function validateToken() { global $xoopsSecurity; if (class_exists('XoopsMultiTokenHandler')) { if (!XoopsMultiTokenHandler::quickValidate(XOOPS_TOKEN_DEFAULT)) { return false; } } elseif (is_object($xoopsSecurity)) { if (!$xoopsSecurity->validateToken()) { return false; } } return true; }
function validateToken($tokenValue = false, $clearIfValid = true) { if (false !== $tokenValue) { $handler = new XoopsSingleTokenHandler(); $token =& $handler->fetch(XOOPS_TOKEN_DEFAULT); if ($token->validate($tokenValue)) { if ($clearIfValid) { $handler->unregister($token); } return true; } else { $this->setErrors('No token found'); return false; } } return XoopsMultiTokenHandler::quickValidate(XOOPS_TOKEN_DEFAULT, $clearIfValid); }
if ($rank_special == 1) { $sql = "INSERT INTO " . $db->prefix("ranks") . " (rank_id, rank_title, rank_min, rank_max, rank_special, rank_image) VALUES ({$newid}, " . $db->quoteString($rank_title) . ", -1, -1, 1, " . $db->quoteString($rank_image) . ")"; } else { $sql = "INSERT INTO " . $db->prefix("ranks") . " (rank_id, rank_title, rank_min, rank_max, rank_special, rank_image) VALUES ({$newid}, " . $db->quoteString($rank_title) . ", " . intval($_POST['rank_min']) . " , " . intval($_POST['rank_max']) . " , 0, " . $db->quoteString($rank_image) . ")"; } if (!$db->query($sql)) { xoops_cp_header(); xoops_error('Failed storing rank data into the database'); xoops_cp_footer(); } else { redirect_header("admin.php?fct=userrank&op=RankForumAdmin", 1, _AM_DBUPDATED); } break; case "RankForumSave": $rank_id = isset($_POST['rank_id']) ? intval($_POST['rank_id']) : 0; if ($rank_id <= 0 || !XoopsMultiTokenHandler::quickValidate('userrank_RankForumSave')) { redirect_header("admin.php?fct=userrank"); } $db =& Database::getInstance(); $myts =& MyTextSanitizer::getInstance(); $rank_special = isset($_POST['rank_special']) && intval($_POST['rank_special']) ? 1 : 0; $rank_title = $myts->stripSlashesGPC($_POST['rank_title']); $delete_old_image = false; include_once XOOPS_ROOT_PATH . '/class/uploader.php'; $uploader = new XoopsMediaUploader(XOOPS_UPLOAD_PATH, array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png'), 100000, 120, 120); $uploader->setAllowedExtensions(array('gif', 'jpeg', 'jpg', 'png')); $uploader->setPrefix('rank'); if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) { if ($uploader->upload()) { $rank_image = $uploader->getSavedFileName(); $delete_old_image = true;
unset($avatar_weight[$i]); unset($avatar_display[$i]); } if (count($error) > 0) { xoops_cp_header(); foreach ($error as $err) { echo $err . '<br />'; } xoops_cp_footer(); exit; } } redirect_header('admin.php?fct=avatars', 2, _MD_AM_DBUPDATED); } if ($op == 'addfile') { if (!XoopsMultiTokenHandler::quickValidate('avatars_addfile')) { xoops_cp_header(); xoops_error('Ticket Error'); xoops_cp_footer(); exit; } include_once XOOPS_ROOT_PATH . '/class/uploader.php'; $uploader = new XoopsMediaUploader(XOOPS_UPLOAD_PATH, array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png', 'image/png'), 500000); $uploader->setAllowedExtensions(array('gif', 'jpeg', 'jpg', 'png')); $uploader->setPrefix('savt'); $err = array(); $ucount = count($_POST['xoops_upload_file']); for ($i = 0; $i < $ucount; $i++) { if ($uploader->fetchMedia($_POST['xoops_upload_file'][$i])) { if (!$uploader->upload()) { $err[] = $uploader->getErrors();
