);
             } else {
                 $authorname .= " @ " . $apcms['LANGUAGE']['GLOBAL_UNKNOWN'];
             }
         }
         $retcnum = $db->unbuffered_query_first("SELECT COUNT(*) FROM `" . $this->commentstable . "` WHERE `nid`='" . intval($newsid) . "'");
         $commentnum = intval($retcnum[0]);
         /** Include the Smarty class */
         require_once $apcms['path'] . "/libs/smarty.class.php";
         if ($this->config['use_bbcode'] === true) {
             $mainbox_head = apcms_Strip($retnews[3]);
             $mainbox_content = apcms_TextOut(stripslashes($retnews[4]));
             if (trim(stripslashes($retnews[5])) != "") {
                 $mainbox_content .= "\n<br />" . apcms_TextOut(stripslashes($retnews[5]));
             }
         } else {
             $mainbox_head = apcms_simpleTextOut($retnews[3]);
             $mainbox_content = apcms_simpleTextOut(stripslashes($retnews[4]));
             if (trim(stripslashes($retnews[5])) != "") {
                 $mainbox_content .= "\n<br />" . apcms_simpleTextOut(stripslashes($retnews[5]));
             }
         }
         $mainbox_foot = "<table class=\"apcms_mainboxfoot\" width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tr>\n<td class=\"apcms_mainboxfoot\">\n";
         $mainbox_foot .= date($this->config['dateformat'], intval($retnews[2])) . $authorname;
         $mainbox_foot .= "\n</td>\n<td width=\"50%\" class=\"apcms_mainboxfoot\" align=\"right\">\n";
         $mainbox_foot .= "[ " . intval($retnews[6]) . " " . $apcms['LANGUAGE']['apcms_plugin_newsmanagement']['VIEWS'] . " | " . $commentnum . " <a href=\"" . $apcms['baseURL'] . "?news[action]=read&amp;news[id]=" . intval($retnews[0]) . "\">" . $apcms['LANGUAGE']['apcms_plugin_newsmanagement']['COMMENTS'] . "</a> ]";
         $mainbox_foot .= "\n</td>\n</tr>\n</table>\n";
         $mbox = new APC_Smarty($apcms['themesdir'] . '/' . $apcms['theme']);
         $mbox->assign('mainbox_head', $mainbox_head);
         $mbox->assign('mainbox_content', $mainbox_content);
         $mbox->assign('mainbox_foot', $mainbox_foot);
         $mbout = $mbox->fetch('mainbox.tpl');
         $NOUT .= $mbout . "\n<a name=\"comments\"></a>\n\n<hr size=\"1\" noshade=\"noshade\" /><b><u>" . $apcms['LANGUAGE']['apcms_plugin_newsmanagement']['COMMENTS'] . "</u></b>\n<br />\n<br />\n";
         /** Save the comment */
         if (isset($_POST['news']['action']) && trim($_POST['news']['action']) == "comment") {
             if (isset($_SESSION['isloggedin']) && intval($_SESSION['isloggedin']) >= 1) {
                 $_POST['news']['username'] = $_SESSION['nickname'];
                 $_POST['news']['email'] = $_SESSION['email'];
                 $uid = $_SESSION['userid'];
             } else {
                 $uid = 0;
             }
             if (!isset($_POST['news']['username']) || trim($_POST['news']['username']) == "") {
                 $error = $apcms['LANGUAGE']['apcms_plugin_newsmanagement']['ERROR_NO_USERNAME'];
             } elseif (!isset($_POST['news']['email']) || trim($_POST['news']['email']) == "") {
                 $error = $apcms['LANGUAGE']['apcms_plugin_newsmanagement']['ERROR_NO_EMAIL'];
             } elseif (!isset($_POST['news']['comment']) || trim($_POST['news']['comment']) == "") {
                 $error = $apcms['LANGUAGE']['apcms_plugin_newsmanagement']['ERROR_NO_TEXT'];
             } else {
