function MG_showTree($aid, $depth)
{
global $_CONF, $MG_albums, $level, $counter;
$z = 1;
$retval = '';
$px = ($level - 1) * 15;
if ($aid != 0 && $MG_albums[$aid]->access > 0) {
if ($level == 1 && $depth != 1) {
// our first one...
$retval .= '<p>';
}
if ($depth == 0) {
$retval .= "<div style=\"margin-left:" . $px . "px;\">" . '<input type="checkbox" name="album[]" id="album[]" value="' . $MG_albums[$aid]->id . '" ' . $block . ' /> ' . strip_tags(COM_stripslashes($MG_albums[$aid]->title)) . '</div>' . LB;
} else {
if ($level <= $depth) {
$retval .= "<div style=\"margin-left:" . $px . "px;\">" . '<a href="' . $_MG_CONF['site_url'] . '/album.php?aid=' . $MG_albums[$aid]->id . '&page=1">' . strip_tags(COM_stripslashes($MG_albums[$aid]->title)) . '</a></div>';
}
}
} else {
if ($MG_albums[$aid]->id == 0) {
$retval .= '<br />';
}
}
$counter++;
if (!empty($MG_albums[$aid]->children)) {
$children = $MG_albums[$aid]->getChildren();
foreach ($children as $child) {
$level++;
$retval .= MG_showTree($MG_albums[$child]->id, $depth);
$level--;
}
}
return $retval;
}
/**
* Constructor
*
* Sets up private search variables
*
* @author Tony Bibbs, tony AT geeklog DOT net
* @access public
*
*/
function Search()
{
global $_CONF, $_TABLES;
// Set search criteria
if (isset($_GET['query'])) {
$this->_query = strip_tags(COM_stripslashes($_GET['query']));
}
if (isset($_GET['topic'])) {
$this->_topic = COM_applyFilter($_GET['topic']);
}
if (isset($_GET['datestart'])) {
$this->_dateStart = COM_applyFilter($_GET['datestart']);
}
if (isset($_GET['dateend'])) {
$this->_dateEnd = COM_applyFilter($_GET['dateend']);
}
if (isset($_GET['author'])) {
$this->_author = COM_applyFilter($_GET['author']);
// In case we got a username instead of uid, convert it. This should
// make custom themes for search page easier.
if (!is_numeric($this->_author) && !preg_match('/^([0-9]+)$/', $this->_author) && $this->_author != '') {
$this->_author = DB_getItem($_TABLES['users'], 'uid', 'username=\'' . addslashes($this->_author) . '\'');
}
if ($this->_author < 1) {
$this->_author = '';
}
}
$this->_type = isset($_GET['type']) ? COM_applyFilter($_GET['type']) : 'all';
$this->_keyType = isset($_GET['keyType']) ? COM_applyFilter($_GET['keyType']) : $_CONF['search_def_keytype'];
$this->_titlesOnly = isset($_GET['title']) ? true : false;
}
/**
* Returns the entry the user posted
*
* @return string
*/
protected function getEntry()
{
$entry = '';
if (isset($_GET['entry'])) {
$entry = COM_stripslashes($_GET['entry']);
} elseif (isset($_POST['pentry'])) {
$entry = COM_stripslashes($_POST['pentry']);
}
return $entry;
}
/**
* Constructor
*/
function display()
{
global $_CONF, $_TABLES, $LANG_SX00;
$action = '';
if (isset($_GET['action'])) {
$action = $_GET['action'];
} elseif (isset($_POST['paction'])) {
$action = $_POST['paction'];
}
$entry = '';
if (isset($_GET['entry'])) {
$entry = COM_stripslashes($_GET['entry']);
} elseif (isset($_POST['pentry'])) {
$entry = COM_stripslashes($_POST['pentry']);
}
if ($action == 'delete' && SEC_checkToken()) {
$entry = DB_escapeString($entry);
DB_delete($_TABLES['spamx'], array('name', 'value'), array('Personal', $entry));
} elseif ($action == $LANG_SX00['addentry'] && SEC_checkToken()) {
if (!empty($entry)) {
$entry = DB_escapeString($entry);
$result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '{$entry}')");
}
} elseif ($action == $LANG_SX00['addcen'] && SEC_checkToken()) {
foreach ($_CONF['censorlist'] as $entry) {
$entry = DB_escapeString($entry);
$result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '{$entry}')");
}
}
$token = SEC_createToken();
$display = '<hr' . XHTML . '>' . LB . '<p><b>';
$display .= $LANG_SX00['pblack'];
$display .= '</b></p>' . LB . '<ul>' . LB;
$result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name = 'Personal'");
$nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
$e = $A['value'];
$display .= '<li>' . COM_createLink(htmlspecialchars($e), $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditBlackList&action=delete&entry=' . urlencode($e) . '&' . CSRF_TOKEN . '=' . $token) . '</li>' . LB;
}
$display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
$display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
$display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditBlackList">' . LB;
$display .= '<div><input type="text" size="30" name="pentry"' . XHTML . '> ';
$display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '"' . XHTML . '>' . LB;
$display .= '<p>' . $LANG_SX00['e3'] . '</p> ';
$display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addcen'] . '"' . XHTML . '>' . LB;
$display .= '<input type="hidden" name="' . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . '>' . LB;
$display .= '</div></form>' . LB;
return $display;
}
/**
* Constructor
* Sets up private search variables
*
* @author Tony Bibbs, tony AT geeklog DOT net
*/
public function __construct()
{
global $_CONF, $_TABLES;
// Set search criteria
if (isset($_GET['query'])) {
$query = COM_stripslashes($_GET['query']);
$query = GLText::remove4byteUtf8Chars($query);
$this->_query = strip_tags($query);
}
if (isset($_GET['topic'])) {
// see if topic exists
$tid = COM_applyFilter($_GET['topic']);
// If it exists and user has access to it, it will return itself else an empty string
$tid = DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'" . COM_getPermSQL('AND', 0, 2));
$this->_topic = $tid;
} else {
if ($_CONF['search_use_topic']) {
$last_topic = SESS_getVariable('topic');
if ($last_topic != '') {
$this->_topic = $last_topic;
}
}
}
if (isset($_GET['datestart'])) {
$this->_dateStart = COM_applyFilter($_GET['datestart']);
}
if (isset($_GET['dateend'])) {
$this->_dateEnd = COM_applyFilter($_GET['dateend']);
}
if (isset($_GET['author'])) {
$this->_author = COM_applyFilter($_GET['author']);
// In case we got a username instead of uid, convert it. This should
// make custom themes for search page easier.
if (!is_numeric($this->_author) && !preg_match('/^([0-9]+)$/', $this->_author) && $this->_author != '') {
$this->_author = DB_getItem($_TABLES['users'], 'uid', 'username=\'' . DB_escapeString($this->_author) . '\'');
}
if ($this->_author < 1) {
$this->_author = '';
}
}
$this->_type = isset($_GET['type']) ? COM_applyFilter($_GET['type']) : 'all';
$this->_keyType = isset($_GET['keyType']) ? COM_applyFilter($_GET['keyType']) : $_CONF['search_def_keytype'];
$this->_titlesOnly = isset($_GET['title']) ? true : false;
}
function ppApplyFilter($parameter, $isnumeric = false, $returnzero = true)
{
$p = COM_stripslashes($parameter);
$p = strip_tags($p);
$p = COM_killJS($p);
if ($isnumeric) {
// Note: PHP's is_numeric() accepts values like 4e4 as numeric
// Strip out any common number formatting characters
$p = preg_replace('/[\\s-\\(\\)]+/', '', $p);
if (!is_numeric($p) || preg_match('/^([0-9]+)$/', $p) == 0) {
if ($returnzero) {
$p = 0;
} else {
$p = '';
}
}
} else {
$pa = explode("'", $p);
$pa = explode('"', $pa['0']);
$pa = explode('`', $pa['0']);
$p = $pa['0'];
}
return $p;
}
/**
* Filter the excerpt of a trackback comment we've received
*
* Note: Does not truncate the excerpt.
*
* @param string $excerpt excerpt of the trackback comment
* @return string filtered excerpt
*
*/
function TRB_filterExcerpt($excerpt)
{
return COM_checkWords(strip_tags(COM_stripslashes($excerpt)));
}
/**
* Saves the user's information back to the database
*
* @param array $A User's data
* @return string HTML error message or meta redirect
*
*/
function saveuser($A)
{
global $_CONF, $_TABLES, $_USER, $LANG04, $LANG24, $_US_VERBOSE;
if ($_US_VERBOSE) {
COM_errorLog('**** Inside saveuser in usersettings.php ****', 1);
}
$reqid = DB_getItem($_TABLES['users'], 'pwrequestid', "uid = {$_USER['uid']}");
if ($reqid != $A['uid']) {
DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $_USER['uid']);
COM_accessLog("An attempt was made to illegally change the account information of user {$_USER['uid']}.");
return COM_refresh($_CONF['site_url'] . '/index.php');
}
if (!isset($A['cooktime'])) {
// If not set or possibly removed from template - set to default
$A['cooktime'] = $_CONF['default_perm_cookie_timeout'];
} else {
$A['cooktime'] = COM_applyFilter($A['cooktime'], true);
}
// If empty or invalid - set to user default
// So code after this does not fail the user password required test
if ($A['cooktime'] < 0) {
// note that == 0 is allowed!
