private static function register_archive($language_type, $title, $contents, $id_cat)
{
$number_subscribers = self::number_subscribers($id_cat);
$title = TextHelper::strprotect($title, TextHelper::HTML_NO_PROTECT, TextHelper::ADDSLASHES_FORCE);
$contents = TextHelper::strprotect($contents, HTML_NO_PROTECT, ADDSLASHES_FORCE);
self::$db_querier->inject("INSERT INTO " . NewsletterSetup::$newsletter_table_archive . " (id_cat, title, contents, timestamp, type, subscribers)\r\n\t\t\tVALUES (:id_cat, :title, :contents, :timestamp, :type, :field_type, :subscribers)", array('id_cat' => $id_cat, 'title' => $title, 'contents' => $contents, 'timestamp' => time(), 'type' => $language_type, 'subscribers' => 0));
}
/**
* @desc Builds a list of alerts matching the required criteria(s). You can specify many criterias. When you use several of them, it's a AND condition.
* It will only return the alert which match all the criterias.
* @param int $id_in_module Id in the module.
* @param string $type Alert type.
* @param string $identifier Alert identifier.
* @return AdministratorAlert[] The list of the matching alerts.
*/
public static function find_by_criteria($id_in_module = null, $type = null, $identifier = null)
{
$criterias = array();
if ($id_in_module != null) {
$criterias[] = "id_in_module = '" . intval($id_in_module) . "'";
}
if ($type != null) {
$criterias[] = "type = '" . TextHelper::strprotect($type) . "'";
}
if ($identifier != null) {
$criterias[] = "identifier = '" . TextHelper::strprotect($identifier) . "'";
}
//Restrictive criteria
if (!empty($criterias)) {
$array_result = array();
$result = self::$db_querier->select("SELECT id, entitled, fixing_url, current_status, creation_date, identifier, id_in_module, type, priority, description\n\t\t\tFROM " . DB_TABLE_EVENTS . "\n\t\t\tWHERE contribution_type = '" . ADMINISTRATOR_ALERT_TYPE . "' AND " . implode($criterias, " AND "));
while ($row = $result->fetch()) {
$alert = new AdministratorAlert();
$alert->build($row['id'], $row['entitled'], $row['description'], $row['fixing_url'], $row['current_status'], new Date($row['creation_date'], Timezone::SERVER_TIMEZONE), $row['id_in_module'], $row['identifier'], $row['type'], $row['priority']);
$array_result[] = $alert;
}
$result->dispose();
return $array_result;
} else {
return AdministratorAlertCache::load()->get_all_alerts_number();
}
}
/**
* @desc Compute Stats of Site Referers
*/
public static function compute_referer()
{
$referer = parse_url(AppContext::get_request()->get_url_referrer());
if (!empty($referer)) {
########### Détection des mots clés ###########
$is_search_engine = false;
$search_engine = $query_param = '';
if (!empty($referer['host'])) {
$engines = array('dmoz' => 'q', 'aol' => 'q', 'ask' => 'q', 'google' => 'q', 'bing' => 'q', 'hotbot' => 'q', 'teoma' => 'q', 'exalead' => 'q', 'yahoo' => 'p', 'lycos' => 'query', 'kanoodle' => 'query', 'voila' => 'kw', 'baidu' => 'wd', 'yandex' => 'text');
foreach ($engines as $engine => $param) {
if (strpos($referer['host'], $engine) !== false) {
$is_search_engine = true;
$search_engine = $engine;
$query_param = $param;
break;
}
}
}
if ($is_search_engine) {
$query = !empty($referer['query']) ? $referer['query'] . '&' : '';
if (strpos($query, $query_param . '=') !== false) {
$pattern = '/' . $query_param . '=(.*?)&/si';
preg_match($pattern, $query, $matches);
$keyword = TextHelper::strprotect(utf8_decode(urldecode(strtolower($matches[1]))));
$check_search_engine = PersistenceContext::get_querier()->count(StatsSetup::$stats_referer_table, 'WHERE url = :url AND relative_url = :keyword', array('url' => $search_engine, 'keyword' => $keyword));
if (!empty($keyword)) {
if (!empty($check_search_engine)) {
PersistenceContext::get_querier()->inject("UPDATE " . StatsSetup::$stats_referer_table . " SET total_visit = total_visit + 1, today_visit = today_visit + 1, last_update = '" . time() . "' WHERE url = '" . $search_engine . "' AND relative_url = '" . $keyword . "'");
} else {
PersistenceContext::get_querier()->insert(StatsSetup::$stats_referer_table, array('url' => $search_engine, 'relative_url' => $keyword, 'total_visit' => 1, 'today_visit' => 1, 'yesterday_visit' => 0, 'nbr_day' => 1, 'last_update' => time(), 'type' => 1));
}
}
}
} elseif (!empty($referer['host'])) {
$referer['scheme'] = !empty($referer['scheme']) ? $referer['scheme'] : 'http';
########### Détection du site de provenance ###########
$url = addslashes($referer['scheme'] . '://' . $referer['host']);
if (strpos($url, HOST) === false) {
$referer['path'] = !empty($referer['path']) ? $referer['path'] : '';
