function fncview($uid, $template) { $pi_name = "userbox"; global $_CONF; global $LANG_USERBOX_ADMIN; //template フォルダ $tmplfld = DATABOX_templatePath('admin', 'default', $pi_name); $tmpl = new Template($tmplfld); $tmpl->set_file(array('view' => 'view.thtml')); //-- $tmpl->set_var('site_admin_url', $_CONF['site_admin_url']); if ($template === "") { $tmpl->set_var('about_thispage', $LANG_USERBOX_ADMIN['about_admin_view']); } else { $tmpl->set_var('about_thispage', ""); } $tmpl->parse('output', 'view'); $view = $tmpl->finish($tmpl->get_var('output')); $information = array(); $retval = userbox_profile($uid, $template, "", "view"); $layout = $retval['layout']; $information['headercode'] = $retval['headercode']; $information['pagetitle'] = $retval['title']; $display = $view; $display .= $retval['display']; $display = DATABOX_displaypage($pi_name, $layout, $display, $information); COM_output($display); }
function MG_access_denied() { global $LANG_MG00, $LANG_ACCESS; $display = COM_startBlock($LANG_ACCESS['accessdenied'], '', COM_getBlockTemplate('_msg_block', 'header')) . '<br' . XHTML . '>' . $LANG_MG00['access_denied_msg'] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $display = MG_createHTMLDocument($display); COM_output($display); exit; }
function MG_invalidRequest() { global $LANG_MG02; $display = COM_showMessageText($LANG_MG02['generic_error']); $display = MG_createHTMLDocument($display); COM_output($display); exit; }
function CUSTOM_handle404($alternate_url = '') { global $_CONF, $_USER, $LANG_404; // send 404 in any case header('HTTP/1.1 404 Not Found'); header('Status: 404 Not Found'); $display .= COM_startBlock($LANG_404[1]); if (isset($_SERVER['SCRIPT_URI'])) { $url = strip_tags($_SERVER['SCRIPT_URI']); } else { $request = $_SERVER['REQUEST_URI']; $url = 'http://' . $_SERVER['HTTP_HOST'] . strip_tags($request); } // Add log stuff if (isset($_USER['uid'])) { $byuser = $_USER['uid'] . '@' . $_SERVER['REMOTE_ADDR']; } else { $byuser = '******' . $_SERVER['REMOTE_ADDR']; } $refurl = $_SERVER['HTTP_REFERER']; $remoteaddress = $_SERVER['REMOTE_ADDR']; $timestamp = @strftime('%c'); $logentry = "404 Error generated by {$byuser} for url: {$url} - Referring url: {$refurl}"; $logfile = $_CONF['path_log'] . '404.log'; if (!($file = fopen($logfile, 'a'))) { } else { fputs($file, "{$timestamp} - {$logentry} \n"); } $display .= CUSTOM_getStaticpage('404'); $display .= sprintf($LANG_404[2], $url); if ($alternate_url != '') { $display .= sprintf($LANG_404[4], $alternate_url); } else { $display .= $LANG_404[3]; } $display .= COM_endBlock(); // $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_404[1])); $display = COM_createHTMLDocument($display, array('what' => 'none', 'pagetitle' => $LANG_404[1], 'rightblock' => false)); COM_output($display); exit; // Do not want to go any further }
function show($e_code, $pages = 1) { global $_CONF; $errmsg = array("0001" => "Could not connect to the forums database.", "0002" => "The forum you selected does not exist. Please go back and try again.", "0003" => "Password Incorrect.", "0004" => "Could not query the topics database.", "0005" => "Error getting messages from the database.", "0006" => "Please enter the Nickname and the Password.", "0007" => "You are not the Moderator of this forum therefore you can't perform this function.", "0008" => "You did not enter the correct password, please go back and try again.", "0009" => "Could not remove posts from the database.", "0010" => "Could not move selected topic to selected forum. Please go back and try again.", "0011" => "Could not lock the selected topic. Please go back and try again.", "0012" => "Could not unlock the selected topic. Please go back and try again.", "0013" => "Could not query the database. <br" . XHTML . ">Error: " . mysql_error(), "0014" => "No such user or post in the database.", "0015" => "Search Engine was unable to query the forums database.", "0016" => "That user does not exist. Please go back and search again.", "0017" => "You must type a subject to post. You can't post an empty subject. Go back and enter the subject", "0018" => "You must choose message icon to post. Go back and choose message icon.", "0019" => "You must type a message to post. You can't post an empty message. Go back and enter a message.", "0020" => "Could not enter data into the database. Please go back and try again.", "0021" => "Can't delete the selected message.", "0022" => "An error ocurred while querying the database.", "0023" => "Selected message was not found in the forum database.", "0024" => "You can't reply to that message. It wasn't sent to you.", "0025" => "You can't post a reply to this topic, it has been locked. Contact the administrator if you have any question.", "0026" => "The forum or topic you are attempting to post to does not exist. Please try again.", "0027" => "You must enter your username and password. Go back and do so.", "0028" => "You have entered an incorrect password. Go back and try again.", "0029" => "Couldn't update post count.", "0030" => "The forum you are attempting to post to does not exist. Please try again.", "0031" => "Unknown Error", "0035" => "You can't edit a post that's not yours.", "0036" => "You do not have permission to edit this post.", "0037" => "You did not supply the correct password or do not have permission to edit this post. Please go back and try again.", "1001" => "Please enter value for Title.", "1002" => "Please enter value for Phone.", "1003" => "Please enter value for Summary.", "1004" => "Please enter value for Address.", "1005" => "Please enter value for City.", "1006" => "Please enter value for State/Province.", "1007" => "Please enter value for Zipcode.", "1008" => "Please enter value for Description.", "1009" => "Vote for the selected resource only once.<br" . XHTML . ">All votes are logged and reviewed.", "1010" => "You cannot vote on the resource you submitted.<br" . XHTML . ">All votes are logged and reviewed.", "1011" => "No rating selected - no vote tallied.", "1013" => "Please enter a search query.", "1016" => "Please enter value for Filename.", "1017" => "The file was not uploaded - reported filesize of 0 bytes.", "1101" => "Upload approval Error: The temporary file was not found. Check error.log", "1102" => "Upload submit Error: The temporary filestore file was not created. Check error.log", "1103" => "The download info you provided is already in the database!", "1104" => "The download info was not complete - Need to enter a title for the new file", "1105" => "The download info was not complete - Need to enter a description for the new file", "1106" => "Upload Add Error: The new file was not created. Check error.log", "1107" => "Upload Add Error: The temporary file was not found. Check error.log", "1108" => "Duplicate file - already existing in filestore", "9999" => "OOPS! God Knows"); $errorno = array_keys($errmsg); if (!in_array($e_code, $errorno)) { $e_code = '9999'; } include_once $_CONF[path_html] . "filemgmt/include/header.php"; $display = ''; $display .= '<table class="plugin" border="0" cellspacing="0" cellpadding="1" style="width:100%;">'; $display .= '<tr><td class="pluginAlert" style="text-align:right; padding:5px;">File Management Plugin</td>'; $display .= '<td class="pluginAlert" style="width:50%; padding:5px 0px 5px 10px;">Error Code: ' . $e_code . '</td></tr>'; $display .= '<tr><td colspan="2" class="pluginInfo"><b>ERROR:</b> ' . $errmsg[$e_code] . '</td></tr>'; $display .= '<tr><td colspan="2" class="pluginInfo" style="text-align:center;padding:10px;">'; $display .= '[ <a href="javascript:history.go(-' . $pages . ')">Go Back</a> ]</td></tr></table>'; if (function_exists('COM_createHTMLDocument')) { $display = COM_createHTMLDocument($display); } else { $display = COM_siteHeader() . $display . COM_siteFooter(); } COM_output($display); die(""); }
function MG_processDir($dir, $album_id, $purgefiles, $recurse) { global $_TABLES, $LANG_MG02; if (!@is_dir($dir)) { $display = COM_showMessageText($LANG_MG02['invalid_directory'] . ' [ <a href=\'javascript:history.go(-1)\'>' . $LANG_MG02['go_back'] . '</a> ]'); $display = MG_createHTMLDocument($display); COM_output($display); exit; } if (!($dh = @opendir($dir))) { $display = COM_showMessageText($LANG_MG02['directory_error'] . ' [ <a href=\'javascript:history.go(-1)\'>' . $LANG_MG02['go_back'] . '</a> ]'); $display = MG_createHTMLDocument($display); COM_output($display); exit; } while (($file = readdir($dh)) != false) { if ($file == '..' || $file == '.') { continue; } set_time_limit(60); $filename = $file; if (PHP_OS == "WINNT") { $filetmp = $dir . "\\" . $file; } else { $filetmp = $dir . '/' . $file; } if (is_dir($filetmp)) { if ($recurse) { $statusMsg .= MG_processDir($filetmp, $album_id, $purgefiles, $recurse); } } else { $max_filesize = DB_getItem($_TABLES['mg_albums'], 'max_filesize', 'album_id=' . intval($album_id)); if ($max_filesize != 0 && filesize($filetmp) > $max_filesize) { COM_errorLog("MG Upload: File " . $file . " exceeds maximum filesize for this album."); $statusMsg = sprintf($LANG_MG02['upload_exceeds_max_filesize'] . '<br' . XHTML . '>', $file); continue; } $filetype = "application/force-download"; $opt = array('upload' => 0, 'purgefiles' => $purgefiles, 'filetype' => $filetype); list($rc, $msg) = MG_getFile($filetmp, $file, $album_id, $opt); $statusMsg .= $file . ' ' . $msg . '<br' . XHTML . '>'; } } closedir($dh); return $statusMsg; }