$A['cooktime'] = $_USER['cookietimeout'];
}
// to change the password, email address, or cookie timeout,
// we need the user's current password
$current_password = DB_getItem($_TABLES['users'], 'passwd', "uid = {$_USER['uid']}");
if (!empty($A['passwd']) || $A['email'] != $_USER['email'] || $A['cooktime'] != $_USER['cookietimeout']) {
if (empty($A['old_passwd']) || SEC_encryptPassword($A['old_passwd']) != $current_password) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=83');
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
}
}
} elseif ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($A['username'], $A['email']);
if (!empty($ret)) {
// Need a numeric return for the default message handler
// - if not numeric use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 400;
}
return COM_refresh("{$_CONF['site_url']}/usersettings.php?msg={$ret['number']}");
}
}
// no need to filter the password as it's encoded anyway
if ($_CONF['allow_username_change'] == 1) {
$A['new_username'] = COM_applyFilter($A['new_username']);
if (!empty($A['new_username']) && $A['new_username'] != $_USER['username']) {
$A['new_username'] = addslashes($A['new_username']);
if (DB_count($_TABLES['users'], 'username', $A['new_username']) == 0) {
if ($_CONF['allow_user_photo'] == 1) {
$photo = DB_getItem($_TABLES['users'], 'photo', "uid = {$_USER['uid']}");
if (!empty($photo)) {
$newphoto = preg_replace('/' . $_USER['username'] . '/', $A['new_username'], $photo, 1);
$imgpath = $_CONF['path_images'] . 'userphotos/';
if (rename($imgpath . $photo, $imgpath . $newphoto) === false) {
$display = COM_siteHeader('menu', $LANG04[21]);
$display .= COM_errorLog('Could not rename userphoto "' . $photo . '" to "' . $newphoto . '".');
$display .= COM_siteFooter();
return $display;
}
DB_change($_TABLES['users'], 'photo', addslashes($newphoto), "uid", $_USER['uid']);
}
}
DB_change($_TABLES['users'], 'username', $A['new_username'], "uid", $_USER['uid']);
} else {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=51');
}
}
}
// a quick spam check with the unfiltered field contents
$profile = '<h1>' . $LANG04[1] . ' ' . $_USER['username'] . '</h1>' . '<p>' . COM_createLink($A['homepage'], $A['homepage']) . '<br' . XHTML . '>' . $A['location'] . '<br' . XHTML . '>' . $A['sig'] . '<br' . XHTML . '>' . $A['about'] . '<br' . XHTML . '>' . $A['pgpkey'] . '</p>';
$result = PLG_checkforSpam($profile, $_CONF['spamx']);
if ($result > 0) {
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$A['email'] = COM_applyFilter($A['email']);
$A['email_conf'] = COM_applyFilter($A['email_conf']);
$A['homepage'] = COM_applyFilter($A['homepage']);
// basic filtering only
$A['fullname'] = strip_tags(COM_stripslashes($A['fullname']));
$A['location'] = strip_tags(COM_stripslashes($A['location']));
$A['sig'] = strip_tags(COM_stripslashes($A['sig']));
$A['about'] = strip_tags(COM_stripslashes($A['about']));
$A['pgpkey'] = strip_tags(COM_stripslashes($A['pgpkey']));
if (!COM_isEmail($A['email'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=52');
} else {
if ($A['email'] !== $A['email_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=78');
} else {
if (emailAddressExists($A['email'], $_USER['uid'])) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=56');
} else {
if (!empty($A['passwd'])) {
if ($A['passwd'] == $A['passwd_conf'] && SEC_encryptPassword($A['old_passwd']) == $current_password) {
$passwd = SEC_encryptPassword($A['passwd']);
DB_change($_TABLES['users'], 'passwd', "{$passwd}", "uid", $_USER['uid']);
if ($A['cooktime'] > 0) {
$cooktime = $A['cooktime'];
} else {
$cooktime = -1000;
}
SEC_setCookie($_CONF['cookie_password'], $passwd, time() + $cooktime);
} elseif (SEC_encryptPassword($A['old_passwd']) != $current_password) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=68');
} elseif ($A['passwd'] != $A['passwd_conf']) {
return COM_refresh($_CONF['site_url'] . '/usersettings.php?msg=67');
}
}
if ($_US_VERBOSE) {
COM_errorLog('cooktime = ' . $A['cooktime'], 1);
}
if ($A['cooktime'] <= 0) {
$cooktime = 1000;
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() - $cooktime);
} else {
SEC_setCookie($_CONF['cookie_name'], $_USER['uid'], time() + $A['cooktime']);
}
if ($_CONF['allow_user_photo'] == 1) {
$delete_photo = '';
if (isset($A['delete_photo'])) {
$delete_photo = $A['delete_photo'];
}
$filename = handlePhotoUpload($delete_photo);
}
if (!empty($A['homepage'])) {
$pos = MBYTE_strpos($A['homepage'], ':');
if ($pos === false) {
$A['homepage'] = 'http://' . $A['homepage'];
} else {
$prot = substr($A['homepage'], 0, $pos + 1);
if ($prot != 'http:' && $prot != 'https:') {
$A['homepage'] = 'http:' . substr($A['homepage'], $pos + 1);
}
}
$A['homepage'] = addslashes($A['homepage']);
}
$A['fullname'] = addslashes($A['fullname']);
$A['email'] = addslashes($A['email']);
$A['location'] = addslashes($A['location']);
$A['sig'] = addslashes($A['sig']);
$A['about'] = addslashes($A['about']);
$A['pgpkey'] = addslashes($A['pgpkey']);
if (!empty($filename)) {
if (!file_exists($_CONF['path_images'] . 'userphotos/' . $filename)) {
$filename = '';
}
}
DB_query("UPDATE {$_TABLES['users']} SET fullname='{$A['fullname']}',email='{$A['email']}',homepage='{$A['homepage']}',sig='{$A['sig']}',cookietimeout={$A['cooktime']},photo='{$filename}' WHERE uid={$_USER['uid']}");
DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='{$A['pgpkey']}',about='{$A['about']}',location='{$A['location']}' WHERE uid={$_USER['uid']}");
// Call custom registration save function if enabled and exists
if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
CUSTOM_userSave($_USER['uid']);
}
PLG_userInfoChanged($_USER['uid']);
if ($_US_VERBOSE) {
COM_errorLog('**** Leaving saveuser in usersettings.php ****', 1);
}
return COM_refresh($_CONF['site_url'] . '/users.php?mode=profile&uid=' . $_USER['uid'] . '&msg=5');
}
}
}
}
/**
* Continues a session - handles timeout, looping, etc.
*
* @parm char session id to continue
* @parm int number of items to process per run
* 0 indicates initial run
* @return char HTML of status screen
*/
function MG_continueSession($session_id, $item_limit, $refresh_rate)
{
global $_CONF, $_MG_CONF, $_TABLES, $_USER, $LANG_MG00, $LANG_MG01, $LANG_MG02;
$retval = '';
$cycle_start_time = time();
$temp_time = array();
$timer_expired = false;
$num_rows = 0;
$session_id = COM_applyFilter($session_id);
// Pull the session status info
$sql = "SELECT * FROM {$_TABLES['mg_sessions']} " . "WHERE session_id='" . addslashes($session_id) . "'";
$result = DB_query($sql, 1);
if (DB_error()) {
COM_errorLog("MediaGallery: Error - Unable to retrieve batch session data");
return '';
}
$nRows = DB_numRows($result);
if ($nRows > 0) {
$session = DB_fetchArray($result);
} else {
COM_errorLog("MediaGallery: Error - Unable to find batch session id");
return '';
// no session found
}
// security check - make sure we are continuing a session that we own...
if ($session['session_uid'] != $_USER['uid'] && !SEC_hasRights('mediagallery.admin')) {
return COM_showMessageText($LANG_MG00['access_denied_msg']);
}
// Setup timer information
$time_limit = $_MG_CONF['def_time_limit'];
@set_time_limit($time_limit + 20);
// get execution time
$max_execution_time = ini_get('max_execution_time');
if ($time_limit > $max_execution_time) {
$time_limit = $max_execution_time;
}
$label = COM_stripslashes($session['session_description']);
// Pull the detail data from the sessions_items table...
