function MG_saveEnroll()
{
global $_CONF, $_MG_CONF, $_MG_USERPREFS, $_TABLES, $_USER, $LANG_MG03;
if ($_MG_CONF['member_albums'] != 1) {
echo COM_refresh($_MG_CONF['site_url'] . '/index.php');
exit;
}
if (!isset($_MG_CONF['member_quota'])) {
$_MG_CONF['member_quota'] = 0;
}
$sql = "SELECT album_id FROM {$_TABLES['mg_albums']} WHERE owner_id=" . (int) $_USER['uid'] . " AND album_parent=" . $_MG_CONF['member_album_root'];
$result = DB_query($sql);
$nRows = DB_numRows($result);
if ($nRows > 0) {
$display = MG_siteHeader();
$display .= COM_showMessageText($LANG_MG03['existing_member_album'], '', true);
$display .= MG_siteFooter();
echo $display;
exit;
}
$uid = (int) $_USER['uid'];
$aid = plugin_user_create_mediagallery($uid, 1);
$result = DB_query("UPDATE {$_TABLES['mg_userprefs']} SET member_gallery=1,quota=" . $_MG_CONF['member_quota'] . " WHERE uid=" . $uid, 1);
$affected = DB_affectedRows($result);
if (DB_error()) {
$sql = "INSERT INTO {$_TABLES['mg_userprefs']} (uid, active, display_rows, display_columns, mp3_player, playback_mode, tn_size, quota, member_gallery) VALUES (" . $uid . ",1,0,0,-1,-1,-1," . $_MG_CONF['member_quota'] . ",1)";
DB_query($sql, 1);
}
CACHE_remove_instance('menu');
echo COM_refresh($_MG_CONF['site_url'] . '/album.php?aid=' . $aid);
exit;
}
function MG_invalidRequest()
{
global $LANG_MG02;
$display = COM_showMessageText($LANG_MG02['generic_error']);
$display = MG_createHTMLDocument($display);
COM_output($display);
exit;
}
/**
* Check for access rights
*/
public static function checkAccessRights()
{
global $MESSAGE, $_USER;
if (!SEC_hasRights('language.edit')) {
$content = COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = COM_createHTMLDocument($content, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally access the language administration screen.");
COM_output($display);
exit;
}
}
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +--------------------------------------------------------------------------+
//
require_once '../../../lib-common.php';
require_once '../../auth.inc.php';
require_once $_CONF['path'] . 'plugins/mediagallery/include/init.php';
require_once $_MG_CONF['path_admin'] . 'navigation.php';
require_once $_CONF['path'] . 'plugins/mediagallery/include/classFrame.php';
MG_initAlbums();
// Only let admin users access this page
if (!SEC_hasRights('mediagallery.config')) {
// Someone is trying to illegally access this page
COM_errorLog("Someone has tried to illegally access the Media Gallery Configuration page. User id: {$_USER['uid']}, Username: {$_USER['username']}", 1);
$display = COM_siteHeader();
$display .= COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_MG00['access_denied'], true);
$display .= COM_siteFooter(true);
echo $display;
exit;
}
function MG_editConfig($msgString = '')
{
global $_CONF, $_MG_CONF, $_TABLES, $_USER, $LANG_MG00, $LANG_MG01, $LANG_DIRECTION, $LANG04;
$retval = '';
$T = new Template($_MG_CONF['template_path'] . '/admin');
$T->set_file('admin', 'cfgedit.thtml');
$T->set_var('site_url', $_MG_CONF['site_url']);
if ($msgString != '') {
$T->set_var('feedback', $msgString);
}
if (!isset($_MG_CONF['rating_max'])) {
/**
* Upload new topic icon, replaces previous icon if one exists
*
* @param string $tid ID of topic to prepend to filename
* @return string filename of new photo (empty = no new photo)
*/
function handleIconUpload($tid)
{
global $_CONF, $_TABLES, $LANG27;
$upload = new Upload();
if (!empty($_CONF['image_lib'])) {
if ($_CONF['image_lib'] == 'imagemagick') {
// Using imagemagick
$upload->setMogrifyPath($_CONF['path_to_mogrify']);
} elseif ($_CONF['image_lib'] == 'netpbm') {
// using netPBM
$upload->setNetPBM($_CONF['path_to_netpbm']);
} elseif ($_CONF['image_lib'] == 'gdlib') {
// using the GD library
$upload->setGDLib();
}
$upload->setAutomaticResize(true);
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
if (isset($_CONF['jpeg_quality'])) {
$upload->setJpegQuality($_CONF['jpeg_quality']);
}
}
$upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
if (!$upload->setPath($_CONF['path_images'] . 'topics')) {
$display = COM_showMessageText($upload->printErrors(false), $LANG27[29]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG27[29]));
COM_output($display);
exit;
// don't return
}
$filename = '';
// see if user wants to upload a (new) icon
$newIcon = $_FILES['newicon'];
if (!empty($newIcon['name'])) {
$pos = strrpos($newIcon['name'], '.') + 1;
$fExtension = substr($newIcon['name'], $pos);
$filename = 'topic_' . $tid . '.' . $fExtension;
}
// do the upload
if (!empty($filename)) {
$upload->setFileNames($filename);
$upload->setPerms('0644');
if ($_CONF['max_topicicon_width'] > 0 && $_CONF['max_topicicon_height'] > 0) {
$upload->setMaxDimensions($_CONF['max_topicicon_width'], $_CONF['max_topicicon_height']);
} else {
$upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
}
if ($_CONF['max_topicicon_size'] > 0) {
$upload->setMaxFileSize($_CONF['max_topicicon_size']);
} else {
$upload->setMaxFileSize($_CONF['max_image_size']);
}
$upload->uploadFiles();
if ($upload->areErrors()) {
$display = COM_showMessageText($upload->printErrors(false), $LANG27[29]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG27[29]));
COM_output($display);
exit;
// don't return
}
if (strpos($_CONF['path_images'], $_CONF['path_html']) === 0) {
$filename = substr($_CONF['path_images'], strlen($_CONF['path_html']) - 1) . 'topics/' . $filename;
} else {
/**
* Not really used when the 'path_images' is outside of the webroot.
* Let's at least extract the name of the images directory then.
*/
$images = 'images';
$parts = explode('/', $_CONF['path_images']);
if (count($parts) > 1) {
$cnt = count($parts);
// e.g. from /path/to/myimages/ would extract "myimages"
if (empty($parts[$cnt - 1]) && !empty($parts[$cnt - 2])) {
$images = $parts[$cnt - 2];
}
$filename = '/' . $images . '/topics/' . $filename;
}
}
}
return $filename;
}
$album_id = COM_applyFilter($_GET['aid'], true);
$media_id = COM_applyFilter($_GET['mid']);
$T = new Template(MG_getTemplatePath($album_id));
$T->set_file('page', 'view_image.thtml');
$T->set_var('header', $LANG_MG00['plugin']);
$T->set_var('site_url', $_CONF['site_url']);
$T->set_var('plugin', 'mediagallery');
//
// -- Verify that image really does belong to this album
//
$sql = "SELECT * FROM " . $_TABLES['mg_media_albums'] . " WHERE media_id='" . DB_escapeString($mid) . "' AND album_id='" . intval($aid) . "'";
$result = DB_query($sql);
if (DB_numRows($result) < 1) {
die("ERROR #2");
}
// Get Album Info...
$sql = "SELECT * FROM " . $_TABLES['mg_albums'] . " WHERE album_id=" . intval($album_id);
$result = DB_query($sql);
$row = DB_fetchArray($result);
// Check access rights
$access = SEC_hasAccess($row['owner_id'], $row['group_id'], $row['perm_owner'], $row['perm_group'], $row['perm_members'], $row['perm_anon']);
if ($access == 0) {
$display .= COM_siteHeader('menu') . COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true) . COM_siteFooter();
echo $display;
exit;
}
$sql = "SELECT * FROM " . $_TABLES['mg_media'] . " WHERE media_id='" . DB_escapeString($media_id) . "'";
$result = DB_query($sql);
$row = DB_fetchArray($result);
echo '<img src="' . $_MG_CONF['mediaobjects_url'] . '/disp/' . $row['media_filename'][0] . '/' . $row['media_filename'] . '.jpg' . '">';
exit;
/**
* Show main plugin screen: installed and uninstalled plugins, upload form
*
* @param string $message (optional) message to display
* @param string $token an optional csrf token
* @return string HTML for the plugin screen
*
*/
function plugin_main($message = '', $token = '')
{
global $LANG32;
$retval = '';
$retval .= COM_siteHeader('menu', $LANG32[5]);
if (!empty($message)) {
$retval .= COM_showMessageText($message);
} else {
$retval .= COM_showMessageFromParameter();
}
if (empty($token)) {
$token = SEC_createToken();
}
$retval .= listplugins($token);
if (SEC_hasRights('plugin.install')) {
$retval .= show_newplugins($token);
}
// Show the upload form or an error message
$retval .= plugin_show_uploadform($token);
$retval .= COM_siteFooter();
return $retval;
}
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +---------------------------------------------------------------------------+
require_once '../../../lib-common.php';
require_once '../../auth.inc.php';
require_once $_CONF['path'] . 'plugins/downloads/include/functions.php';
if (!SEC_hasRights('downloads.edit')) {
$display = COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = DLM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally access the downloads temporary file.");
COM_output($display);
exit;
}
COM_setArgNames(array('id'));
$lid = addslashes(COM_applyFilter(COM_getArgument('id')));
$result = DB_query("SELECT url, date FROM {$_TABLES['downloadsubmission']} WHERE lid='{$lid}'");
list($url, $date) = DB_fetchArray($result);
$filepath = $_DLM_CONF['path_filestore'] . 'tmp' . date('YmdHis', $date) . DLM_createSafeFileName($url);
if (file_exists($filepath)) {
header('Content-Disposition: attachment; filename="' . $url . '"');
header('Content-Type: application/octet-stream');
header('Content-Description: File Transfer');
header('Content-Transfer-Encoding: binary');
/**
* Plugin function that is called after comment form is submitted.
* Needs to at least save the comment and check return value.
* Add any additional logic your plugin may need to perform on comments.
