private function onPurchase()
{
if (false !== ($error = GWF_Form::validateCSRF_WeakS())) {
return GWF_HTML::error('Purchase GWF Modules', $error) . $this->templatePurchase();
}
if (!isset($_POST['mod']) || !is_array($_POST['mod'])) {
return $this->module->error('err_select_modules') . $this->templatePurchase();
// return GWF_HTML::err('ERR_GENERAL', array( __FILE__, __LINE__)).$this->templatePurchase();
}
$purchased_modules = array();
foreach ($_POST['mod'] as $mname => $yes) {
if (isset($this->modules[$mname])) {
$purchased_modules[] = $mname;
}
}
if (count($purchased_modules) === 0) {
return $this->module->error('err_select_modules') . $this->templatePurchase();
}
$designs = GWF_Design::getDesigns();
$purchased_designs = array();
foreach ($_POST['design'] as $dname => $yes) {
if (array_key_exists($dname, $designs)) {
$purchased_designs[] = $dname;
}
}
$user = GWF_User::getStaticOrGuest();
$userid = GWF_Session::getUserID();
if (false === ($client = GWF_Client::getClient($userid))) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__)) . $this->templatePurchase();
}
$order = new GWF_ClientOrder(array('vsco_uid' => $userid, 'vsco_modules' => implode(',', $purchased_modules), 'vsco_designs' => implode(',', $purchased_designs)));
Module_Payment::saveTempOrder($order);
$tVars = array('order' => Module_Payment::displayOrderS($this->module, $order, $user));
return $this->module->template('order.tpl', $tVars);
}
private function onJoin($array)
{
if (false !== ($error = GWF_Form::validateCSRF_WeakS())) {
return GWF_HTML::error('Join Group', $error);
}
if (false === ($group = GWF_Group::getByID(key($array)))) {
return $this->module->error('err_unk_group');
}
return $this->module->getMethod('Join')->onQuickJoin($group, GWF_User::getStaticOrGuest());
}
private function onDeleteFolders()
{
if (false !== ($error = GWF_Form::validateCSRF_WeakS())) {
return GWF_HTML::error('PM', $error, false);
}
$back = '';
foreach (Common::getPostArray('folder', array()) as $folderid => $stub) {
$back .= $this->onDeleteFolder($folderid);
}
return $back;
}
public static function onUpload(Module_PageBuilder $module)
{
if (false !== ($error = GWF_Form::validateCSRF_WeakS())) {
return $error;
}
if (false === ($file = GWF_Upload::getFile('file'))) {
return GWF_HTML::err('ERR_MISSING_UPLOAD');
}
$back = '';
# TODO: There are more unsafe languages!
# But we want to keep the file extension.
# Not really a big deal, unless you have malicious admin users.
$name = $file['name'];
// $name = str_replace(array('/', '\\'), '', $name);
// $forbidden = array('.php',/* '.pl', '.py', '.asp'*/);
// foreach ($forbidden as $ext)
// {
// if (Common::endsWith($name, $ext))
// if (Common::endsWith($name, '.php'))
// {
// $name .= '.html';
// $back .= $module->error('err_file_ext');
// return $back;
// }
// }
# This is evil, sometimes even with foo.php.html
if (stripos($name, '.php') !== false) {
return $module->error('err_file_ext');
}
# We do a sanity check here
if (!preg_match('#^[a-z0-9_][a-z0-9_\\.]{0,62}$#iD', $name)) {
$back .= $module->error('err_file_name');
return $back;
}
# Copy the file
$path = 'dbimg/content/' . $name;
$epath = htmlspecialchars($path);
if (Common::isFile($path)) {
return $back . $module->error('err_upload_exists');
}
if (false === GWF_Upload::moveTo($file, $path)) {
return $back . GWF_HTML::err('ERR_WRITE_FILE', array($epath));
}
# Is bbcode mode?
$bbcode = (Common::getPostInt('type', 0) & (GWF_Page::HTML | GWF_Page::SMARTY)) === 0;