$relative_url = addslashes((substr($referer['path'], 0, 1) == '/' ? $referer['path'] : '/' . $referer['path']) . (!empty($referer['query']) ? '?' . $referer['query'] : '') . (!empty($referer['fragment']) ? '#' . $referer['fragment'] : ''));
$check_url = PersistenceContext::get_querier()->count(StatsSetup::$stats_referer_table, 'WHERE url = :url AND relative_url = :relative_url', array('url' => $url, 'relative_url' => $relative_url));
if (!empty($check_url)) {
PersistenceContext::get_querier()->inject("UPDATE " . StatsSetup::$stats_referer_table . " SET total_visit = total_visit + 1, today_visit = today_visit + 1, last_update = '" . time() . "' WHERE url = '" . $url . "' AND relative_url = '" . $relative_url . "'");
} else {
PersistenceContext::get_querier()->insert(StatsSetup::$stats_referer_table, array('url' => $url, 'relative_url' => $relative_url, 'total_visit' => 1, 'today_visit' => 1, 'yesterday_visit' => 0, 'nbr_day' => 1, 'last_update' => time(), 'type' => 0));
}
}
}
}
}
public function get_search_request($args)
{
$weight = isset($args['weight']) && is_numeric($args['weight']) ? $args['weight'] : 1;
$search = $args['search'];
$idcat = !empty($args['ForumIdcat']) ? NumberHelper::numeric($args['ForumIdcat']) : -1;
$time = (!empty($args['ForumTime']) ? NumberHelper::numeric($args['ForumTime']) : 30000) * 3600 * 24;
$where = !empty($args['ForumWhere']) ? TextHelper::strprotect($args['ForumWhere']) : 'all';
require_once PATH_TO_ROOT . '/forum/forum_defines.php';
$authorized_categories = ForumService::get_authorized_categories(Category::ROOT_CATEGORY);
if ($where == 'all') {
// All
return "SELECT " . $args['id_search'] . " AS `id_search`,\n\t\t\t\tMIN(msg.id) AS `id_content`,\n\t\t\t\tt.title AS `title`,\n\t\t\t\tMAX(( 2 * FT_SEARCH_RELEVANCE(t.title, '" . $search . "') + FT_SEARCH_RELEVANCE(msg.contents, '" . $search . "') ) / 3) * " . $weight . " AS `relevance`,\n\t\t\t\tCONCAT('" . PATH_TO_ROOT . "/forum/topic.php?id=', t.id, '#m', msg.id) AS `link`\n\t\t\tFROM " . PREFIX . "forum_msg msg\n\t\t\tJOIN " . PREFIX . "forum_topics t ON t.id = msg.idtopic\n\t\t\tJOIN " . PREFIX . "forum_cats c ON c.id_parent != 0 AND c.id = t.idcat\n\t\t\tWHERE ( FT_SEARCH(t.title, '" . $search . "') OR FT_SEARCH(msg.contents, '" . $search . "') ) AND msg.timestamp > '" . (time() - $time) . "'\n\t\t\t" . ($idcat > 0 ? " AND c.id = " . $idcat : '') . " AND c.id IN (" . implode(',', $authorized_categories) . ")\n\t\t\tGROUP BY t.id\n\t\t\tORDER BY relevance DESC\n\t\t\tLIMIT " . FORUM_MAX_SEARCH_RESULTS;
}
if ($where == 'contents') {
// Contents
return "SELECT " . $args['id_search'] . " AS `id_search`,\n\t\t\t\tMIN(msg.id) AS `id_content`,\n\t\t\t\tt.title AS `title`,\n\t\t\t\tMAX(FT_SEARCH_RELEVANCE(msg.contents, '" . $search . "')) * " . $weight . " AS `relevance`,\n\t\t\t\tCONCAT('" . PATH_TO_ROOT . "/forum/topic.php?id=', t.id, '#m', msg.id) AS `link`\n\t\t\tFROM " . PREFIX . "forum_msg msg\n\t\t\tJOIN " . PREFIX . "forum_topics t ON t.id = msg.idtopic\n\t\t\tJOIN " . PREFIX . "forum_cats c ON c.id_parent != 0 AND c.id = t.idcat\n\t\t\tWHERE FT_SEARCH(msg.contents, '" . $search . "') AND msg.timestamp > '" . (time() - $time) . "'\n\t\t\t" . ($idcat > 0 ? " AND c.id = " . $idcat : '') . " AND c.id IN (" . implode(',', $authorized_categories) . ")\n\t\t\tGROUP BY t.id\n\t\t\tLIMIT " . FORUM_MAX_SEARCH_RESULTS;
} else {
// Title only
return "SELECT " . $args['id_search'] . " AS `id_search`,\n\t\t\t\tmsg.id AS `id_content`,\n\t\t\t\tt.title AS `title`,\n\t\t\t\tFT_SEARCH_RELEVANCE(t.title, '" . $search . "') * " . $weight . " AS `relevance`,\n\t\t\t\tCONCAT('" . PATH_TO_ROOT . "/forum/topic.php?id=', t.id, '#m', msg.id) AS `link`\n\t\t\tFROM " . PREFIX . "forum_msg msg\n\t\t\tJOIN " . PREFIX . "forum_topics t ON t.id = msg.idtopic\n\t\t\tJOIN " . PREFIX . "forum_cats c ON c.id_parent != 0 AND c.id = t.idcat\n\t\t\tWHERE FT_SEARCH(t.title, '" . $search . "') AND msg.timestamp > '" . (time() - $time) . "'\n\t\t\t" . ($idcat > 0 ? " AND c.id = " . $idcat : '') . " AND c.id IN (" . implode(',', $authorized_categories) . ")\n\t\t\tGROUP BY t.id\n\t\t\tLIMIT " . FORUM_MAX_SEARCH_RESULTS;
}
}
public function execute(HTTPRequestCustom $request)
{
if ($this->check_authorizations()) {
$pseudo = TextHelper::strprotect(utf8_decode($request->get_string('pseudo', '')));
$contents = TextHelper::htmlentities($request->get_string('contents', ''), ENT_COMPAT, 'UTF-8');
$contents = TextHelper::htmlspecialchars_decode(TextHelper::html_entity_decode($contents, ENT_COMPAT, 'windows-1252'));
if ($pseudo && $contents) {
//Mod anti-flood, autorisé aux membres qui bénificie de l'autorisation de flooder.