/** * Display a 404 not found error message * * @param string $alternate_url Point the user to another location */ function COM_handle404($alternate_url = '') { global $_CONF, $_USER, $LANG_404; if (function_exists('CUSTOM_handle404')) { CUSTOM_handle404($alternate_url); exit; } // send 404 in any case header('HTTP/1.1 404 Not Found'); header('Status: 404 Not Found'); // Add log stuff $url = COM_getCurrentURL(); if (isset($_USER['uid'])) { $byuser = $_USER['uid'] . '@' . $_SERVER['REMOTE_ADDR']; } else { $byuser = '******' . $_SERVER['REMOTE_ADDR']; } $refurl = $_SERVER['HTTP_REFERER']; $timestamp = @strftime('%c'); $logentry = "404 Error generated by {$byuser} for url: {$url}"; if (!empty($refurl)) { $logentry .= " - Referring url: {$refurl}"; } $logentry = str_replace(array('<?', '?>'), array('(@', '@)'), $logentry); $logfile = $_CONF['path_log'] . '404.log'; if ($file = fopen($logfile, 'a')) { fputs($file, "{$timestamp} - {$logentry} \n"); } $display = COM_startBlock($LANG_404[1]); $display .= sprintf($LANG_404[2], $url); if ($alternate_url != '') { $display .= sprintf($LANG_404[4], $alternate_url); } else { $display .= $LANG_404[3]; } $display .= COM_endBlock(); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG_404[1])); COM_output($display); exit; // Do not want to go any further }
/** * Upload new topic icon, replaces previous icon if one exists * * @param string $tid ID of topic to prepend to filename * @return string filename of new photo (empty = no new photo) */ function handleIconUpload($tid) { global $_CONF, $_TABLES, $LANG27; $upload = new Upload(); if (!empty($_CONF['image_lib'])) { if ($_CONF['image_lib'] == 'imagemagick') { // Using imagemagick $upload->setMogrifyPath($_CONF['path_to_mogrify']); } elseif ($_CONF['image_lib'] == 'netpbm') { // using netPBM $upload->setNetPBM($_CONF['path_to_netpbm']); } elseif ($_CONF['image_lib'] == 'gdlib') { // using the GD library $upload->setGDLib(); } $upload->setAutomaticResize(true); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } if (isset($_CONF['jpeg_quality'])) { $upload->setJpegQuality($_CONF['jpeg_quality']); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_CONF['path_images'] . 'topics')) { $display = COM_showMessageText($upload->printErrors(false), $LANG27[29]); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG27[29])); COM_output($display); exit; // don't return } $filename = ''; // see if user wants to upload a (new) icon $newIcon = $_FILES['newicon']; if (!empty($newIcon['name'])) { $pos = strrpos($newIcon['name'], '.') + 1; $fExtension = substr($newIcon['name'], $pos); $filename = 'topic_' . $tid . '.' . $fExtension; } // do the upload if (!empty($filename)) { $upload->setFileNames($filename); $upload->setPerms('0644'); if ($_CONF['max_topicicon_width'] > 0 && $_CONF['max_topicicon_height'] > 0) { $upload->setMaxDimensions($_CONF['max_topicicon_width'], $_CONF['max_topicicon_height']); } else { $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']); } if ($_CONF['max_topicicon_size'] > 0) { $upload->setMaxFileSize($_CONF['max_topicicon_size']); } else { $upload->setMaxFileSize($_CONF['max_image_size']); } $upload->uploadFiles(); if ($upload->areErrors()) { $display = COM_showMessageText($upload->printErrors(false), $LANG27[29]); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG27[29])); COM_output($display); exit; // don't return } if (strpos($_CONF['path_images'], $_CONF['path_html']) === 0) { $filename = substr($_CONF['path_images'], strlen($_CONF['path_html']) - 1) . 'topics/' . $filename; } else { /** * Not really used when the 'path_images' is outside of the webroot. * Let's at least extract the name of the images directory then. */ $images = 'images'; $parts = explode('/', $_CONF['path_images']); if (count($parts) > 1) { $cnt = count($parts); // e.g. from /path/to/myimages/ would extract "myimages" if (empty($parts[$cnt - 1]) && !empty($parts[$cnt - 2])) { $images = $parts[$cnt - 2]; } $filename = '/' . $images . '/topics/' . $filename; } } } return $filename; }
unlink($_CONF['path_log'] . $_POST['log']); $timestamp = strftime("%c"); $fd = fopen($_CONF['path_log'] . $_POST['log'], a); fputs($fd, "{$timestamp} - Log File Cleared \n"); fclose($fd); $action = $LANG_MONITOR_1['view_log']; } if ($action == $LANG_MONITOR_1['view_log']) { $retval .= "<hr><p><b>{$LANG_MONITOR_1['log_file']} " . $_POST['log'] . "</b></p><pre>"; $retval .= implode('', file($_CONF['path_log'] . $_POST['log'])); $retval .= "</pre>"; } $T->set_var(array('configuration' => $LANG_MONITOR_1['configuration'], 'doc' => $LANG_MONITOR_1['doc'], 'admin_body' => $retval, 'site_admin_url' => $_CONF['site_admin_url'], 'cron' => $cron)); $T->parse('output', 'admin'); $display .= $T->finish($T->get_var('output')); // Options $html_infos['what'] = 'menu'; // If 'none' then no left blocks are returned, if 'menu' (default) then right blocks are returned $html_infos['pagetitle'] = $MESSAGE[30]; // Optional content for the page's <title> $html_infos['breadcrumbs'] = ''; // Optional content for the page's breadcrumb $html_infos['headercode'] = ''; // Optional code to go into the page's <head> $html_infos['rightblock'] = ''; // Whether or not to show blocks on right hand side default is no (-1) $html_infos['custom'] = array(); // An array defining custom function to be used to format Rightblocks //Output COM_output(COM_createHTMLDocument($display, $html_infos));
/** * Saves a poll * * Saves a poll topic and potential answers to the database * * @param string $pid Poll topic ID * @param string $old_pid Previous poll topic ID * @param array $Q Array of poll questions * @param string $mainpage Checkbox: poll appears on homepage * @param string $topic The text for the topic * @param string $meta_description * @param string $meta_keywords * @param int $statuscode (unused) * @param string $open Checkbox: poll open for voting * @param string $hideresults Checkbox: hide results until closed * @param int $commentcode Indicates if users can comment on poll * @param array $A Array of possible answers * @param array $V Array of vote per each answer * @param array $R Array of remark per each answer * @param int $owner_id ID of poll owner * @param int $group_id ID of group poll belongs to * @param int $perm_owner Permissions the owner has on poll * @param int $perm_grup Permissions the group has on poll * @param int $perm_members Permissions logged in members have on poll * @param int $perm_anon Permissions anonymous users have on poll * @return string HTML redirect or error message * */ function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $meta_keywords, $statuscode, $open, $hideresults, $commentcode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF; $retval = ''; // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $topic = COM_stripslashes($topic); $meta_description = strip_tags(COM_stripslashes($meta_description)); $meta_keywords = strip_tags(COM_stripslashes($meta_keywords)); $pid = COM_sanitizeID($pid); $old_pid = COM_sanitizeID($old_pid); if (empty($pid)) { if (empty($old_pid)) { $pid = COM_makeSid(); } else { $pid = $old_pid; } } // check if any question was entered if (empty($topic) or count($Q) == 0 or strlen($Q[0]) == 0 or strlen($A[0][0]) == 0) { $retval .= COM_siteHeader('menu', $LANG25[5]); $retval .= COM_startBlock($LANG21[32], '', COM_getBlockTemplate('_msg_block', 'header')); $retval .= $LANG25[2]; $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $retval .