$sql = "SELECT * FROM {$_TABLES['mg_session_items']} " . "WHERE session_id='" . addslashes($session_id) . "' " . "AND status=0 LIMIT " . $item_limit;
$result = DB_query($sql);
while (($row = DB_fetchArray($result)) && $timer_expired == false) {
// used for calculating loop duration and changing the timer condition
$start_temp_time = time();
$function = 'mg_batch_session_' . $session['session_action'];
if (function_exists($function)) {
$function($row);
DB_change($_TABLES['mg_session_items'], 'status', 1, 'id', $row['id']);
}
// calculate time for each loop iteration
$temp_time[$num_rows] = time() - $start_temp_time;
// get the max
$timer_time = max($temp_time);
$num_rows++;
// check if timer is about to expire
if (time() - $cycle_start_time >= $time_limit - $timer_time) {
$timer_expired_secs = time() - $cycle_start_time;
$timer_expired = true;
}
}
// end the timer
$cycle_end_time = time();
// find how much time the last cycle took
$last_cycle_time = $cycle_end_time - $cycle_start_time;
$T = COM_newTemplate(MG_getTemplatePath(0));
$T->set_file('batch', 'batch_progress.thtml');
$processing_messages = '';
if ($timer_expired) {
$processing_messages = '<p>' . sprintf($LANG_MG01['timer_expired'], $timer_expired_secs) . '</p>';
}
$sql = "SELECT COUNT(*) AS processed " . "FROM {$_TABLES['mg_session_items']} " . "WHERE session_id='" . addslashes($session_id) . "' AND status=1";
$result = DB_query($sql);
$row = DB_fetchArray($result);
$session_items_processed = $row['processed'];
$sql = "SELECT COUNT(*) AS processing " . "FROM {$_TABLES['mg_session_items']} " . "WHERE session_id='" . addslashes($session_id) . "'";
$result = DB_query($sql);
$row = DB_fetchArray($result);
$session_items_processing = $row['processing'];
$items_remaining = $session_items_processing - $session_items_processed;
if ($items_remaining > 0) {
if ($item_limit == 0) {
$processing_messages .= '<p>' . $LANG_MG01['begin_processing'] . '</p>';
$item_limit = $_MG_CONF['def_item_limit'];
} else {
$processing_messages .= '<p>' . sprintf($LANG_MG01['processing_next_items'], $item_limit) . '</p>';
}
$form_action = $_MG_CONF['site_url'] . '/batch.php?mode=continue&sid=' . $session_id . '&refresh=' . $refresh_rate . '&limit=' . $item_limit;
$next_button = $LANG_MG01['next'];
// create the meta tag for refresh
$T->set_var("META", '<meta http-equiv="refresh" content="' . $refresh_rate . ';url=' . $form_action . '"' . XHTML . '>');
} else {
if ($item_limit == 0) {
echo COM_refresh($session['session_origin']);
exit;
}
$next_button = $LANG_MG01['finished'];
$processing_messages .= '<p>' . $LANG_MG01['all_done'] . '</p>';
$T->set_var("META", '');
$refresh_rate = -1;
$form_action = $session['session_origin'];
$result = DB_query("SELECT * FROM {$_TABLES['mg_session_log']} " . "WHERE session_id='" . addslashes($session_id) . "'");
while ($row = DB_fetchArray($result)) {
$processing_messages .= '<p>' . $row['session_log'] . '</p>';
}
MG_endSession($session_id);
}
$session_percent = $session_items_processed / $session_items_processing * 100;
$session_time = $cycle_end_time - $session['session_start_time'];
$T->set_var(array('L_BATCH_PROCESS' => $label, 'L_BATCH' => $LANG_MG01['batch_sessions'], 'L_NEXT' => $next_button, 'L_PROCESSING' => $LANG_MG01['processing'], 'L_CANCEL' => $LANG_MG01['cancel'], 'L_PROCESSING_DETAILS' => $LANG_MG01['processing_details'], 'L_STATUS' => $LANG_MG01['status'], 'L_TOTAL_ITEMS' => $LANG_MG01['total_items'], 'L_ITEMS_PROCESSED' => $LANG_MG01['processed_items'], 'L_ITEMS_REMAINING' => $LANG_MG01['items_remaining'], 'L_POSTS_LAST_CYCLE' => $LANG_MG01['items_last_cycle'], 'L_TIME_LIMIT' => $LANG_MG01['time_limit'], 'L_REFRESH_RATE' => $LANG_MG01['refresh_rate'], 'L_ITEM_RATE' => $LANG_MG01['item_rate'], 'L_ACTIVE_PARAMETERS' => $LANG_MG01['batch_parameters'], 'L_ITEMS_PER_CYCLE' => $LANG_MG01['items_per_cycle'], 'TOTAL_ITEMS' => $session_items_processing, 'ITEMS_PROCESSED' => $session_items_processed, 'ITEMS_REMAINING' => $session_items_processing - $session_items_processed, 'ITEM_RATE' => sprintf($LANG_MG01['seconds_per_item'], round(@($last_cycle_time / $num_rows))), 'PROCESSING_MESSAGES' => $processing_messages, 'SESSION_PERCENT' => round($session_percent, 2) . ' %', 'POST_LIMIT' => $num_rows, 'ITEM_LIMIT' => $item_limit, 'TIME_LIMIT' => $time_limit, 'REFRESH_RATE' => $refresh_rate, 'S_BATCH_ACTION' => $form_action));
$retval .= $T->finish($T->parse('output', 'batch'));
return $retval;
}
/**
* Save browser upload(s)
*
* @param int album_id album_id save uploaded media
* @return string HTML
*
*/
function MG_saveUserUpload($album_id)
{
global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG02, $LANG_MG03;
$retval = '';
$retval .= COM_startBlock($LANG_MG03['upload_results'], '', COM_getBlockTemplate('_admin_block', 'header'));
$T = COM_newTemplate(MG_getTemplatePath($album_id));
$T->set_file('mupload', 'useruploadstatus.thtml');
$statusMsg = '';
$file = array();
$file = $_FILES['newmedia'];
$thumbs = $_FILES['thumbnail'];
$album = new mgAlbum($album_id);
$successfull_upload = 0;
$br = '<br' . XHTML . '>';
foreach ($file['name'] as $key => $name) {
$filename = $file['name'][$key];
$filetype = $file['type'][$key];
$filesize = $file['size'][$key];
$filetmp = $file['tmp_name'][$key];
$error = $file['error'][$key];
$caption = COM_stripslashes($_POST['caption'][$key]);
$description = COM_stripslashes($_POST['description'][$key]);
$keywords = COM_stripslashes($_POST['keywords'][$key]);
$category = COM_applyFilter($_POST['cat_id'][$key], true);
$attachtn = isset($_POST['attachtn'][$key]) ? $_POST['attachtn'][$key] : '';
$thumbnail = isset($thumbs['tmp_name'][$key]) ? $thumbs['tmp_name'][$key] : '';
if (isset($_POST['dnc'][$key]) && $_POST['dnc'][$key] == 'on') {
$dnc = 1;
} else {
$dnc = 0;
}
if ($filename == '') {
continue;
}
if ($album->max_filesize != 0 && $filesize > $album->max_filesize) {
COM_errorLog("MG Upload: File " . $filename . " exceeds maximum allowed filesize for this album");
$tmpmsg = sprintf($LANG_MG02['upload_exceeds_max_filesize'], $filename);
$statusMsg .= $tmpmsg . $br;
continue;
}
if ($attachtn == "on") {
$attach_tn = 1;
} else {
$attach_tn = 0;
}
if ($error != UPLOAD_ERR_OK) {
switch ($error) {
case 1:
$tmpmsg = sprintf($LANG_MG02['upload_too_big'], $filename);
$statusMsg .= $tmpmsg . $br;
COM_errorLog('MediaGallery: Error - ' . $tmpmsg);
break;
case 2:
$tmpmsg = sprintf($LANG_MG02['upload_too_big_html'], $filename);
$statusMsg .= $tmpmsg . $br;
COM_errorLog('MediaGallery: Error - ' . $tmpmsg);
break;
case 3:
$tmpmsg = sprintf($LANG_MG02['partial_upload'], $filename);
$statusMsg .= $tmpmsg . $br;
COM_errorLog('MediaGallery: Error - ' . $tmpmsg);
break;
case 4:
break;
case 6:
$statusMsg .= $LANG_MG02['missing_tmp'] . $br;
break;
case 7:
$statusMsg .= $LANG_MG02['disk_fail'] . $br;
break;
default:
$statusMsg .= $LANG_MG02['unknown_err'] . $br;
break;
}
continue;
}
// check user quota -- do we have one????
$user_quota = DB_getItem($_TABLES['mg_userprefs'], 'quota', "uid=" . intval($_USER['uid']));
if ($user_quota > 0) {
$disk_used = MG_quotaUsage($_USER['uid']);
if ($disk_used + $filesize > $user_quota) {
COM_errorLog("MG Upload: File " . $filename . " would exceeds the users quota");
$tmpmsg = sprintf($LANG_MG02['upload_exceeds_quota'], $filename);
$statusMsg .= $tmpmsg . $br;
continue;
}
}
// process the uploaded files
$opt = array('caption' => $caption, 'description' => $description, 'filetype' => $filetype, 'atttn' => $attach_tn, 'thumbnail' => $thumbnail, 'keywords' => $keywords, 'category' => $category, 'dnc' => $dnc);
list($rc, $msg) = MG_getFile($filetmp, $filename, $album_id, $opt);
$statusMsg .= $filename . " " . $msg . $br;
if ($rc == true) {
$successfull_upload++;
}
}
if ($successfull_upload) {
MG_notifyModerators($album_id);
}
// failsafe check - after all the uploading is done, double check that the database counts
// equal the actual count of items shown in the database, if not, fix the counts and log
// the error
$dbCount = DB_count($_TABLES['mg_media_albums'], 'album_id', intval($album_id));
$aCount = DB_getItem($_TABLES['mg_albums'], 'media_count', "album_id=" . intval($album_id));
if ($dbCount != $aCount) {
DB_change($_TABLES['mg_albums'], 'media_count', $dbCount, 'album_id', intval($album_id));
COM_errorLog("MediaGallery: Upload processing - Counts don't match - dbCount = " . $dbCount . " aCount = " . $aCount);
}
MG_SortMedia($album_id);
$T->set_var('status_message', $statusMsg);
$tmp = $_MG_CONF['site_url'] . '/album.php?aid=' . $album_id . '&page=1';
$redirect = sprintf($LANG_MG03['album_redirect'], $tmp);
$T->set_var('redirect', $redirect);
$T->parse('output', 'mupload');
$retval .= $T->finish($T->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
function MG_saveMediaEdit($album_id, $media_id, $actionURL)
{
global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03;
$back = COM_applyFilter($_POST['rpath']);
if ($back != '') {
$actionURL = $back;
}
$queue = COM_applyFilter($_POST['queue'], true);
$replacefile = 0;
if (isset($_POST['replacefile'])) {
$replacefile = COM_applyFilter($_POST['replacefile']);
}
if ($replacefile == 1) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php';
$repfilename = $_FILES['repfilename'];
$filename = $repfilename['name'];
$file = $repfilename['tmp_name'];
$opt = array('replace' => $media_id);
list($rc, $msg) = MG_getFile($file, $filename, $album_id, $opt);
COM_errorLog($msg);
}
// see if we had an attached thumbnail before...