$areaObject =& $areaHandler->create(); $areaObject->setFormVars($_POST, ''); if (!$areaHandler->insert($areaObject, false, true)) { include XOOPS_ROOT_PATH . '/header.php'; $areaObject->setFormVars($_POST, ''); $areaObject->defineFormElementsForGMap(); $area_form = $areaObject->renderEditForm("New", "gareaedit", XOOPS_URL . "/modules/mygmap/area.php", 1); showAreaForm($area_form, floatval($_POST['mygmap_area_lat']), floatval($_POST['mygmap_area_lng']), intval($_POST['mygmap_area_zoom']), $areaHandler->getErrors()); include XOOPS_ROOT_PATH . '/footer.php'; } redirect_header(XOOPS_URL . "/modules/mygmap/", 1, ''); exit; break; case 'save': if (class_exists('XoopsMultiTokenHandler')) { if (!XoopsMultiTokenHandler::quickValidate('gareaedit_save')) { redirect_header(XOOPS_URL . "/modules/mygmap/", 1, 'Token Error'); } } if (isset($_POST['mygmap_area_id'])) { $area_id = intval($_POST['mygmap_area_id']); if ($areaObject =& $areaHandler->get($area_id)) { $areaObject->setFormVars($_POST, ''); if (!$areaHandler->insert($areaObject, false, true)) { include XOOPS_ROOT_PATH . '/header.php'; $areaObject->setFormVars($_POST, ''); $areaObject->defineFormElementsForGMap(); $area_form = $areaObject->renderEditForm("Edit", "gareaedit", XOOPS_URL . "/modules/mygmap/area.php", 1); showAreaForm($area_form, floatval($_POST['mygmap_area_lat']), floatval($_POST['mygmap_area_lng']), intval($_POST['mygmap_area_zoom']), $areaHandler->getErrors()); include XOOPS_ROOT_PATH . '/footer.php'; exit;
function xoops_confirm_validate() { return XoopsMultiTokenHandler::quickValidate(XOOPS_TOKEN_DEFAULT); }
} if (!isset($_POST['op']) || $_POST['op'] == "sendform") { $token =& XoopsMultiTokenHandler::quickCreate('misc_sendform'); $yname = $xoopsUser->getVar("uname", 'e'); $ymail = $xoopsUser->getVar("email", 'e'); $fname = ""; $fmail = ""; printCheckForm(); echo '</head><body> <form action="' . XOOPS_URL . '/misc.php" method="post" onsubmit="return checkForm();"><table width="100%" class="outer" cellspacing="1"><tr><th colspan="2">' . _MSC_RECOMMENDSITE . '</th></tr>'; echo $token->getHtml(); echo "<tr><td class='head'>\n <input type='hidden' name='op' value='sendsite' />\n <input type='hidden' name='action' value='showpopups' />\n <input type='hidden' name='type' value='friend' />\n"; echo _MSC_YOURNAMEC . "</td><td class='even'><input type='text' name='yname' value='{$yname}' id='yname' /></td></tr>\n <tr><td class='head'>" . _MSC_YOUREMAILC . "</td><td class='odd'><input type='text' name='ymail' value='" . $ymail . "' id='ymail' /></td></tr>\n <tr><td class='head'>" . _MSC_FRIENDNAMEC . "</td><td class='even'><input type='text' name='fname' value='{$fname}' id='fname' /></td></tr>\n <tr><td class='head'>" . _MSC_FRIENDEMAILC . "</td><td class='odd'><input type='text' name='fmail' value='{$fmail}' id='fmail' /></td></tr>\n <tr><td class='head'> </td><td class='even'><input type='submit' value='" . _SEND . "' /> <input value='" . _CLOSE . "' type='button' onclick='javascript:window.close();' /></td></tr>\n </table></form>\n"; $closebutton = 0; } elseif ($_POST['op'] == "sendsite") { if (!XoopsMultiTokenHandler::quickValidate('misc_sendform')) { exit; } $myts =& MyTextsanitizer::getInstance(); $ymail = $xoopsUser->getVar("email"); if (!isset($_POST['yname']) || trim($_POST['yname']) == "" || $ymail == '' || !isset($_POST['fname']) || trim($_POST['fname']) == "" || !isset($_POST['fmail']) || trim($_POST['fmail']) == '') { redirect_header(XOOPS_URL . "/misc.php?action=showpopups&type=friend&op=sendform", 2, _MSC_NEEDINFO); exit; } $yname = $myts->stripSlashesGPC(trim($_POST['yname'])); $fname = $myts->stripSlashesGPC(trim($_POST['fname'])); $fmail = $myts->stripSlashesGPC(trim($_POST['fmail'])); if (!checkEmail($fmail) || !checkEmail($ymail) || preg_match("/[\\0-\\31]/", $yname)) { $errormessage = _MSC_INVALIDEMAIL1 . "<br />" . _MSC_INVALIDEMAIL2 . ""; redirect_header(XOOPS_URL . "/misc.php?action=showpopups&type=friend&op=sendform", 2, $errormessage); exit;