= COM_siteFooter(); return $retval; } if (!SEC_checkToken()) { COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks."); return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php'); } // check for poll id change if (!empty($old_pid) && $pid != $old_pid) { // check if new pid is already in use if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) { // TBD: abort, display editor with all content intact again $pid = $old_pid; // for now ... } } // start processing the poll topic if ($_POLL_VERBOSE) { COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); } $access = 0; if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'"); $P = DB_fetchArray($result); $access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}."); COM_output($display); exit; } if (empty($voters)) { $voters = 0; } if ($_POLL_VERBOSE) { COM_errorLog('owner permissions: ' . $perm_owner, 1); COM_errorLog('group permissions: ' . $perm_group, 1); COM_errorLog('member permissions: ' . $perm_members, 1); COM_errorLog('anonymous permissions: ' . $perm_anon, 1); } // we delete everything and re-create it with the input from the form $del_pid = $pid; if (!empty($old_pid) && $pid != $old_pid) { $del_pid = $old_pid; // delete by old pid, create using new pid below } DB_delete($_TABLES['polltopics'], 'pid', $del_pid); DB_delete($_TABLES['pollanswers'], 'pid', $del_pid); DB_delete($_TABLES['pollquestions'], 'pid', $del_pid); $topic = addslashes($topic); $meta_description = addslashes($meta_description); $meta_keywords = addslashes($meta_keywords); $k = 0; // set up a counter to make sure we do assign a straight line of question id's $v = 0; // re-count votes sine they might have been changed // first dimension of array are the questions $num_questions = count($Q); for ($i = 0; $i < $num_questions; $i++) { $Q[$i] = COM_stripslashes($Q[$i]); if (strlen($Q[$i]) > 0) { // only insert questions that exist $Q[$i] = addslashes($Q[$i]); DB_save($_TABLES['pollquestions'], 'qid, pid, question', "'{$k}', '{$pid}', '{$Q[$i]}'"); // within the questions, we have another dimensions with answers, // votes and remarks $num_answers = count($A[$i]); for ($j = 0; $j < $num_answers; $j++) { $A[$i][$j] = COM_stripslashes($A[$i][$j]); if (strlen($A[$i][$j]) > 0) { // only insert answers etc that exist if (!is_numeric($V[$i][$j])) { $V[$i][$j] = "0"; } $A[$i][$j] = addslashes($A[$i][$j]); $R[$i][$j] = addslashes($R[$i][$j]); $sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');"; DB_query($sql); $v = $v + $V[$i][$j]; } } $k++; } } // save topics after the questions so we can include question count into table $sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$v}, {$k}, '" . date('Y-m-d H:i:s'); if ($mainpage == 'on') { $sql .= "',1"; } else { $sql .= "',0"; } if ($open == 'on') { $sql .= ",1"; } else { $sql .= ",0"; } if ($hideresults == 'on') { $sql .= ",1"; } else { $sql .= ",0"; } $sql .= ",'{$statuscode}','{$commentcode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"; // Save poll topic DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, date, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon", $sql); if (empty($old_pid) || $old_pid == $pid) { PLG_itemSaved($pid, 'polls'); } else { DB_change($_TABLES['comments'], 'sid', addslashes($pid), array('sid', 'type'), array(addslashes($old_pid), 'polls')); PLG_itemSaved($pid, 'polls', $old_pid); } if ($_POLL_VERBOSE) { COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); } return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19); return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=19'); }
/** * Check a security token. * Checks the POST and GET data for a security token, if one exists, validates * that it's for this user and URL. If the token is not valid, it asks the user * to re-authenticate and resends the request if authentication was successful. * * @return boolean true if the token is valid; does not return if not! * @see SECINT_checkToken * @link http://wiki.geeklog.net/index.php/Re-Authentication_for_expired_Tokens */ function SEC_checkToken() { global $_CONF, $LANG20, $LANG_ADMIN; if (SECINT_checkToken()) { // if this was a recreated request, recreate $_FILES array, too SECINT_recreateFilesArray(); return true; } /** * Token not valid (probably expired): Ask user to authenticate again */ $returnurl = COM_getCurrentUrl(); $method = strtoupper($_SERVER['REQUEST_METHOD']); $postdata = serialize($_POST); $getdata = serialize($_GET); $files = ''; if (!empty($_FILES)) { // rescue uploaded files foreach ($_FILES as $key => $f) { if (!empty($f['name'])) { $filename = basename($f['tmp_name']); move_uploaded_file($f['tmp_name'], $_CONF['path_data'] . $filename); $_FILES[$key]['tmp_name'] = $filename; // drop temp. dir } } $files = serialize($_FILES); } $display = COM_showMessageText($LANG_ADMIN['token_expired']) . SECINT_authform($returnurl, $method, $postdata, $getdata, $files); $display = COM_createHTMLDocument($display, array('pagetitle' => $LANG20[1])); COM_output($display); exit; // we don't return from here }
$retval .= "</select> "; $retval .= "<input type=\"submit\" name=\"action\" value=\"{$LANG_CP00['view_file']}\"" . XHTML . ">"; $retval .= " "; $retval .= "<input type=\"submit\" name=\"action\" value=\"{$LANG_CP00['clear_file']}\"" . XHTML . ">"; $retval .= "</form>"; $action = COM_applyFilter($_REQUEST['action']); if ($action == $LANG_CP00['clear_file']) { @unlink($_CONF['path_log'] . $log); $timestamp = strftime("%c"); $fd = fopen($_CONF['path_log'] . $log, 'a'); fputs($fd, "{$timestamp} - {$LANG_CP00['file_cleared']} \n"); fclose($fd); $action = $LANG_CP00['view_file']; } if ($action == $LANG_CP00['view_file']) { $retval .= "<hr" . XHTML . "><p><b>{$LANG_CP00['file']} " . $log . "</b></p><div class=\"captcha_logview\">"; if (file_exists($_CONF['path_log'] . $log)) { $retval .= implode('<br' . XHTML . '><br' . XHTML . '>', file($_CONF['path_log'] . $log)); } $retval .= "</div>"; } $T->set_var(array('admin_body' => $retval, 'title' => $LANG_CP00['log_viewer'])); $T->parse('output', 'admin'); $display .= $T->finish($T->get_var('output')) . COM_endBlock(); //Output if (function_exists("COM_createHTMLDocument")) { //Geeklog 2.0+ COM_output(COM_createHTMLDocument($display)); } else { COM_output(COM_siteHeader() . $display . COM_siteFooter(true)); }
if ($msg <= 0) { $msg = 0; } } // Handle just template staticpage security here, rest done in services. // Cannot view template staticpages directly. If template staticpage bail here // if user doesn't have edit rights. if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$page}'") == 1) { if (SEC_hasRights('staticpages.edit')) { $perms = SP_getPerms('', '3'); if (!empty($perms)) { $perms = ' AND ' . $perms; } if (DB_getItem($_TABLES['staticpage'], 'sp_id', "sp_id = '{$page}'" . $perms) == '') { COM_handle404(); exit; } } else { COM_handle404(); exit; } } $retval = SP_returnStaticpage($page, $display_mode, $comment_order, $comment_mode, $comment_page, $msg, $query); if ($display_mode == 'print') { header('Content-Type: text/html; charset=' . COM_getCharset()); if (!empty($_CONF['frame_options'])) { header('X-FRAME-OPTIONS: ' . $_CONF['frame_options']); } } COM_output($retval);
// | as published by the Free Software Foundation; either version 2 | // | of the License, or (at your option) any later version. | // | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +---------------------------------------------------------------------------+ require_once '../../../lib-common.php'; if (!in_array('tag', $_PLUGINS)) { COM_output(COM_refresh($_CONF['site_url'] . '/index.php')); exit; } TAG_checkAdmin(); /** * Main */ class TagStats { function TagStats() { } function add() { } function edit()
/** * Create the links list depending on the category given * * @param array $message message(s) to display * @return string the links page * */ function links_list($message) { global $_CONF, $_TABLES, $_LI_CONF, $LANG_LINKS_ADMIN, $LANG_LINKS, $LANG_LINKS_STATS; $cid = $_LI_CONF['root']; $display = ''; if (isset($_GET['category'])) { $cid = strip_tags(COM_stripslashes($_GET['category'])); } elseif (isset($_POST['category'])) { $cid = strip_tags(COM_stripslashes($_POST['category'])); } $cat = DB_escapeString($cid); $page = 0; if (isset($_GET['page'])) { $page = COM_applyFilter($_GET['page'], true); } if ($page == 0) { $page = 1; } if (empty($cid)) { if ($page > 1) { $page_title = sprintf($LANG_LINKS[114] . ' (%d)', $page); } else { $page_title = $LANG_LINKS[114]; } } else { if ($cid == $_LI_CONF['root']) { $category = $LANG_LINKS['root']; } else { $category = DB_getItem($_TABLES['linkcategories'], 'category', "cid = '{$cat}'"); } if ($page > 1) { $page_title = sprintf($LANG_LINKS[114] . ': %s (%d)', $category, $page); } else { $page_title = sprintf($LANG_LINKS[114] . ': %s', $category); } } // Check has access and existent to this category if ($cid != $_LI_CONF['root']) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$cat}'"); $A = DB_fetchArray($result); if (SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) < 2) { $display .= COM_showMessage(5, 'links'); $display = COM_createHTMLDocument($display, array('pagetitle' => $page_title)); COM_output($display); exit; } // check existent if (!isset($A['owner_id'])) { $display .= COM_showMessage(16, 'links'); $display = COM_createHTMLDocument($display, array('pagetitle' => $page_title)); COM_output($display); exit; } } if (is_array($message) && !empty($message[0])) { $display .