                 $query = "INSERT INTO `" . $this->commentstable . "` (`nid`, `uid`, `postdate`, `title`, `body`) VALUES (\n\t\t\t\t\t\t\t\t\t'" . intval($_POST['news']['nid']) . "', \n\t\t\t\t\t\t\t\t\t'" . intval($uid) . "', \n\t\t\t\t\t\t\t\t\t'" . time() . "', \n\t\t\t\t\t\t\t\t\t'" . apcms_ESC(apcms_Strip($_POST['news']['title'])) . "', \n\t\t\t\t\t\t\t\t\t'" . apcms_ESC(trim($_POST['news']['comment'])) . "' \n\t\t\t\t\t\t\t\t)";
                 $db->unbuffered_query($query);
                 $success = $apcms['LANGUAGE']['apcms_plugin_newsmanagement']['SUCCESS_COMMENT_SAVED'];
             }
         }
         $retcomments = $db->unbuffered_GetAll_row("SELECT * FROM `" . $this->commentstable . "` WHERE `nid`='" . intval($newsid) . "' ORDER BY `postdate`");
         if (isset($retcomments) && count($retcomments) >= 1) {
             for ($a = 0; $a < count($retcomments); $a++) {
                 $mainbox_head = apcms_Strip($retcomments[$a][4]);
                 $mainbox_content = apcms_TextOut(stripslashes($retcomments[$a][5]));
                 $authorname = "";
                 if ($this->config['show_author'] === true) {
                     $retuser = $db->unbuffered_query_first("SELECT `nickname` FROM `" . $apcms['table']['global']['users'] . "` WHERE `id`='" . intval($retcomments[$a][2]) . "'");
                     if (isset($retuser[0]) && trim($retuser[0]) != "") {
                         $authorname .= " @ " . apcms_Strip($retuser[0]);
                     } else {
                         $authorname .= " @ " . $apcms['LANGUAGE']['GLOBAL_UNKNOWN'];
                     }
                 }
                 $mainbox_foot = "<table class=\"apcms_mainboxfoot\" width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tr>\n<td class=\"apcms_mainboxfoot\">\n";
                 $mainbox_foot .= date($this->config['dateformat'], intval($retcomments[$a][3])) . $authorname;
                 $mainbox_foot .= "\n</td>\n</tr>\n</table>\n";
                 $mbox = new APC_Smarty($apcms['themesdir'] . '/' . $apcms['theme']);
                 $mbox->assign('mainbox_head', $mainbox_head);
                 $mbox->assign('mainbox_content', $mainbox_content);
                 $mbox->assign('mainbox_foot', $mainbox_foot);
                 $mbout = $mbox->fetch('mainbox.tpl');
                 $NOUT .= $mbout . "\n\n<hr size=\"1\" noshade=\"noshade\" />";
             }
         } else {
             /** FIXME */
             /** maybe create something better looking...? */
             $NOUT .= "<br /><br /><div align=\"center\">" . $apcms['LANGUAGE']['apcms_plugin_newsmanagement']['NO_COMMENTS'] . "</div>\n\n<hr size=\"1\" noshade=\"noshade\" />";
         }
         if (isset($error) && trim($error) != "") {
             $NOUT .= "<div id=\"error\">" . $error . "</div>";
             $error = "";
         }
         if (isset($success) && trim($success) != "") {
             $NOUT .= "<div id=\"success\">" . $success . "</div>";
             $success = "";
         }
         if (isset($_SESSION['isloggedin']) && intval($_SESSION['isloggedin']) >= 1 || $this->config['guest_comments'] === true) {
             $NOUT .= "\n<br />\n<div id=\"content1\">\n";
             $NOUT .= "<form name=\"commentform\" action=\"" . $apcms['baseURL'] . "?news[action]=read&amp;news[id]=" . intval($newsid) . "#comments\" method=\"post\">\n";
             $NOUT .= "<input type=\"hidden\" name=\"news[action]\" value=\"comment\" />\n";
             $NOUT .= "<input type=\"hidden\" name=\"news[nid]\" value=\"" . intval($newsid) . "\" />\n";