# Append to page content as image or anchor.
$_POST['content'] .= self::fileToContent($name, $path, $bbcode);
return $module->message('msg_file_upped', array($epath));
}
private function onDelete($array)
{
if (!GWF_User::isInGroupS('moderator')) {
return GWF_HTML::err('ERR_NO_PERMISSION');
}
if (!is_array($array)) {
return GWF_HTML::err('ERR_GENERAL', array(__FILE__, __LINE__));
}
if (false !== ($error = GWF_Form::validateCSRF_WeakS())) {
return GWF_HTML::error('Shoutbox', $error);
}
foreach ($array as $id => $foo) {
break;
}
if (false === ($row = GWF_Shoutbox::getByID($id))) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
if (false === $row->delete()) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
return $this->module->message('msg_deleted');
}
private function onDelete()
{
if (false !== ($error = GWF_Form::validateCSRF_WeakS())) {
return $error;
}
if (isset($_POST['user']) && is_array($_POST['user'])) {
$to_delete = implode(',', array_keys($_POST['user']));
if ($to_delete !== '') {
$userid = GWF_Session::getUserID();
$table = GDO::table('GWF_ProfilePOIWhitelist');
if (!$table->deleteWhere("pw_uida={$userid} AND pw_uidb IN ({$to_delete})")) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
$numDeleted = $table->affectedRows();
if ($numDeleted > 0) {
return $this->module->message('msg_white_removed', array($numDeleted));
}
}
}
return '';
}
private function onUnFreeze($data)
{
if (false !== ($err = GWF_Form::validateCSRF_WeakS())) {
return GWF_HTML::error('WeChall', $err);
}
if (!is_array($data)) {
return GWF_HTML::err('ERR_GENERAL', array(__FILE__, __LINE__));
}
foreach ($data as $key => $value) {
break;
}
$data = explode(',', $key);
if (count($data) !== 2) {
return GWF_HTML::err('ERR_GENERAL', array(__FILE__, __LINE__));
}
$userid = intval($data[0]);
$siteid = intval($data[1]);
if (false === ($user = GWF_User::getByID($userid))) {
return GWF_HTML::err('ERR_UNKNOWN_USER');
}
if (false === ($site = WC_Site::getByID($siteid))) {
return $this->module->error('err_site');
}
if (WC_Freeze::isUserFrozenOnSite($userid, $siteid)) {
# Unfreeze
if (false === WC_Freeze::unfreezeUser($userid, $siteid)) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
# Insert event.
$rank = WC_RegAt::calcExactRank($user);
WC_HistoryUser2::insertEntry($user, $site, 'unban');
}
# Done
return $this->module->message('msg_unfrozen', array($user->displayUsername(), $site->displayName()));
}
private function onEnable($enum)
{
if (false !== ($error = GWF_Form::validateCSRF_WeakS())) {
return GWF_HTML::error('', $error);
}
if ($this->mod->isCoreModule()) {
return $this->module->error('err_disable_core_module');
}
if (false === $this->mod->saveOption(GWF_Module::ENABLED, $enum === 'enabled')) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
if (false === GWF_ModuleLoader::reinstallHTAccess()) {
return GWF_HTML::err('ERR_GENERAL', array(__FILE__, __LINE__));
}
return $this->module->message('msg_module_' . $enum, array($this->mod->display('module_name')));
}
private function onUnLinkSite($array)
{
if (false !== ($error = GWF_Form::validateCSRF_WeakS())) {
return GWF_HTML::error('WeChall', $error);
}
if (!is_array($array)) {
return '';
}
// TODO: Replace with appropiate PHP function
foreach ($array as $siteid => $stub) {
break;
}
if (false === ($site = WC_Site::getByID($siteid))) {
return $this->module->error('err_site');
}
$user = GWF_Session::getUser();
$userid = GWF_Session::getUserID();
$old_totalscore = $user->getVar('user_level');
if (WC_Freeze::isUserFrozen($userid)) {
return $this->module->error('err_frozen');
}
if (false === ($regat = WC_RegAt::getRegatRow($userid, $site->getID()))) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
if (false === WC_RegAt::unlink($userid, $site->getID())) {
return GWF_HTML::err('ERR_DATABASE', array(__FILE__, __LINE__));
}
$site->increase('site_linkcount', -1);
WC_RegAt::calcTotalscores();
# (GWF_Session::getUser());
$user = GWF_User::getByID($userid);
$new_totalscore = $user->getVar('user_level');
require_once GWF_CORE_PATH . 'module/WeChall/WC_HistoryUser2.php';
WC_HistoryUser2::insertEntry($user, $site, 'unlink', 0, $regat->getOnsiteScore(), $new_totalscore - $old_totalscore);
return $this->module->message('msg_site_unlinked', array($site->displayName()));
}