$check_time = AppContext::get_current_user()->get_id() !== -1 && ContentManagementConfig::load()->is_anti_flood_enabled() ? PersistenceContext::get_querier()->get_column_value(PREFIX . "shoutbox", 'MAX(timestamp)', 'WHERE user_id = :id', array('id' => AppContext::get_current_user()->get_id())) : '';
if (!empty($check_time) && !AppContext::get_current_user()->check_max_value(AUTH_FLOOD)) {
if ($check_time >= time() - ContentManagementConfig::load()->get_anti_flood_duration()) {
$code = -1;
}
}
//Vérifie que le message ne contient pas du flood de lien.
$config_shoutbox = ShoutboxConfig::load();
$contents = FormatingHelper::strparse($contents, $config_shoutbox->get_forbidden_formatting_tags());
if (!TextHelper::check_nbr_links($contents, $config_shoutbox->get_max_links_number_per_message(), true)) {
//Nombre de liens max dans le message.
$code = -2;
}
$shoutbox_message = new ShoutboxMessage();
$shoutbox_message->init_default_properties();
$shoutbox_message->set_login($pseudo);
$shoutbox_message->set_user_id(AppContext::get_current_user()->get_id());
$shoutbox_message->set_contents($contents);
$shoutbox_message->set_creation_date(new Date());
$code = ShoutboxService::add($shoutbox_message);
} else {
$code = -3;
}
} else {
$code = -4;
}
return new JSONResponse(array('code' => $code));
}
$lower_query = strtolower($query);
if (strtolower(substr($query, 0, 6)) == 'select') {
//On éxécute la requête
$result = PersistenceContext::get_querier()->select(str_replace('phpboost_', PREFIX, $query));
$i = 1;
while ($row = $result->fetch()) {
$tpl->assign_block_vars('line', array());
//Premier passage: on liste le nom des champs sélectionnés
if ($i == 1) {
foreach ($row as $field_name => $field_value) {
$tpl->assign_block_vars('head', array('FIELD_NAME' => $field_name));
}
}
//On parse les valeurs de sortie
foreach ($row as $field_name => $field_value) {
$tpl->assign_block_vars('line.field', array('FIELD_NAME' => TextHelper::strprotect($field_value), 'STYLE' => is_numeric($field_value) ? 'text-align:right;' : ''));
}
$i++;
}
$result->dispose();
} elseif (substr($lower_query, 0, 11) == 'insert into' || substr($lower_query, 0, 6) == 'update' || substr($lower_query, 0, 11) == 'delete from' || substr($lower_query, 0, 11) == 'alter table' || substr($lower_query, 0, 8) == 'truncate' || substr($lower_query, 0, 10) == 'drop table') {
$result = PersistenceContext::get_querier()->inject(str_replace('phpboost_', PREFIX, $query));
$affected_rows = $result->get_affected_rows();
}
} elseif (!empty($table)) {
$query = "SELECT * FROM " . $table . " WHERE 1";
}
$tpl->put_all(array('QUERY' => DatabaseService::indent_query($query), 'QUERY_HIGHLIGHT' => DatabaseService::highlight_query($query), 'L_REQUIRE' => LangLoader::get_message('form.explain_required_fields', 'status-messages-common'), 'L_EXPLAIN_QUERY' => $LANG['db_query_explain'], 'L_CONFIRM_QUERY' => $LANG['db_confirm_query'], 'L_EXECUTE' => $LANG['db_submit_query'], 'L_RESULT' => $LANG['db_query_result'], 'L_EXECUTED_QUERY' => $LANG['db_executed_query']));
} elseif (!empty($table)) {
$table_structure = $backup->extract_table_structure(array($table));
//Extraction de la structure de la table.
//Permet de ne pas mettre jour la page dans la session.