= COM_showMessageText($message[1], $message[0]); } else { if (isset($_REQUEST['msg'])) { $msg = COM_applyFilter($_REQUEST['msg'], true); if ($msg > 0) { $display .= COM_showMessage($msg, 'links'); } } } $linklist = COM_newTemplate(CTL_plugin_templatePath('links')); $linklist->set_file(array('linklist' => 'links.thtml', 'catlinks' => 'categorylinks.thtml', 'link' => 'linkdetails.thtml', 'catnav' => 'categorynavigation.thtml', 'catrow' => 'categoryrow.thtml', 'catcol' => 'categorycol.thtml', 'actcol' => 'categoryactivecol.thtml', 'pagenav' => 'pagenavigation.thtml', 'catdrop' => 'categorydropdown.thtml')); $linklist->set_var('blockheader', COM_startBlock($LANG_LINKS[114])); if ($_LI_CONF['linkcols'] > 0) { // Create breadcrumb trail $linklist->set_var('breadcrumbs', links_breadcrumbs($_LI_CONF['root'], $cid)); // Set dropdown for category jump $linklist->set_var('lang_go', $LANG_LINKS[124]); $linklist->set_var('link_dropdown', links_select_box(2, $cid)); // Show categories $sql = "SELECT cid,pid,category,description FROM {$_TABLES['linkcategories']} WHERE pid='{$cat}'"; $sql .= COM_getLangSQL('cid', 'AND'); $sql .= COM_getPermSQL('AND') . " ORDER BY category"; $result = DB_query($sql); $nrows = DB_numRows($result); if ($nrows > 0) { $linklist->set_var('lang_categories', $LANG_LINKS_ADMIN[14]); for ($i = 1; $i <= $nrows; $i++) { $C = DB_fetchArray($result); // Get number of child links user can see in this category $ccid = DB_escapeString($C['cid']); $result1 = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['links']} WHERE cid='{$ccid}'" . COM_getPermSQL('AND')); $D = DB_fetchArray($result1); // Get number of child categories user can see in this category $result2 = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['linkcategories']} WHERE pid='{$ccid}'" . COM_getPermSQL('AND')); $E = DB_fetchArray($result2); // Format numbers for display $display_count = ''; // don't show zeroes if ($E['count'] > 0) { $display_count = COM_numberFormat($E['count']); } if ($E['count'] > 0 && $D['count'] > 0) { $display_count .= ', '; } if ($D['count'] > 0) { $display_count .= COM_numberFormat($D['count']); } // add brackets if child items exist if ($display_count != '') { $display_count = '(' . $display_count . ')'; } $linklist->set_var('category_name', $C['category']); if ($_LI_CONF['show_category_descriptions']) { $linklist->set_var('category_description', PLG_replaceTags($C['description'])); } else { $linklist->set_var('category_description', ''); } $linklist->set_var('category_link', $_CONF['site_url'] . '/links/index.php?category=' . rawurlencode($C['cid'])); $linklist->set_var('category_count', $display_count); $linklist->set_var('width', floor(100 / $_LI_CONF['linkcols'])); if (!empty($cid) && $cid == $C['cid']) { $linklist->parse('category_col', 'actcol', true); } else { $linklist->parse('category_col', 'catcol', true); } if ($i % $_LI_CONF['linkcols'] == 0) { $linklist->parse('category_row', 'catrow', true); $linklist->set_var('category_col', ''); } } if ($nrows % $_LI_CONF['linkcols'] != 0) { $linklist->parse('category_row', 'catrow', true); } $linklist->parse('category_navigation', 'catnav', true); } else { $linklist->set_var('category_navigation', ''); } } else { $linklist->set_var('category_navigation', ''); } if ($_LI_CONF['linkcols'] == 0) { $linklist->set_var('category_dropdown', ''); } else { $linklist->parse('category_dropdown', 'catdrop', true); } $linklist->set_var('cid', $cid); $linklist->set_var('cid_plain', $cid); $linklist->set_var('cid_encoded', rawurlencode($cid)); $linklist->set_var('lang_addalink', $LANG_LINKS[116]); // Build SQL for links $sql = 'SELECT lid,cid,url,description,title,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon'; $from_where = " FROM {$_TABLES['links']}"; if ($_LI_CONF['linkcols'] > 0) { if (!empty($cid)) { $from_where .= " WHERE cid='" . DB_escapeString($cid) . "'"; } else { $from_where .= " WHERE cid=''"; } $from_where .= COM_getPermSQL('AND'); } else { $from_where .= COM_getPermSQL(); } $order = ' ORDER BY cid ASC,title'; $limit = ''; if ($_LI_CONF['linksperpage'] > 0) { if ($page < 1) { $start = 0; } else { $start = ($page - 1) * $_LI_CONF['linksperpage']; } $limit = ' LIMIT ' . $start . ',' . $_LI_CONF['linksperpage']; } $result = DB_query($sql . $from_where . $order . $limit); $nrows = DB_numRows($result); if ($nrows == 0) { if ($cid == $_LI_CONF['root'] && $page <= 1 && $_LI_CONF['show_top10']) { $result = DB_query("SELECT lid,url,title,description,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE (hits > 0)" . COM_getPermSQL('AND') . LINKS_getCategorySQL('AND') . " ORDER BY hits DESC LIMIT 10"); $nrows = DB_numRows($result); if ($nrows > 0) { $linklist->set_var('link_details', ''); $linklist->set_var('link_category', $LANG_LINKS_STATS['stats_headline']); for ($i = 0; $i < $nrows; $i++) { $A = DB_fetchArray($result); prepare_link_item($A, $linklist); $linklist->parse('link_details', 'link', true); } $linklist->parse('category_links', 'catlinks', true); } } $linklist->set_var('page_navigation', ''); } else { $currentcid = ''; for ($i = 0; $i < $nrows; $i++) { $A = DB_fetchArray($result); if (strcasecmp($A['cid'], $currentcid) != 0) { // print the category and link if ($i > 0) { $linklist->parse('category_links', 'catlinks', true); $linklist->set_var('link_details', ''); } $currentcid = $A['cid']; $currentcategory = DB_getItem($_TABLES['linkcategories'], 'category', "cid = '" . DB_escapeString($currentcid) . "'"); if ($A['cid'] == $_LI_CONF['root']) { $linklist->set_var('link_category', $LANG_LINKS['root']); } else { $linklist->set_var('link_category', $currentcategory); } } prepare_link_item($A, $linklist); $linklist->parse('link_details', 'link', true); } $linklist->parse('category_links', 'catlinks', true); $result = DB_query('SELECT COUNT(*) AS count ' . $from_where); list($numlinks) = DB_fetchArray($result); $pages = 0; if ($_LI_CONF['linksperpage'] > 0) { $pages = (int) ($numlinks / $_LI_CONF['linksperpage']); if ($numlinks % $_LI_CONF['linksperpage'] > 0) { $pages++; } } if ($pages > 0) { if ($_LI_CONF['linkcols'] > 0 && !empty($currentcid)) { $catlink = '?category=' . rawurlencode($currentcid); } else { $catlink = ''; } $linklist->set_var('page_navigation', COM_printPageNavigation($_CONF['site_url'] . '/links/index.php' . $catlink, $page, $pages)); } else { $linklist->set_var('page_navigation', ''); } } $linklist->set_var('blockfooter', COM_endBlock()); $linklist->parse('output', 'linklist'); $display .= $linklist->finish($linklist->get_var('output')); $display = COM_createHTMLDocument($display, array('pagetitle' => $page_title)); return $display; }
/** * Saves a poll * Saves a poll topic and potential answers to the database * * @param string $pid Poll topic ID * @param string $old_pid Previous poll topic ID * @param array $Q Array of poll questions * @param string $mainPage Checkbox: poll appears on homepage * @param string $topic The text for the topic * @param string $meta_description * @param string $meta_keywords * @param int $statusCode (unused) * @param string $open Checkbox: poll open for voting * @param string $hideResults Checkbox: hide results until closed * @param int $commentCode Indicates if users can comment on poll * @param array $A Array of possible answers * @param array $V Array of vote per each answer * @param array $R Array of remark per each answer * @param int $owner_id ID of poll owner * @param int $group_id ID of group poll belongs to * @param int $perm_owner Permissions the owner has on poll * @param int $perm_group Permissions the group has on poll * @param int $perm_members Permissions logged in members have on poll * @param int $perm_anon Permissions anonymous users have on poll * @param bool $allow_multipleanswers * @param string $topic_description * @param string $description * @return string|void */ function savepoll($pid, $old_pid, $Q, $mainPage, $topic, $meta_description, $meta_keywords, $statusCode, $open, $hideResults, $commentCode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $allow_multipleanswers, $topic_description, $description) { global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF; $retval = ''; // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $topic = COM_stripslashes($topic); $topic = COM_checkHTML($topic); $topic_description = strip_tags(COM_stripslashes($topic_description)); $meta_description = strip_tags(COM_stripslashes($meta_description)); $meta_keywords = strip_tags(COM_stripslashes($meta_keywords)); $pid = COM_sanitizeID($pid); $old_pid = COM_sanitizeID($old_pid); if (empty($pid)) { if (empty($old_pid)) { $pid = COM_makeSid(); } else { $pid = $old_pid; } } // check if any question was entered if (empty($topic) || count($Q) === 0 || strlen($Q[0]) === 0 || strlen($A[0][0]) === 0) { $retval .