require_once dirname(dirname(__FILE__)) . '/include/gtickets.php'; require_once XOOPS_ROOT_PATH . '/class/xoopslists.php'; require_once XOOPS_ROOT_PATH . '/class/template.php'; require_once XOOPS_ROOT_PATH . '/class/pagenav.php'; require_once XOOPS_ROOT_PATH . '/class/xoopsform/grouppermform.php'; require_once dirname(dirname(__FILE__)) . '/class/bulletin.php'; require_once dirname(dirname(__FILE__)) . '/class/bulletinTopic.php'; // Sanitizer $myts =& MyTextSanitizer::getInstance(); // Template $tpl = new XoopsTpl(); // Determine the operation $op = isset($_REQUEST['op']) ? $_REQUEST['op'] : 'default'; // Ticket confirmation if ($op == 'preview' || $op == 'save') { if (!XoopsMultiTokenHandler::quickValidate('news_admin_submit')) { $op = 'newarticle'; } } // If there are no topics if ($op == 'form') { $BTopic = new BulletinTopic($mydirname); if (!$BTopic->topicExists()) { redirect_header('index.php?op=topicsmanager', 3, _AM_NO_TOPICS); exit; } } switch ($op) { case 'default': case 'list': default:
function executeDeleteokOp() { if (class_exists('XoopsMultiTokenHandler') && !XoopsMultiTokenHandler::quickValidate(XOOPS_TOKEN_DEFAULT)) { $this->mErrorMsg = $this->__e('Token Error'); return NBFRAME_ACTION_ERROR; } if (!($keys = $this->_requestKeyValue())) { $this->mErrorMsg = $this->__e('Invalid Request'); return NBFRAME_ACTION_ERROR; } $object =& $this->mObjectHandler->get($keys); if (!is_object($object)) { $this->mErrorMsg = $this->__e('No Record is found'); return NBFRAME_ACTION_ERROR; } if (!$object->checkGroupPerm('write', $this->mBypassAdminCheck)) { $this->mErrorMsg = $this->__e('Permission Error'); return NBFRAME_ACTION_ERROR; } if ($this->mObjectHandler->delete($object)) { return NBFRAME_ACTION_SUCCESS; } else { $this->mErrorMsg = $this->__e('Record Delete Error'); return NBFRAME_ACTION_ERROR; } }
function getConfirmView() { global $xoopsModuleConfig, $xoopsDB; $myts =& MyTextSanitizer::getInstance(); if (isset($_POST['cancel'])) { $base_url = XMOBILE_URL . '/?act=pmessage&sess=' . $this->sessionHandler->getSessionID(); header('Location: ' . $base_url); exit; } // XOOPS Cube 2.1 の場合送信先入力方法を反映する $send_type = 0; if (preg_match("/^XOOPS Cube/", XOOPS_VERSION)) { $module_handler =& xoops_gethandler('module'); $pm_module =& $module_handler->getByDirName('pm'); if (is_object($pm_module)) { $pm_mid = $pm_module->getVar('mid'); } $config_handler =& xoops_gethandler('config'); $pm_moduleConfig =& $config_handler->getConfigsByCat(0, $pm_mid); $send_type = $pm_moduleConfig['send_type']; } $this->controller->render->template->assign('send_type', $send_type); // XOOPS Cube 2.1 の場合送信先入力方法を反映する $this->controller->render->template->assign('show_edit', true); $op = $myts->makeTboxData4Show($this->utils->getGetPost('op', '')); $reply = intval($this->utils->getGetPost('reply', 0)); $delete = intval($this->utils->getGetPost('delete', 0)); $send = intval($this->utils->getGetPost('send', 0)); $send2 = intval($this->utils->getGetPost('send2', 0)); $to_userid = intval($this->utils->getGetPost('to_userid', '')); $msg_id = intval($this->utils->getGetPost('msg_id', 0)); $subject = $myts->makeTboxData4Save($this->utils->getPost('subject', '')); $msg_text = $myts->makeTareaData4Save($this->utils->getPost('msg_text', ''), 0, 1, 1); $session_id = $this->sessionHandler->getSessionID(); $uid = $this->sessionHandler->getUid(); if (isset($_POST['reply'])) { $reply = 1; } if (isset($_POST['delete'])) { $delete = 1; } // 不要? /* if(empty($_GET['refresh'] ) && isset($_POST['op']) && $_POST['op'] != 'submit') { // $jumpの値はgetLinkUrl()でhtmlspecialchars()を掛けられるので&ではなく&と記述しておく $jump = ''; if($send == 1) { $jump .