include_once PATH_TO_ROOT . '/kernel/header_no_display.php';
$db_querier = PersistenceContext::get_querier();
$request = AppContext::get_request();
$member = $request->get_getint('member', 0);
$insert_member = $request->get_getint('insert_member', 0);
$add_member_auth = $request->get_getint('add_member_auth', 0);
$admin_member = $request->get_getint('admin_member', 0);
$warning_member = $request->get_getint('warning_member', 0);
$punish_member = $request->get_getint('punish_member', 0);
$warning_user = $request->get_getint('warning_user', 0);
$punish_user = $request->get_getint('punish_user', 0);
$ban_user = $request->get_getint('ban_user', 0);
$login = TextHelper::strprotect(utf8_decode($request->get_postvalue('login', '')));
$login = str_replace('*', '%', $login);
$divid = TextHelper::strprotect(utf8_decode($request->get_postvalue('divid', '')));
$admin = $request->get_postint('admin', 0);
if (!empty($member) || !empty($insert_member) || !empty($add_member_auth) || !empty($admin_member) || !empty($warning_member) || !empty($punish_member)) {
if (!empty($login)) {
$i = 0;
$result = $db_querier->select("SELECT user_id, display_name FROM " . DB_TABLE_MEMBER . " WHERE display_name LIKE :login", array('login' => $login . '%'));
while ($row = $result->fetch()) {
if (!empty($member)) {
echo '<a href="' . UserUrlBuilder::profile($row['user_id'])->rel() . '">' . $row['display_name'] . '</a><br />';
} elseif (!empty($insert_member)) {
echo '<a href="#" onclick="document.getElementById(\'login\').value = \'' . addslashes($row['display_name']) . '\';return false">' . addslashes($row['display_name']) . '</a><br />';
} elseif (!empty($add_member_auth)) {
echo '<a href="javascript:XMLHttpRequest_add_member_auth(\'' . addslashes($divid) . '\', ' . $row['user_id'] . ', \'' . addslashes($row['display_name']) . '\', \'' . addslashes($LANG['alert_member_already_auth']) . '\');">' . addslashes($row['display_name']) . '</a><br />';
} elseif (!empty($admin_member)) {
echo '<a href="' . UserUrlBuilder::profile($row['user_id'])->rel() . '">' . addslashes($row['display_name']) . '</a><br />';
}
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
*
###################################################*/
require_once '../admin/admin_begin.php';
load_module_lang('wiki');
define('TITLE', $LANG['administration']);
require_once '../admin/admin_header.php';
include_once '../wiki/wiki_functions.php';
$config = WikiConfig::load();
$request = AppContext::get_request();
$update = $request->get_postvalue('update', false);
$display_categories_on_index = $request->get_postvalue('display_categories_on_index', false);
$hits_counter = $request->get_postvalue('hits_counter', false);
$index_text = stripslashes(wiki_parse(retrieve(POST, 'contents', '', TSTRING_AS_RECEIVED)));
if ($update) {
$config->set_wiki_name(TextHelper::strprotect(retrieve(POST, 'wiki_name', $LANG['wiki'], TSTRING_AS_RECEIVED), TextHelper::HTML_PROTECT, TextHelper::ADDSLASHES_NONE));
$config->set_number_articles_on_index(retrieve(POST, 'number_articles_on_index', 0));
if ($display_categories_on_index) {
$config->display_categories_on_index();
} else {
$config->hide_categories_on_index();
}
if ($hits_counter) {
$config->enable_hits_counter();
} else {
$config->disable_hits_counter();
}
$config->set_index_text(stripslashes(wiki_parse(retrieve(POST, 'contents', '', TSTRING_AS_RECEIVED))));
WikiConfig::save();
//Régénération du cache
WikiCategoriesCache::invalidate();
/**
* @param string $image the value to set
*/
public function set_title($title)
{
$this->title = TextHelper::strprotect($title, TextHelper::HTML_PROTECT, TextHelper::ADDSLASHES_NONE);
}
}
//On regarde que le sujet n'est pas en favoris
$is_favorite = PersistenceContext::get_querier()->count(PREFIX . "wiki_favorites", 'WHERE user_id = :user_id AND id_article = :id_article', array('user_id' => AppContext::get_current_user()->get_id(), 'id_article' => $remove_favorite));
//L'article est effectivement en favoris
if ($is_favorite > 0) {
PersistenceContext::get_querier()->delete(PREFIX . 'wiki_favorites', 'WHERE id_article=:id AND user_id=:user_id', array('id' => $remove_favorite, 'user_id' => AppContext::get_current_user()->get_id()));
AppContext::get_response()->redirect('/wiki/' . url('wiki.php?title=' . $article_infos['encoded_title'], $article_infos['encoded_title'], '&'));
} else {
//Erreur: l'article est déjà en favoris
AppContext::get_response()->redirect('/wiki/' . url('favorites.php?error=e_no_favorite', '', '&') . '#message_helper');
}
} else {
$tpl = new FileTemplate('wiki/favorites.tpl');
//Gestion des erreurs
$error = AppContext::get_request()->get_getvalue('error', '');
$error = !empty($error) ? TextHelper::strprotect($error) : '';
if ($error == 'e_no_favorite') {
$errstr = $LANG['wiki_article_is_not_a_favorite'];
} elseif ($error == 'e_already_favorite') {
$errstr = $LANG['wiki_already_favorite'];
} else {
$errstr = '';
}
if (!empty($errstr)) {
$tpl->put('message_helper', MessageHelper::display($errstr, MessageHelper::WARNING));
}
//on liste les favoris
$result = PersistenceContext::get_querier()->select("SELECT f.id, a.id, a.title, a.encoded_title\n\tFROM " . PREFIX . "wiki_favorites f\n\tLEFT JOIN " . PREFIX . "wiki_articles a ON a.id = f.id_article\n\tWHERE user_id = :id", array('id' => AppContext::get_current_user()->get_id()));