$thumb = $_FILES['attthumb'];
$thumbnail = $thumb['tmp_name'];
$att = isset($_POST['attachtn']) ? COM_applyFilter($_POST['attachtn'], true) : 0;
$attachtn = $att == 1 ? 1 : 0;
$table = $queue ? $_TABLES['mg_mediaqueue'] : $_TABLES['mg_media'];
$old_attached_tn = DB_getItem($table, 'media_tn_attached', 'media_id="' . addslashes($media_id) . '"');
if ($old_attached_tn == 0 && $att == 1 && $thumbnail == '') {
$attachtn = 0;
}
$remove_old_tn = 0;
if ($old_attached_tn == 1 && $attachtn == 0) {
$remove_old_tn = 1;
}
$remote_media = DB_getItem($table, 'remote_media', 'media_id="' . addslashes($media_id) . '"');
$remote_url = addslashes(COM_stripslashes($_POST['remoteurl']));
if ($_MG_CONF['htmlallowed']) {
$media_title = COM_checkWords(COM_stripslashes($_POST['media_title']));
$media_desc = COM_checkWords(COM_stripslashes($_POST['media_desc']));
} else {
$media_title = htmlspecialchars(strip_tags(COM_checkWords(COM_stripslashes($_POST['media_title']))));
$media_desc = htmlspecialchars(strip_tags(COM_checkWords(COM_stripslashes($_POST['media_desc']))));
}
$media_time_month = COM_applyFilter($_POST['media_month']);
$media_time_day = COM_applyFilter($_POST['media_day']);
$media_time_year = COM_applyFilter($_POST['media_year']);
$media_time_hour = COM_applyFilter($_POST['media_hour']);
$media_time_minute = COM_applyFilter($_POST['media_minute']);
$original_filename = COM_applyFilter(COM_stripslashes($_POST['original_filename']));
if ($replacefile == 1) {
$original_filename = $filename;
}
$cat_id = COM_applyFilter($_POST['cat_id'], true);
$media_keywords = COM_stripslashes($_POST['media_keywords']);
$media_keywords_safe = substr($media_keywords, 0, 254);
$media_keywords = addslashes(htmlspecialchars(strip_tags(COM_checkWords($media_keywords_safe))));
$artist = addslashes(COM_applyFilter(COM_stripslashes($_POST['artist'])));
$musicalbum = addslashes(COM_applyFilter(COM_stripslashes($_POST['musicalbum'])));
$genre = addslashes(COM_applyFilter(COM_stripslashes($_POST['genre'])));
$media_time = mktime($media_time_hour, $media_time_minute, 0, $media_time_month, $media_time_day, $media_time_year, 1);
$owner_sql = '';
if (isset($_POST['owner_name'])) {
$owner_id = COM_applyFilter($_POST['owner_name'], true);
$owner_sql = ',media_user_id=' . $owner_id . ' ';
}
$sql = "UPDATE " . $table . "\n SET media_title='" . addslashes($media_title) . "',\n media_desc='" . addslashes($media_desc) . "',\n media_original_filename='" . addslashes($original_filename) . "',\n media_time=" . $media_time . ",\n media_tn_attached=" . $attachtn . ",\n media_category=" . intval($cat_id) . ",\n media_keywords='" . $media_keywords . "',\n artist='" . $artist . "',\n album='" . $musicalbum . "',\n genre='" . $genre . "',\n remote_url='" . $remote_url . "' " . $owner_sql . "WHERE media_id='" . addslashes($media_id) . "'";
DB_query($sql);
if (DB_error() != 0) {
echo COM_errorLog("Media Gallery: ERROR Updating image in media database");
}
PLG_itemSaved($media_id, 'mediagallery');
// process playback options if any...
if (isset($_POST['autostart'])) {
// asf
$opt['autostart'] = COM_applyFilter($_POST['autostart'], true);
$opt['enablecontextmenu'] = COM_applyFilter($_POST['enablecontextmenu'], true);
$opt['stretchtofit'] = isset($_POST['stretchtofit']) ? COM_applyFilter($_POST['stretchtofit'], true) : 0;
$opt['showstatusbar'] = COM_applyFilter($_POST['showstatusbar'], true);
$opt['uimode'] = COM_applyFilter($_POST['uimode']);
$opt['height'] = isset($_POST['height']) ? COM_applyFilter($_POST['height'], true) : 0;
$opt['width'] = isset($_POST['width']) ? COM_applyFilter($_POST['width'], true) : 0;
$opt['bgcolor'] = isset($_POST['bgcolor']) ? COM_applyFilter($_POST['bgcolor']) : 0;
$opt['playcount'] = isset($_POST['playcount']) ? COM_applyFilter($_POST['playcount'], true) : 0;
$opt['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0;
if ($opt['playcount'] < 1) {
$opt['playcount'] = 1;
}
MG_savePBOption($media_id, 'autostart', $opt['autostart'], true);
MG_savePBOption($media_id, 'enablecontextmenu', $opt['enablecontextmenu'], true);
if ($opt['stretchtofit'] != '') {
MG_savePBOption($media_id, 'stretchtofit', $opt['stretchtofit'], true);
}
MG_savePBOption($media_id, 'showstatusbar', $opt['showstatusbar'], true);
MG_savePBOption($media_id, 'uimode', $opt['uimode']);
MG_savePBOption($media_id, 'height', $opt['height'], true);
MG_savePBOption($media_id, 'width', $opt['width'], true);
MG_savePBOption($media_id, 'bgcolor', $opt['bgcolor']);
MG_savePBOption($media_id, 'playcount', $opt['playcount'], true);
MG_savePBOption($media_id, 'loop', $opt['loop'], true);
}
if (isset($_POST['play'])) {
// swf
$opt['play'] = COM_applyFilter($_POST['play'], true);
$opt['menu'] = isset($_POST['menu']) ? COM_applyFilter($_POST['menu'], true) : 0;
$opt['quality'] = isset($_POST['quality']) ? COM_applyFilter($_POST['quality']) : '';
$opt['flashvars'] = isset($_POST['flashvars']) ? COM_applyFilter($_POST['flashvars']) : '';
$opt['height'] = COM_applyFilter($_POST['height'], true);
$opt['width'] = COM_applyFilter($_POST['width'], true);
$opt['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0;
$opt['scale'] = isset($_POST['scale']) ? COM_applyFilter($_POST['scale']) : '';
$opt['wmode'] = isset($_POST['wmode']) ? COM_applyFilter($_POST['wmode']) : '';
$opt['allowscriptaccess'] = isset($_POST['allowscriptaccess']) ? COM_applyFilter($_POST['allowscriptaccess']) : '';
$opt['bgcolor'] = isset($_POST['bgcolor']) ? COM_applyFilter($_POST['bgcolor']) : '';
$opt['swf_version'] = isset($_POST['swf_version']) ? COM_applyFilter($_POST['swf_version'], true) : 9;
MG_savePBOption($media_id, 'play', $opt['play'], true);
if ($opt['menu'] != '') {
MG_savePBOption($media_id, 'menu', $opt['menu'], true);
}
MG_savePBOption($media_id, 'quality', $opt['quality']);
MG_savePBOption($media_id, 'flashvars', $opt['flashvars']);
MG_savePBOption($media_id, 'height', $opt['height'], true);
MG_savePBOption($media_id, 'width', $opt['width'], true);
MG_savePBOption($media_id, 'loop', $opt['loop'], true);
MG_savePBOption($media_id, 'scale', $opt['scale']);
MG_savePBOption($media_id, 'wmode', $opt['wmode']);
MG_savePBOption($media_id, 'allowscriptaccess', $opt['allowscriptaccess']);
MG_savePBOption($media_id, 'bgcolor', $opt['bgcolor']);
MG_savePBOption($media_id, 'swf_version', $opt['swf_version'], true);
}
if (isset($_POST['autoplay'])) {
// quicktime
$opt['autoplay'] = COM_applyFilter($_POST['autoplay'], true);
$opt['autoref'] = COM_applyFilter($_POST['autoref'], true);
$opt['controller'] = COM_applyFilter($_POST['controller'], true);
$opt['kioskmode'] = COM_applyFilter($_POST['kioskmode'], true);
$opt['scale'] = COM_applyFilter($_POST['scale']);
$opt['height'] = COM_applyFilter($_POST['height'], true);
$opt['width'] = COM_applyFilter($_POST['width'], true);
$opt['bgcolor'] = COM_applyFilter($_POST['bgcolor']);
$opt['loop'] = COM_applyFilter($_POST['loop'], true);
MG_savePBOption($media_id, 'autoref', $opt['autoref'], true);
MG_savePBOption($media_id, 'autoplay', $opt['autoplay'], true);
MG_savePBOption($media_id, 'controller', $opt['controller'], true);
MG_savePBOption($media_id, 'kioskmode', $opt['kioskmode'], true);
MG_savePBOption($media_id, 'scale', $opt['scale']);
MG_savePBOption($media_id, 'height', $opt['height'], true);
MG_savePBOption($media_id, 'width', $opt['width'], true);
MG_savePBOption($media_id, 'bgcolor', $opt['bgcolor'], true);
MG_savePBOption($media_id, 'loop', $opt['loop'], true);
}
if ($attachtn == 1 && $thumbnail != '') {
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php';
$media_filename = DB_getItem($_TABLES['mg_media'], 'media_filename', 'media_id="' . addslashes($media_id) . '"');
$thumbFilename = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
MG_attachThumbnail($album_id, $thumbnail, $thumbFilename);
}
if ($remove_old_tn == 1) {
$media_filename = DB_getItem($_TABLES['mg_media'], 'media_filename', 'media_id="' . addslashes($media_id) . '"');
$tmpstr = 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
$ext = Media::getMediaExt($_MG_CONF['path_mediaobjects'] . $tmpstr);
if (!empty($ext)) {
@unlink($_MG_CONF['path_mediaobjects'] . $tmpstr . $ext);
}
}
if ($queue) {
echo COM_refresh($actionURL);
} else {
require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
MG_buildAlbumRSS($album_id);
echo COM_refresh($actionURL);
}
exit;
}
$msg = links_save_category($_POST['cid'], $_POST['old_cid'], $_POST['pid'], $_POST['category'], $_POST['description'], COM_applyFilter($_POST['tid']), COM_applyFilter($_POST['owner_id'], true), COM_applyFilter($_POST['group_id'], true), $_POST['perm_owner'], $_POST['perm_group'], $_POST['perm_members'], $_POST['perm_anon']);
$display .= COM_siteHeader('menu', $LANG_LINKS_ADMIN[11]);
$display .= COM_showMessage($msg, 'links');
$display .= links_list_categories($root);
$display .= COM_siteFooter();
// edit category
} else {
if ($mode == 'edit') {
$display .= COM_siteHeader('menu', $LANG_LINKS_ADMIN[56]);
$pid = '';
if (isset($_GET['pid'])) {
$pid = strip_tags(COM_stripslashes($_GET['pid']));
}
$cid = '';
if (isset($_GET['cid'])) {
$cid = strip_tags(COM_stripslashes($_GET['cid']));
}
$display .= links_edit_category($cid, $pid);
$display .= COM_siteFooter();
// nothing, so list categories
} else {
$display .= COM_siteHeader('menu', $LANG_LINKS_ADMIN[11]);
if (isset($_REQUEST['msg'])) {
$msg = COM_applyFilter($_REQUEST['msg'], true);
if ($msg > 0) {
$display .= COM_showMessage($msg, 'links');
}
}
$display .= links_list_categories($root);
$display .= COM_siteFooter();
}
/**
* Saves a poll
*
* Saves a poll topic and potential answers to the database
*
* @param string $pid Poll topic ID
* @param string $old_pid Previous poll topic ID
* @param array $Q Array of poll questions
* @param string $mainpage Checkbox: poll appears on homepage
* @param string $topic The text for the topic
* @param string $meta_description
* @param string $meta_keywords
* @param int $statuscode (unused)
* @param string $open Checkbox: poll open for voting
* @param string $hideresults Checkbox: hide results until closed
* @param int $commentcode Indicates if users can comment on poll
* @param array $A Array of possible answers
* @param array $V Array of vote per each answer
* @param array $R Array of remark per each answer
* @param int $owner_id ID of poll owner
* @param int $group_id ID of group poll belongs to
* @param int $perm_owner Permissions the owner has on poll
* @param int $perm_grup Permissions the group has on poll
* @param int $perm_members Permissions logged in members have on poll
* @param int $perm_anon Permissions anonymous users have on poll
* @return string HTML redirect or error message
*
*/
function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $meta_keywords, $statuscode, $open, $hideresults, $commentcode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$topic = COM_stripslashes($topic);
$meta_description = strip_tags(COM_stripslashes($meta_description));
$meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
$pid = COM_sanitizeID($pid);
$old_pid = COM_sanitizeID($old_pid);
if (empty($pid)) {
if (empty($old_pid)) {
$pid = COM_makeSid();
} else {
$pid = $old_pid;
}
}
// check if any question was entered
if (empty($topic) or count($Q) == 0 or strlen($Q[0]) == 0 or strlen($A[0][0]) == 0) {
$retval .= COM_siteHeader('menu', $LANG25[5]);
$retval .= COM_startBlock($LANG21[32], '', COM_getBlockTemplate('_msg_block', 'header'));
$retval .= $LANG25[2];
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$retval .= COM_siteFooter();
return $retval;
}
if (!SEC_checkToken()) {
COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks.");
return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php');
}
// check for poll id change
if (!empty($old_pid) && $pid != $old_pid) {
// check if new pid is already in use
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
// TBD: abort, display editor with all content intact again
$pid = $old_pid;
// for now ...