= 'send='.$send.''; } elseif($send2 == 1) { $jump .= 'send2='.$send2.'&to_userid='.$to_userid.''; } elseif($reply == 1) { $jump .= 'reply='.$reply.'&msg_id='.$msg_id.''; } $base_url = $this->utils->getLinkUrl($this->controller->getActionState(),null,null,$this->sessionHandler->getSessionID(),$jump); $this->controller->render->redirectHeader($message,5,$base_url); exit(); } */ if ($uid) { if ($op == 'submit' && XoopsMultiTokenHandler::quickValidate('pm')) { $res = $xoopsDB->query('SELECT COUNT(*) FROM ' . $xoopsDB->prefix('users') . ' WHERE uid=' . $to_userid); list($count) = $xoopsDB->fetchRow($res); if ($count != 1) { $base_url = $this->utils->getLinkUrl('pmessage', null, null, $this->sessionHandler->getSessionID()); $this->controller->render->redirectHeader(_MD_XMOBILE_USERNOEXIST . '<br />' . _MD_XMOBILE_PLZTRYAGAIN, 5, $base_url); exit; } else { $pm_handler =& xoops_gethandler('privmessage'); $pm =& $pm_handler->create(); $pm->setVar('subject', $subject); $pm->setVar('msg_text', $msg_text); $pm->setVar('to_userid', $to_userid); $pm->setVar('from_userid', $uid); if (!$pm_handler->insert($pm)) { $base_url = $this->utils->getLinkUrl('pmessage', null, null, $this->sessionHandler->getSessionID()); $this->controller->render->redirectHeader($pm->getHtmlErrors(), 5, $base_url); exit; } else { $base_url = $this->utils->getLinkUrl('pmessage', null, null, $this->sessionHandler->getSessionID()); $this->controller->render->redirectHeader(_MD_XMOBILE_PM_MESSAGEPOSTED, 5, $base_url); exit; } } } elseif ($delete == 1 && XoopsMultiTokenHandler::quickValidate('pm')) { $pm_handler =& xoops_gethandler('privmessage'); $pm =& $pm_handler->get($msg_id); if (!is_object($pm) || $pm->getVar('to_userid') != $uid || !$pm_handler->delete($pm)) { $base_url = $this->utils->getLinkUrl($this->controller->getActionState(), null, null, $this->sessionHandler->getSessionID()); $this->controller->render->redirectHeader(_MD_XMOBILE_DELETE_FAILED, 5, $base_url); exit; } else { $base_url = $this->utils->getLinkUrl($this->controller->getActionState(), null, null, $this->sessionHandler->getSessionID()); $this->controller->render->redirectHeader(_MD_XMOBILE_PM_DELETED, 3, $base_url); exit; } } elseif ($reply == 1 || $send == 1 || $send2 == 1) { $token =& XoopsMultiTokenHandler::quickCreate('pm'); $pm_uid = ''; $pm_uname = ''; $msg_text = ''; include_once XOOPS_ROOT_PATH . '/include/xoopscodes.php'; if ($reply == 1) { $pm_handler =& xoops_gethandler('privmessage'); $pm =& $pm_handler->get($msg_id); if ($pm->getVar('to_userid') == $uid) { $pm_uname = XoopsUser::getUnameFromId($pm->getVar('from_userid')); $msg_text = '>' . $pm->getVar('msg_text', 'E'); } else { unset($pm); $reply = $send2 = 0; } } if ($reply == 1) { $pm_uid = $pm->getVar('from_userid'); } elseif ($send2 == 1) { $pm_uid = $to_userid; $pm_uname = XoopsUser::getUnameFromId($to_userid); } else { $pm_uids = array(); $i = 0; $result = $xoopsDB->query('SELECT uid, uname FROM ' . $xoopsDB->prefix('users') . ' WHERE level > 0 ORDER BY uname'); while (list($ftouid, $ftouname) = $xoopsDB->fetchRow($result)) { $pm_uids[$i]['uid'] = $ftouid; $pm_uids[$i]['uname'] = $myts->makeTboxData4Show($ftouname); $i++; } $this->controller->render->template->assign('pm_uids', $pm_uids); } $subject = ''; if ($reply == 1) { $subject = $pm->getVar('subject', 'E'); if (!preg_match('/^Re:/i', $subject)) { $subject = 'Re: ' . $subject; } } $base_url = $this->utils->getLinkUrl('pmessage', 'confirm', null, $this->controller->sessionHandler->getSessionID()); $base_url = preg_replace('/&/i', '&', $base_url); $this->controller->render->template->assign('base_url', $base_url); $this->controller->render->template->assign('ticket_html', $token->getHtml()); $this->controller->render->template->assign('session_name', session_name()); $this->controller->render->template->assign('session_id', session_id()); $this->controller->render->template->assign('referer_url', $this->getBaseUrl()); $this->controller->render->template->assign('msg_text', $msg_text); $this->controller->render->template->assign('reply', $reply); $this->controller->render->template->assign('send2', $send2); $this->controller->render->template->assign('pm_uid', $pm_uid); $this->controller->render->template->assign('pm_uname', $pm_uname); $this->controller->render->template->assign('subject', $subject); $this->controller->render->template->assign('tarea_cols', $xoopsModuleConfig['tarea_cols']); $this->controller->render->template->assign('tarea_rows', $xoopsModuleConfig['tarea_rows']); } } else { $base_url = $this->utils->getLinkUrl('register', null, null, $this->sessionHandler->getSessionID()); $message = _MD_XMOBILE_PM_SORRY . '<br /><a href="' . $base_url . '">' . _MD_XMOBILE_REGISTERNOW . '</a>.'; $this->controller->render->redirectHeader($message, 5, $base_url); } }
case "addUser": if (!XoopsMultiTokenHandler::quickValidate('groups_User')) { system_groups_error("Ticket Error"); } $member_handler =& xoops_gethandler('member'); $groupid = intval($_POST['groupid']); if ($groupid > 0) { $size = count($_POST['uids']); for ($i = 0; $i < $size; $i++) { $member_handler->addUserToGroup($_POST['groupid'], $_POST['uids'][$i]); } } redirect_header("admin.php?fct=groups&op=modify&g_id=" . $groupid, 0, _AM_DBUPDATED); break; case "delUser": if (!XoopsMultiTokenHandler::quickValidate('groups_User')) { system_groups_error("Ticket Error"); } $groupid = !empty($_POST['groupid']) ? intval($_POST['groupid']) : 0; if ($groupid > 0) { $member_handler =& xoops_gethandler('member'); $memstart = isset($_POST['memstart']) ? intval($_POST['memstart']) : 0; if ($groupid == XOOPS_GROUP_ADMIN) { if ($member_handler->getUserCountByGroup($groupid) > count($_POST['uids'])) { $member_handler->removeUsersFromGroup($groupid, $_POST['uids']); } } else { $member_handler->removeUsersFromGroup($groupid, $_POST['uids']); } redirect_header('admin.php?fct=groups&op=modify&g_id=' . $groupid . '&memstart=' . $memstart, 0, _AM_DBUPDATED); }
if (!empty($_POST['pass'])) { $pass = $myts->stripslashesGPC(trim($_POST['pass'])); } if (!empty($_POST['url'])) { $url = $myts->stripslashesGPC(trim($_POST['url'])); } if (!empty($_POST['bid'])) { $bid = intval($_POST['bid']); } if (!empty($_POST['cid'])) { $cid = intval($_POST['cid']); } change_banner_url_by_client($login, $pass, $cid, $bid, $url); break; case "EmailStats": if (!XoopsMultiTokenHandler::quickValidate('banner_EmailStats')) { redirect_header("banners.php"); exit; } $login = $pass = ''; $bid = $cid = 0; if (!empty($_GET['login'])) { $login = $myts->stripslashesGPC(trim($_GET['login'])); } if (!empty($_GET['pass'])) { $pass = $myts->stripslashesGPC(trim($_GET['pass'])); } if (!empty($_GET['bid'])) { $bid = intval($_GET['bid']); } if (!empty($_GET['cid'])) {