*
* $title comment title
* $comment comment text
* $id Item id to which $cid belongs
* $pid comment parent
* $postmode 'html' or 'text'
*
*/
function _mg_savecomment($title, $comment, $id, $pid, $postmode)
{
global $_CONF, $_MG_CONF, $_TABLES, $LANG03;
$retval = '';
$title = strip_tags($title);
$pid = COM_applyFilter($pid, true);
$postmode = COM_applyFilter($postmode);
$ret = CMT_saveComment($title, $comment, $id, $pid, 'mediagallery', $postmode);
if ($ret > 0) {
$retval = '';
if (SESS_isSet('glfusion.commentpresave.error')) {
$retval = COM_showMessageText(SESS_getVar('glfusion.commentpresave.error'), '', true);
SESS_unSet('glfusion.commentpresave.error');
}
$retval .= CMT_commentform($title, $comment, $id, $pid, 'mediagallery', $LANG03[14], $postmode);
return $retval;
} else {
$comments = DB_count($_TABLES['comments'], array('sid', 'type'), array(DB_escapeString($id), 'mediagallery'));
DB_change($_TABLES['mg_media'], 'media_comments', $comments, 'media_id', DB_escapeString($id));
return COM_refresh($_MG_CONF['site_url'] . "/media.php?s={$id}#comments");
}
}
/**
* This will save a submission
*
* @param string $type Type of submission we are dealing with
* @param array $A Data for that submission
*
*/
function savesubmission($type, $A)
{
global $_CONF, $_TABLES, $LANG12;
COM_clearSpeedlimit($_CONF['speedlimit'], 'submit');
$last = COM_checkSpeedlimit('submit');
if ($last > 0) {
$retval = COM_showMessageText($LANG12[30] . $last . $LANG12[31], $LANG12[26]);
$retval = COM_createHTMLDocument($retval);
return $retval;
}
if (!empty($type) && $type !== 'story') {
// Update the submitspeedlimit for user - assuming Plugin approves
// submission record
COM_updateSpeedlimit('submit');
// see if this is a submission that needs to be handled by a plugin
// and should include its own redirect
$retval = PLG_saveSubmission($type, $A);
if ($retval === false) {
COM_errorLog("Could not save your submission. Bad type: {$type}");
} elseif (empty($retval)) {
// plugin should include its own redirect - but in case handle
// it here and redirect to the main page
PLG_submissionSaved($type);
COM_redirect($_CONF['site_url'] . '/index.php');
} else {
PLG_submissionSaved($type);
return $retval;
}
}
if (!empty($A['title']) && !empty($A['introtext']) && TOPIC_checkTopicSelectionControl()) {
$retval = savestory($A);
PLG_submissionSaved($type);
} else {
$retval = COM_showMessageText($LANG12[23], $LANG12[22]) . submissionform($type);
$retval = COM_createHTMLDocument($retval);
}
return $retval;
}
$retval .= $options;
$retval .= '</select>' . LB;
$retval .= '<input type="hidden" name="album_id" value="0"' . XHTML . '>' . LB;
$retval .= '<input type="submit" value="' . $LANG_MG03['go'] . '"' . XHTML . '>' . LB;
$retval .= '</div></form>' . LB;
return $retval;
}
/*
* Main
*/
$album_id = 0;
$root_album = new mgAlbum(0);
// root album
if ($root_album->access == 0 || $root_album->hidden == 1 && $root_album->access != 3) {
COM_errorLog("Media Gallery Error - User attempted to view an album that does not exist.");
$display = COM_showMessageText($LANG_MG02['albumaccessdeny']);
$display = MG_createHTMLDocument($display);
COM_output($display);
exit;
}
if ($_MG_CONF['usage_tracking']) {
MG_updateUsage('MediaGallery', 'Main Menu', '', 0);
}
// initialize variables
$page = isset($_GET['page']) ? COM_applyFilter($_GET['page'], true) : 0;
$columns_per_page = $root_album->display_columns;
$rows_per_page = $root_album->display_rows;
$media_per_page = $columns_per_page * $rows_per_page;
if ($page != 0) {
$page = $page - 1;
}
/**
* Remove a plugin that is sitting in the public/private tree.
* If they exist, the following directories are deleted recursively:
*
* 1. public_html/admin/plugins/{pi_name}
* 2. public_html/{pi_name}
* 3. private/plugins/{pi_name}
*
* @param pi_name string name of the plugin to remove
* @return string HTML for error or success message
*
*/
function PLUGINS_remove($pi_name)
{
global $_CONF, $LANG32;
$retval = '';
if (strlen($pi_name) == 0) {
$retval .= COM_showMessageText($LANG32[12], $LANG32[13], true);
COM_errorLog($LANG32[12]);
return $retval;
}
COM_errorLog("Removing the {$pi_name} plugin file structure");
$msg = '';
if (PLG_remove($pi_name)) {
COM_errorLog("Plugin removal was successful.");
$msg = 116;
$retval .= COM_showMessage(116);
} else {
COM_errorLog("Error removing the plugin file structure - the web server may not have sufficient permissions");
$msg = 95;
$retval .= COM_showMessage(95);
}
CTL_clearCache();
if ($msg != '') {
COM_setMessage($msg);
$refreshURL = $_CONF['site_admin_url'] . '/plugins.php';
} else {
$refreshURL = $_CONF['site_admin_url'] . '/plugins.php';
}
echo COM_refresh($refreshURL);
exit;
}
case 'dooptimize':
$startwith = '';
if (isset($_GET['startwith'])) {
$startwith = COM_applyFilter($_GET['startwith']);
}
$pagetitle = $LANG_DB_BACKUP['optimize_title'];
if (!empty($startwith) || SEC_checkToken()) {
$failures = 0;
if (isset($_GET['failures'])) {
$failures = COM_applyFilter($_GET['failures'], true);
}
$num_errors = DBADMIN_dooptimize($startwith, $failures);
if ($num_errors == 0) {
$page .= COM_showMessageText($LANG_DB_BACKUP['optimize_success']);
} else {
$page .= COM_showMessageText($LANG_DB_BACKUP['optimize_success'] . ' ' . $LANG_DB_BACKUP['table_issues'], '', true, 'error');
}
$page .= DBADMIN_list();
}
break;
case 'saveconfig':
$items = array();
// Get the excluded tables into a serialized string
$tables = explode('|', $_POST['groupmembers']);
$items['_dbback_exclude'] = DB_escapeString(@serialize($tables));
$items['_dbback_files'] = (int) $_POST['db_backup_maxfiles'];
/* ---
if (isset($_POST['disable_cron'])) {
$str = '-1';
} else {
$str = (int)$_POST['db_backup_interval'];
function MG_watermarkUpload($actionURL = '')
{
global $_USER, $_CONF, $_MG_CONF, $LANG_MG00, $LANG_MG01;
$root_album = new mgAlbum(0);
if ($actionURL == '') {
$actionURL = $_MG_CONF['site_url'] . '/admin.php';
}
$retval = '';
$T = COM_newTemplate(MG_getTemplatePath(0));
$T->set_file('upload', 'wm_upload.thtml');
if ($root_album->access != 3 && !$root_album->owner_id) {
COM_errorLog("Someone has tried to illegally edit media in Media Gallery. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
return COM_showMessageText($LANG_MG00['access_denied_msg']);
}
// check the php.ini for the settings...
$post_max_size = ini_get('post_max_size');
$upload_max_filesize = ini_get('upload_max_filesize');
$html_max_filesize = 65536;
$warning = sprintf($LANG_MG01['upload_warning'], $upload_max_filesize, $post_max_size);
$T->set_var(array('start_block' => COM_startBlock($LANG_MG01['watermark_upload']), 'end_block' => COM_endBlock(), 's_form_action' => $_MG_CONF['site_url'] . '/admin.php', 'action' => 'wm_upload', 'lang_wmupload_help' => $LANG_MG01['wm_upload_help'], 'lang_watermark_upload' => $LANG_MG01['watermark_upload'], 'lang_file' => $LANG_MG01['file'], 'lang_description' => $LANG_MG01['description'], 'lang_save' => $LANG_MG01['save'], 'lang_cancel' => $LANG_MG01['cancel'], 'lang_reset' => $LANG_MG01['reset'], 'max_file_size' => '<input type="hidden" name="MAX_FILE_SIZE" value="' . $html_max_filesize . '"' . XHTML . '>', 'lang_warning' => $warning));
$T->set_block('upload', 'public-access');
if ($root_album->owner_id) {
$T->set_var('lang_public_access', $LANG_MG01['public_access']);
$T->set_var('public_access', '<input type="checkbox" name="wm_public" id="wm_public" value="1"' . XHTML . '>');
$T->parse('public-access', 'public-access');
} else {
$T->set_var('public-access', '');
}
$retval .= $T->finish($T->parse('output', 'upload'));
return $retval;
}
/**
* Saves a poll
*
* Saves a poll topic and potential answers to the database
*
* @param string $pid Poll topic ID
* @param string $old_pid Previous poll topic ID
* @param array $Q Array of poll questions
* @param string $mainpage Checkbox: poll appears on homepage
* @param string $topic The text for the topic
* @param string $meta_description
* @param string $meta_keywords
* @param int $statuscode (unused)
* @param string $open Checkbox: poll open for voting
* @param string $hideresults Checkbox: hide results until closed
* @param int $commentcode Indicates if users can comment on poll
* @param array $A Array of possible answers
* @param array $V Array of vote per each answer
* @param array $R Array of remark per each answer
* @param int $owner_id ID of poll owner
* @param int $group_id ID of group poll belongs to
* @param int $perm_owner Permissions the owner has on poll
* @param int $perm_grup Permissions the group has on poll
* @param int $perm_members Permissions logged in members have on poll
* @param int $perm_anon Permissions anonymous users have on poll
* @return string HTML redirect or error message
*
*/
function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $meta_keywords, $statuscode, $open, $hideresults, $commentcode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$topic = COM_stripslashes($topic);
$meta_description = strip_tags(COM_stripslashes($meta_description));
$meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
$pid = COM_sanitizeID($pid);
$old_pid = COM_sanitizeID($old_pid);
if (empty($pid)) {
if (empty($old_pid)) {
$pid = COM_makeSid();
} else {
$pid = $old_pid;
}
}
// check if any question was entered
if (empty($topic) or count($Q) == 0 or strlen($Q[0]) == 0 or strlen($A[0][0]) == 0) {
$retval .= COM_siteHeader('menu', $LANG25[5]);
$retval .= COM_startBlock($LANG21[32], '', COM_getBlockTemplate('_msg_block', 'header'));
$retval .= $LANG25[2];
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$retval .= COM_siteFooter();
return $retval;
}
if (!SEC_checkToken()) {
COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks.");
return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php');
}
// check for poll id change
if (!empty($old_pid) && $pid != $old_pid) {
// check if new pid is already in use
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
// TBD: abort, display editor with all content intact again
$pid = $old_pid;
// for now ...
}
}
// start processing the poll topic
if ($_POLL_VERBOSE) {
COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
$access = 0;
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
$P = DB_fetchArray($result);
$access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}.");
COM_output($display);
exit;
}
if (empty($voters)) {
$voters = 0;
}
if ($_POLL_VERBOSE) {
COM_errorLog('owner permissions: ' . $perm_owner, 1);
COM_errorLog('group permissions: ' . $perm_group, 1);
COM_errorLog('member permissions: ' . $perm_members, 1);
COM_errorLog('anonymous permissions: ' . $perm_anon, 1);
}
// we delete everything and re-create it with the input from the form
$del_pid = $pid;
if (!empty($old_pid) && $pid != $old_pid) {
$del_pid = $old_pid;
// delete by old pid, create using new pid below
}
DB_delete($_TABLES['polltopics'], 'pid', $del_pid);
DB_delete($_TABLES['pollanswers'], 'pid', $del_pid);
DB_delete($_TABLES['pollquestions'], 'pid', $del_pid);
$topic = addslashes($topic);
$meta_description = addslashes($meta_description);
$meta_keywords = addslashes($meta_keywords);
$k = 0;
// set up a counter to make sure we do assign a straight line of question id's
$v = 0;
// re-count votes sine they might have been changed
// first dimension of array are the questions
$num_questions = count($Q);
for ($i = 0; $i < $num_questions; $i++) {
$Q[$i] = COM_stripslashes($Q[$i]);
if (strlen($Q[$i]) > 0) {
// only insert questions that exist
$Q[$i] = addslashes($Q[$i]);
DB_save($_TABLES['pollquestions'], 'qid, pid, question', "'{$k}', '{$pid}', '{$Q[$i]}'");
// within the questions, we have another dimensions with answers,
// votes and remarks
$num_answers = count($A[$i]);
for ($j = 0; $j < $num_answers; $j++) {
$A[$i][$j] = COM_stripslashes($A[$i][$j]);
if (strlen($A[$i][$j]) > 0) {
// only insert answers etc that exist
if (!is_numeric($V[$i][$j])) {
$V[$i][$j] = "0";
}
$A[$i][$j] = addslashes($A[$i][$j]);
$R[$i][$j] = addslashes($R[$i][$j]);
$sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');";
DB_query($sql);
$v = $v + $V[$i][$j];
}
}
$k++;
}
}
// save topics after the questions so we can include question count into table
$sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$v}, {$k}, '" . date('Y-m-d H:i:s');
if ($mainpage == 'on') {
$sql .= "',1";
} else {
$sql .= "',0";
}
if ($open == 'on') {
$sql .= ",1";
} else {
$sql .= ",0";
}
if ($hideresults == 'on') {
$sql .= ",1";
} else {
$sql .= ",0";
}
$sql .= ",'{$statuscode}','{$commentcode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}";
// Save poll topic
DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, date, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon", $sql);
if (empty($old_pid) || $old_pid == $pid) {
PLG_itemSaved($pid, 'polls');
} else {
DB_change($_TABLES['comments'], 'sid', addslashes($pid), array('sid', 'type'), array(addslashes($old_pid), 'polls'));
PLG_itemSaved($pid, 'polls', $old_pid);
}
if ($_POLL_VERBOSE) {
COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19);
return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=19');
}
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +---------------------------------------------------------------------------+
/**
* @package Maps
*/
require_once '../../../lib-common.php';
require_once '../../auth.inc.php';
$display = '';
// Ensure user even has the rights to access this page
if (!SEC_hasRights('maps.admin')) {
$display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
// Log attempt to access.log
COM_accessLog("User {$_USER['username']} tried to illegally access the Maps plugin administration screen.");
echo $display;
exit;
}
// Incoming variable filter
$vars = array('mode' => 'alpha', 'cid' => 'number', 'id' => 'number', 'msg' => 'text');
MAPS_filterVars($vars, $_REQUEST);
/**
* List all maps that the user has access to
*
* @retun string HTML for the list
*
*/
function MAPS_listmaps()
/**
* Display a formatted error message.