}
}
// start processing the poll topic
if ($_POLL_VERBOSE) {
COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
$access = 0;
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
$P = DB_fetchArray($result);
$access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}.");
COM_output($display);
exit;
}
if (empty($voters)) {
$voters = 0;
}
if ($_POLL_VERBOSE) {
COM_errorLog('owner permissions: ' . $perm_owner, 1);
COM_errorLog('group permissions: ' . $perm_group, 1);
COM_errorLog('member permissions: ' . $perm_members, 1);
COM_errorLog('anonymous permissions: ' . $perm_anon, 1);
}
// we delete everything and re-create it with the input from the form
$del_pid = $pid;
if (!empty($old_pid) && $pid != $old_pid) {
$del_pid = $old_pid;
// delete by old pid, create using new pid below
}
DB_delete($_TABLES['polltopics'], 'pid', $del_pid);
DB_delete($_TABLES['pollanswers'], 'pid', $del_pid);
DB_delete($_TABLES['pollquestions'], 'pid', $del_pid);
$topic = addslashes($topic);
$meta_description = addslashes($meta_description);
$meta_keywords = addslashes($meta_keywords);
$k = 0;
// set up a counter to make sure we do assign a straight line of question id's
$v = 0;
// re-count votes sine they might have been changed
// first dimension of array are the questions
$num_questions = count($Q);
for ($i = 0; $i < $num_questions; $i++) {
$Q[$i] = COM_stripslashes($Q[$i]);
if (strlen($Q[$i]) > 0) {
// only insert questions that exist
$Q[$i] = addslashes($Q[$i]);
DB_save($_TABLES['pollquestions'], 'qid, pid, question', "'{$k}', '{$pid}', '{$Q[$i]}'");
// within the questions, we have another dimensions with answers,
// votes and remarks
$num_answers = count($A[$i]);
for ($j = 0; $j < $num_answers; $j++) {
$A[$i][$j] = COM_stripslashes($A[$i][$j]);
if (strlen($A[$i][$j]) > 0) {
// only insert answers etc that exist
if (!is_numeric($V[$i][$j])) {
$V[$i][$j] = "0";
}
$A[$i][$j] = addslashes($A[$i][$j]);
$R[$i][$j] = addslashes($R[$i][$j]);
$sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');";
DB_query($sql);
$v = $v + $V[$i][$j];
}
}
$k++;
}
}
// save topics after the questions so we can include question count into table
$sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$v}, {$k}, '" . date('Y-m-d H:i:s');
if ($mainpage == 'on') {
$sql .= "',1";
} else {
$sql .= "',0";
}
if ($open == 'on') {
$sql .= ",1";
} else {
$sql .= ",0";
}
if ($hideresults == 'on') {
$sql .= ",1";
} else {
$sql .= ",0";
}
$sql .= ",'{$statuscode}','{$commentcode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}";
// Save poll topic
DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, date, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon", $sql);
if (empty($old_pid) || $old_pid == $pid) {
PLG_itemSaved($pid, 'polls');
} else {
DB_change($_TABLES['comments'], 'sid', addslashes($pid), array('sid', 'type'), array(addslashes($old_pid), 'polls'));
PLG_itemSaved($pid, 'polls', $old_pid);
}
if ($_POLL_VERBOSE) {
COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19);
return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=19');
}
/**
* Creates the edit form
* @param integer $id Optional ID, current record used if zero
* @return string HTML for edit form
*/
public function Edit($eid = '', $rp_id = 0, $saveaction = '')
{
global $_CONF, $_EV_CONF, $_TABLES, $_USER, $LANG_EVLIST, $LANG_ADMIN, $_GROUPS, $LANG_ACCESS, $_SYSTEM;
// If an eid is specified and this is an object, then read the
// event data- UNLESS a repeat ID is given in which case we're
// editing a repeat and already have the info we need.
// This probably needs to change, since we should always read event
// data during construction.
if (!$this->isSubmitter) {
// At least submit privilege required
COM_404();
} elseif ($eid != '' && $rp_id == 0 && is_object($this)) {
// If an id is passed in, then read that record
if (!$this->Read($eid)) {
return 'Invalid object ID';
}
} elseif (isset($_POST['eid']) && !empty($_POST['eid'])) {
// Returning to an existing form, probably due to errors
$this->SetVars($_POST);
// Make sure the current user has access to this event.
if (!$this->hasAccess(3)) {
COM_404();
}
}
$T = new Template($_CONF['path'] . 'plugins/evlist/templates/');
if ($_SYSTEM['disable_jquery_slimbox']) {
$T->set_file('editor', 'editor.uikit.thtml');
} else {
$T->set_file('editor', 'editor.thtml');
}
// Basic tabs for editing both events and instances, show up on
// all edit forms
//$tabs = array('ev_info', 'ev_schedule', 'ev_location', 'ev_contact',);
$tabs = array('ev_info', 'ev_location', 'ev_contact');
$rp_id = (int) $rp_id;
if ($rp_id > 0) {
// Make sure the current user has access to this event.
if (!$this->hasAccess(3)) {
COM_404();
}
if ($saveaction == 'savefuturerepeat') {
$alert_msg = EVLIST_alertMessage($LANG_EVLIST['editing_future'], 'warning');
} else {
$alert_msg = EVLIST_alertMessage($LANG_EVLIST['editing_instance'], 'info');
}
//$T->clear_var('contact_section');
$T->clear_var('category_section');
$T->clear_var('permissions_editor');
// Set the static calendar name for the edit form. Can't
// change it for a single instance.
$cal_name = DB_getItem($_TABLES['evlist_calendars'], 'cal_name', "cal_id='" . (int) $this->cal_id . "'");
$T->set_var(array('contact_section' => 'true', 'is_repeat' => 'true', 'cal_name' => $cal_name));
// Override our dates & times with those from the repeat.
// $rp_id is passed when this is called from class evRepeat.
// Maybe that should pass in the repeat's data instead to avoid
// another DB lookup. An array of values could be used.