$sql = "INSERT INTO " . $db->prefix('group_permission') . " (gperm_groupid, gperm_itemid, gperm_name, gperm_modid) VALUES (" . $groups[$i] . ", " . $newid . ", 'block_read', 1)"; $db->query($sql); } redirect_header('admin.php?fct=blocksadmin&t=' . time(), 1, _AM_DBUPDATED); exit; } if ($op == "update") { $bid = !empty($_POST['bid']) ? intval($_POST['bid']) : 0; if ($bid <= 0) { exit; } $bcachetime = isset($_POST['bcachetime']) ? intval($_POST['bcachetime']) : 0; $options = isset($_POST['options']) ? $_POST['options'] : array(); $bcontent = isset($_POST['bcontent']) ? $_POST['bcontent'] : ''; $bctype = isset($_POST['bctype']) ? $_POST['bctype'] : ''; if (empty($_POST['bmodule']) || !XoopsMultiTokenHandler::quickValidate('block')) { xoops_cp_header(); xoops_error(sprintf(_AM_NOTSELNG, _AM_VISIBLEIN)); xoops_cp_footer(); exit; } $myblock = new XoopsBlock($bid); $myblock->setVar('side', $_POST['bside']); $myblock->setVar('weight', $_POST['bweight']); $myblock->setVar('visible', $_POST['bvisible']); $myblock->setVar('title', $_POST['btitle']); $myblock->setVar('content', $bcontent); $myblock->setVar('bcachetime', $bcachetime); $options_count = count($options); if ($options_count > 0) { //Convert array values to comma-separated
redirect_header('admin.php?fct=smilies&op=SmilesAdmin', 2, _AM_DBUPDATED); } else { xoops_cp_header(); xoops_error($err); xoops_cp_footer(); } break; case "SmilesEdit": $id = isset($_GET['id']) ? intval($_GET['id']) : 0; if ($id > 0) { SmilesEdit($id); } break; case "SmilesSave": $id = isset($_POST['id']) ? intval($_POST['id']) : 0; if ($id <= 0 || !XoopsMultiTokenHandler::quickValidate('smilies_SmilesSave')) { redirect_header('admin.php?fct=smilies', 3, "Ticket Error"); } $myts =& MyTextSanitizer::getInstance(); $smile_code = $myts->stripSlashesGPC($_POST['smile_code']); $smile_desc = $myts->stripSlashesGPC($_POST['smile_desc']); $smile_display = intval($_POST['smile_display']) > 0 ? 1 : 0; $db =& Database::getInstance(); if (!empty($_POST['smile_url'])) { include_once XOOPS_ROOT_PATH . '/class/uploader.php'; $uploader = new XoopsMediaUploader(XOOPS_UPLOAD_PATH, array('image/gif', 'image/jpeg', 'image/pjpeg', 'image/x-png'), 100000, 120, 120); $uploader->setAllowedExtensions(array('gif', 'jpeg', 'jpg', 'png')); $uploader->setPrefix('smil'); if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) { if (!$uploader->upload()) { $err = $uploader->getErrors();
} $hidden = new XoopsFormHidden('conf_ids[]', $config[$i]->getVar('conf_id')); $form->addElement($ele); $form->addElement($hidden); unset($ele); unset($hidden); } $form->addElement(new XoopsFormHidden('op', 'save')); $form->addElement(new XoopsFormButton('', 'button', _GO, 'submit')); xoops_cp_header(); $form->display(); xoops_cp_footer(); exit; } if ($op == 'save') { if (!XoopsMultiTokenHandler::quickValidate('preferences')) { xoops_cp_header(); xoops_error("Token Error"); xoops_cp_footer(); } require_once XOOPS_ROOT_PATH . '/class/template.php'; $xoopsTpl = new XoopsTpl(); $xoopsTpl->clear_all_cache(); // regenerate admin menu file xoops_module_write_admin_menu(xoops_module_get_admin_menu()); $count = count($_POST['conf_ids']); $conf_ids = $_POST['conf_ids']; $tpl_updated = false; $theme_updated = false; $startmod_updated = false; $lang_updated = false;
if (!empty($_POST['groups'])) { foreach ($_POST['groups'] as $groupid) { $member_handler->addUserToGroup(intval($groupid), $newuser->getVar('uid')); } } redirect_header("admin.php?fct=users", 1, _AM_DBUPDATED); exit; } } } xoops_cp_header(); xoops_error($adduser_errormsg); xoops_cp_footer(); break; case "synchronize": if (!XoopsMultiTokenHandler::quickValidate('users_synchronize')) { system_users_error("Ticket Error"); } synchronize($_POST['id'], $_POST['type']); break; case "reactivate": if (!xoops_confirm_validate()) { system_users_error("Ticket Error"); } $uid = !empty($_POST['uid']) ? intval($_POST['uid']) : 0; if ($uid > 0) { $result = $xoopsDB->query("UPDATE " . $xoopsDB->prefix("users") . " SET level=1 WHERE uid=" . $uid); } redirect_header("admin.php?fct=users&op=modifyUser&uid=" . $uid, 1, _AM_DBUPDATED); break; case "mod_users":