$tpl->put_all(array('NO_FAVORITE' => $result->get_rows_count() == 0, 'L_FAVORITES' => $LANG['wiki_favorites'], 'L_NO_FAVORITE' => $LANG['wiki_no_favorite'], 'L_TITLE' => $LANG['title'], 'L_UNTRACK' => $LANG['wiki_unwatch']));
$module_data_path = $tpl->get_pictures_data_path();
while ($row = $result->fetch()) {
$valid = $request->get_postvalue('valid', false);
$gallery_cache = $request->get_postvalue('gallery_cache', false);
//Si c'est confirmé on execute
if ($valid) {
$config->set_mini_max_width(retrieve(POST, 'mini_max_width', 150));
$config->set_mini_max_height(retrieve(POST, 'mini_max_height', 150));
$config->set_max_width(retrieve(POST, 'max_width', 800));
$config->set_max_height(retrieve(POST, 'max_height', 600));
$config->set_max_weight(retrieve(POST, 'max_weight', 1024));
$config->set_quality(retrieve(POST, 'quality', 80));
if (retrieve(POST, 'logo_enabled', '')) {
$config->enable_logo();
} else {
$config->disable_logo();
}
$config->set_logo(TextHelper::strprotect(retrieve(POST, 'logo', ''), TextHelper::HTML_PROTECT, TextHelper::ADDSLASHES_NONE));
$config->set_logo_transparency(retrieve(POST, 'logo_transparency', 40));
$config->set_logo_horizontal_distance(retrieve(POST, 'logo_horizontal_distance', 5));
$config->set_logo_vertical_distance(retrieve(POST, 'logo_vertical_distance', 5));
$config->set_categories_number_per_page(retrieve(POST, 'categories_number_per_page', 10));
$config->set_columns_number(retrieve(POST, 'columns_number', 4));
$config->set_pics_number_per_page(retrieve(POST, 'pics_number_per_page', 16));
if (retrieve(POST, 'notation_scale', 5) != $config->get_notation_scale()) {
NotationService::update_notation_scale('gallery', $config->get_notation_scale(), retrieve(POST, 'notation_scale', 5));
}
$config->set_notation_scale(retrieve(POST, 'notation_scale', 5));
if (retrieve(POST, 'title_enabled', '')) {
$config->enable_title();
} else {
$config->disable_title();
}
//Si le fichier existe
if (preg_match('`[^/]+\\.sql$`', $file) && is_file($file_path)) {
if (@unlink($file_path)) {
AppContext::get_response()->redirect(HOST . DIR . url('/database/admin_database.php?action=restore&error=unlink_success', '', '&'));
} else {
AppContext::get_response()->redirect(HOST . DIR . url('/database/admin_database.php?action=restore&error=unlink_failure', '', '&'));
}
} else {
AppContext::get_response()->redirect(HOST . DIR . url('/database/admin_database.php?action=restore&error=file_does_not_exist', '', '&'));
}
}
$post_file = isset($_FILES['file_sql']) ? $_FILES['file_sql'] : '';
if (!empty($file)) {
AppContext::get_session()->csrf_get_protect();
//Protection csrf
$file = TextHelper::strprotect($file);
$file_path = PATH_TO_ROOT . '/cache/backup/' . $file;
if (preg_match('`[^/]+\\.sql$`', $file) && is_file($file_path)) {
Environment::try_to_increase_max_execution_time();
$db_utils = PersistenceContext::get_dbms_utils();
$db_utils->parse_file(new File($file_path));
$tables_list = $db_utils->list_tables();
$db_utils->optimize($tables_list);
$db_utils->repair($tables_list);
AppContext::get_cache_service()->clear_cache();
AppContext::get_response()->redirect(HOST . DIR . url('/database/admin_database.php?action=restore&error=success', '', '&'));
}
} elseif (!empty($post_file)) {
if ($post_file['size'] < 10485760 && preg_match('`[^/]+\\.sql$`', $post_file['name'])) {
$file_path = PATH_TO_ROOT . '/cache/backup/' . $post_file['name'];
if (!is_file($file_path) && move_uploaded_file($post_file['tmp_name'], $file_path)) {
*
*/
define('PATH_TO_ROOT', '../../..');
include_once PATH_TO_ROOT . '/kernel/begin.php';
AppContext::get_session()->no_session_location();
//Permet de ne pas mettre jour la page dans la session.
include_once PATH_TO_ROOT . '/kernel/header_no_display.php';
//Initialisation de la class de gestion des fichiers.
$user = AppContext::get_current_user();
$request = AppContext::get_request();
$new_folder = $request->get_getint('new_folder', 0);
$rename_folder = $request->get_getint('rename_folder', 0);
$rename_file = $request->get_getint('rename_file', 0);
$user_id = $request->get_postint('user_id', $user->get_id());
$name = TextHelper::strprotect(utf8_decode($request->get_postvalue('name', '')));
$previous_name = TextHelper::strprotect(utf8_decode($request->get_postvalue('previous_name', '')));
if (!empty($new_folder)) {
$id_parent = $request->get_postint('id_parent', 0);
if (!empty($user_id) && $user->get_id() != $user_id) {
if ($user->check_level(User::ADMIN_LEVEL)) {
echo Uploads::Add_folder($id_parent, $user_id, $name);
} else {
echo Uploads::Add_folder($id_parent, $user->get_id(), $name);
}
} else {
echo Uploads::Add_folder($id_parent, $user->get_id(), $name);
}
} elseif (!empty($rename_folder)) {
$id_folder = $request->get_postint('id_folder', 0);
if (!empty($id_folder) && !empty($name)) {
if ($user->get_id() != $user_id) {
public function get_menu_content()
{
global $LANG;
$tpl = new FileTemplate('gallery/gallery_mini.tpl');
//Chargement de la langue du module.
load_module_lang('gallery');
$config = GalleryConfig::load();
$array_random_pics = GalleryMiniMenuCache::load()->get_pictures();
$i = 0;
//Affichage des miniatures disponibles
$array_pics_mini = 'var array_pics_mini = new Array();' . "\n";
list($nbr_pics, $sum_height, $sum_width, $scoll_mode, $height_max, $width_max) = array(0, 0, 0, 0, 142, 142);
if (isset($array_random_pics) && $array_random_pics !== array()) {
$gallery_mini = array();
shuffle($array_random_pics);
//On mélange les éléments du tableau.