$Rep = DB_fetchArray(DB_query("SELECT * \n FROM {$_TABLES['evlist_repeat']}\n WHERE rp_id='{$rp_id}'"), false);
if ($Rep) {
$this->date_start1 = $Rep['rp_date_start'];
$this->date_end1 = $Rep['rp_date_end'];
$this->time_start1 = $Rep['rp_time_start1'];
$this->time_end1 = $Rep['rp_time_end1'];
$this->time_start2 = $Rep['rp_time_start2'];
$this->time_end2 = $Rep['rp_time_end2'];
}
} else {
// Editing the main event record
if ($this->id != '' && $this->recurring == 1) {
$alert_msg = EVLIST_alertMessage($LANG_EVLIST['editing_series'], 'error');
}
if ($this->isAdmin) {
$tabs[] = 'ev_perms';
// Add permissions tab, event edit only
$T->set_var('permissions_editor', 'true');
}
$T->set_var(array('contact_section' => 'true', 'category_section' => 'true', 'upcoming_chk' => $this->show_upcoming ? EVCHECKED : ''));
}
$action_url = EVLIST_URL . '/event.php';
$delaction = 'delevent';
if (isset($_GET['from']) && $_GET['from'] == 'admin') {
$cancel_url = EVLIST_ADMIN_URL . '/index.php';
} else {
$cancel_url = EVLIST_URL . '/index.php';
}
switch ($saveaction) {
case 'saverepeat':
case 'savefuturerepeat':
case 'saveevent':
break;
case 'moderate':
// Approving a submission
$saveaction = 'approve';
$delaction = 'disapprove';
$action_url = EVLIST_ADMIN_URL . '/index.php';
$cancel_url = $_CONF['site_admin_url'] . '/moderation.php';
break;
default:
$saveaction = 'saveevent';
break;
}
$retval = '';
//$recinterval = '';
$recweekday = '';
$ownerusername = DB_getItem($_TABLES['users'], 'username', "uid='{$this->owner_id}'");
$retval .= COM_startBlock($LANG_EVLIST['event_editor']);
$summary = $this->Detail->summary;
$full_description = $this->Detail->full_description;
$location = $this->Detail->location;
if (($this->isAdmin || $_EV_CONF['allow_html'] == '1' && $_USER['uid'] > 1) && $A['postmode'] == 'html') {
$postmode = '2';
//html
} else {
$postmode = '1';
//plaintext
$summary = htmlspecialchars(COM_undoClickableLinks(COM_undoSpecialChars($this->Detail->summary)));
$full_description = htmlspecialchars(COM_undoClickableLinks(COM_undoSpecialChars($this->Detail->full_description)));
$location = htmlspecialchars(COM_undoClickableLinks(COM_undoSpecialChars($this->Detail->location)));
}
$starthour2 = '';
$startminute2 = '';
$endhour2 = '';
$endminute2 = '';
if ($this->date_end1 == '' || $this->date_end1 == '0000-00-00') {
$this->date_end1 = $this->date_start1;
}
if ($this->date_start1 != '' && $this->date_start1 != '0000-00-00') {
list($startmonth1, $startday1, $startyear1, $starthour1, $startminute1) = $this->DateParts($this->date_start1, $this->time_start1);
} else {
list($startmonth1, $startday1, $startyear1, $starthour1, $startminute1) = $this->DateParts(date('Y-m-d', time()), date('H:i:s', time()));
}
// The end date can't be before the start date
if ($this->date_end1 >= $this->date_start1) {
list($endmonth1, $endday1, $endyear1, $endhour1, $endminute1) = $this->DateParts($this->date_end1, $this->time_end1);
$days_interval = Date_Calc::dateDiff($endday1, $endmonth1, $endyear1, $startday1, $startmonth1, $startyear1);
} else {
$days_interval = 0;
$endmonth1 = $startmonth1;
$endday1 = $startday1;
$endyear1 = $startyear1;
$endhour1 = $starthour1;
$endminute1 = $startminute1;
}
if ($this->recurring != '1') {
$T->set_var(array('recurring_show' => ' style="display:none;"', 'format_opt' => '0'));
//for ($i = 1; $i <= 6; $i++) {
// $T->set_var('format' . $i . 'show', ' style="display:none;"');
//}
} else {
$option = empty($this->rec_data['type']) ? '0' : (int) $this->rec_data['type'];
$T->set_var(array('recurring_show' => '', 'recurring_checked' => EVCHECKED, 'format_opt' => $option));
}
if (isset($this->rec_data['stop']) && !empty($this->rec_data['stop'])) {
$T->set_var(array('stopdate' => $this->rec_data['stop'], 'd_stopdate' => EVLIST_formattedDate($this->rec_data['stop'])));
}
if (!empty($this->rec_data['skip'])) {
$T->set_var("skipnext{$this->rec_data['skip']}_checked", EVCHECKED);
}
if (!empty($this->rec_data['freq'])) {
$freq = (int) $this->rec_data['freq'];
if ($freq < 1) {
$freq = 1;
}
} else {
$freq = 1;
}
$T->set_var(array('freq_text' => $LANG_EVLIST['rec_periods'][$this->rec_data['type']] . '(s)', 'rec_freq' => $freq));
foreach ($LANG_EVLIST['rec_intervals'] as $key => $str) {
$T->set_var('dom_int_txt_' . $key, $str);
if (is_array($this->rec_data['interval'])) {
if (in_array($key, $this->rec_data['interval'])) {
$T->set_var('dom_int_chk_' . $key, EVCHECKED);
}
}
}
// Set up the recurring options needed for the current event
switch ($option) {
case 0:
break;
case EV_RECUR_MONTHLY:
if (is_array($this->rec_data['listdays'])) {
foreach ($this->rec_data['listdays'] as $mday) {
$T->set_var('mdchk' . $mday, EVCHECKED);
}
}
break;
case EV_RECUR_WEEKLY:
$T->set_var('listdays_val', COM_stripslashes($rec_data[0]));
if (is_array($this->rec_data['listdays']) && !empty($this->rec_data['listdays'])) {
foreach ($this->rec_data['listdays'] as $day) {
$day = (int) $day;
if ($day > 0 && $day < 8) {
$T->set_var('daychk' . $day, EVCHECKED);
}
}
}
break;
case EV_RECUR_DOM:
$recweekday = $this->rec_data['weekday'];
break;
case EV_RECUR_DATES:
$T->set_var(array('stopshow' => 'style="display:none;"', 'custom_val' => implode(',', $this->rec_data['custom'])));
break;
}
$start1 = EVLIST_TimeSelect('start1', $this->time_start1);
$start2 = EVLIST_TimeSelect('start2', $this->time_start2);
$end1 = EVLIST_TimeSelect('end1', $this->time_end1);
$end2 = EVLIST_TimeSelect('end2', $this->time_end2);
$cal_select = COM_optionList($_TABLES['evlist_calendars'], 'cal_id,cal_name', $this->cal_id, 1, 'cal_status = 1 ' . COM_getPermSQL('AND', 0, 2));
USES_class_navbar();
$navbar = new navbar();
$cnt = 0;
foreach ($tabs as $id) {
$navbar->add_menuitem($LANG_EVLIST[$id], 'showhideEventDiv("' . $id . '",' . $cnt . ');return false;', true);
$cnt++;
}
$navbar->set_selected($LANG_EVLIST['ev_info']);
if ($this->AdminMode) {
$action_url .= '?admin=true';
}
$T->set_var(array('action_url' => $action_url, 'navbar' => $navbar->generate(), 'alert_msg' => $alert_msg, 'cancel_url' => $cancel_url, 'eid' => $this->id, 'rp_id' => $rp_id, 'title' => $this->Detail->title, 'summary' => $summary, 'description' => $full_description, 'location' => $location, 'status_checked' => $this->status == 1 ? EVCHECKED : '', 'url' => $this->Detail->url, 'street' => $this->Detail->street, 'city' => $this->Detail->city, 'province' => $this->Detail->province, 'country' => $this->Detail->country, 'postal' => $this->Detail->postal, 'contact' => $this->Detail->contact, 'email' => $this->Detail->email, 'phone' => $this->Detail->phone, 'startdate1' => $this->date_start1, 'enddate1' => $this->date_end1, 'd_startdate1' => EVLIST_formattedDate($this->date_start1), 'd_enddate1' => EVLIST_formattedDate($this->date_end1), 'start_hour_options1' => $start1['hour'], 'start_minute_options1' => $start1['minute'], 'startdate1_ampm' => $start1['ampm'], 'end_hour_options1' => $end1['hour'], 'end_minute_options1' => $end1['minute'], 'enddate1_ampm' => $end1['ampm'], 'start_hour_options2' => $start2['hour'], 'start_minute_options2' => $start2['minute'], 'startdate2_ampm' => $start2['ampm'], 'end_hour_options2' => $end2['hour'], 'end_minute_options2' => $end2['minute'], 'enddate2_ampm' => $end2['ampm'], 'recurring_format_options' => EVLIST_GetOptions($LANG_EVLIST['rec_formats'], $option), 'recurring_weekday_options' => EVLIST_GetOptions(Date_Calc::getWeekDays(), $recweekday, 1), 'dailystop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['day_by_date'], ''), 'monthlystop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['year_and_month'], $LANG_EVLIST['if_any']), 'yearlystop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['year'], $LANG_EVLIST['if_any']), 'listdays_label' => sprintf($LANG_EVLIST['custom_label'], $LANG_EVLIST['days_of_week'], ''), 'listdaystop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['date_l'], $LANG_EVLIST['if_any']), 'intervalstop_label' => sprintf($LANG_EVLIST['stop_label'], $LANG_EVLIST['year_and_month'], $LANG_EVLIST['if_any']), 'custom_label' => sprintf($LANG_EVLIST['custom_label'], $LANG_EVLIST['dates'], ''), 'datestart_note' => $LANG_EVLIST['datestart_note'], 'src' => isset($_GET['src']) && $_GET['src'] == 'a' ? '1' : '0', 'rem_status_checked' => $this->enable_reminders == 1 ? EVCHECKED : '', 'del_button' => $this->id == '' ? '' : 'true', 'saveaction' => $saveaction, 'delaction' => $delaction, 'owner_id' => $this->owner_id, 'enable_reminders' => $_EV_CONF['enable_reminders'], 'iso_lang' => EVLIST_getIsoLang(), 'hour_mode' => $_CONF['hour_mode'], 'days_interval' => $days_interval, 'display_format' => $_CONF['shortdate'], 'ts_start' => strtotime($this->date_start1), 'ts_end' => strtotime($this->date_end1), 'cal_select' => $cal_select, 'contactlink_chk' => $this->options['contactlink'] == 1 ? EVCHECKED : '', 'lat' => $this->Detail->lat, 'lng' => $this->Detail->lng, 'perm_msg' => $LANG_ACCESS['permmsg'], 'last' => $LANG_EVLIST['rec_intervals'][5], 'doc_url' => EVLIST_getDocURL('event.html'), 'mootools' => $_SYSTEM['disable_mootools'] ? '' : 'true'));
if ($_EV_CONF['enable_rsvp']) {
USES_evlist_class_tickettype();
$TickTypes = evTicketType::GetTicketTypes();
//$T->set_block('editor', 'Tickets', 'tTypes');
$tick_opts = '';
foreach ($TickTypes as $tick_id => $tick_obj) {
// Check enabled tickets. Ticket type 1 enabled by default
if (isset($this->options['tickets'][$tick_id]) || $tick_id == 1) {
$checked = 'checked="checked"';
$fee = (double) $this->options['tickets'][$tick_id]['fee'];
} else {
$checked = '';
$fee = 0;
}
$tick_opts .= '<tr><td><input name="tickets[' . $tick_id . ']" type="checkbox" ' . $checked . ' value="' . $tick_id . '" /></td>' . '<td>' . $tick_obj->description . '</td>' . '<td><input type="text" name="tick_fees[' . $tick_id . ']" value="' . $fee . '" size="8" /></td></tr>' . LB;
/*$T->set_var(array(
'tick_id' => $tic['id'],
'tick_desc' => $tic['description'],
'tick_fee' => $fee,
'tick_enabled' => $enabled ? 'checked="checked"' : '',
) ) ;
//$T->parse('tTypes', 'Tickets', true);*/
}
if ($_EV_CONF['rsvp_print'] > 0) {
$rsvp_print_chk = 'rsvp_print_chk' . $this->options['rsvp_print'];
$rsvp_print = 'true';
} else {
$rsvp_print = '';
$rsvp_print_chk = 'no_rsvp_print';
}
$T->set_var(array('enable_rsvp' => 'true', 'reg_chk' . $this->options['use_rsvp'] => EVCHECKED, 'rsvp_wait_chk' => $this->options['rsvp_waitlist'] == 1 ? EVCHECKED : '', 'max_rsvp' => $this->options['max_rsvp'], 'max_user_rsvp' => $this->options['max_user_rsvp'], 'rsvp_cutoff' => $this->options['rsvp_cutoff'], 'use_rsvp' => $this->options['use_rsvp'], 'rsvp_waitlist' => $this->options['rsvp_waitlist'], 'tick_opts' => $tick_opts, 'rsvp_print' => $rsvp_print, $rsvp_print_chk => 'checked="checked"'));
}
// if rsvp_enabled
// Split & All-Day settings
if ($this->allday == 1) {
// allday, can't be split, no times
$T->set_var(array('starttime1_show' => 'style="display:none;"', 'endtime1_show' => 'style="display:none;"', 'datetime2_show' => 'style="display:none;"', 'allday_checked' => EVCHECKED, 'split_checked' => '', 'split_show' => 'style="display:none;"'));
} elseif ($this->split == '1') {
$T->set_var(array('split_checked' => EVCHECKED, 'allday_checked' => '', 'allday_show' => 'style="display:none"'));
} else {
$T->set_var(array('datetime2_show' => 'style="display:none;"'));
}
// Category fields. If $_POST['categories'] is set, then this is a
// form re-entry due to an error saving. Populate checkboxes from the
// submitted form. Include the user-added category, if any.