= COM_showMessageText($LANG25[2], $LANG21[32]); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG25[5])); return $retval; } if (!SEC_checkToken()) { COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks."); COM_redirect($_CONF['site_admin_url'] . '/plugins/polls/index.php'); } // check for poll id change if (!empty($old_pid) && $pid != $old_pid) { // check if new pid is already in use if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) { // TBD: abort, display editor with all content intact again $pid = $old_pid; // for now ... } } // start processing the poll topic if ($_POLL_VERBOSE) { COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); } if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'"); $P = DB_fetchArray($result); $access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $display = COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}."); COM_output($display); exit; } if ($_POLL_VERBOSE) { COM_errorLog('owner permissions: ' . $perm_owner, 1); COM_errorLog('group permissions: ' . $perm_group, 1); COM_errorLog('member permissions: ' . $perm_members, 1); COM_errorLog('anonymous permissions: ' . $perm_anon, 1); } // we delete everything and re-create it with the input from the form $del_pid = $pid; if (!empty($old_pid) && $pid != $old_pid) { $del_pid = $old_pid; // delete by old pid, create using new pid below } // Retrieve Created Date before delete $created_date = DB_getItem($_TABLES['polltopics'], 'created', "pid = '{$del_pid}'"); if ($created_date == '') { $created_date = date('Y-m-d H:i:s'); } DB_delete($_TABLES['polltopics'], 'pid', $del_pid); DB_delete($_TABLES['pollanswers'], 'pid', $del_pid); DB_delete($_TABLES['pollquestions'], 'pid', $del_pid); $topic = GLText::remove4byteUtf8Chars($topic); $topic = DB_escapeString($topic); $topic_description = GLText::remove4byteUtf8Chars($topic_description); $topic_description = DB_escapeString($topic_description); $meta_description = GLText::remove4byteUtf8Chars($meta_description); $meta_description = DB_escapeString($meta_description); $meta_keywords = GLText::remove4byteUtf8Chars($meta_keywords); $meta_keywords = DB_escapeString($meta_keywords); $k = 0; // set up a counter to make sure we do assign a straight line of question id's // first dimension of array are the questions $num_questions = count($Q); $num_total_votes = 0; $num_questions_exist = 0; for ($i = 0; $i < $num_questions; $i++) { $Q[$i] = COM_stripslashes($Q[$i]); $Q[$i] = COM_checkHTML($Q[$i]); $Q[$i] = GLText::remove4byteUtf8Chars($Q[$i]); $allow_multipleanswers[$i] = GLText::remove4byteUtf8Chars(COM_stripslashes($allow_multipleanswers[$i])); $description[$i] = GLText::remove4byteUtf8Chars(COM_checkHTML(COM_stripslashes($description[$i]))); if ($allow_multipleanswers[$i] == 'on') { $allow_multipleanswers[$i] = 1; } else { $allow_multipleanswers[$i] = 0; } if (strlen($Q[$i]) > 0) { // only insert questions that exist $num_questions_exist++; $Q[$i] = DB_escapeString($Q[$i]); DB_save($_TABLES['pollquestions'], 'qid, pid, question,allow_multipleanswers,description', "'{$k}', '{$pid}', '{$Q[$i]}','{$allow_multipleanswers[$i]}','{$description[$i]}'"); // within the questions, we have another dimensions with answers, // votes and remarks $num_answers = count($A[$i]); for ($j = 0; $j < $num_answers; $j++) { $A[$i][$j] = COM_stripslashes($A[$i][$j]); $A[$i][$j] = COM_checkHTML($A[$i][$j]); $A[$i][$j] = GLText::remove4byteUtf8Chars($A[$i][$j]); $R[$i][$j] = COM_stripslashes($R[$i][$j]); $R[$i][$j] = COM_checkHTML($R[$i][$j]); $R[$i][$j] = GLText::remove4byteUtf8Chars($R[$i][$j]); if (strlen($A[$i][$j]) > 0) { // only insert answers etc that exist if (!is_numeric($V[$i][$j])) { $V[$i][$j] = "0"; } $A[$i][$j] = DB_escapeString($A[$i][$j]); $R[$i][$j] = DB_escapeString($R[$i][$j]); $sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');"; DB_query($sql); $num_total_votes = $num_total_votes + $V[$i][$j]; } } $k++; } } // determine the number of voters (cannot use records in pollvoters table since they get deleted after a time $_PO_CONF['polladdresstime']) if ($num_questions_exist > 0) { $numVoters = $num_total_votes / $num_questions_exist; } else { // This shouldn't happen $numVoters = $num_total_votes; } // save topics after the questions so we can include question count into table $sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$numVoters}, {$k}, '{$created_date}', '" . date('Y-m-d H:i:s'); if ($mainPage == 'on') { $sql .= "',1"; } else { $sql .= "',0"; } if ($open == 'on') { $sql .= ",1"; } else { $sql .= ",0"; } if ($hideResults == 'on') { $sql .= ",1"; } else { $sql .= ",0"; } $sql .= ",'{$statusCode}','{$commentCode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$topic_description}'"; // Save poll topic DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, created, modified, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon,description", $sql); if (empty($old_pid) || $old_pid == $pid) { PLG_itemSaved($pid, 'polls'); } else { DB_change($_TABLES['comments'], 'sid', DB_escapeString($pid), array('sid', 'type'), array(DB_escapeString($old_pid), 'polls')); DB_change($_TABLES['pollvoters'], 'pid', DB_escapeString($pid), 'pid', DB_escapeString($old_pid)); PLG_itemSaved($pid, 'polls', $old_pid); } if ($_POLL_VERBOSE) { COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); } return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19); }
/** * Re-send a request after successful re-authentication * Re-creates a GET or POST request based on data passed along in a form. Used * in case of an expired security token so that the user doesn't lose changes. */ function resend_request() { global $_CONF; $method = ''; if (isset($_POST['token_requestmethod'])) { $method = COM_applyFilter($_POST['token_requestmethod']); } $returnUrl = ''; if (isset($_POST['token_returnurl'])) { $returnUrl = urldecode($_POST['token_returnurl']); if (substr($returnUrl, 0, strlen($_CONF['site_url'])) != $_CONF['site_url']) { // only accept URLs on our site $returnUrl = ''; } } $postData = ''; if (isset($_POST['token_postdata'])) { $postData = urldecode($_POST['token_postdata']); } $getData = ''; if (isset($_POST['token_getdata'])) { $getData = urldecode($_POST['token_getdata']); } $files = ''; if (isset($_POST['token_files'])) { $files = urldecode($_POST['token_files']); } if (SECINT_checkToken() && !empty($method) && !empty($returnUrl) && ($method === 'POST' && !empty($postData) || $method === 'GET' && !empty($getData))) { $magic = get_magic_quotes_gpc(); if ($method === 'POST') { $req = new HTTP_Request2($returnUrl, HTTP_Request2::METHOD_POST); $data = unserialize($postData); foreach ($data as $key => $value) { if ($key == CSRF_TOKEN) { $req->addPostParameter($key, SEC_createToken()); } else { if ($magic) { $value = stripslashes_gpc_recursive($value); } $req->addPostParameter($key, $value); } } if (!empty($files)) { $files = unserialize($files); } if (!empty($files)) { foreach ($files as $key => $value) { $req->addPostParameter('_files_' . $key, $value); } } } else { $data = unserialize($getData); foreach ($data as $key => &$value) { if ($key == CSRF_TOKEN) { $value = SEC_createToken(); } else { if ($magic) { $value = stripslashes_gpc_recursive($value); } } } $returnUrl = $returnUrl . '?' . http_build_query($data); $req = new HTTP_Request2($returnUrl, HTTP_Request2::METHOD_GET); } $req->setHeader('User-Agent', 'Geeklog/' . VERSION); // need to fake the referrer so the new token matches $req->setHeader('Referer', COM_getCurrentUrl()); foreach ($_COOKIE as $cookie => $value) { $req->addCookie($cookie, $value); } try { $response = $req->send(); $status = $response->getStatus(); if ($status == 200) { COM_output($response->getBody()); } else { throw new HTTP_Request2_Exception('HTTP error: status code = ' . $status); } } catch (HTTP_Request2_Exception $e) { if (!empty($files)) { SECINT_cleanupFiles($files); } trigger_error("Resending {$method} request failed: " . $e->getMessage()); } } else { if (!empty($files)) { SECINT_cleanupFiles($files); } COM_redirect($_CONF['site_url'] . '/index.php'); } // don't return exit; }
function MAPS_exportCSV($map, $separator = ";", $fields = array()) { global $_CONF, $_MAPS_CONF, $_TABLES, $LANG_MAPS_1; $count = count($fields); $i = 1; $selected_fields = ''; $valid_fieds = MAPS_getFieldsImportExport(); foreach ($fields as $value) { if (in_array($value, $valid_fieds)) { $selected_fields .= $value; if ($i < $count) { $selected_fields .= ', '; } } $i++; } //if ( $selected_fields == '' ) return; $result = DB_query("SELECT \n\t\t\t\t\t\t\t{$selected_fields} \n\t\t\t\t\t\t\tFROM {$_TABLES['maps_markers']} WHERE mid={$map}"); //Check if there is at least 1 marker $rows = DB_numRows($result); if ($rows < 1 || $selected_fields == '') { $display .= COM_siteHeader('menu', $LANG_MAPS_1['plugin_name']); $display .= MAPS_admin_menu(); $display .= MAPS_message($LANG_MAPS_1['no_marker_to_export']); $display .= COM_siteFooter(0); COM_output($display); exit; } $search = array(',', '\'', ' ', '.', '!', ':'); $sitename = str_replace($search, "_", $_CONF['site_name']); // send response headers to the browser header('Content-Type: text/csv'); header('Content-Disposition: attachment;filename=map_' . $map . '_' . $sitename . '.csv'); $fp1 = fopen('php://output', 'w'); while ($row = DB_fetchArray($result, false)) { if ($separator == ',') { fputcsv($fp1, $row, ",", '"'); } else { if ($separator == 'tab') { fputcsv($fp1, $row, "\t", '"'); } else { fputcsv($fp1, $row, ";", '"'); } } } fclose($fp1); //header("Refresh: 0;url={$_CONF['site_admin_url']}/plugins/maps/import_export.php"); }