*
* @param string $msg Error message to display
* @param string $type Type of message, used for style and header
* @param string $header Optional header text.
* @return string Formatted error message
*/
function EVLIST_alertMessage($msg = '', $type = '', $header = '')
{
global $LANG_EVLIST;
// Require a valid message
if ($msg == '') {
return '';
}
return COM_showMessageText($msg, $header, true, $type);
}
} elseif (isset($_GET[$provided])) {
$action = $provided;
}
}
switch ($action) {
case 'banbutton_x':
if (SEC_checkToken()) {
$msg = SFS_banUsers();
$pageBody .= COM_showMessageText($msg) . SFS_adminList();
} else {
COM_accessLog('User ' . $_USER['username'] . ' tried to ban users and failed CSRF checks.');
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
break;
case 'delbutton_x':
if (SEC_checkToken()) {
$msg = SFS_delUsers();
$pageBody .= COM_showMessageText($msg) . SFS_adminList();
} else {
COM_accessLog('User ' . $_USER['username'] . ' tried to del users and failed CSRF checks.');
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
break;
default:
$pageBody .= SFS_adminList();
break;
}
$display = COM_siteHeader('menu', $LANG_SFS['title']);
$display .= $pageBody;
$display .= COM_siteFooter();
echo $display;
/**
* This function allows the administrator to import batches of users
*
* TODO: This function should first display the users that are to be imported,
* together with the invalid users and the reason of invalidity. Each valid line
* should have a checkbox that allows selection of final to be imported users.
* After clicking an extra button, the actual import should take place. This will
* prevent problems in case the list formatting is incorrect.
*
* @return string HTML with success or error message
*
*/
function importusers()
{
global $_CONF, $_TABLES, $LANG04, $LANG28;
// Setting this to true will cause import to print processing status to
// webpage and to the error.log file
$verbose_import = true;
$retval = '';
// Bulk import implies admin authorisation:
$_CONF['usersubmission'] = 0;
// First, upload the file
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new upload();
$upload->setPath($_CONF['path_data']);
$upload->setAllowedMimeTypes(array('text/plain' => '.txt'));
$upload->setFileNames('user_import_file.txt');
if ($upload->uploadFiles()) {
// Good, file got uploaded, now install everything
$thefile = current($_FILES);
$filename = $_CONF['path_data'] . 'user_import_file.txt';
if (!file_exists($filename)) {
// empty upload form
$retval = COM_refresh($_CONF['site_admin_url'] . '/user.php?mode=importform');
return $retval;
}
} else {
// A problem occurred, print debug information
$retval = COM_showMessageText($upload->printErrors(false), $LANG28[24]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[22]));
return $retval;
}
$users = file($filename);
$retval .= COM_startBlock($LANG28[31], '', COM_getBlockTemplate('_admin_block', 'header'));
// Following variables track import processing statistics
$successes = 0;
$failures = 0;
foreach ($users as $line) {
$line = rtrim($line);
if (empty($line)) {
continue;
}
list($full_name, $u_name, $email) = explode("\t", $line);
$full_name = strip_tags($full_name);
$u_name = COM_applyFilter($u_name);
$email = COM_applyFilter($email);
if ($verbose_import) {
$retval .= "<br" . XHTML . "><b>Working on username={$u_name}, fullname={$full_name}, and email={$email}</b><br" . XHTML . ">\n";
COM_errorLog("Working on username={$u_name}, fullname={$full_name}, and email={$email}", 1);
}
// prepare for database
$userName = trim($u_name);
$fullName = trim($full_name);
$emailAddr = trim($email);
if (COM_isEmail($email)) {
// email is valid form
$ucount = DB_count($_TABLES['users'], 'username', DB_escapeString($userName));
$ecount = DB_count($_TABLES['users'], 'email', DB_escapeString($emailAddr));
if ($ucount == 0 && $ecount == 0) {
// user doesn't already exist - pass in optional true for $batchimport parm
$uid = USER_createAccount($userName, $emailAddr, '', $fullName, '', '', '', true);
$result = USER_createAndSendPassword($userName, $emailAddr, $uid);
if ($result) {
$successes++;
if ($verbose_import) {
$retval .= "<br" . XHTML . "> Account for <b>{$u_name}</b> created successfully.<br" . XHTML . ">\n";
COM_errorLog("Account for {$u_name} created successfully", 1);
}
} else {
// user creation failed
$retval .= "<br" . XHTML . ">ERROR: There was a problem creating the account for <b>{$u_name}</b>.<br" . XHTML . ">\n";
COM_errorLog("ERROR: here was a problem creating the account for {$u_name}.", 1);
}
} else {
if ($verbose_import) {
$retval .= "<br" . XHTML . "><b>{$u_name}</b> or <b>{$email}</b> already exists, account not created.<br" . XHTML . ">\n";
// user already exists
COM_errorLog("{$u_name},{$email}: username or email already exists, account not created", 1);
}
$failures++;
}
// end if $ucount == 0 && ecount == 0
} else {
if ($verbose_import) {
$retval .= "<br" . XHTML . "><b>{$email}</b> is not a valid email address, account not created<br" . XHTML . ">\n";
// malformed email
COM_errorLog("{$email} is not a valid email address, account not created", 1);
}
$failures++;
}
// end if COM_isEmail($email)
}
// end foreach
unlink($filename);
$retval .= '<p>' . sprintf($LANG28[32], $successes, $failures);
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[24]));
return $retval;
}
*/
$adminurl = $_CONF['site_admin_url'];
if (strrpos($adminurl, '/') == strlen($adminurl)) {
$adminurl = substr($adminurl, 0, -1);
}
$pos = strrpos($adminurl, '/');
if ($pos === false) {
// only guessing ...
$installdir = $_CONF['path_html'] . 'admin/install';
} else {
$installdir = $_CONF['path_html'] . substr($adminurl, $pos + 1) . '/install';
}
if (is_dir($installdir)) {
// deliberatly NOT print the actual path to the install dir
$secmsg = sprintf($LANG_SECTEST['remove_inst'], '') . ' ' . $MESSAGE[92];
$display .= COM_showMessageText($secmsg);
}
}
}
// Show any Plugin formatted blocks
// Requires a plugin to have a function called plugin_centerblock_<plugin_name>
$displayBlock = PLG_showCenterblock(1, $page, $topic);
// top blocks
if (!empty($displayBlock)) {
$display .= $displayBlock;
// Check if theme has added the template which allows the centerblock
// to span the top over the rightblocks
if (file_exists($_CONF['path_layout'] . 'topcenterblock-span.thtml')) {
$topspan = new Template($_CONF['path_layout']);
$topspan->set_file(array('topspan' => 'topcenterblock-span.thtml'));
$topspan->set_var('xhtml', XHTML);
function MG_mediaEdit($album_id, $media_id, $actionURL = '', $mqueue = 0, $view = 0, $back = '')
{
global $_USER, $_CONF, $_MG_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03, $LANG_MG07, $_DB_dbms;
$album = new mgAlbum($album_id);
if ($actionURL == '') {
$actionURL = $_MG_CONF['site_url'] . '/index.php';
}
$retval = '';
$T = COM_newTemplate(MG_getTemplatePath($album_id));
$T->set_file(array('admin' => 'mediaedit.thtml', 'asf_options' => 'edit_asf_options.thtml', 'mp3_options' => 'edit_mp3_options.thtml', 'swf_options' => 'edit_swf_options.thtml', 'mov_options' => 'edit_mov_options.thtml', 'flv_options' => 'edit_flv_options.thtml'));
// pull the media information from the database...
$sql = "SELECT * FROM ";
if ($_DB_dbms == "mssql") {
$sql = "SELECT *,CAST(media_desc AS TEXT) AS media_desc FROM ";
}
$sql .= ($mqueue ? $_TABLES['mg_mediaqueue'] : $_TABLES['mg_media']) . " WHERE media_id='" . addslashes($media_id) . "'";
$result = DB_query($sql);
$row = DB_fetchArray($result);
if ($album->access != 3 && !SEC_inGroup($album->mod_group_id) && $row['media_user_id'] != $_USER['uid']) {
COM_errorLog("Someone has tried to illegally sort albums in Media Gallery. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
return COM_showMessageText($LANG_MG00['access_denied_msg']);
}
// Build Album List
$album_jumpbox = '<select name="albums" width="40">';
$root_album = new mgAlbum(0);
$root_album->buildJumpBox($album_jumpbox, $album_id);
$album_jumpbox .= '</select>';
// should check the above for errors, etc...