// If not from a form re-entry, get the checked categories from the
// evlist_lookup table.
if ($_EV_CONF['enable_categories'] == '1') {
$cresult = DB_query("SELECT tc.id, tc.name\n FROM {$_TABLES['evlist_categories']} tc \n WHERE tc.status='1' ORDER BY tc.name");
while ($A = DB_fetchArray($cresult, false)) {
if (isset($_POST['categories']) && is_array($_POST['categories'])) {
// Coming from a form re-entry
$chk = in_array($A['id'], $_POST['categories']) ? EVCHECKED : '';
} else {
$chk = in_array($A['id'], $this->categories) ? EVCHECKED : '';
}
$catlist .= '<input type="checkbox" name="categories[]" ' . 'value="' . $A['id'] . '" ' . $chk . ' />' . ' ' . $A['name'] . ' ';
}
$T->set_var('catlist', $catlist);
if (isset($_POST['newcat'])) {
$T->set_var('newcat', $_POST['newcat']);
}
if ($_USER['uid'] > 1 && $rp_id == 0) {
$T->set_var('category_section', 'true');
$T->set_var('add_cat_input', 'true');
}
}
// Enable the post mode selector if we allow HTML and the user is
// logged in, or if this user is an authorized editor
if ($this->isAdmin || $_EV_CONF['allow_html'] == '1' && $_USER['uid'] > 1) {
$T->set_var(array('postmode_options' => EVLIST_GetOptions($LANG_EVLIST['postmodes'], $postmode), 'allowed_html' => COM_allowedHTML('evlist.submit')));
if ($postmode == 'plaintext') {
// plaintext, hide postmode selector
$T->set_var('postmode_show', ' style="display:none"');
}
$T->parse('event_postmode', 'edit_postmode');
}
if ($this->isAdmin) {
$T->set_var(array('owner_username' => COM_stripslashes($ownerusername), 'owner_dropdown' => COM_optionList($_TABLES['users'], 'uid,username', $this->owner_id, 1, "uid <> 1"), 'group_dropdown' => SEC_getGroupDropdown($this->group_id, 3)));
if ($rp_id == 0) {
// can only change permissions on main event
$T->set_var('permissions_editor', SEC_getPermissionsHTML($this->perm_owner, $this->perm_group, $this->perm_members, $this->perm_anon));
}
} else {
$T->set_var('group_id', $this->group_id);
}
// Latitude & Longitude part of location, if Location plugin is used
if ($_EV_CONF['use_locator']) {
$T->set_var(array('use_locator' => 'true', 'loc_selection' => GEO_optionList()));
}
$T->parse('output', 'editor');
$retval .= $T->finish($T->get_var('output'));
$retval .= COM_endBlock();
return $retval;
}
/**
* Input validation
*
* @param mixed
* @return mixed
*/
function _validate_input($config, $group, &$input_val)
{
if (is_array($input_val)) {
$r = array();
$is_num = true;
$max_key = -1;
foreach ($input_val as $key => $val) {
if ($key !== 'placeholder') {
$r[$key] = $this->_validate_input($config, $group, $val);
if (is_numeric($key)) {
if ($key > $max_key) {
$max_key = $key;
}
} else {
$is_num = false;
}
}
}
if ($is_num && $max_key >= 0 && $max_key + 1 != count($r)) {
// re-number keys
$r2 = array();
foreach ($r as $val) {
$r2[] = $val;
}
$r = $r2;
}
} else {
$r = COM_stripslashes($input_val);
if ($r == 'b:0' or $r == 'b:1') {
$r = $r == 'b:1';
}
//if (is_numeric($r)) {
if (is_numeric($r) && $this->_validate_numeric($config, $group)) {
$r = $r + 0;
}
}
return $r;
}
/**
* Saves a block
*
* @param string $bid Block ID
* @param string $title Block title
* @param string $type Type of block
* @param int $blockorder Order block appears relative to the others
* @param string $content Content of block
* @param string $tid Ids of topics block is assigned to
* @param string $rdfurl URL to headline feed for portal blocks
* @param string $rdfupdated Date RSS/RDF feed was last updated
* @param string $rdflimit max. number of entries to import from feed
* @param string $phpblockfn Name of php function to call to get content
* @param int $onleft Flag indicates if block shows up on left or right
* @param int $owner_id ID of owner
* @param int $group_id ID of group block belongs to
* @param array $perm_owner Permissions the owner has on the object
* @param array $perm_group Permissions the group has on the object
* @param array $perm_members Permissions the logged in members have
* @param array $perm_anon Permissinos anonymous users have
* @param int $is_enabled Flag, indicates if block is enabled or not
* @return string HTML redirect or error message
*
*/
function saveblock($bid, $name, $title, $help, $type, $blockorder, $content, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags, $cache_time)
{
global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE, $_USER;
$retval = '';
$title = DB_escapeString(COM_stripslashes(strip_tags($title)));
$phpblockfn = DB_escapeString(COM_stripslashes(trim($phpblockfn)));
if (empty($title) || !TOPIC_checkTopicSelectionControl()) {
$retval .= COM_showMessageText($LANG21[64], $LANG21[63]) . editblock($bid);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[63]));
return $retval;
}
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$access = 0;
if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !TOPIC_hasMultiTopicAccess('topic') || !SEC_inGroup($group_id)) {
$retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}.");
return $retval;
} elseif (!empty($name) and ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'phpblock' && !empty($phpblockfn) && !empty($title) or $type == 'gldefault' && strlen($blockorder) > 0)) {
if ($is_enabled == 'on') {
$is_enabled = 1;
} else {
$is_enabled = 0;
}
if ($allow_autotags == 'on') {
$allow_autotags = 1;
} else {
$allow_autotags = 0;
}
if ($cache_time < -1 or $cache_time == "") {
$cache_time = $_CONF['default_cache_time_block'];
}
if ($type == 'portal') {
$content = '';
$rdfupdated = '';
$phpblockfn = '';
// get rid of possible extra prefixes (e.g. "feed://http://...")