//Vérification des autorisations.
$break = 0;
foreach ($array_random_pics as $array_pics_info) {
if (GalleryAuthorizationsService::check_authorizations($array_pics_info['idcat'])->read()) {
$gallery_mini[] = $array_pics_info;
$break++;
}
if ($break == $config->get_pics_number_in_mini()) {
break;
}
}
//Aucune photo ne correspond, on fait une requête pour vérifier.
if (count($gallery_mini) == 0) {
$array_random_pics = array();
$result = PersistenceContext::get_querier()->select("SELECT g.id, g.name, g.path, g.width, g.height, g.idcat, gc.auth\n\t\t\t\tFROM " . GallerySetup::$gallery_table . " g\n\t\t\t\tLEFT JOIN " . GallerySetup::$gallery_cats_table . " gc on gc.id = g.idcat\n\t\t\t\tWHERE g.aprob = 1 AND gc.aprob = 1\n\t\t\t\tORDER BY RAND()\n\t\t\t\tLIMIT " . $config->get_pics_number_in_mini());
while ($row = $result->fetch()) {
$array_random_pics[] = $row;
}
//Vérification des autorisations.
$break = 0;
foreach ($array_random_pics as $key => $array_pics_info) {
if (GalleryAuthorizationsService::check_authorizations($array_pics_info['idcat'])->read()) {
$gallery_mini[] = $array_pics_info;
$break++;
}
if ($break == $config->get_pics_number_in_mini()) {
break;
}
}
}
$tpl->put_all(array('C_FADE' => false, 'C_VERTICAL_SCROLL' => false, 'C_HORIZONTAL_SCROLL' => false, 'C_STATIC' => false));
switch ($config->get_scroll_type()) {
case GalleryConfig::STATIC_SCROLL:
$tpl->put('C_FADE', true);
break;
case GalleryConfig::VERTICAL_DYNAMIC_SCROLL:
$tpl->put('C_VERTICAL_SCROLL', true);
break;
case GalleryConfig::HORIZONTAL_DYNAMIC_SCROLL:
$tpl->put('C_HORIZONTAL_SCROLL', true);
break;
case GalleryConfig::NO_SCROLL:
$tpl->put('C_STATIC', true);
break;
}
$Gallery = new Gallery();
foreach ($gallery_mini as $key => $row) {
//Si la miniature n'existe pas (cache vidé) on regénère la miniature à partir de l'image en taille réelle.
if (!is_file(PATH_TO_ROOT . '/gallery/pics/thumbnails/' . $row['path'])) {
$Gallery->Resize_pics(PATH_TO_ROOT . '/gallery/pics/' . $row['path']);
}
//Redimensionnement + création miniature
// On recupère la hauteur et la largeur de l'image.
if ($row['width'] == 0 || $row['height'] == 0) {
list($row['width'], $row['height']) = @getimagesize(PATH_TO_ROOT . '/gallery/pics/thumbnails/' . $row['path']);
}
if ($row['width'] == 0 || $row['height'] == 0) {
list($row['width'], $row['height']) = array(142, 142);
}
$tpl->assign_block_vars('pics_mini', array('ID' => $row['id'], 'PICS' => TPL_PATH_TO_ROOT . '/gallery/pics/thumbnails/' . $row['path'], 'NAME' => TextHelper::strprotect($row['name'], TextHelper::HTML_PROTECT, TextHelper::ADDSLASHES_FORCE), 'HEIGHT' => $row['height'], 'WIDTH' => $row['width'], 'U_PICS' => TPL_PATH_TO_ROOT . '/gallery/gallery' . url('.php?cat=' . $row['idcat'] . '&id=' . $row['id'], '-' . $row['idcat'] . '-' . $row['id'] . '.php')));
$sum_height += $row['height'] + 5;
$sum_width += $row['width'] + 5;
if ($config->get_scroll_type() == GalleryConfig::NO_SCROLL) {
break;
}
$i++;
}
}
$tpl->put_all(array('ARRAY_PICS' => $array_pics_mini, 'HEIGHT_DIV' => $config->get_mini_max_height(), 'SUM_HEIGHT' => $sum_height + 10, 'HIDDEN_HEIGHT' => $config->get_mini_max_height() + 10, 'WIDTH_DIV' => $config->get_mini_max_width(), 'SUM_WIDTH' => $sum_width + 30, 'HIDDEN_WIDTH' => $config->get_mini_max_width() * 3 + 30, 'SCROLL_DELAY' => $config->get_mini_pics_speed() * 1000, 'L_NO_RANDOM_PICS' => $i == 0 ? '<br /><span class="smaller"><em>' . $LANG['no_random_img'] . '</em></span><br />' : '', 'L_GALLERY' => $LANG['gallery']));
return $tpl->render();
}
$name = TextHelper::strprotect($request->get_postvalue('name', ''));
$idpic = $Gallery->Add_pics($idcat_post, $name, $Upload->get_filename(), AppContext::get_current_user()->get_id());
if ($Gallery->get_error() != '') {
AppContext::get_response()->redirect('/gallery/admin_gallery_add.php?error=' . $Gallery->get_error() . ($idcat_post ? '&cat=' . $idcat_post : '') . '#message_helper');
}
//Régénération du cache des photos aléatoires.