$exif_info = '';
if ($row['media_type'] == 0) {
if (!function_exists('MG_readEXIF')) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-exif.php';
}
$exif_info = MG_readEXIF($row['media_id'], 1, $mqueue);
if (empty($exif_info)) {
$exif_info = '';
}
}
$media_time_month = date("m", $row['media_time']);
$media_time_day = date("d", $row['media_time']);
$media_time_year = date("Y", $row['media_time']);
$media_time_hour = date("H", $row['media_time']);
$media_time_minute = date("i", $row['media_time']);
$month_select = '<select name="media_month">';
$month_select .= COM_getMonthFormOptions($media_time_month);
$month_select .= '</select>';
$day_select = '<select name="media_day">';
for ($i = 1; $i < 32; $i++) {
$day_select .= '<option value="' . $i . '"' . ($media_time_day == $i ? 'selected="selected"' : "") . '>' . $i . '</option>';
}
$day_select .= '</select>';
$current_year = (int) date("Y");
$end_year = $current_year + 10;
$year_select = '<select name="media_year">';
for ($i = 1998; $i < $end_year; $i++) {
$year_select .= '<option value="' . $i . '"' . ($media_time_year == $i ? 'selected="selected"' : "") . '>' . $i . '</option>';
}
$year_select .= '</select>';
$hour_select = '<select name="media_hour">';
for ($i = 0; $i < 24; $i++) {
$hour_select .= '<option value="' . $i . '"' . ($media_time_hour == $i ? 'selected="selected"' : "") . '>' . $i . '</option>';
}
$hour_select .= '</select>';
$minute_select = '<select name="media_minute">';
for ($i = 0; $i < 60; $i++) {
$minute_select .= '<option value="' . $i . '"' . ($media_time_minute == $i ? 'selected="selected"' : "") . '>' . ($i < 10 ? '0' : '') . $i . '</option>';
}
$minute_select .= '</select>';
$media_time = MG_getUserDateTimeFormat($row['media_time']);
$tn_size = 1;
list($thumbnail, $pThumbnail, $size) = Media::getThumbInfo($row, $tn_size);
$attached_thumbnail = '';
if ($row['media_tn_attached'] == 1) {
$atnsize = '';
if ($size != false) {
list($newwidth, $newheight) = Media::getImageWH($size[0], $size[1], 150, 150);
$atnsize = 'width="' . $newwidth . '" height="' . $newheight . '"';
}
$attached_thumbnail = '<img src="' . $thumbnail . '" alt="" ' . $atnsize . XHTML . '>';
$tmpthumb = Media::getDefaultThumbnail($row, $tn_size);
$thumbnail = $_MG_CONF['mediaobjects_url'] . '/' . $tmpthumb;
$size = getimagesize($_MG_CONF['path_mediaobjects'] . $tmpthumb);
}
$preview = '';
$preview_end = '';
if ($row['media_type'] == 0 || $row['media_type'] == 1 || $row['media_type'] == 2) {
// image, video and music file
if ($row['media_type'] == 2) {
$win_width = 540;
$win_height = 320;
} elseif ($row['media_type'] == 1) {
$win_width = 660;
$win_height = 525;
} elseif ($row['media_type'] == 0) {
$path = Media::getFilePath('disp', $row['media_filename'], $row['media_mime_ext']);
$media_size_disp = @getimagesize($path);
$win_width = $media_size_disp[0] + 20;
$win_height = $media_size_disp[1] + 20;
} else {
$win_width = 800;
$win_height = 600;
}
$url = Media::getHref_showvideo($row['media_id'], $win_height, $win_width, $mqueue);
$preview = "<a href=\"" . $url . "\">";
$preview_end = "</a>";
}
$rotate_right = '';
$rotate_left = '';
if ($row['media_type'] == 0 && ($_CONF['image_lib'] != 'gdlib' || function_exists("imagerotate"))) {
$rotate_right = '<a href="' . $_MG_CONF['site_url'] . '/admin.php?mode=rotate&action=right&media_id=' . $row['media_id'] . '&album_id=' . $album_id . '">' . '<img src="' . $_MG_CONF['site_url'] . '/images/rotate_right_icon.gif" alt="' . $LANG_MG01['rotate_left'] . '" style="border:none;"' . XHTML . '></a>';
$rotate_left = '<a href="' . $_MG_CONF['site_url'] . '/admin.php?mode=rotate&action=left&media_id=' . $row['media_id'] . '&album_id=' . $album_id . '">' . '<img src="' . $_MG_CONF['site_url'] . '/images/rotate_left_icon.gif" alt="' . $LANG_MG01['rotate_right'] . '" style="border:none;"' . XHTML . '></a>';
}
$resolution = '';
$lang_resolution = '';
if ($row['media_type'] == 1) {
// video file
$resolution = 'unknown';
if ($row['media_resolution_x'] > 0 && $row['media_resolution_y'] > 0) {
$resolution = $row['media_resolution_x'] . 'x' . $row['media_resolution_y'];
}
$lang_resolution = $LANG_MG07['resolution'];
}
$sql = "SELECT * FROM {$_TABLES['mg_playback_options']} " . "WHERE media_id='" . addslashes($row['media_id']) . "'";
$poResult = DB_query($sql);
$poNumRows = DB_numRows($poResult);
// playback options, if needed...
if ($row['mime_type'] == 'video/x-ms-asf' || $row['mime_type'] == 'video/x-ms-wvx' || $row['mime_type'] == 'video/x-ms-wm' || $row['mime_type'] == 'video/x-ms-wmx' || $row['mime_type'] == 'video/x-ms-wmv' || $row['mime_type'] == 'audio/x-ms-wma' || $row['mime_type'] == 'video/x-msvideo') {
// pull defaults, then override...
$playback_options['autostart'] = $_MG_CONF['asf_autostart'];
$playback_options['enablecontextmenu'] = $_MG_CONF['asf_enablecontextmenu'];
$playback_options['stretchtofit'] = $_MG_CONF['asf_stretchtofit'];
$playback_options['uimode'] = $_MG_CONF['asf_uimode'];
$playback_options['showstatusbar'] = $_MG_CONF['asf_showstatusbar'];
$playback_options['playcount'] = $_MG_CONF['asf_playcount'];
$playback_options['height'] = $_MG_CONF['asf_height'];
$playback_options['width'] = $_MG_CONF['asf_width'];
$playback_options['bgcolor'] = $_MG_CONF['asf_bgcolor'];
for ($i = 0; $i < $poNumRows; $i++) {
$poRow = DB_fetchArray($poResult);
$playback_options[$poRow['option_name']] = $poRow['option_value'];
}
$uimode_select = MG_optionlist(array('name' => 'uimode', 'current' => $playback_options['uimode'], 'values' => array('none' => $LANG_MG07['none'], 'mini' => $LANG_MG07['mini'], 'full' => $LANG_MG07['full'])));
$T->set_var(array('autostart_enabled' => $playback_options['autostart'] ? ' checked="checked"' : '', 'autostart_disabled' => $playback_options['autostart'] ? '' : ' checked="checked"', 'enablecontextmenu_enabled' => $playback_options['enablecontextmenu'] ? ' checked="checked"' : '', 'enablecontextmenu_disabled' => $playback_options['enablecontextmenu'] ? '' : ' checked="checked"', 'stretchtofit_enabled' => $playback_options['stretchtofit'] ? ' checked="checked"' : '', 'stretchtofit_disabled' => $playback_options['stretchtofit'] ? '' : ' checked="checked"', 'showstatusbar_enabled' => $playback_options['showstatusbar'] ? ' checked="checked"' : '', 'showstatusbar_disabled' => $playback_options['showstatusbar'] ? '' : ' checked="checked"', 'uimode_select' => $uimode_select, 'uimode' => $playback_options['uimode'], 'playcount' => $playback_options['playcount'], 'height' => $playback_options['height'], 'width' => $playback_options['width'], 'bgcolor' => $playback_options['bgcolor'], 'lang_resolution' => $lang_resolution, 'resolution' => $resolution));
$T->parse('playback_options', 'asf_options');
}
if ($row['mime_type'] == 'audio/mpeg') {
// pull defaults, then override...
$playback_options['autostart'] = $_MG_CONF['mp3_autostart'];
$playback_options['enablecontextmenu'] = $_MG_CONF['mp3_enablecontextmenu'];
$playback_options['uimode'] = $_MG_CONF['mp3_uimode'];
$playback_options['showstatusbar'] = $_MG_CONF['mp3_showstatusbar'];
$playback_options['loop'] = $_MG_CONF['mp3_loop'];
for ($i = 0; $i < $poNumRows; $i++) {
$poRow = DB_fetchArray($poResult);
$playback_options[$poRow['option_name']] = $poRow['option_value'];
}
$uimode_select = MG_optionlist(array('name' => 'uimode', 'current' => $playback_options['uimode'], 'values' => array('none' => $LANG_MG07['none'], 'mini' => $LANG_MG07['mini'], 'full' => $LANG_MG07['full'])));
$T->set_var(array('autostart_enabled' => $playback_options['autostart'] ? ' checked="checked"' : '', 'autostart_disabled' => $playback_options['autostart'] ? '' : ' checked="checked"', 'enablecontextmenu_enabled' => $playback_options['enablecontextmenu'] ? ' checked="checked"' : '', 'enablecontextmenu_disabled' => $playback_options['enablecontextmenu'] ? '' : ' checked="checked"', 'showstatusbar_enabled' => $playback_options['showstatusbar'] ? ' checked="checked"' : '', 'showstatusbar_disabled' => $playback_options['showstatusbar'] ? '' : ' checked="checked"', 'loop_enabled' => $playback_options['loop'] ? ' checked="checked"' : '', 'loop_disabled' => $playback_options['loop'] ? '' : ' checked="checked"', 'uimode_select' => $uimode_select, 'uimode' => $playback_options['uimode']));
$T->parse('playback_options', 'mp3_options');
}
if ($row['mime_type'] == 'application/x-shockwave-flash' || $row['mime_type'] == 'video/x-flv') {
// pull defaults, then override...
$playback_options['play'] = $_MG_CONF['swf_play'];
$playback_options['menu'] = $_MG_CONF['swf_menu'];
$playback_options['quality'] = $_MG_CONF['swf_quality'];
$playback_options['height'] = $_MG_CONF['swf_height'];
$playback_options['width'] = $_MG_CONF['swf_width'];
$playback_options['loop'] = $_MG_CONF['swf_loop'];
$playback_options['scale'] = $_MG_CONF['swf_scale'];
$playback_options['wmode'] = $_MG_CONF['swf_wmode'];
$playback_options['allowscriptaccess'] = $_MG_CONF['swf_allowscriptaccess'];
$playback_options['bgcolor'] = $_MG_CONF['swf_bgcolor'];
$playback_options['swf_version'] = $_MG_CONF['swf_version'];
for ($i = 0; $i < $poNumRows; $i++) {
$poRow = DB_fetchArray($poResult);
$playback_options[$poRow['option_name']] = $poRow['option_value'];
}
$quality_select = MG_optionlist(array('name' => 'quality', 'current' => $playback_options['quality'], 'values' => array('low' => $LANG_MG07['low'], 'high' => $LANG_MG07['high'])));
$scale_select = MG_optionlist(array('name' => 'scale', 'current' => $playback_options['scale'], 'values' => array('showall' => $LANG_MG07['showall'], 'noborder' => $LANG_MG07['noborder'], 'exactfit' => $LANG_MG07['exactfit'])));
$wmode_select = MG_optionlist(array('name' => 'wmode', 'current' => $playback_options['wmode'], 'values' => array('window' => $LANG_MG07['window'], 'opaque' => $LANG_MG07['opaque'], 'transparent' => $LANG_MG07['transparent'])));
$asa_select = MG_optionlist(array('name' => 'allowscriptaccess', 'current' => $playback_options['allowscriptaccess'], 'values' => array('always' => $LANG_MG07['always'], 'sameDomain' => $LANG_MG07['sameDomain'], 'never' => $LANG_MG07['never'])));
$T->set_var(array('play_enabled' => $playback_options['play'] ? ' checked="checked"' : '', 'play_disabled' => $playback_options['play'] ? '' : ' checked="checked"', 'menu_enabled' => $playback_options['menu'] ? ' checked="checked"' : '', 'menu_disabled' => $playback_options['menu'] ? '' : ' checked="checked"', 'loop_enabled' => $playback_options['loop'] ? ' checked="checked"' : '', 'loop_disabled' => $playback_options['loop'] ? '' : ' checked="checked"', 'quality_select' => $quality_select, 'scale_select' => $scale_select, 'wmode_select' => $wmode_select, 'asa_select' => $asa_select, 'flashvars' => isset($playback_options['flashvars']) ? $playback_options['flashvars'] : '', 'height' => $playback_options['height'], 'width' => $playback_options['width'], 'bgcolor' => $playback_options['bgcolor'], 'swf_version' => $playback_options['swf_version']));
if ($row['mime_type'] == 'application/x-shockwave-flash') {
$T->parse('playback_options', 'swf_options');
} else {
$T->parse('playback_options', 'flv_options');
}
}
if ($row['media_mime_ext'] == 'mov' || $row['media_mime_ext'] == 'mp4' || $row['mime_type'] == 'video/quicktime' || $row['mime_type'] == 'video/mpeg') {
// pull defaults, then override...