} $display = ''; $menu_arr = array(array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home'])); $display = COM_startBlock($LANG_LOGVIEW['log_viewer'], '', COM_getBlockTemplate('_admin_block', 'header')) . ADMIN_createMenu($menu_arr, $LANG_LOGVIEW['info'], $_CONF['layout_url'] . '/images/icons/log_viewer.' . $_IMAGE_TYPE); $display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/logviewer.php" class="uk-form"><div>' . $LANG_LOGVIEW['logs'] . ': ' . '<select name="log">'; foreach (glob($_CONF['path_log'] . '*.log') as $file) { $file = basename($file); $display .= '<option value="' . $file . '"'; if ($log === $file) { $display .= ' selected="selected"'; } $display .= '>' . $file . '</option>'; } $display .= '</select> ' . '<button type="submit" name="viewlog" value="' . $LANG_LOGVIEW['view'] . '" class="uk-button">' . $LANG_LOGVIEW['view'] . '</button>' . ' ' . '<button type="submit" name="clearlog" value="' . $LANG_LOGVIEW['clear'] . '" class="uk-button" onclick="return confirm(\'' . $MESSAGE[76] . '\');">' . $LANG_LOGVIEW['clear'] . '</button>' . '</div></form>'; if (isset($_POST['clearlog'])) { if (@unlink($_CONF['path_log'] . $log)) { $timestamp = strftime("%c"); @file_put_contents($_CONF['path_log'] . $log, "{$timestamp} - Log File Cleared " . PHP_EOL, FILE_APPEND); $_POST['viewlog'] = 1; } } if (isset($_POST['viewlog'])) { $display .= '<p><strong>' . $LANG_LOGVIEW['log_file'] . ': ' . $log . '</strong></p>' . '<div style="margin:10px 0 5px;border-bottom:1px solid #cccccc;"></div>' . '<pre style="overflow:scroll; height:500px;">' . htmlentities(file_get_contents($_CONF['path_log'] . $log), ENT_NOQUOTES, COM_getEncodingt()) . '</pre>'; } $display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); $output = COM_createHTMLDocument($display, array('pagetitle' => $LANG_LOGVIEW['log_viewer'])); header('Content-Type: text/html; charset=' . COM_getEncodingt()); header('X-XSS-Protection: 1; mode=block'); header('X-Content-Type-Options: nosniff'); COM_output($output);
function forum_chkUsercanAccess($secure = false) { global $_CONF, $LANG_GF01, $LANG_GF02, $CONF_FORUM, $_USER; if ($CONF_FORUM['registration_required'] && $_USER['uid'] < 2) { $display = COM_siteHeader(); $display .= '<table width="100%" height="100"><tr><td><center>'; $display .= sprintf($LANG_GF01['loginreqview'], '<a href="' . $_CONF['site_url'] . '/users.php?mode=new">', '<a href="' . $_CONF['site_url'] . '/users.php">'); $display .= '</center></td></tr></table>'; $display .= COM_siteFooter(); COM_output($display); exit; } elseif ($secure and empty($_USER['uid'])) { $display = COM_siteHeader(); $display .= '<br' . XHTML . '>'; $display .= BlockMessage($LANG_GF01['ACCESSERROR'], $LANG_GF02['msg83'], false); $display .= COM_siteFooter(); COM_output($display); exit; } }
/** * Upload new photo, delete old photo * * @param string $delete_photo 'on': delete old photo * @return string filename of new photo (empty = no new photo) * */ function handlePhotoUpload($delete_photo = '') { global $_CONF, $_TABLES, $_USER, $LANG24; require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); if (!empty($_CONF['image_lib'])) { if ($_CONF['image_lib'] == 'imagemagick') { // Using imagemagick $upload->setMogrifyPath($_CONF['path_to_mogrify']); } elseif ($_CONF['image_lib'] == 'netpbm') { // using netPBM $upload->setNetPBM($_CONF['path_to_netpbm']); } elseif ($_CONF['image_lib'] == 'gdlib') { // using the GD library $upload->setGDLib(); } $upload->setAutomaticResize(true); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } if (isset($_CONF['jpeg_quality'])) { $upload->setJpegQuality($_CONF['jpeg_quality']); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_CONF['path_images'] . 'userphotos')) { $display = COM_siteHeader('menu', $LANG24[30]); $display .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $display .= $upload->printErrors(false); $display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $display .= COM_siteFooter(); COM_output($display); exit; // don't return } $filename = ''; if (!empty($delete_photo) && $delete_photo == 'on') { $delete_photo = true; } else { $delete_photo = false; } $curphoto = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}"); if (empty($curphoto)) { $delete_photo = false; } // see if user wants to upload a (new) photo $newphoto = $_FILES['photo']; if (!empty($newphoto['name'])) { $pos = strrpos($newphoto['name'], '.') + 1; $fextension = substr($newphoto['name'], $pos); $filename = $_USER['username'] . '.' . $fextension; if (!empty($curphoto) && $filename != $curphoto) { $delete_photo = true; } else { $delete_photo = false; } } // delete old photo first if ($delete_photo) { USER_deletePhoto($curphoto); } // now do the upload if (!empty($filename)) { $upload->setFileNames($filename); $upload->setPerms('0644'); if ($_CONF['max_photo_width'] > 0 && $_CONF['max_photo_height'] > 0) { $upload->setMaxDimensions($_CONF['max_photo_width'], $_CONF['max_photo_height']); } else { $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']); } if ($_CONF['max_photo_size'] > 0) { $upload->setMaxFileSize($_CONF['max_photo_size']); } else { $upload->setMaxFileSize($_CONF['max_image_size']); } $upload->uploadFiles(); if ($upload->areErrors()) { $display = COM_siteHeader('menu', $LANG24[30]); $display .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header')); $display .= $upload->printErrors(false); $display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $display .= COM_siteFooter(); COM_output($display); exit; // don't return } } else { if (!$delete_photo && !empty($curphoto)) { $filename = $curphoto; } } return $filename; }
function MG_rebuildThumb() { global $_MG_CONF, $LANG_MG01; $sql = MG_buildMediaSql(array('where' => "m.media_type = 0", 'sortorder' => -1)); $result = DB_query($sql); $nRows = DB_numRows($result); if ($nRows > 0) { $actionURL = $_MG_CONF['admin_url'] . 'index.php'; $session_description = $LANG_MG01['rebuild_thumb']; $session_id = MG_beginSession('rebuildthumb', $actionURL, $session_description); for ($x = 0; $x < $nRows; $x++) { $row = DB_fetchArray($result); $srcImage = ''; $imageDisplay = ''; $mfn = $row['media_filename'][0] . '/' . $row['media_filename']; if ($_MG_CONF['discard_original'] == 1) { $ext = MG_getMediaExt($_MG_CONF['path_mediaobjects'] . 'disp/' . $mfn); if (!empty($ext)) { $srcImage = $_MG_CONF['path_mediaobjects'] . 'disp/' . $mfn . $ext; $imageDisplay = $_MG_CONF['path_mediaobjects'] . 'tn/' . $mfn . $ext; $row['mime_type'] = ''; } } else { $ext = MG_getMediaExt($_MG_CONF['path_mediaobjects'] . 'orig/' . $mfn); if (!empty($ext)) { $srcImage = $_MG_CONF['path_mediaobjects'] . 'orig/' . $mfn . $ext; $imageDisplay = $_MG_CONF['path_mediaobjects'] . 'tn/' . $mfn . $ext; } } if ($srcImage == '' || !file_exists($srcImage)) { $ext = MG_getMediaExt($_MG_CONF['path_mediaobjects'] . 'disp/' . $mfn); if (!empty($ext)) { $srcImage = $_MG_CONF['path_mediaobjects'] . 'disp/' . $mfn . $ext; $imageDisplay = $_MG_CONF['path_mediaobjects'] . 'tn/' . $mfn . $ext; $row['mime_type'] = ''; $row['media_mime_ext'] = $ext; } } if ($srcImage == '') { continue; } MG_registerSession(array('session_id' => $session_id, 'mid' => $row['mime_type'], 'aid' => $row['album_id'], 'data' => $srcImage, 'data2' => $imageDisplay, 'data3' => $row['media_mime_ext'])); } $display = MG_continueSession($session_id, 0, $_MG_CONF['def_refresh_rate']); $display = COM_createHTMLDocument($display); COM_output($display); exit; } else { echo COM_refresh($_MG_CONF['admin_url'] . 'index.php?msg=7'); exit; } }