GalleryMiniMenuCache::invalidate();
}
}
AppContext::get_response()->redirect('/gallery/admin_gallery_add.php?add=' . $idpic . ($idcat_post ? '&cat=' . $idcat_post : ''));
} elseif ($valid && !empty($nbr_pics_post)) {
for ($i = 1; $i <= $nbr_pics_post; $i++) {
$activ = trim($request->get_postvalue($i . 'activ', ''));
$uniq = trim($request->get_postvalue($i . 'uniq', ''));
if ($activ && !empty($uniq)) {
$name = TextHelper::strprotect($request->get_postvalue($i . 'name', ''));
$cat = NumberHelper::numeric($request->get_postint($i . 'cat', 0));
$del = NumberHelper::numeric($request->get_postint($i . 'del', 0));
if ($del) {
$file = new File('pics/' . $uniq);
$file->delete();
} else {
$Gallery->Add_pics($cat, $name, $uniq, AppContext::get_current_user()->get_id());
}
}
}
//Régénération du cache des photos aléatoires.
GalleryMiniMenuCache::invalidate();
AppContext::get_response()->redirect('/gallery/admin_gallery_add.php');
} else {
$tpl = new FileTemplate('gallery/admin_gallery_add.tpl');
/**
* @desc Builds a list of the contributions matching the required criteria(s). All the parameters represent the criterias you can use.
* If you don't want to use a criteria, let the null value. The returned contribution match all the criterias (it's a AND condition).
* @param string $module The module identifier.
* @param int $id_in_module The id in module field.
* @param string $type The contribution type.
* @param string $identifier The contribution identifier.
* @param int $poster_id The poster.
* @param int $fixer_id The fixer.
* @return Contribution[] The list of the contributions matching all the criterias.
*/
public static function find_by_criteria($module, $id_in_module = null, $type = null, $identifier = null, $poster_id = null, $fixer_id = null)
{
$criterias = array();
//The module parameter must be specified and of string type, otherwise we can't continue
if (empty($module) || !is_string($module)) {
return array();
}
$criterias[] = "module = '" . TextHelper::strprotect($module) . "'";
if ($id_in_module != null) {
$criterias[] = "id_in_module = '" . intval($id_in_module) . "'";
}
if ($type != null) {
$criterias[] = "type = '" . TextHelper::strprotect($type) . "'";
}
if ($identifier != null) {
$criterias[] = "identifier = '" . TextHelper::strprotect($identifier) . "'";
}
if ($poster_id != null) {
$criterias[] = "poster_id = '" . intval($poster_id) . "'";
}
if ($fixer_id != null) {
$criterias[] = "fixer_id = '" . intval($fixer_id) . "'";
}
$array_result = array();
$result = self::$db_querier->select("SELECT id, entitled, fixing_url, auth, current_status, module, creation_date, fixing_date, poster_id, fixer_id, poster_member.display_name poster_login, fixer_member.display_name fixer_login, identifier, id_in_module, type, description\n\t\tFROM " . DB_TABLE_EVENTS . " c\n\t\tLEFT JOIN " . DB_TABLE_MEMBER . " poster_member ON poster_member.user_id = c.poster_id\n\t\tLEFT JOIN " . DB_TABLE_MEMBER . " fixer_member ON fixer_member.user_id = c.fixer_id\n\t\tWHERE contribution_type = '" . self::CONTRIBUTION_TYPE . "' AND " . implode(" AND ", $criterias));
while ($row = $result->fetch()) {
$contri = new Contribution();
$contri->build($row['id'], $row['entitled'], $row['description'], $row['fixing_url'], $row['module'], $row['current_status'], new Date($row['creation_date'], Timezone::SERVER_TIMEZONE), new Date($row['fixing_date']), unserialize($row['auth']), $row['poster_id'], $row['fixer_id'], $row['id_in_module'], $row['identifier'], $row['type'], $row['poster_login'], $row['fixer_login']);
$array_result[] = $contri;
}
$result->dispose();
return $array_result;
}
/**
* @deprecated
* @desc Retrieves an input variable. You can retrieve any parameter of the HTTP request which launched the execution of this page.
* @param int $var_type The origin of the variable: GET if it's a parameter in the request URL, POST if the variable was in a formulary,
* COOKIE if the variables come from a cookie and FILES if it's a file.
* @param string $var_name Name of a HTTP variable you want to retrieve.
* @param mixed $default_value The value you want the variable you retrieve has if the HTTP parameter doesn't exist.
* @param string $force_type Type of the variable you want to retrieve. If you don't use this parameter, the returned variable will have the same type as the default value you imposed.
* When you force the variable type, a cast operation will be made from string (it's a string in the HTTP request) to the type you choosed.
* The types you can use are numerous:
* <ul>
* <li>TINTEGER to retrieve an integer value.</li>
* <li>TSTRING to retrieve a string. The HTML code in this string is protected (XSS protection) and the dangerous MySQL characters are escaped. You can use this variable directly in a MySQL query.