$playback_options['autoref'] = $_MG_CONF['mov_autoref'];
$playback_options['autoplay'] = $_MG_CONF['mov_autoplay'];
$playback_options['controller'] = $_MG_CONF['mov_controller'];
$playback_options['kioskmode'] = isset($_MG_CONF['mov_kioskmod']) ? $_MG_CONF['mov_kiokmode'] : '';
$playback_options['scale'] = $_MG_CONF['mov_scale'];
$playback_options['loop'] = $_MG_CONF['mov_loop'];
$playback_options['height'] = $_MG_CONF['mov_height'];
$playback_options['width'] = $_MG_CONF['mov_width'];
$playback_options['bgcolor'] = $_MG_CONF['mov_bgcolor'];
for ($i = 0; $i < $poNumRows; $i++) {
$poRow = DB_fetchArray($poResult);
$playback_options[$poRow['option_name']] = $poRow['option_value'];
}
$scale_select = MG_optionlist(array('name' => 'scale', 'current' => $playback_options['scale'], 'values' => array('tofit' => $LANG_MG07['to_fit'], 'aspect' => $LANG_MG07['aspect'], '1' => $LANG_MG07['normal_size'])));
$T->set_var(array('autoref_enabled' => $playback_options['autoref'] ? ' checked="checked"' : '', 'autoref_disabled' => $playback_options['autoref'] ? '' : ' checked="checked"', 'autoplay_enabled' => $playback_options['autoplay'] ? ' checked="checked"' : '', 'autoplay_disabled' => $playback_options['autoplay'] ? '' : ' checked="checked"', 'controller_enabled' => $playback_options['controller'] ? ' checked="checked"' : '', 'controller_disabled' => $playback_options['controller'] ? '' : ' checked="checked"', 'kioskmode_enabled' => $playback_options['kioskmode'] ? ' checked="checked"' : '', 'kioskmode_disabled' => $playback_options['kioskmode'] ? '' : ' checked="checked"', 'loop_enabled' => $playback_options['loop'] ? ' checked="checked"' : '', 'loop_disabled' => $playback_options['loop'] ? '' : ' checked="checked"', 'height' => $playback_options['height'], 'width' => $playback_options['width'], 'bgcolor' => $playback_options['bgcolor']));
$T->parse('playback_options', 'mov_options');
}
$remoteurl = $row['remote_url'];
$lang_remote_url = $row['remote_media'] == 1 ? $LANG_MG01['remote_url'] : $LANG_MG01['alternate_url'];
// user information
$username = '';
if (SEC_hasRights('mediagallery.admin')) {
$username = '******';
$sql = "SELECT * FROM {$_TABLES['users']} WHERE status=3 AND uid > 1 ORDER BY username ASC";
$result = DB_query($sql);
while ($userRow = DB_fetchArray($result)) {
$username .= '<option value="' . $userRow['uid'] . '"' . ($userRow['uid'] == $row['media_user_id'] ? ' selected="selected"' : '') . '>' . $userRow['username'] . '</option>' . LB;
}
$username .= '</select>';
} else {
if ($row['media_user_id'] != '') {
$displayname = $_CONF['show_fullname'] ? 'fullname' : 'username';
$username = DB_getItem($_TABLES['users'], $displayname, "uid={$row['media_user_id']}");
}
}
$cat_select = '<select name="cat_id" id="cat_id">';
$cat_select .= '<option value="">' . $LANG_MG01['no_category'] . '</option>';
$result = DB_query("SELECT * FROM {$_TABLES['mg_category']} ORDER BY cat_id ASC");
while ($catRow = DB_fetchArray($result)) {
$cat_select .= '<option value="' . $catRow['cat_id'] . '" ' . ($catRow['cat_id'] == $row['media_category'] ? ' selected="selected"' : '') . '>' . $catRow['cat_name'] . '</option>';
}
$cat_select .= '</select>';
$T->set_var(array('original_filename' => $row['media_original_filename'], 'attach_tn' => $row['media_tn_attached'], 'at_tn_checked' => $row['media_tn_attached'] == 1 ? ' checked="checked"' : '', 'attached_thumbnail' => $attached_thumbnail, 'album_id' => $album_id, 'media_thumbnail' => $thumbnail, 'media_id' => $row['media_id'], 'media_title' => $row['media_title'], 'media_desc' => $row['media_desc'], 'media_time' => $media_time[0], 'media_views' => $row['media_views'], 'media_comments' => $row['media_comments'], 'media_exif_info' => $exif_info, 'media_rating_max' => 5, 'height' => $size[1] + 50, 'width' => $size[0] + 40, 'queue' => $mqueue, 'month_select' => $month_select, 'day_select' => $day_select, 'year_select' => $year_select, 'hour_select' => $hour_select, 'minute_select' => $minute_select, 'user_ip' => $row['media_user_ip'], 'album_select' => $album_jumpbox, 'media_rating' => $row['media_rating'] / 2, 'media_votes' => $row['media_votes'], 's_mode' => 'edit', 's_title' => $LANG_MG01['edit_media'], 's_rotate_right' => $rotate_right, 's_rotate_left' => $rotate_left, 's_form_action' => $actionURL, 'allowed_html' => COM_allowedHTML(), 'site_url' => $_MG_CONF['site_url'], 'preview' => $preview, 'preview_end' => $preview_end, 'rpath' => htmlentities($back, ENT_QUOTES, COM_getCharset()), 'remoteurl' => $remoteurl, 'lang_remote_url' => $lang_remote_url, 'resolution' => $resolution, 'lang_resolution' => $lang_resolution, 'username' => $username, 'cat_select' => $cat_select, 'media_keywords' => $row['media_keywords'], 'artist' => $row['artist'], 'musicalbum' => $row['album'], 'genre' => $row['genre']));
// language items
$T->set_var(array('lang_playcount' => $LANG_MG07['playcount'], 'lang_playcount_help' => $LANG_MG07['playcount_help'], 'lang_playback_options' => $LANG_MG07['playback_options'], 'lang_option' => $LANG_MG07['option'], 'lang_description' => $LANG_MG07['description'], 'lang_on' => $LANG_MG07['on'], 'lang_off' => $LANG_MG07['off'], 'lang_auto_start' => $LANG_MG07['auto_start'], 'lang_auto_start_help' => $LANG_MG07['auto_start_help'], 'lang_height' => $LANG_MG07['height'], 'lang_width' => $LANG_MG07['width'], 'lang_height_help' => $LANG_MG07['height_help'], 'lang_width_help' => $LANG_MG07['width_help'], 'lang_enable_context_menu' => $LANG_MG07['enable_context_menu'], 'lang_enable_context_menu_help' => $LANG_MG07['enable_context_menu_help'], 'lang_stretch_to_fit' => $LANG_MG07['stretch_to_fit'], 'lang_stretch_to_fit_help' => $LANG_MG07['stretch_to_fit_help'], 'lang_status_bar' => $LANG_MG07['status_bar'], 'lang_status_bar_help' => $LANG_MG07['status_bar_help'], 'lang_ui_mode' => $LANG_MG07['ui_mode'], 'lang_ui_mode_help' => $LANG_MG07['ui_mode_help'], 'lang_bgcolor' => $LANG_MG07['bgcolor'], 'lang_bgcolor_help' => $LANG_MG07['bgcolor_help'], 'lang_loop' => $LANG_MG07['loop'], 'lang_loop_help' => $LANG_MG07['loop_help'], 'lang_menu' => $LANG_MG07['menu'], 'lang_menu_help' => $LANG_MG07['menu_help'], 'lang_scale' => $LANG_MG07['scale'], 'lang_swf_scale_help' => $LANG_MG07['swf_scale_help'], 'lang_wmode' => $LANG_MG07['wmode'], 'lang_wmode_help' => $LANG_MG07['wmode_help'], 'lang_quality' => $LANG_MG07['quality'], 'lang_quality_help' => $LANG_MG07['quality_help'], 'lang_flash_vars' => $LANG_MG07['flash_vars'], 'lang_asa' => $LANG_MG07['asa'], 'lang_asa_help' => $LANG_MG07['asa_help'], 'lang_swf_version_help' => $LANG_MG07['swf_version_help'], 'lang_auto_ref' => $LANG_MG07['auto_ref'], 'lang_auto_ref_help' => $LANG_MG07['auto_ref_help'], 'lang_controller' => $LANG_MG07['controller'], 'lang_controller_help' => $LANG_MG07['controller_help'], 'lang_kiosk_mode' => $LANG_MG07['kiosk_mode'], 'lang_kiosk_mode_help' => $LANG_MG07['kiosk_mode_help'], 'lang_original_filename' => $LANG_MG01['original_filename'], 'lang_media_item' => $LANG_MG00['media_col_header'], 'lang_media_attributes' => $LANG_MG01['media_attributes'], 'lang_mediaattributes' => $LANG_MG01['mediaattributes'], 'lang_attached_thumbnail' => $LANG_MG01['attached_thumbnail'], 'lang_category' => $LANG_MG01['category'], 'lang_keywords' => $LANG_MG01['keywords'], 'lang_rating' => $LANG_MG03['rating'], 'lang_comments' => $LANG_MG03['comments'], 'lang_votes' => $LANG_MG03['votes'], 'media_edit_title' => $LANG_MG01['media_edit'], 'media_edit_help' => $LANG_MG01['media_edit_help'], 'rotate_left' => $LANG_MG01['rotate_left'], 'rotate_right' => $LANG_MG01['rotate_right'], 'lang_title' => $LANG_MG01['title'], 'albums' => $LANG_MG01['albums'], 'description' => $LANG_MG01['description'], 'capture_time' => $LANG_MG01['capture_time'], 'views' => $LANG_MG03['views'], 'uploaded_by' => $LANG_MG01['uploaded_by'], 'submit' => $LANG_MG01['submit'], 'cancel' => $LANG_MG01['cancel'], 'reset' => $LANG_MG01['reset'], 'lang_save' => $LANG_MG01['save'], 'lang_reset' => $LANG_MG01['reset'], 'lang_cancel' => $LANG_MG01['cancel'], 'lang_delete' => $LANG_MG01['delete'], 'lang_delete_confirm' => $LANG_MG01['delete_item_confirm'], 'lang_reset_rating' => $LANG_MG01['reset_rating'], 'lang_reset_views' => $LANG_MG01['reset_views'], 'lang_replacefile' => $LANG_MG01['replace_file'], 'lang_artist' => $LANG_MG01['artist'], 'lang_genre' => $LANG_MG01['genre'], 'lang_music_album' => $LANG_MG01['music_album']));
$retval .= $T->finish($T->parse('output', 'admin'));
return $retval;
}
/**
* Shows story editor
*
* Displays the story entry form
*
* @param string $sid ID of story to edit
* @param string $mode 'preview', 'edit', 'editsubmission', 'clone'
* @param string $errormsg a message to display on top of the page
* @return string HTML for story editor
*
*/
function storyeditor($sid = '', $mode = '', $errormsg = '')
{
global $_CONF, $_TABLES, $_USER, $LANG24, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $_SCRIPTS, $LANG_DIRECTION, $LANG_MONTH, $LANG_WEEK;
$display = '';
if (!isset($_CONF['hour_mode'])) {
$_CONF['hour_mode'] = 12;
}
if (!empty($errormsg)) {
$display .= COM_showMessageText($errormsg, $LANG24[25]);
}
$story = new Story();
if ($mode == 'preview') {
// Handle Magic GPC Garbage:
while (list($key, $value) = each($_POST)) {
if (!is_array($value)) {
$_POST[$key] = COM_stripslashes($value);
} else {
while (list($subkey, $subvalue) = each($value)) {
$value[$subkey] = COM_stripslashes($subvalue);
}
}
}
$result = $story->loadFromArgsArray($_POST);
if ($_CONF['maximagesperarticle'] > 0) {
$errors = $story->checkAttachedImages();
if (count($errors) > 0) {
$msg = $LANG24[55] . LB . '<ul>' . LB;
foreach ($errors as $err) {
$msg .= '<li>' . $err . '</li>' . LB;
}
$msg .= '</ul>' . LB;
$display .= COM_showMessageText($msg, $LANG24[54]);
}
}
} else {
$result = $story->loadFromDatabase($sid, $mode);
}
if ($result == STORY_PERMISSION_DENIED || $result == STORY_NO_ACCESS_PARAMS) {
$display .= COM_showMessageText($LANG24[42], $LANG_ACCESS['accessdenied']);
COM_accessLog("User {$_USER['username']} tried to illegally access story {$sid}.");
return $display;
} elseif ($result == STORY_EDIT_DENIED || $result == STORY_EXISTING_NO_EDIT_PERMISSION) {
$display .= COM_showMessageText($LANG24[41], $LANG_ACCESS['accessdenied']);
$display .= STORY_renderArticle($story, 'p');
COM_accessLog("User {$_USER['username']} tried to illegally edit story {$sid}.");
return $display;
} elseif ($result == STORY_INVALID_SID) {
if ($mode == 'editsubmission') {
// that submission doesn't seem to be there any more (may have been
// handled by another Admin) - take us back to the moderation page
return COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
} else {
return COM_refresh($_CONF['site_admin_url'] . '/story.php');
}
} elseif ($result == STORY_DUPLICATE_SID) {
$display .= COM_showMessageText($LANG24[24]);
}
// Load HTML templates
$story_templates = COM_newTemplate($_CONF['path_layout'] . 'admin/story');
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
$story_templates->set_file(array('editor' => 'storyeditor_advanced.thtml'));
$advanced_editormode = true;
$story_templates->set_var('change_editormode', 'onchange="change_editmode(this);"');
require_once $_CONF['path_system'] . 'classes/navbar.class.php';
$story_templates->set_var('show_preview', 'none');
$story_templates->set_var('lang_expandhelp', $LANG24[67]);
$story_templates->set_var('lang_reducehelp', $LANG24[68]);
$story_templates->set_var('lang_publishdate', $LANG24[69]);
$story_templates->set_var('lang_toolbar', $LANG24[70]);
$story_templates->set_var('toolbar1', $LANG24[71]);
$story_templates->set_var('toolbar2', $LANG24[72]);
$story_templates->set_var('toolbar3', $LANG24[73]);
$story_templates->set_var('toolbar4', $LANG24[74]);
$story_templates->set_var('toolbar5', $LANG24[75]);
if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') {
$story_templates->set_var('show_texteditor', 'none');
$story_templates->set_var('show_htmleditor', '');
} else {
$story_templates->set_var('show_texteditor', '');
$story_templates->set_var('show_htmleditor', 'none');
}
} else {
$story_templates->set_file(array('editor' => 'storyeditor.thtml'));
$advanced_editormode = false;
}
$story_templates->set_var('hour_mode', $_CONF['hour_mode']);
if ($story->hasContent()) {
$previewContent = STORY_renderArticle($story, 'p');
if ($advanced_editormode and $previewContent != '') {
$story_templates->set_var('preview_content', $previewContent);
} elseif ($previewContent != '') {
$display .= COM_startBlock($LANG24[26], '', COM_getBlockTemplate('_admin_block', 'header'));
$display .= $previewContent;
$display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
}
}
if ($advanced_editormode) {
$navbar = new navbar();
if (!empty($previewContent)) {
$navbar->add_menuitem($LANG24[79], 'showhideEditorDiv("preview",0);return false;', true);
$navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",1);return false;', true);
$navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",2);return false;', true);
$navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",3);return false;', true);
$navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",4);return false;', true);
$navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",5);return false;', true);
$navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",6);return false;', true);
} else {
$navbar->add_menuitem($LANG24[80], 'showhideEditorDiv("editor",0);return false;', true);
$navbar->add_menuitem($LANG24[81], 'showhideEditorDiv("publish",1);return false;', true);
$navbar->add_menuitem($LANG24[82], 'showhideEditorDiv("images",2);return false;', true);
$navbar->add_menuitem($LANG24[83], 'showhideEditorDiv("archive",3);return false;', true);
$navbar->add_menuitem($LANG24[84], 'showhideEditorDiv("perms",4);return false;', true);
$navbar->add_menuitem($LANG24[85], 'showhideEditorDiv("all",5);return false;', true);
}
if ($mode == 'preview') {
$story_templates->set_var('show_preview', '');
$story_templates->set_var('show_htmleditor', 'none');
$story_templates->set_var('show_texteditor', 'none');
$story_templates->set_var('show_submitoptions', 'none');
$navbar->set_selected($LANG24[79]);
} else {
$navbar->set_selected($LANG24[80]);
}
$story_templates->set_var('navbar', $navbar->generate());
}
$oldsid = $story->EditElements('originalSid');
if (!empty($oldsid) && $mode != 'clone') {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$story_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
$story_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, ''));
}
if ($mode == 'editsubmission' || $story->type == 'submission') {
$story_templates->set_var('submission_option', '<input type="hidden" name="type" value="submission"' . XHTML . '>');
}
$story_templates->set_var('lang_author', $LANG24[7]);
$storyauthor = COM_getDisplayName($story->EditElements('uid'));
$story_templates->set_var('story_author', $storyauthor);
$story_templates->set_var('author', $storyauthor);
$story_templates->set_var('story_uid', $story->EditElements('uid'));
// user access info
$story_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']);
$story_templates->set_var('lang_owner', $LANG_ACCESS['owner']);
$ownername = COM_getDisplayName($story->EditElements('owner_id'));
$story_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', 'uid = ' . $story->EditElements('owner_id')));
$story_templates->set_var('owner_name', $ownername);
$story_templates->set_var('owner', $ownername);
$story_templates->set_var('owner_id', $story->EditElements('owner_id'));
$story_templates->set_var('lang_group', $LANG_ACCESS['group']);
$story_templates->set_var('group_dropdown', SEC_getGroupDropdown($story->EditElements('group_id'), 3));
$story_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']);
$story_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']);
$story_templates->set_var('permissions_editor', SEC_getPermissionsHTML($story->EditElements('perm_owner'), $story->EditElements('perm_group'), $story->EditElements('perm_members'), $story->EditElements('perm_anon')));
$story_templates->set_var('permissions_msg', $LANG_ACCESS['permmsg']);
$story_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']);
$curtime = COM_getUserDateTimeFormat($story->EditElements('date'));
$story_templates->set_var('lang_date', $LANG24[15]);
$story_templates->set_var('publish_second', $story->EditElements('publish_second'));
$publish_ampm = '';
$publish_hour = $story->EditElements('publish_hour');
if ($publish_hour >= 12) {
if ($publish_hour > 12) {
$publish_hour = $publish_hour - 12;
}
$ampm = 'pm';
} else {
$ampm = 'am';
}
$ampm_select = COM_getAmPmFormSelection('publish_ampm', $ampm);
$story_templates->set_var('publishampm_selection', $ampm_select);
$month_options = COM_getMonthFormOptions($story->EditElements('publish_month'));
$story_templates->set_var('publish_month_options', $month_options);
$day_options = COM_getDayFormOptions($story->EditElements('publish_day'));
$story_templates->set_var('publish_day_options', $day_options);
$year_options = COM_getYearFormOptions($story->EditElements('publish_year'));
$story_templates->set_var('publish_year_options', $year_options);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('publish_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($publish_hour);
}
$story_templates->set_var('publish_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('publish_minute'));
$story_templates->set_var('publish_minute_options', $minute_options);
$story_templates->set_var('publish_date_explanation', $LANG24[46]);
$story_templates->set_var('story_unixstamp', $story->EditElements('unixdate'));
$story_templates->set_var('expire_second', $story->EditElements('expire_second'));
$expire_ampm = '';
$expire_hour = $story->EditElements('expire_hour');
if ($expire_hour >= 12) {
if ($expire_hour > 12) {
$expire_hour = $expire_hour - 12;
}
$ampm = 'pm';
} else {
$ampm = 'am';
}
$ampm_select = COM_getAmPmFormSelection('expire_ampm', $ampm);
if (empty($ampm_select)) {
// have a hidden field to 24 hour mode to prevent JavaScript errors
$ampm_select = '<input type="hidden" name="expire_ampm" value=""' . XHTML . '>';
}
$story_templates->set_var('expireampm_selection', $ampm_select);
$month_options = COM_getMonthFormOptions($story->EditElements('expire_month'));
$story_templates->set_var('expire_month_options', $month_options);
$day_options = COM_getDayFormOptions($story->EditElements('expire_day'));
$story_templates->set_var('expire_day_options', $day_options);
$year_options = COM_getYearFormOptions($story->EditElements('expire_year'));
$story_templates->set_var('expire_year_options', $year_options);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('expire_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($expire_hour);
}
$story_templates->set_var('expire_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('expire_minute'));
$story_templates->set_var('expire_minute_options', $minute_options);
$story_templates->set_var('expire_date_explanation', $LANG24[46]);
$story_templates->set_var('story_unixstamp', $story->EditElements('expirestamp'));
$atopic = DB_getItem($_TABLES['topics'], 'tid', "archive_flag = 1");
$have_archive_topic = empty($atopic) ? false : true;
if ($story->EditElements('statuscode') == STORY_ARCHIVE_ON_EXPIRE) {
$story_templates->set_var('is_checked2', 'checked="checked"');
$story_templates->set_var('is_checked3', 'checked="checked"');
$js_showarchivedisabled = 'false';
$have_archive_topic = true;
// force display of auto archive option
} elseif ($story->EditElements('statuscode') == STORY_DELETE_ON_EXPIRE) {
$story_templates->set_var('is_checked2', 'checked="checked"');
$story_templates->set_var('is_checked4', 'checked="checked"');
if (!$have_archive_topic) {
$story_templates->set_var('is_checked3', 'style="display:none;"');
}
$js_showarchivedisabled = 'false';
} else {
if (!$have_archive_topic) {
$story_templates->set_var('is_checked3', 'style="display:none;"');
}
$js_showarchivedisabled = 'true';
}
$story_templates->set_var('lang_archivetitle', $LANG24[58]);
$story_templates->set_var('lang_option', $LANG24[59]);
$story_templates->set_var('lang_enabled', $LANG_ADMIN['enabled']);
$story_templates->set_var('lang_story_stats', $LANG24[87]);
if ($have_archive_topic) {
$story_templates->set_var('lang_optionarchive', $LANG24[61]);
} else {
$story_templates->set_var('lang_optionarchive', '');
}
$story_templates->set_var('lang_optiondelete', $LANG24[62]);
$story_templates->set_var('lang_title', $LANG_ADMIN['title']);
$story_templates->set_var('story_title', $story->EditElements('title'));
$story_templates->set_var('lang_page_title', $LANG_ADMIN['page_title']);
$story_templates->set_var('page_title', $story->EditElements('page_title'));
$story_templates->set_var('lang_metadescription', $LANG_ADMIN['meta_description']);
$story_templates->set_var('meta_description', $story->EditElements('meta_description'));
$story_templates->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']);
$story_templates->set_var('meta_keywords', $story->EditElements('meta_keywords'));
if ($_CONF['meta_tags'] > 0) {
$story_templates->set_var('hide_meta', '');
} else {
$story_templates->set_var('hide_meta', ' style="display:none;"');
