} if (strpos($_SERVER['SCRIPT_NAME'], 'php.cgi') !== false) { //unused in Couch $_SERVER['SCRIPT_NAME'] = $_SERVER['PHP_SELF']; } if (!defined('K_ADMIN_URL')) { define('K_ADMIN_URL', K_SITE_URL . basename(K_COUCH_DIR) . '/'); } if (!defined('K_ADMIN_PAGE')) { define('K_ADMIN_PAGE', ''); } if (!defined('K_GMT_OFFSET')) { define('K_GMT_OFFSET', +5.5); } require_once K_COUCH_DIR . 'functions.php'; $FUNCS = new KFuncs(); // Language file global $t; $t = array(); require_once K_COUCH_DIR . 'lang/EN.php'; $FUNCS->_t = $t; if (K_ADMIN_LANG != 'EN' && file_exists(K_COUCH_DIR . 'lang/' . K_ADMIN_LANG . '.php')) { $t = array(); require_once K_COUCH_DIR . 'lang/' . K_ADMIN_LANG . '.php'; $FUNCS->_t = array_merge($FUNCS->_t, $t); } unset($t); if (get_magic_quotes_gpc()) { $_GET = $FUNCS->stripslashes_deep($_GET); $_POST = $FUNCS->stripslashes_deep($_POST); $_COOKIE = $FUNCS->stripslashes_deep($_COOKIE);
function validate_masquerade_link($field) { global $FUNCS, $DB; $PAGE =& $field->page; // Validate only if template is 'index.php' and link modified and 'masquerade' is set to on if (strtolower($PAGE->tpl_name) == 'index.php' && ($PAGE->fields[12]->modified || $PAGE->fields[14]->modified) && $PAGE->fields[14]->data) { // 1. link being masqueraded has to be an internal link and // 2. it cannot be that of 'index.php' iteself // 3. Template not already masqueraded $masquerade_link = strtolower(trim($PAGE->fields[13]->data)); // pointer_link_detail if (!$masquerade_link) { return KFuncs::raise_error('Cannot masquerade an external link'); } if (strpos($masquerade_link, 'masterpage=index.php&') === 0) { return KFuncs::raise_error("Cannot masquerade 'index.php' itself"); } $arr = explode('&', $masquerade_link); $masquerade_tpl = $arr[0]; $rs = $DB->select(K_TBL_PAGES . " p INNER JOIN " . K_TBL_TEMPLATES . " t on p.template_id = t.id", array('p.id'), "t.name='index.php' AND is_pointer='1' AND masquerades='1' AND pointer_link_detail LIKE '" . $DB->sanitize($masquerade_tpl) . "%' AND t.nested_pages='1' AND t.clonable='1' AND p.id<>'" . $DB->sanitize($PAGE->id) . "'"); if (count($rs)) { return KFuncs::raise_error("Already masqueraded"); } } }
function validate_transaction($item_name, $item_number, $quantity, $payment_amount, $payment_currency, $receiver_email, &$pg) { global $DB; // $item_number is actually our page_id. Get the page. if (KFuncs::is_natural($item_number)) { $rs = $DB->select(K_TBL_PAGES, array('id', 'template_id'), "id = '" . $DB->sanitize($item_number) . "' AND page_title = '" . $DB->sanitize(trim($item_name)) . "'"); if (count($rs)) { $rec = $rs[0]; $pg = new KWebpage($rec['template_id'], $rec['id']); if (!$pg->error) { for ($x = 0; $x < count($pg->fields); $x++) { if ($pg->fields[$x]->name == 'pp_price') { $pp_price = trim($pg->fields[$x]->get_data()); } } if (isset($pp_price)) { // Validate payment made is not less than price * quantity (allow a little margin to take rounding into consideration) if ($payment_amount < $pp_price * $quantity * 0.995) { return KFuncs::raise_error('Payment made(' . $payment_amount . ') less than price(' . $pp_price . ') x quantity(' . $quantity . ')'); } // Validate currency of payment matches currency of price if (trim($payment_currency) != trim(K_PAYPAL_CURRENCY)) { return KFuncs::raise_error('Payment currency(' . $payment_currency . ') does not match price currency(' . K_PAYPAL_CURRENCY . ')'); } // Finally validate that the payment has been made to the right account if (trim($receiver_email) != trim(K_PAYPAL_EMAIL)) { return KFuncs::raise_error('Receiver email(' . $receiver_email . ') does not match seller\'s email(' . K_PAYPAL_EMAIL . ')'); } // if we are here, everything is ok return; } else { return KFuncs::raise_error('Item number(' . $item_number . ') has no price field associated'); } } else { return KFuncs::raise_error('Error occured while creating Page object for item number(' . $item_number . '). Error:' . $pg->err_msg . ''); } } else { return KFuncs::raise_error('No item number(' . $item_number . ') with the item_name(' . $item_name . ') found'); } } else { return KFuncs::raise_error('Invalid item number(' . $item_number . ')'); } }
function name_unique($field) { global $FUNCS, $DB, $PAGE; $rs = $DB->select(K_TBL_FOLDERS, array('id'), "name='" . $DB->sanitize(trim($field->get_data())) . "' and NOT id='" . $DB->sanitize($PAGE->folder_id) . "' and template_id='" . $DB->sanitize($PAGE->tpl_id) . "'"); if (count($rs)) { return KFuncs::raise_error($FUNCS->t('name_already_exists')); } }