             $NOUT .= "\t<table width=\"100%\" border=\"0\" cellspacing=\"1\" cellpadding=\"3\">\n";
             if (isset($_SESSION['isloggedin']) && intval($_SESSION['isloggedin']) >= 1) {
                 $NOUT .= "\t\t<tr class=\"content2\">\n";
                 $NOUT .= "\t\t\t<td valign=\"top\">\n";
                 $NOUT .= "\t\t\t\t<label for=\"username\" accesskey=\"u\" tabindex=\"-1\">" . $apcms['LANGUAGE']['GLOBAL_USERNAME'] . "</label>\n";
                 $NOUT .= "\t\t\t</td>\n";
                 $NOUT .= "\t\t\t<td width=\"330\" align=\"right\" valign=\"top\">\n";
                 $NOUT .= "\t\t\t\t<input id=\"username\" type=\"text\" name=\"news[username]\" value=\"" . $_SESSION['nickname'] . "\" disabled=\"disabled\" readonly=\"readonly\" style=\"width:100%\" />\n";
                 $NOUT .= "\t\t\t</td>\n";
                 $NOUT .= "\t\t</tr>\n";
                 $NOUT .= "\t\t<tr class=\"content2\">\n";
                 $NOUT .= "\t\t\t<td valign=\"top\">\n";
                 $NOUT .= "\t\t\t\t<label for=\"email\" accesskey=\"e\" tabindex=\"-1\">" . $apcms['LANGUAGE']['GLOBAL_EMAIL'] . "</label>\n";
                 $NOUT .= "\t\t\t</td>\n";
                 $NOUT .= "\t\t\t<td width=\"330\" align=\"right\" valign=\"top\">\n";
                 $NOUT .= "\t\t\t\t<input id=\"email\" type=\"text\" name=\"news[email]\" value=\"" . $_SESSION['email'] . "\" disabled=\"disabled\" readonly=\"readonly\" style=\"width:100%\" />\n";
                 $NOUT .= "\t\t\t</td>\n";
                 $NOUT .= "\t\t</tr>\n";
             } else {
                 $NOUT .= "\t\t<tr class=\"content2\">\n";
                 $NOUT .= "\t\t\t<td valign=\"top\">\n";
                 $NOUT .= "\t\t\t\t<label for=\"username\" accesskey=\"u\" tabindex=\"1\">" . $apcms['LANGUAGE']['GLOBAL_USERNAME'] . "</label>\n";
                 $NOUT .= "\t\t\t</td>\n";
                 $NOUT .= "\t\t\t<td width=\"330\" align=\"right\" valign=\"top\">\n";
                 $NOUT .= "\t\t\t\t<input id=\"username\" type=\"text\" name=\"news[username]\" value=\"" . (isset($_POST['news']['username']) && trim($_POST['news']['username']) != "" ? apcms_Strip($_POST['news']['username']) : "") . "\" style=\"width:100%\" />\n";
                 $NOUT .= "\t\t\t</td>\n";
                 $NOUT .= "\t\t</tr>\n";
                 $NOUT .= "\t\t<tr class=\"content2\">\n";
                 $NOUT .= "\t\t\t<td valign=\"top\">\n";
                 $NOUT .= "\t\t\t\t<label for=\"email\" accesskey=\"e\" tabindex=\"2\">" . $apcms['LANGUAGE']['GLOBAL_EMAIL'] . "</label>\n";
                 $NOUT .= "\t\t\t</td>\n";
                 $NOUT .= "\t\t\t<td width=\"330\" align=\"right\" valign=\"top\">\n";
                 $NOUT .= "\t\t\t\t<input id=\"email\" type=\"text\" name=\"news[email]\" value=\"" . (isset($_POST['news']['email']) && trim($_POST['news']['email']) != "" ? apcms_Strip($_POST['news']['email']) : "") . "\" style=\"width:100%\" />\n";
                 $NOUT .= "\t\t\t</td>\n";
                 $NOUT .= "\t\t</tr>\n";
             }
             $NOUT .= "\t\t<tr class=\"content2\">\n";
             $NOUT .= "\t\t\t<td valign=\"top\">\n";
             $NOUT .= "\t\t\t\t<label for=\"title\" accesskey=\"t\" tabindex=\"3\">" . $apcms['LANGUAGE']['apcms_plugin_newsmanagement']['COMMENT_TITLE'] . "</label>\n";
             $NOUT .= "\t\t\t</td>\n";
             $NOUT .= "\t\t\t<td width=\"330\" align=\"right\" valign=\"top\">\n";