}
$story_templates->set_var('lang_topic', $LANG_ADMIN['topic']);
if ($mode == 'preview') {
$tlist = TOPIC_getTopicSelectionControl('article', '', false, true, true);
} else {
$tlist = TOPIC_getTopicSelectionControl('article', $oldsid, false, true, true);
}
if (empty($tlist)) {
$display .= COM_showMessage(101);
return $display;
}
$story_templates->set_var('topic_selection', $tlist);
$story_templates->set_var('lang_show_topic_icon', $LANG24[56]);
if ($story->EditElements('show_topic_icon') == 1) {
$story_templates->set_var('show_topic_icon_checked', 'checked="checked"');
} else {
$story_templates->set_var('show_topic_icon_checked', '');
}
$story_templates->set_var('lang_cachetime', $LANG24['cache_time']);
$story_templates->set_var('lang_cachetime_desc', $LANG24['cache_time_desc']);
$story_templates->set_var('cache_time', $story->EditElements('cache_time'));
$story_templates->set_var('lang_draft', $LANG24[34]);
if ($story->EditElements('draft_flag')) {
$story_templates->set_var('is_checked', 'checked="checked"');
}
$story_templates->set_var('lang_mode', $LANG24[3]);
$story_templates->set_var('status_options', COM_optionList($_TABLES['statuscodes'], 'code,name', $story->EditElements('statuscode')));
$story_templates->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $story->EditElements('commentcode')));
$story_templates->set_var('trackback_options', COM_optionList($_TABLES['trackbackcodes'], 'code,name', $story->EditElements('trackbackcode')));
// comment expire
$story_templates->set_var('lang_cmt_disable', $LANG24[63]);
if ($story->EditElements('cmt_close')) {
$story_templates->set_var('is_checked5', 'checked="checked"');
$js_showcmtclosedisabled = 'false';
} else {
$js_showcmtclosedisabled = 'true';
}
$month_options = COM_getMonthFormOptions($story->EditElements('cmt_close_month'));
$story_templates->set_var('cmt_close_month_options', $month_options);
$day_options = COM_getDayFormOptions($story->EditElements('cmt_close_day'));
$story_templates->set_var('cmt_close_day_options', $day_options);
// ensure that the year dropdown includes the close year
$endtm = mktime(0, 0, 0, date('m'), date('d') + $_CONF['article_comment_close_days'], date('Y'));
$yoffset = date('Y', $endtm) - date('Y');
$close_year = $story->EditElements('cmt_close_year');
if ($yoffset < -1) {
$year_options = COM_getYearFormOptions($close_year, $yoffset);
} elseif ($yoffset > 5) {
$year_options = COM_getYearFormOptions($close_year, -1, $yoffset);
} else {
$year_options = COM_getYearFormOptions($close_year);
}
$story_templates->set_var('cmt_close_year_options', $year_options);
$cmt_close_ampm = '';
$cmt_close_hour = $story->EditElements('cmt_close_hour');
//correct hour
if ($cmt_close_hour >= 12) {
if ($cmt_close_hour > 12) {
$cmt_close_hour = $cmt_close_hour - 12;
}
$ampm = 'pm';
} else {
$ampm = 'am';
}
$ampm_select = COM_getAmPmFormSelection('cmt_close_ampm', $ampm);
if (empty($ampm_select)) {
// have a hidden field to 24 hour mode to prevent JavaScript errors
$ampm_select = '<input type="hidden" name="cmt_close_ampm" value=""' . XHTML . '>';
}
$story_templates->set_var('cmt_close_ampm_selection', $ampm_select);
if ($_CONF['hour_mode'] == 24) {
$hour_options = COM_getHourFormOptions($story->EditElements('cmt_close_hour'), 24);
} else {
$hour_options = COM_getHourFormOptions($cmt_close_hour);
}
$story_templates->set_var('cmt_close_hour_options', $hour_options);
$minute_options = COM_getMinuteFormOptions($story->EditElements('cmt_close_minute'));
$story_templates->set_var('cmt_close_minute_options', $minute_options);
$story_templates->set_var('cmt_close_second', $story->EditElements('cmt_close_second'));
if ($_CONF['onlyrootfeatures'] == 1 && SEC_inGroup('Root') or $_CONF['onlyrootfeatures'] !== 1) {
$featured_options = "<select name=\"featured\">" . LB . COM_optionList($_TABLES['featurecodes'], 'code,name', $story->EditElements('featured')) . "</select>" . LB;
} else {
$featured_options = "<input type=\"hidden\" name=\"featured\" value=\"0\"" . XHTML . ">";
}
$story_templates->set_var('featured_options', $featured_options);
$story_templates->set_var('frontpage_options', COM_optionList($_TABLES['frontpagecodes'], 'code,name', $story->EditElements('frontpage')));
$story_templates->set_var('story_introtext', $story->EditElements('introtext'));
$story_templates->set_var('story_bodytext', $story->EditElements('bodytext'));
$story_templates->set_var('lang_introtext', $LANG24[16]);
$story_templates->set_var('lang_bodytext', $LANG24[17]);
$story_templates->set_var('lang_postmode', $LANG24[4]);
$story_templates->set_var('lang_publishoptions', $LANG24[76]);
$story_templates->set_var('noscript', COM_getNoScript(false, $LANG24[77], sprintf($LANG24[78], $_CONF['site_admin_url'], $sid)));
$postmode = $story->EditElements('postmode');
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') {
$postmode = '';
}
}
$post_options = COM_optionList($_TABLES['postmodes'], 'code,name', $postmode);
$postmode_list = 'plaintext,html';
// If Advanced Mode - add post option and set default if editing story created with Advanced Editor
if ($_CONF['advanced_editor'] && $_USER['advanced_editor']) {
$postmode_list .= ',adveditor';
if ($story->EditElements('advanced_editor_mode') == 1 or $story->EditElements('postmode') == 'adveditor') {
$post_options .= '<option value="adveditor" selected="selected">' . $LANG24[86] . '</option>';
} else {
$post_options .= '<option value="adveditor">' . $LANG24[86] . '</option>';
}
}
if ($_CONF['wikitext_editor']) {
$postmode_list .= ',wikitext';
if ($story->EditElements('postmode') == 'wikitext') {
$post_options .= '<option value="wikitext" selected="selected">' . $LANG24[88] . '</option>';
} else {
$post_options .= '<option value="wikitext">' . $LANG24[88] . '</option>';
}
}
$story_templates->set_var('post_options', $post_options);
$postmode_array = explode(',', $postmode_list);
$allowed_html = '';
foreach ($postmode_array as $pm) {
$allowed_html .= COM_allowedHTML('story.edit', false, 1, $pm);
}
$allowed_tags = array('code', 'raw');
if ($_CONF['allow_page_breaks'] == 1) {
$allowed_tags = array_merge($allowed_tags, array('page_break'));
}
$allowed_html .= COM_allowedAutotags(false, $allowed_tags);
$story_templates->set_var('lang_allowed_html', $allowed_html);
$fileinputs = '';
$saved_images = '';
if ($_CONF['maximagesperarticle'] > 0) {
$story_templates->set_var('lang_images', $LANG24[47]);
$icount = DB_count($_TABLES['article_images'], 'ai_sid', $story->getSid());
if ($icount > 0) {
$result_articles = DB_query("SELECT * FROM {$_TABLES['article_images']} WHERE ai_sid = '" . $story->getSid() . "'");
for ($z = 1; $z <= $icount; $z++) {
$I = DB_fetchArray($result_articles);
$saved_images .= $z . ') ' . COM_createLink($I['ai_filename'], $_CONF['site_url'] . '/images/articles/' . $I['ai_filename']) . ' ' . $LANG_ADMIN['delete'] . ': <input type="checkbox" name="delete[' . $I['ai_img_num'] . ']"' . XHTML . '><br' . XHTML . '>';
}
}
$newallowed = $_CONF['maximagesperarticle'] - $icount;
for ($z = $icount + 1; $z <= $_CONF['maximagesperarticle']; $z++) {
$fileinputs .= $z . ') <input type="file" dir="ltr" name="file' . $z . '"' . XHTML . '>';
if ($z < $_CONF['maximagesperarticle']) {
$fileinputs .= '<br' . XHTML . '>';
}
}
$fileinputs .= '<br' . XHTML . '>' . $LANG24[51];
if ($_CONF['allow_user_scaling'] == 1) {
$fileinputs .= $LANG24[27];
}
$fileinputs .= $LANG24[28] . '<br' . XHTML . '>';
}
// Add JavaScript
$_SCRIPTS->setJavaScriptFile('story_editor', '/javascript/story_editor.js');
if ($_CONF['titletoid']) {
$_SCRIPTS->setJavaScriptFile('title_2_id', '/javascript/title_2_id.js');
$story_templates->set_var('titletoid', true);
}
$_SCRIPTS->setJavaScriptFile('postmode_control', '/javascript/postmode_control.js');
// Loads jQuery UI datepicker and timepicker-addon
$_SCRIPTS->setJavaScriptLibrary('jquery.ui.slider');
// $_SCRIPTS->setJavaScriptLibrary('jquery.ui.button');
$_SCRIPTS->setJavaScriptLibrary('jquery.ui.datepicker');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-i18n');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-timepicker-addon');
$_SCRIPTS->setJavaScriptLibrary('jquery-ui-timepicker-addon-i18n');
// $_SCRIPTS->setJavaScriptLibrary('jquery-ui-slideraccess');
$_SCRIPTS->setJavaScriptFile('datetimepicker', '/javascript/datetimepicker.js');
$langCode = COM_getLangIso639Code();
$toolTip = $MESSAGE[118];
$imgUrl = $_CONF['site_url'] . '/images/calendar.png';
$_SCRIPTS->setJavaScript("jQuery(function () {" . " geeklog.hour_mode = {$_CONF['hour_mode']};" . " geeklog.datetimepicker.set('publish', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . " geeklog.datetimepicker.set('expire', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . " geeklog.datetimepicker.set('cmt_close', '{$langCode}', '{$toolTip}', '{$imgUrl}');" . "});", TRUE, TRUE);
// Setup Advanced Editor
COM_setupAdvancedEditor('/javascript/storyeditor_adveditor.js');
$story_templates->set_var('saved_images', $saved_images);
$story_templates->set_var('image_form_elements', $fileinputs);
$story_templates->set_var('lang_hits', $LANG24[18]);
$story_templates->set_var('story_hits', $story->EditElements('hits'));
$story_templates->set_var('lang_comments', $LANG24[19]);
$story_templates->set_var('story_comments', $story->EditElements('comments'));
$story_templates->set_var('lang_trackbacks', $LANG24[29]);
$story_templates->set_var('story_trackbacks', $story->EditElements('trackbacks'));
$story_templates->set_var('lang_emails', $LANG24[39]);
$story_templates->set_var('story_emails', $story->EditElements('numemails'));
if ($mode == 'clone') {
$story_templates->set_var('story_id', COM_makesid());
} else {
$story_templates->set_var('story_id', $story->getSid());
$story_templates->set_var('old_story_id', $story->EditElements('originalSid'));
}
$story_templates->set_var('lang_sid', $LANG24[12]);
$story_templates->set_var('lang_save', $LANG_ADMIN['save']);
$story_templates->set_var('lang_preview', $LANG_ADMIN['preview']);
$story_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$story_templates->set_var('lang_delete', $LANG_ADMIN['delete']);
$story_templates->set_var('gltoken_name', CSRF_TOKEN);
$token = SEC_createToken();
$story_templates->set_var('gltoken', $token);
$story_templates->parse('output', 'editor');
$display .= COM_startBlock($LANG24[5], '', COM_getBlockTemplate('_admin_block', 'header'));
$display .= SEC_getTokenExpiryNotice($token, $LANG24[91]);
$display .= $story_templates->finish($story_templates->get_var('output'));
$display .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $display;
}
/**