* It you want to use it now without inserting it in a data base, use the stripslashes PHP function.</li>
* <li>TSTRING_UNCHANGE if you want to retrieve the value of a string without any processing (no quotes escaping and no HTML protection).</li>
* <li>TSTRING_PARSE if you want to parse the value you retrieved. The HTML code is protected, it parses with the user parser and the quotes are escaped. Ready to be inserted in a MySQL query !</li>
* <li>TBOOL to retrieve a boolean value.</li>
* <li>TUNSIGNED_INT if you expect an unsigned integer.</li>
* <li>TUNSIGNED_DOUBLE to retrieve an unsigned double value.</li>
* <li>TSTRING_HTML if you don't want to protect the HTML code of the content but you want to escape the quotes.</li>
* <li>TSTRING_AS_RECEIVED if you want to retrieve the string variable as it was in the HTTP request. </li>
* <li>TARRAY to retrieve an array. The values it contains aren't processed.</li>
* <li>TDOUBLE to retrieve a double value</li>
* <li>TNONE if you want to get the input variable as it has been recieved (the return value will be a string because HTTP parameters are all strings).</li>
* </ul>
* @param int $flags You can change the behaviour of this method: USE_DEFAULT_IF_EMPTY will allow you to retrieve the default value even if the parameter exists but its value is empty (to know if the var is empty, we use the empty() PHP function).
* @return mixed The value of the variable you wanted to retrieve. Its type is either the same as the default value or the type you forced.
*/
function retrieve($var_type, $var_name, $default_value, $force_type = NULL, $flags = 0)
{
$var = null;
$request = AppContext::get_request();
switch ($var_type) {
case GET:
if ($request->has_getparameter($var_name)) {
$var = $request->get_getvalue($var_name);
}
break;
case POST:
if ($request->has_postparameter($var_name)) {
$var = $request->get_postvalue($var_name);
}
break;
case REQUEST:
if ($request->has_parameter($var_name)) {
$var = $request->get_value($var_name);
}
break;
case COOKIE:
if ($request->has_cookieparameter($var_name)) {
$var = $request->get_cookie($var_name);
}
break;
case FILES:
if (isset($_FILES[$var_name])) {
$var = $_FILES[$var_name];
}
break;
default:
break;
}
//If $var is not set or an empty value is retrieved with the USE_DEFAULT_IF_EMPTY flag, we return the default value
if ($var === null || $flags & USE_DEFAULT_IF_EMPTY != 0 && empty($var)) {
return $default_value;
}
$force_type = !isset($force_type) ? gettype($default_value) : $force_type;
switch ($force_type) {
case TINTEGER:
return (int) $var;
case TSTRING:
return TextHelper::strprotect($var);
//Chaine protégée.
//Chaine protégée.
case TSTRING_UNCHANGE:
return trim((string) $var);
//Chaine non protégée.
//Chaine non protégée.
case TSTRING_PARSE:
return FormatingHelper::strparse($var);
//Chaine parsée.
//Chaine parsée.
case TBOOL:
return (bool) $var;
case TUNSIGNED_INT:
$var = (int) $var;
return $var > 0 ? $var : max(0, $default_value);
case TUNSIGNED_DOUBLE:
$var = (double) $var;
return $var > 0.0 ? $var : max(0.0, $default_value);
case TSTRING_HTML:
return TextHelper::strprotect($var, TextHelper::HTML_NO_PROTECT);
//Chaine non protégée pour l'html.
//Chaine non protégée pour l'html.
case TSTRING_AS_RECEIVED:
return (string) $var;
case TARRAY:
return (array) $var;
case TDOUBLE:
return (double) $var;
case TNONE:
return $var;
default:
return $default_value;
}
}
//Instanciation de la class du forum.
$Forumfct = new Forum();
$Forumfct->Untrack_topic($untrack_mail, FORUM_EMAIL_TRACKING);
//Retrait du sujet aux sujets suivis.
echo 2;
} elseif (!empty($msg_d)) {
AppContext::get_session()->csrf_get_protect();
//Protection csrf
//Vérification de l'appartenance du sujet au membres, ou modo.
$topic = PersistenceContext::get_querier()->select_single_row_query('SELECT idcat, user_id, display_msg FROM ' . PREFIX . 'forum_topics WHERE id=:id', array('id' => $msg_d));
if (!empty($topic['user_id']) && AppContext::get_current_user()->get_id() == $topic['user_id'] || ForumAuthorizationsService::check_authorizations($topic['idcat'])->moderation()) {
PersistenceContext::get_querier()->inject("UPDATE " . PREFIX . "forum_topics SET display_msg = 1 - display_msg WHERE id = :id", array('id' => $msg_d));
echo $topic['display_msg'] ? 2 : 1;
}
} elseif (retrieve(GET, 'warning_moderation_panel', false) || retrieve(GET, 'punish_moderation_panel', false)) {
$login = TextHelper::strprotect(utf8_decode(AppContext::get_request()->get_postvalue('login', '')));
$login = str_replace('*', '%', $login);
if (!empty($login)) {
$i = 0;
$result = PersistenceContext::get_querier()->select("SELECT user_id, display_name, level, groups FROM " . DB_TABLE_MEMBER . " WHERE display_name LIKE '" . $login . "%'");
while ($row = $result->fetch()) {
$group_color = User::get_group_color($row['groups'], $row['level']);
if (retrieve(GET, 'warning_moderation_panel', false)) {
echo '<a href="moderation_forum.php?action=warning&id=' . $row['user_id'] . '" class="' . UserService::get_level_class($row['level']) . '"' . (!empty($group_color) ? ' style="color:' . $group_color . '"' : '') . '>' . $row['display_name'] . '</a><br />';
} elseif (retrieve(GET, 'punish_moderation_panel', false)) {
echo '<a href="moderation_forum.php?action=punish&id=' . $row['user_id'] . '" class="' . UserService::get_level_class($row['level']) . '"' . (!empty($group_color) ? ' style="color:' . $group_color . '"' : '') . '>' . $row['display_name'] . '</a><br />';
}
$i++;
}
if ($i == 0) {
//Aucun membre trouvé.