$form->addElement(new XoopsFormFile(_IMAGEFILE, 'image_file', $imgcat->getVar('imgcat_maxsize')), true); $form->addElement(new XoopsFormLabel(_IMGMAXSIZE, $imgcat->getVar('imgcat_maxsize'))); $form->addElement(new XoopsFormLabel(_IMGMAXWIDTH, $imgcat->getVar('imgcat_maxwidth'))); $form->addElement(new XoopsFormLabel(_IMGMAXHEIGHT, $imgcat->getVar('imgcat_maxheight'))); $form->addElement(new XoopsFormHidden('imgcat_id', $imgcat_id)); $form->addElement(new XoopsFormHidden('op', 'doupload')); $form->addElement(new XoopsFormToken(XoopsMultiTokenHandler::quickCreate('imagemanager'))); $form->addElement(new XoopsFormHidden('target', $target)); $form->addElement(new XoopsFormButton('', 'img_button', _SUBMIT, 'submit')); $form->assign($xoopsTpl); $xoopsTpl->assign('lang_close', _CLOSE); $xoopsTpl->display('db:system_imagemanager2.html'); exit; } if ($op == 'doupload') { if (!XoopsMultiTokenHandler::quickValidate('imagemanager')) { exit; } $image_nicename = isset($_POST['image_nicename']) ? $_POST['image_nicename'] : ''; $xoops_upload_file = isset($_POST['xoops_upload_file']) ? $_POST['xoops_upload_file'] : array(); $target = isset($_POST['target']) ? $_POST['target'] : ''; $imgcat_id = isset($_POST['imgcat_id']) ? intval($_POST['imgcat_id']) : 0; include_once XOOPS_ROOT_PATH . '/class/uploader.php'; $imgcat_handler =& xoops_gethandler('imagecategory'); $imgcat =& $imgcat_handler->get($imgcat_id); $error = false; if (!is_object($imgcat)) { $error = true; } else { $imgcatperm_handler =& xoops_gethandler('groupperm'); if (is_object($xoopsUser)) {
preview_window = openWithSelfMain("", "xoops_system_template_preview", 680, 450, true); '; $lines = preg_split("/(\r\n|\r|\n)( *)/", $xoopsTpl->fetch('file:' . XOOPS_CACHE_PATH . '/' . $dummyfile)); $xoopsTpl->clear_compiled_tpl('file:' . XOOPS_CACHE_PATH . '/' . $dummyfile); unlink(XOOPS_CACHE_PATH . '/' . $dummyfile); foreach ($lines as $line) { echo 'preview_window.document.writeln("' . str_replace('"', '\\"', $line) . '");'; } echo ' preview_window.document.close(); //--> </script>'; } break; case 'update': if (!XoopsMultiTokenHandler::quickValidate('tplsets_update')) { redirect_header('admin.php?fct=tplsets', 3, 'Ticket Error'); } $tplset = isset($_POST['tplset']) ? $myts->stripslashesGPC(trim($_POST['tplset'])) : ''; $moddir = $_POST['moddir']; include_once XOOPS_ROOT_PATH . '/class/uploader.php'; $uploader = new XoopsMediaUploader(XOOPS_UPLOAD_PATH, array('text/html', 'application/x-cdf'), 200000); $uploader->setAllowedExtensions(array('html', 'htm')); $uploader->setPrefix('tmp'); $msg = array(); foreach ($_POST['xoops_upload_file'] as $upload_file) { // '.' is converted to '_' when upload $upload_file2 = str_replace('.', '_', $upload_file); if ($uploader->fetchMedia($upload_file2)) { if (!$uploader->upload()) { $msg[] = $uploader->getErrors();
$jump = "pmlite.php?refresh=" . time() . ""; if ($send == 1) { $jump .= "&send=" . $send . ""; } elseif ($send2 == 1) { $jump .= "&send2=" . $send2 . "&to_userid=" . $to_userid . ""; } elseif ($reply == 1) { $jump .