             $NOUT .= "\t\t\t\t<input id=\"title\" type=\"text\" name=\"news[title]\" value=\"" . (isset($_POST['news']['title']) && trim($_POST['news']['title']) != "" ? apcms_Strip($_POST['news']['title']) : "") . "\" style=\"width:100%\" />\n";
             $NOUT .= "\t\t\t</td>\n";
             $NOUT .= "\t\t</tr>\n";
             $NOUT .= "\t\t<tr class=\"content2\">\n";
             $NOUT .= "\t\t\t<td valign=\"top\">\n";
             $NOUT .= "\t\t\t\t<label for=\"comment\" accesskey=\"c\" tabindex=\"4\">" . $apcms['LANGUAGE']['apcms_plugin_newsmanagement']['COMMENT_BODY'] . "</label>\n";
             $NOUT .= "\t\t\t</td>\n";
             $NOUT .= "\t\t\t<td width=\"330\" align=\"right\" valign=\"top\">\n";
             $NOUT .= "\t\t\t\t<textarea id=\"comment\" name=\"news[comment]\" rows=\"6\" style=\"width:100%\">" . (isset($_POST['news']['comment']) && trim($_POST['news']['comment']) != "" ? trim($_POST['news']['comment']) : "") . "</textarea>\n";
             $NOUT .= "\t\t\t</td>\n";
             $NOUT .= "\t\t</tr>\n";
             $NOUT .= "\t\t<tr>\n";
             $NOUT .= "\t\t\t<td colspan=\"2\" align=\"center\">\n\t\t\t\t\t\t\t\t\t\t<label for=\"submit\" accesskey=\"s\" tabindex=\"4\">\n\t\t\t\t\t\t\t\t\t\t\t<input id=\"submit\" onfocus=\"formInUse=true;\" type=\"submit\" name=\"news[submit]\" value=\"" . $apcms['LANGUAGE']['apcms_plugin_newsmanagement']['COMMENT_SAVE'] . "\" />\n\t\t\t\t\t\t\t\t\t\t</label>\n\t\t\t\t\t\t\t\t\t</td>\n";
             $NOUT .= "\t\t</tr>\n";
             $NOUT .= "\t</table>\n";
             $NOUT .= "</form>\n";
             $NOUT .= "</div><br />\n";
             $NOUT .= "\t<script type=\"text/javascript\">\n";
             if (isset($_SESSION['isloggedin']) && intval($_SESSION['isloggedin']) >= 1) {
                 $NOUT .= "\t\tdocument.getElementById('title').focus();\n";
             } else {
                 $NOUT .= "\t\tdocument.getElementById('username').focus();\n";
             }
             $NOUT .= "\t</script>\n";
         }
     } else {
     }
     /** Give the output to the Hook event of the mainpage (main.php) */
     $hook->Set_MainContent($NOUT);
 }
Exemple #3
0
            ob_start();
            $oldlevel = error_reporting(0);
            eval($matches[4][$countthis]);
            error_reporting($oldlevel);
            $buffer = ob_get_contents();
            ob_end_clean();
            $navbox_content = str_replace($matches[0][$countthis], $buffer, $navbox_content);
        }
        unset($matches);
        preg_match_all("/(\\[box=)([^\\]]+)(\\])/siU", $navbox_content, $matches);
        for ($countthis = 0; $countthis < count($matches[0]); $countthis++) {
            $boxcontent = apcms_DisplayBoxContent($matches[2][$countthis]);
            $navbox_content = str_replace($matches[0][$countthis], $boxcontent, $navbox_content);
        }
        $lnav = new APC_Smarty($apcms['themesdir'] . '/' . $THEME);
        $lnav->assign('navbox_head', apcms_Strip($retright[$a][1]));
        $lnav->assign('navbox_content', $navbox_content);
        $lout = $lnav->fetch('navbox.tpl');
        $RightSideBar .= $lout;
    }
}
$smarty->assign('apcms_leftSideBar', $LeftSideBar);
$smarty->assign('apcms_rightSideBar', $RightSideBar);
$COUT = "";
if (!apcms_CheckAccess('global_access', $_SESSION['groups'])) {
    $error = $apcms['LANGUAGE']['ERROR_ACCESS_DENIED'];
    $apcms['redirect_url'] = $apcms['referer'];
    $apcms['redirect_time'] = 3;
} else {
    include $includefile;
}