* Delete an existing static page
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_delete_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN;
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
// Apply filters to the parameters passed by the webservice
if ($args['gl_svc']) {
$args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
$sp_id = $args['sp_id'];
if (!SEC_hasRights('staticpages.delete')) {
$output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
$output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied'], true);
$output .= COM_siteFooter();
if (!COM_isAnonUser()) {
return PLG_RET_PERMISSION_DENIED;
} else {
return PLG_RET_AUTH_FAILED;
}
}
DB_delete($_TABLES['staticpage'], 'sp_id', $sp_id);
DB_delete($_TABLES['comments'], array('sid', 'type'), array($sp_id, 'staticpages'));
PLG_itemDeleted($sp_id, 'staticpages');
$output = COM_refresh($_CONF['site_admin_url'] . '/plugins/staticpages/index.php');
return PLG_RET_OK;
}
/**
* Save a route into database
*
* @param int $rid
* @param int $method
* @param string $rule
* @param string $route
* @param int $priority
* @return string
*/
function saveRoute($rid, $method, $rule, $route, $priority)
{
global $_CONF, $_TABLES, $MESSAGE, $LANG_ROUTER;
$messageText = '';
$rid = intval($rid, 10);
$method = intval($method, 10);
$rule = trim($rule);
$route = trim($route);
$priority = intval($priority, 10);
if ($method < Router::HTTP_REQUEST_GET || $method > Router::HTTP_REQUEST_HEAD) {
$messageText = $LANG_ROUTER[12];
} elseif ($rule === '') {
$messageText = $LANG_ROUTER[13];
} elseif ($route === '') {
$messageText = $LANG_ROUTER[14];
} elseif (substr_count($rule, '@') !== substr_count($route, '@')) {
$messageText = $LANG_ROUTER[15];
}
// If a rule doesn't begin with a slash, then add one silently
if (strpos($rule, '/') !== 0) {
$rule = '/' . $rule;
}
// If a rule starts with "/index.php", then remove it silently
if (stripos($rule, '/index.php') === 0) {
$rule = preg_replace('|^/index\\.php|i', '', $rule);
}
// If a route doesn't begin with a slash, then add one silently
if (strpos($route, '/') !== 0) {
$route = '/' . $route;
}
// If a route starts with "/index.php/", then make it an error to prevent the script
// from going an infinite loop
if (stripos($route, '/index.php/') === 0) {
$messageText = $LANG_ROUTER[16];
}
// Replace & with &
$rule = str_ireplace('&', '&', $rule);
$route = str_ireplace('&', '&', $route);
// Check if placeholders are the same
$numPlaceHoldersInRule = preg_match_all(Router::PLACEHOLDER_MATCH, $rule, $matchesRule, PREG_SET_ORDER);
$numPlaceHoldersInRoute = preg_match_all(Router::PLACEHOLDER_MATCH, $route, $matchesRoute, PREG_SET_ORDER);
if ($numPlaceHoldersInRule === $numPlaceHoldersInRoute) {
if ($numPlaceHoldersInRule > 0) {
array_shift($matchesRule);
array_shift($matchesRoute);
foreach ($matchesRule as $r) {
if (!in_array($r, $matchesRoute)) {
$messageText = $LANG_ROUTER[15];
break;
}
}
}
} else {
$messageText = $LANG_ROUTER[15];
}
// If priority is out of range, then fix it silently
if ($priority < 1 || $priority > 65535) {
$priority = Router::DEFAULT_PRIORITY;
}
if ($messageText !== '') {
$content = COM_showMessageText($messageText, $MESSAGE[122]) . getRouteEditor($rid);
$retval = COM_createHTMLDocument($content, array('pagetitle' => $MESSAGE[122]));
return $retval;
}
// Save data into database
$rid = DB_escapeString($rid);
$method = DB_escapeString($method);
$rule = DB_escapeString($rule);
$route = DB_escapeString($route);
$priority = DB_escapeString($priority);
$count = intval(DB_count($_TABLES['routes'], 'rid', $rid), 10);
if ($count === 0) {
$sql = "INSERT INTO {$_TABLES['routes']} (rid, method, rule, route, priority) " . "VALUES (NULL, {$method}, '{$rule}', '{$route}', {$priority})";
} else {
$sql = "UPDATE {$_TABLES['routes']} " . "SET method = {$method}, rule = '{$rule}', route = '{$route}', priority = {$priority} " . "WHERE rid = {$rid} ";
}
for ($i = 0; $i < 5; $i++) {
DB_query($sql);
if (!DB_error()) {
reorderRoutes();
return COM_refresh($_CONF['site_admin_url'] . '/router.php?msg=121');
}
// Retry
}
$content = COM_showMessageText($LANG_ROUTER[17], DB_error()) . getRouteEditor($rid);
$retval = COM_createHTMLDocument($content, array('pagetitle' => $MESSAGE[122]));
return $retval;
}
$rc = MB_saveNewMenu();
if ($rc != '') {
$content = COM_showMessageText($rc, '', true);
$content .= MB_createMenu();
} else {
$content = MB_displayMenuList();
}
break;
case 'saveclonemenu':
MB_saveCloneMenu();
$content = MB_displayMenuList();
break;
case 'saveeditmenu':
$rc = MB_saveEditMenu();
if ($rc != '') {
$content = COM_showMessageText($rc, '', true);
$menu_id = COM_applyFilter($_POST['menu_id'], true);
$content .= MB_editMenu($menu_id);
} else {
$content = MB_displayMenuList();
}
break;
case 'editmenu':
$menu_id = COM_applyFilter($_GET['menuid'], true);
$content = MB_editMenu($menu_id);
break;
case 'activate':
MB_changeActiveStatusElement($_POST['enableditem']);
$content = MB_displayTree($menu_id);
$currentSelect = $LANG_MB01['menu_builder'];
break;
/**
* Check a security token.
* Checks the POST and GET data for a security token, if one exists, validates
* that it's for this user and URL. If the token is not valid, it asks the user
* to re-authenticate and resends the request if authentication was successful.
*
* @return boolean true if the token is valid; does not return if not!
* @see SECINT_checkToken
* @link http://wiki.geeklog.net/index.php/Re-Authentication_for_expired_Tokens
*/
function SEC_checkToken()
{
global $_CONF, $LANG20, $LANG_ADMIN;
if (SECINT_checkToken()) {
// if this was a recreated request, recreate $_FILES array, too
SECINT_recreateFilesArray();
return true;
}
/**
* Token not valid (probably expired): Ask user to authenticate again
*/
$returnurl = COM_getCurrentUrl();
$method = strtoupper($_SERVER['REQUEST_METHOD']);
$postdata = serialize($_POST);
$getdata = serialize($_GET);
$files = '';
if (!empty($_FILES)) {
// rescue uploaded files
foreach ($_FILES as $key => $f) {
if (!empty($f['name'])) {
$filename = basename($f['tmp_name']);
move_uploaded_file($f['tmp_name'], $_CONF['path_data'] . $filename);
$_FILES[$key]['tmp_name'] = $filename;
// drop temp. dir
}
}
$files = serialize($_FILES);
}
$display = COM_showMessageText($LANG_ADMIN['token_expired']) . SECINT_authform($returnurl, $method, $postdata, $getdata, $files);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG20[1]));
COM_output($display);
exit;
// we don't return from here
}
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +--------------------------------------------------------------------------+
require_once '../lib-common.php';
require_once 'auth.inc.php';
$display = '';
if (!SEC_hasrights('autotag.admin')) {
$display .= COM_siteHeader('menu', $MESSAGE[30]);
$display .= COM_showMessageText($MESSAGE[38], $MESSAGE[30], true);
$display .= COM_siteFooter();
COM_accessLog("User {$_USER['username']} attempted to access the autotag administration screen.");
echo $display;
exit;
}
USES_lib_install();
/**
* Main driver to handle the uploaded autotag
*
* Determines if a new style (supports automated installer) or
* an old style.
*
* @return string Formatted HTML containing the page body
*
*/
function _userGetnewtoken()
{
global $_CONF, $_TABLES, $_USER, $LANG04;
$retval = '';
$uid = 0;
if ($_CONF['passwordspeedlimit'] == 0) {
$_CONF['passwordspeedlimit'] = 300;
// 5 minutes
}
COM_clearSpeedlimit($_CONF['passwordspeedlimit'], 'verifytoken');
$last = COM_checkSpeedlimit('verifytoken');
if ($last > 0) {
$retval .= COM_showMessageText(sprintf($LANG04[93], $last, $_CONF['passwordspeedlimit']), $LANG12[26], true, 'error');
} else {
$username = isset($_POST['username']) ? $_POST['username'] : '';
$passwd = isset($_POST['passwd']) ? $_POST['passwd'] : '';
if (!empty($username) && !empty($passwd) && USER_validateUsername($username, 1)) {
$encryptedPassword = '';
$uid = 0;
$result = DB_query("SELECT uid,passwd FROM {$_TABLES['users']} WHERE username='******'");
if (DB_numRows($result) > 0) {
$row = DB_fetchArray($result);
$encryptedPassword = $row['passwd'];
$uid = $row['uid'];
}
if ($encryptedPassword != '' && SEC_check_hash($passwd, $encryptedPassword)) {
$retval .= requesttoken($uid, 3);
} else {
$retval .= newtokenform($uid);
}
} else {
$retval .= newtokenform($uid);
}
}
return $retval;
}
$display = COM_refresh(COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid));
} else {
$display .= COM_siteHeader('menu', $LANG08[17]) . mailstoryform($sid) . COM_siteFooter();
}
}
break;
case 'sendstory':
$sid = COM_applyFilter($_POST['sid']);
if (empty($sid)) {
$display = COM_refresh($_CONF['site_url'] . '/index.php');
} else {
if (empty($_POST['toemail']) || empty($_POST['fromemail']) || !COM_isEmail($_POST['toemail']) || !COM_isEmail($_POST['fromemail']) || strpos($_POST['to'], '@') !== false || strpos($_POST['from'], '@') !== false) {
$display .= COM_siteHeader('menu', $LANG08[17]) . mailstoryform($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), $_POST['shortmsg'], 52) . COM_siteFooter();
} else {
if (empty($_POST['to']) || empty($_POST['from']) || empty($_POST['shortmsg'])) {
$display .= COM_siteHeader('menu', $LANG08[17]) . COM_showMessageText($LANG08[22]) . mailstoryform($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), $_POST['shortmsg']) . COM_siteFooter();
} else {
$msg = PLG_itemPreSave('emailstory', $_POST['shortmsg']);
if (!empty($msg)) {
$display .= COM_siteHeader('menu', $LANG08[17]) . COM_errorLog($msg, 2) . mailstoryform($sid, COM_applyFilter($_POST['to']), COM_applyFilter($_POST['toemail']), COM_applyFilter($_POST['from']), COM_applyFilter($_POST['fromemail']), $_POST['shortmsg']) . COM_siteFooter();
} else {
$display .= mailstory($sid, $_POST['to'], $_POST['toemail'], $_POST['from'], $_POST['fromemail'], $_POST['shortmsg']);
}
}
}
}
break;
default:
if (isset($_GET['uid'])) {
$uid = COM_applyFilter($_GET['uid'], true);
} else {
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
// | |
// +--------------------------------------------------------------------------+
require_once '../../../lib-common.php';
require_once '../../auth.inc.php';
$display = '';
if (!SEC_inGroup('Bad Behavior2 Admin')) {
$display .= COM_siteHeader('menu');
$display .= COM_showMessageText($LANG20[6], $LANG20[1], true);
$display .= COM_siteFooter();
echo $display;
exit;
}
USES_lib_admin();
require_once $_CONF['path_html'] . '/bad_behavior2/bad-behavior-glfusion.php';
/**
* List logged requests
*
* @param int $page page number
* @return string HTML for list of entries
*
*/
function _bb_listEntries($page = 1, $msg = '')
{