= "&reply=" . $reply . "&msg_id=" . $msg_id . ""; } else { } echo "<html><head><meta http-equiv='Refresh' content='0; url=" . $jump . "' /></head><body></body></html>"; exit; } xoops_header(); if ($xoopsUser) { $myts =& MyTextSanitizer::getInstance(); if (isset($_POST['op']) && $_POST['op'] == "submit" && XoopsMultiTokenHandler::quickValidate('pm')) { $res = $xoopsDB->query("SELECT COUNT(*) FROM " . $xoopsDB->prefix("users") . " WHERE uid=" . intval($_POST['to_userid']) . ""); list($count) = $xoopsDB->fetchRow($res); if ($count != 1) { echo "<br /><br /><div><h4>" . _PM_USERNOEXIST . "<br />"; echo _PM_PLZTRYAGAIN . "</h4><br />"; echo "[ <a href='javascript:history.go(-1)'>" . _PM_GOBACK . "</a> ]</div>"; } else { $pm_handler =& xoops_gethandler('privmessage'); $pm =& $pm_handler->create(); $pm->setVar("subject", $_POST['subject']); $pm->setVar("msg_text", $_POST['message']); $pm->setVar("to_userid", $_POST['to_userid']); $pm->setVar("from_userid", $xoopsUser->getVar("uid")); if (!$pm_handler->insert($pm)) { echo $pm->getHtmlErrors();
} $db =& Database::getInstance(); $sql = sprintf("DELETE FROM %s WHERE bid = %u", $db->prefix("banner"), $bid); $db->query($sql); redirect_header("admin.php?fct=banners&op=BannersAdmin#top", 1, _AM_DBUPDATED); break; case "BannerEdit": $bid = isset($_GET['bid']) ? intval($_GET['bid']) : 0; if ($bid > 0) { BannerEdit($bid); } break; case "BannerChange": $bid = isset($_POST['bid']) ? intval($_POST['bid']) : 0; $cid = isset($_POST['cid']) ? intval($_POST['cid']) : 0; if ($cid <= 0 || $bid <= 0 || !XoopsMultiTokenHandler::quickValidate('banners_BannerChange')) { redirect_header("admin.php?fct=banners&op=BannersAdmin#top"); } $imageurl = isset($_POST['imageurl']) ? trim($_POST['imageurl']) : ''; $clickurl = isset($_POST['clickurl']) ? trim($_POST['clickurl']) : ''; $imptotal = isset($_POST['imptotal']) ? intval($_POST['imptotal']) : 0; $impadded = isset($_POST['impadded']) ? intval($_POST['impadded']) : 0; $htmlbanner = isset($_POST['htmlbanner']) ? intval($_POST['htmlbanner']) : 0; $htmlcode = isset($_POST['htmlcode']) ? trim($_POST['htmlcode']) : ''; $db =& Database::getInstance(); $myts =& MyTextSanitizer::getInstance(); $sql = sprintf("UPDATE %s SET cid = %d, imptotal = %d, imageurl = %s, clickurl = %s, htmlbanner = %d, htmlcode = %s WHERE bid = %d", $db->prefix("banner"), $cid, $imptotal + $impadded, $db->quoteString($myts->stripSlashesGPC($imageurl)), $db->quoteString($myts->stripSlashesGPC($clickurl)), $htmlbanner, $db->quoteString($myts->stripSlashesGPC($htmlcode)), $bid); $db->query($sql); redirect_header("admin.php?fct=banners&op=BannersAdmin#top", 1, _AM_DBUPDATED); break; case "BannerClientDelete":
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA // // ------------------------------------------------------------------------ // // Author: Kazumi Ono (AKA onokazu) // // URL: http://www.myweb.ne.jp/, http://www.xoops.org/, http://jp.xoops.org/ // // Project: The XOOPS Project // // ------------------------------------------------------------------------- // include 'header.php'; foreach (array('forum', 'topic_id', 'post_id', 'order', 'pid') as $getint) { ${$getint} = isset($_POST[$getint]) ? intval($_POST[$getint]) : 0; } $viewmode = isset($_POST['viewmode']) && $_POST['viewmode'] != 'flat' ? 'thread' : 'flat'; if (empty($forum)) { redirect_header("index.php", 2, _MD_ERRORFORUM); exit; } else { if (!XoopsMultiTokenHandler::quickValidate('newbb_post')) { redirect_header('index.php', 2, _MD_ERROROCCURED); exit; } $sql = "SELECT forum_type, forum_name, forum_access, allow_html, allow_sig, posts_per_page, hot_threshold, topics_per_page FROM " . $xoopsDB->prefix("bb_forums") . " WHERE forum_id = " . $forum; if (!($result = $xoopsDB->query($sql))) { redirect_header('index.php', 2, _MD_ERROROCCURED); exit; } $forumdata = $xoopsDB->fetchArray($result); if (empty($forumdata['allow_html'])) { $_POST['nohtml'] = 1; } if ($forumdata['forum_type'] == 1) { // To get here, we have a logged-in user. So, check whether that user is allowed to view // this private forum.