/** * Upload new topic icon, replaces previous icon if one exists * * @param string tid ID of topic to prepend to filename * @return string filename of new photo (empty = no new photo) * */ function handleIconUpload($tid) { global $_CONF, $_TABLES, $LANG27; require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new upload(); if (!empty($_CONF['image_lib'])) { if ($_CONF['image_lib'] == 'imagemagick') { // Using imagemagick $upload->setMogrifyPath($_CONF['path_to_mogrify']); } elseif ($_CONF['image_lib'] == 'netpbm') { // using netPBM $upload->setNetPBM($_CONF['path_to_netpbm']); } elseif ($_CONF['image_lib'] == 'gdlib') { // using the GD library $upload->setGDLib(); } $upload->setAutomaticResize(true); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } if (isset($_CONF['jpeg_quality'])) { $upload->setJpegQuality($_CONF['jpeg_quality']); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_CONF['path_images'] . 'topics')) { $display = COM_siteHeader('menu', $LANG27[29]); $display .= COM_startBlock($LANG27[29], '', COM_getBlockTemplate('_msg_block', 'header')); $display .= $upload->printErrors(false); $display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $display .= COM_siteFooter(); COM_output($display); exit; // don't return } $filename = ''; // see if user wants to upload a (new) icon $newicon = $_FILES['newicon']; if (!empty($newicon['name'])) { $pos = strrpos($newicon['name'], '.') + 1; $fextension = substr($newicon['name'], $pos); $filename = 'topic_' . $tid . '.' . $fextension; } // do the upload if (!empty($filename)) { $upload->setFileNames($filename); $upload->setPerms('0644'); if ($_CONF['max_topicicon_width'] > 0 && $_CONF['max_topicicon_height'] > 0) { $upload->setMaxDimensions($_CONF['max_topicicon_width'], $_CONF['max_topicicon_height']); } else { $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']); } if ($_CONF['max_topicicon_size'] > 0) { $upload->setMaxFileSize($_CONF['max_topicicon_size']); } else { $upload->setMaxFileSize($_CONF['max_image_size']); } $upload->uploadFiles(); if ($upload->areErrors()) { $display = COM_siteHeader('menu', $LANG27[29]); $display .= COM_startBlock($LANG27[29], '', COM_getBlockTemplate('_msg_block', 'header')); $display .= $upload->printErrors(false); $display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $display .= COM_siteFooter(); COM_output($display); exit; // don't return } $filename = '/images/topics/' . $filename; } return $filename; }
$output .= COM_siteHeader(); $output .= nexmenu_debug(); $output .= COM_startBlock(); $output .= displayMenuRecords(); break; case 'config': $output .= COM_siteHeader(); $output .= nexmenu_debug(); $output .= COM_startBlock(); $output .= menuConfig(); break; case 'saveconfig': $statusmsg = menuSaveConfig(); if ($statusmsg != '') { echo COM_refresh($_CONF['site_admin_url'] . '/plugins/nexmenu/index.php?op=config&writecss=' . $_POST['writecss'] . '&statusmsg=' . $statusmsg); } else { echo COM_refresh($_CONF['site_admin_url'] . '/plugins/nexmenu/index.php?op=config&writecss=' . $_POST['writecss']); } exit; break; default: $output .= COM_siteHeader(); $output .= nexmenu_debug(); $output .= COM_startBlock(); $output .= displayMenuRecords(); break; } $output .= COM_endBlock(); $output .= COM_siteFooter(); echo COM_output($output);
function _reedit($method, $args = array()) { $display = ''; if (method_exists($this, $method)) { switch (count($args)) { case 0: $display = $this->{$method}(); break; case 1: $display = $this->{$method}($args[0]); break; case 2: $display = $this->{$method}($args[0], $args[1]); break; case 3: $display = $this->{$method}($args[0], $args[1], $args[2]); break; default: $display = ''; break; } } COM_output($display); exit; }
/** * Saves link to the database * * @param string $lid ID for link * @param string $old_lid old ID for link * @param string $cid cid of category link belongs to * @param string $categorydd Category links belong to * @param string $url URL of link to save * @param string $description Description of link * @param string $title Title of link * @param int $hits Number of hits for link * @param int $owner_id ID of owner * @param int $group_id ID of group link belongs to * @param int $perm_owner Permissions the owner has * @param int $perm_group Permissions the group has * @param int $perm_members Permissions members have * @param int $perm_anon Permissions anonymous users have * @return string HTML redirect or error message * @global array core config vars * @global array core group data * @global array core table data * @global array core user data * @global array core msg data * @global array links plugin lang admin vars * */ function savelink($lid, $old_lid, $cid, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF; $retval = ''; // Convert array values to numeric permission values if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } // Remove any autotags the user doesn't have permission to use $description = PLG_replaceTags($description, '', true); // clean 'em up $description = DB_escapeString(COM_checkHTML(COM_checkWords($description), 'links.edit')); $title = DB_escapeString(strip_tags(COM_checkWords($title))); $cid = DB_escapeString($cid); if (empty($owner_id)) { // this is new link from admin, set default values $owner_id = $_USER['uid']; if (isset($_GROUPS['Links Admin'])) { $group_id = $_GROUPS['Links Admin']; } else { $group_id = SEC_getFeatureGroup('links.edit'); } $perm_owner = 3; $perm_group = 2; $perm_members = 2; $perm_anon = 2; } $lid = COM_sanitizeID($lid); $old_lid = COM_sanitizeID($old_lid); if (empty($lid)) { if (empty($old_lid)) { $lid = COM_makeSid(); } else { $lid = $old_lid; } } // check for link id change if (!empty($old_lid) && $lid != $old_lid) { // check if new lid is already in use if (DB_count($_TABLES['links'], 'lid', $lid) > 0) { // TBD: abort, display editor with all content intact again $lid = $old_lid; // for now ... } } $access = 0; $old_lid = DB_escapeString($old_lid); if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}."); COM_output($display); exit; } elseif (!empty($title) && !empty($description) && !empty($url)) { if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) { $cid = DB_escapeString($categorydd); } else { if ($categorydd != $LANG_LINKS_ADMIN[7]) { echo COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php'); } } DB_delete($_TABLES['linksubmission'], 'lid', $old_lid); DB_delete($_TABLES['links'], 'lid', $old_lid); DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$lid}','{$cid}','{$url}','{$description}','{$title}',NOW(),'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"); if (empty($old_lid) || $old_lid == $lid) { PLG_itemSaved($lid, 'links'); } else { PLG_itemSaved($lid, 'links', $old_lid); } // Get category for rdf check $category = DB_getItem($_TABLES['linkcategories'], "category", "cid='{$cid}'"); COM_rdfUpToDateCheck('links', $category, $lid); return PLG_afterSaveSwitch($_LI_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/links/portal.php?what=link&item={$lid}"), 'links', 2); } else { // missing fields $retval .= COM_errorLog($LANG_LINKS_ADMIN[10], 2); if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) { $retval .= editlink('edit', $old_lid); } else { $retval .= editlink('edit', ''); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LINKS_ADMIN[1])); return $retval; } }
/** * Saves user to the database * * @param int $uid user id * @param string $usernmae (short) username * @param string $fullname user's full name * @param string $email user's email address * @param string $regdate date the user registered with the site * @param string $homepage user's homepage URL * @param array $groups groups the user belongs to * @param string $delete_photo delete user's photo if == 'on' * @return string HTML redirect or error message * */ function saveusers($uid, $username, $fullname, $passwd, $passwd_conf, $email, $regdate, $homepage, $groups, $delete_photo = '', $userstatus = 3, $oldstatus = 3) { global $_CONF, $_TABLES, $_USER, $LANG28, $_USER_VERBOSE; $retval = ''; $userChanged = false; if ($_USER_VERBOSE) { COM_errorLog("**** entering saveusers****", 1); COM_errorLog("group size at beginning = " . count($groups), 1); } $service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$uid}"); // If remote service then assume blank password if (!empty($service)) { $passwd = ''; $passwd_conf = ''; } $passwd_changed = true; if (empty($service) && SEC_encryptUserPassword($passwd, $uid) === 0 && $passwd_conf === '') { $passwd_changed = false; } if ($passwd_changed && $passwd != $passwd_conf) { // passwords don't match return edituser($uid, 67); } $nameAndEmailOkay = true; if (empty($username)) { $nameAndEmailOkay = false; } elseif (empty($email)) { if (empty($uid)) { $nameAndEmailOkay = false; // new users need an email address } else { if (empty($service)) { $nameAndEmailOkay = false; // not a remote user - needs email } } } if ($nameAndEmailOkay) { if (!empty($email) && !COM_isEmail($email)) { return edituser($uid, 52); } $uname = DB_escapeString($username); if (empty($uid)) { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******'"); } else { if (!empty($service)) { $uservice = DB_escapeString($service); $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND remoteservice = '{$uservice}'"); } else { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND (remoteservice = '' OR remoteservice IS NULL)"); } } if ($ucount > 0) { // Admin just changed a user's username to one that already exists return edituser($uid, 51); } $emailaddr = DB_escapeString($email); $exclude_remote = " AND (remoteservice IS NULL OR remoteservice = '')"; if (empty($uid)) { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}'" . $exclude_remote); } else { $old_email = DB_getItem($_TABLES['users'], 'email', "uid = '{$uid}'"); if ($old_email == $email) { // email address didn't change so don't care $ucount = 0; } else { $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}' AND uid <> {$uid}" . $exclude_remote); } } if ($ucount > 0) { // Admin just changed a user's email to one that already exists return edituser($uid, 56); } if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) { $ret = CUSTOM_userCheck($username, $email); if (!empty($ret)) { // need a numeric return value - otherwise use default message if (!is_numeric($ret['number'])) { $ret['number'] = 400; } return edituser($uid, $ret['number']); } } if (empty($uid)) { if (empty($passwd)) { // no password? create one ... $passwd = SEC_generateRandomPassword(); } $uid = USER_createAccount($username, $email, $passwd, $fullname, $homepage); if ($uid > 1) { DB_query("UPDATE {$_TABLES['users']} SET status = {$userstatus} WHERE uid = {$uid}"); } } else { $fullname = DB_escapeString($fullname); $homepage = DB_escapeString($homepage); $curphoto = DB_getItem($_TABLES['users'], 'photo', "uid = {$uid}"); if (!empty($curphoto) && $delete_photo == 'on') { USER_deletePhoto($curphoto); $curphoto = ''; } if ($_CONF['allow_user_photo'] == 1 && !empty($curphoto)) { $curusername = DB_getItem($_TABLES['users'], 'username', "uid = {$uid}"); if ($curusername != $username) { // user has been renamed - rename the photo, too $newphoto = preg_replace('/' . $curusername . '/', $username, $curphoto, 1); $imgpath = $_CONF['path_images'] . 'userphotos/'; if (@rename($imgpath . $curphoto, $imgpath . $newphoto) === false) { $retval .= COM_errorLog('Could not rename userphoto "' . $curphoto . '" to "' . $newphoto . '".'); return $retval; } $curphoto = $newphoto; } } $curphoto = DB_escapeString($curphoto); DB_query("UPDATE {$_TABLES['users']} SET username = '******', fullname = '{$fullname}', email = '{$email}', homepage = '{$homepage}', photo = '{$curphoto}', status='{$userstatus}' WHERE uid = {$uid}"); if ($passwd_changed && !empty($passwd)) { SEC_updateUserPassword($passwd, $uid); } if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) { CUSTOM_userSave($uid); } if ($_CONF['usersubmission'] == 1 && $oldstatus == USER_ACCOUNT_AWAITING_APPROVAL && $userstatus == USER_ACCOUNT_ACTIVE) { USER_createAndSendPassword($username, $email, $uid); } if ($userstatus == USER_ACCOUNT_DISABLED) { SESS_endUserSession($uid); } $userChanged = true; } // check that the user is allowed to change group assignments if (is_array($groups) && SEC_hasRights('group.assign')) { if (!SEC_inGroup('Root')) { $rootgrp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'"); if (in_array($rootgrp, $groups)) { COM_accessLog("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user {$username}."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); exit; } } // make sure the Remote Users group is in $groups if (SEC_inGroup('Remote Users', $uid)) { $remUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'"); if (!in_array($remUsers, $groups)) { $groups[] = $remUsers; } } if ($_USER_VERBOSE) { COM_errorLog("deleting all group_assignments for user {$uid}/{$username}", 1); } // remove user from all groups that the User Admin is a member of $UserAdminGroups = SEC_getUserGroups(); $whereGroup = 'ug_main_grp_id IN (' . implode(',', $UserAdminGroups) . ')'; DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = {$uid}) AND " . $whereGroup); // make sure to add user to All Users and Logged-in Users groups $allUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'All Users'"); if (!in_array($allUsers, $groups)) { $groups[] = $allUsers; } $logUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Logged-in Users'"); if (!in_array($logUsers, $groups)) { $groups[] = $logUsers; } foreach ($groups as $userGroup) { if (in_array($userGroup, $UserAdminGroups)) { if ($_USER_VERBOSE) { COM_errorLog("adding group_assignment " . $userGroup . " for {$username}", 1); } $sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$userGroup}, {$uid})"; DB_query($sql); } } } if ($userChanged) { PLG_userInfoChanged($uid); } $errors = DB_error(); if (empty($errors)) { echo PLG_afterSaveSwitch($_CONF['aftersave_user'], "{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}", 'user', 21); } else { $retval .= COM_errorLog('Error in saveusers in ' . $_CONF['site_admin_url'] . '/user.php'); $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[22])); echo $retval; exit; } } else { $retval .= COM_showMessageText($LANG28[10]); if (!empty($uid) && $uid > 1 && DB_count($_TABLES['users'], 'uid', $uid) > 0) { $retval .= edituser($uid); } else { $retval .= edituser(); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[1])); COM_output($retval); exit; } if ($_USER_VERBOSE) { COM_errorLog("***************leaving saveusers*****************", 1); } return $retval; }
// +---------------------------------------------------------------------------+ // | Based on JCART v1.1 | // | | // | Copyright (C) 2010 by the following authors: | // | JCART v1.1 http://conceptlogic.com/jcart/ | // | | // +---------------------------------------------------------------------------+ // | | // | This program is free software; you can redistribute it and/or | // | modify it under the terms of the GNU General Public License | // | as published by the Free Software Foundation; either version 2 | // | of the License, or (at your option) any later version. | // | | // | This program is distributed in the hope that it will be useful, | // | but WITHOUT ANY WARRANTY; without even the implied warranty of | // | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | // | GNU General Public License for more details. | // | | // | You should have received a copy of the GNU General Public License | // | along with this program; if not, write to the Free Software Foundation, | // | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. | // | | // +---------------------------------------------------------------------------+ // THIS FILE TAKES INPUT FROM AJAX REQUESTS VIA JQUERY post AND get METHODS, THEN PASSES DATA TO JCART // RETURNS UPDATED CART HTML BACK TO SUBMITTING PAGE /** * require core geeklog code */ require_once '../../lib-common.php'; COM_output(PAYPAL_displayCart(0));
$mode = COM_applyFilter($_GET['mode']); } } $T = new Template($_MG_CONF['template_path']); $T->set_file('admin', 'administration.thtml'); $T->set_var(array('site_admin_url' => $_CONF['site_admin_url'], 'site_url' => $_MG_CONF['site_url'], 'lang_admin' => $LANG_MG00['admin'], 'xhtml' => XHTML)); if ($mode == $LANG_MG01['save'] && !empty($LANG_MG01['save'])) { MG_createUsers(); exit; } elseif ($mode == $LANG_MG01['cancel']) { echo COM_refresh($_MG_CONF['admin_url'] . 'index.php'); exit; } else { if (isset($_REQUEST['page'])) { $page = COM_applyFilter($_REQUEST['page'], true) - 1; if ($page < 0) { $page = 0; } } else { $page = 0; } $T->set_var(array('admin_body' => MG_selectUsers($page), 'title' => $LANG_MG01['batch_create_members'], 'lang_help' => '<img src="' . MG_getImageFile('button_help.png') . '" style="border:none;" alt="?"' . XHTML . '>', 'help_url' => $_MG_CONF['site_url'] . '/docs/usage.html#Batch_Create_Member_Albums')); } $T->parse('output', 'admin'); $display = COM_startBlock($LANG_MG00['admin'], '', COM_getBlockTemplate('_admin_block', 'header')); $display .= MG_showAdminMenu('member_albums'); $display .= $T->finish($T->get_var('output')); $display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); $display = COM_createHTMLDocument($display); COM_output($display);
$display .= MAPS_ViewMarkerInfos($_REQUEST['mkid']); } else { echo COM_refresh($_MAPS_CONF['site_url'] . '/index.php'); } break; case 'print': if (isset($_REQUEST['mid']) && isset($_REQUEST['mkid'])) { $display = COM_siteHeader('none', $LANG_MAPS_1['maps'] . ' | ' . $A['name'] . $more_title); $display = MAPS_getMarkerDetail($_REQUEST['mid'], $_REQUEST['mkid']); $display .= MAPS_ViewMarkerInfos($_REQUEST['mkid']); $display .= COM_siteFooter(-1); COM_output($display); exit; } else { echo COM_refresh($_MAPS_CONF['site_url'] . '/index.php'); } break; default: $display .= '<h1>' . $LANG_MAPS_1['my_markers'] . '</h1>'; $display .= MAPS_listUserMarkers(); } //Page title $pagetitle = ''; if (defined('MAPS_PAGE_TITLE')) { $pagetitle = ' | ' . MAPS_PAGE_TITLE; } $page = COM_siteHeader('menu', $LANG_MAPS_1['maps'] . $pagetitle); $page .= MAPS_user_menu() . $display; $page .= COM_siteFooter(0); COM_output($page);