if (substr($rdfurl, 0, 4) == 'rss:') {
$rdfurl = substr($rdfurl, 4);
} elseif (substr($rdfurl, 0, 5) == 'feed:') {
$rdfurl = substr($rdfurl, 5);
}
if (substr($rdfurl, 0, 2) == '//') {
$rdfurl = substr($rdfurl, 2);
}
$rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https'));
}
if ($type == 'gldefault') {
$content = '';
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
}
if ($type == 'phpblock') {
// NOTE: PHP Blocks must be within a function and the function
// must start with phpblock_ as the prefix. This will prevent
// the arbitrary execution of code
if (!stristr($phpblockfn, 'phpblock_')) {
$retval .= COM_showMessageText($LANG21[38], $LANG21[37]) . editblock($bid);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[37]));
return $retval;
}
$content = '';
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
}
if ($type == 'normal') {
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
if ($allow_autotags == 1) {
// Remove any autotags the user doesn't have permission to use
$content = PLG_replaceTags($content, '', true);
}
$content = DB_escapeString($content);
}
if ($rdflimit < 0) {
$rdflimit = 0;
}
if (!empty($rdfurl)) {
$rdfurl = DB_escapeString($rdfurl);
}
if (empty($rdfupdated)) {
$rdfupdated = '0000-00-00 00:00:00';
}
if ($bid > 0) {
DB_save($_TABLES['blocks'], 'bid,name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time,rdf_last_modified,rdf_etag', "{$bid},'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time},NULL,NULL");
} else {
$sql = array();
$sql['mysql'] = $sql['mssql'] = "INSERT INTO {$_TABLES['blocks']} " . '(name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time) ' . "VALUES ('{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time})";
$sql['pgsql'] = "INSERT INTO {$_TABLES['blocks']} " . '(bid,name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time) ' . "VALUES ((SELECT NEXTVAL('{$_TABLES['blocks']}_bid_seq')),'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','1970-01-01','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time})";
DB_query($sql);
$bid = DB_insertId();
}
TOPIC_saveTopicSelectionControl('block', $bid);
$cacheInstance = 'block__' . $bid . '__';
// remove any of this blocks instances if exists
CACHE_remove_instance($cacheInstance);
return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=11');
} else {
if (empty($name)) {
// empty block name
$msgtxt = $LANG21[50];
} elseif ($type == 'portal') {
// Portal block is missing fields
$msgtxt = $LANG21[33];
} elseif ($type == 'phpblock') {
// PHP Block is missing field
$msgtxt = $LANG21[34];
} elseif ($type == 'normal') {
// Normal block is missing field
$msgtxt = $LANG21[35];
} elseif ($type == 'gldefault') {
// Default geeklog field missing
$msgtxt = $LANG21[42];
} else {
// Layout block missing content
$msgtxt = $LANG21[36];
}
$retval .= COM_showMessageText($msgtxt, $LANG21[32]) . editblock($bid);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[32]));
}
return $retval;
}
/**
* Handles a comment edit submission
*
* @copyright Jared Wenerd 2008
* @author Jared Wenerd, wenerd87 AT gmail DOT com
* @param string $mode 'edit' or 'editsubmission'
* @return string HTML (possibly a refresh)
*/
function handleEdit($mode)
{
global $_TABLES, $LANG03;
//get needed data
$cid = COM_applyFilter($_REQUEST['cid']);
if ($mode == 'editsubmission') {
$table = $_TABLES['commentsubmissions'];
$result = DB_query("SELECT type, sid FROM {$_TABLES['commentsubmissions']} WHERE cid = {$cid}");
list($type, $sid) = DB_fetchArray($result);
} else {
$sid = COM_applyFilter($_REQUEST['sid']);
$type = COM_applyFilter($_REQUEST['type']);
$table = $_TABLES['comments'];
}
//check for bad data
if (!is_numeric($cid) || $cid < 0 || empty($sid) || empty($type)) {
COM_errorLog("handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment with one or more missing/bad values.');
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$result = DB_query("SELECT title,comment FROM {$table} " . "WHERE cid = {$cid} AND sid = '{$sid}' AND type = '{$type}'");
if (DB_numRows($result) == 1) {
$A = DB_fetchArray($result);
$title = COM_stripslashes($A['title']);
$commenttext = COM_stripslashes(COM_undoSpecialChars($A['comment']));
//remove signature
$pos = strpos($commenttext, '<!-- COMMENTSIG --><span class="comment-sig">');
if ($pos > 0) {
$commenttext = substr($commenttext, 0, $pos);
}
//get format mode
if (preg_match('/<.*>/', $commenttext) != 0) {
$postmode = 'html';
} else {
$postmode = 'plaintext';
}
} else {
COM_errorLog("handleEdit(): {$_USER['uid']} from {$_SERVER['REMOTE_ADDR']} tried " . 'to edit a comment that doesn\'t exist as described.');
return COM_refresh($_CONF['site_url'] . '/index.php');
}
return COM_siteHeader('menu', $LANG03[1]) . CMT_commentForm($title, $commenttext, $sid, $cid, $type, $mode, $postmode) . COM_siteFooter();
}
exit;
} else {
$content .= 'Function not available';
}
break;
case 'view':
default:
if (empty($eid)) {
// Default action, view the calendar or event
COM_setArgNames(array('eid', 'ts', 'range', 'cat'));
$eid = COM_sanitizeID(COM_getArgument('eid'), false);
}
if (!empty($eid)) {
USES_evlist_class_repeat();
$Rep = new evRepeat($eid);
$pagetitle = COM_stripslashes($Rep->Event->title);
if ($view == 'print') {
$template = 'event_print';
$query = '';
}
$query = isset($_GET['query']) ? $_GET['query'] : '';
$content .= $Rep->Detail('', $query, $template);
} else {
// Shouldn't be in this file without an event ID to display or edit
echo COM_refresh(EVLIST_URL . '/index.php');
exit;
}
break;
}
$display = EVLIST_siteHeader($pagetitle);
$display .= EVLIST_calHeader(date('Y'), date('m'), date('d'), 'detail', $cat_id, $cal_id);
/**
* Mails the contents of the contact form to that user
*
* @param int $uid User ID of person to send email to
* @param bool $cc Whether to send a copy of the message to the author
* @param string $author The name of the person sending the email
* @param string $authoremail Email address of person sending the email
* @param string $subject Subject of email
* @param string $message Text of message to send
* @return string Meta redirect or HTML for the contact form
*/
function CONTACT_contactemail($uid, $cc, $author, $authoremail, $subject, $message)
{
global $_CONTACT_CONF, $_CONF, $_TABLES, $_USER, $LANG04, $LANG08, $LANG12, $MESSAGE;
$retval = '';
// check for correct $_CONF permission
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailuserloginrequired'] == 1) && $uid != 2) {
return COM_refresh($_CONF['site_url'] . '/index.php?msg=85');
}
// check for correct 'to' user preferences
$result = DB_query("SELECT emailfromadmin,emailfromuser FROM {$_TABLES['userprefs']} WHERE uid = '{$uid}'");
$P = DB_fetchArray($result);
if (SEC_inGroup('Root') || SEC_hasRights('user.mail')) {
$isAdmin = true;
} else {
$isAdmin = false;
}
if ($P['emailfromadmin'] != 1 && $isAdmin || $P['emailfromuser'] != 1 && !$isAdmin) {
return COM_refresh($_CONF['site_url'] . '/index.php?msg=85');
}
// check mail speedlimit
COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
$last = COM_checkSpeedlimit('mail');
if ($last > 0) {
$return .= COM_startBlock($LANG12[26], '', COM_getBlockTemplate('_msg_block', 'header')) . $LANG08[39] . $last . $LANG08[40] . COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
return $return;
}
if (!empty($author) && !empty($subject) && !empty($message)) {
if (COM_isemail($authoremail) && strpos($author, '@') === false) {
$result = DB_query("SELECT username,fullname,email FROM {$_TABLES['users']} WHERE uid = {$uid}");
$A = DB_fetchArray($result);
// Append the user's signature to the message
$sig = '';
if (!COM_isAnonUser()) {
$sig = DB_getItem($_TABLES['users'], 'sig', "uid={$_USER['uid']}");
if (!empty($sig)) {
$sig = strip_tags(COM_stripslashes($sig));
$sig = "\n\n-- \n" . $sig;
}
}
$subject = COM_stripslashes($subject);
$message = COM_stripslashes($message);
// do a spam check with the unfiltered message text and subject
$mailtext = $subject . "\n" . $message . $sig;
$result = PLG_checkforSpam($mailtext, $_CONF['spamx']);
if ($result > 0) {
COM_updateSpeedlimit('mail');
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$msg = PLG_itemPreSave('contact', $message);
if (!empty($msg)) {
define("CONTACT_TITLE", $LANG04[81]);
$retval .= COM_errorLog($msg, 2) . CONTACT_contactform($uid, $cc, $subject, $message);
return $retval;
}
$subject = strip_tags($subject);
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
$message = strip_tags($message) . $sig;
if (!empty($A['fullname'])) {
$to = COM_formatEmailAddress($A['fullname'], $A['email']);
} else {
$to = COM_formatEmailAddress($A['username'], $A['email']);
}
$from = COM_formatEmailAddress($author, $authoremail);
$sent = COM_mail($to, $subject, $message, $from);
if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') {
$ccmessage = sprintf($LANG08[38], COM_getDisplayName($uid, $A['username'], $A['fullname']));
$ccmessage .= "\n------------------------------------------------------------\n\n" . $message;
$sent = COM_mail($from, $subject, $ccmessage, $from);
}
COM_updateSpeedlimit('mail');
$retval .= COM_refresh($_CONF['site_url'] . '/' . $_CONTACT_CONF['folder_name'] . '/index.php?what=msg&msg=' . urlencode($sent ? $MESSAGE['27'] : $MESSAGE['85']));
} else {
$subject = strip_tags($subject);
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
$subject = htmlspecialchars(trim($subject), ENT_QUOTES);
define("CONTACT_TITLE", $LANG04[81]);
$retval .= COM_errorLog($LANG08[3], 2) . CONTACT_contactform($uid, $cc, $subject, $message);
}
} else {
$subject = strip_tags($subject);
$subject = substr($subject, 0, strcspn($subject, "\r\n"));
$subject = htmlspecialchars(trim($subject), ENT_QUOTES);
define("CONTACT_TITLE", $LANG04[81]);
$retval .= COM_errorLog($LANG08[4], 2) . CONTACT_contactform($uid, $cc, $subject, $message);
}
return $retval;
}
function CLASSIFIEDS_saveImage($ad, $FILES, $clid)
{
global $_CONF, $_CLASSIFIEDS_CONF, $_TABLES, $LANG24;
$args =& $ad;
// Handle Magic GPC Garbage:
while (list($key, $value) = each($args)) {
if (!is_array($value)) {
$args[$key] = COM_stripslashes($value);
} else {
while (list($subkey, $subvalue) = each($value)) {
$value[$subkey] = COM_stripslashes($subvalue);
}
}
}
// Delete any images if needed
if (array_key_exists('delete', $args)) {
$delete = count($args['delete']);
for ($i = 1; $i <= $delete; $i++) {
$pi_filename = DB_getItem($_TABLES['cl_pic'], 'pi_filename', 'pi_pid = ' . $clid . ' AND pi_img_num = ' . key($args['delete']));
CLASSIFIEDS_deleteImage($pi_filename);
DB_query("DELETE FROM {$_TABLES['cl_pic']} WHERE pi_pid = " . $clid . " AND pi_img_num = " . key($args['delete']));
next($args['delete']);
}
}
// OK, let's upload any pictures with the ad
if (DB_count($_TABLES['cl_pic'], 'pi_pid', $clid) > 0) {
$index_start = DB_getItem($_TABLES['cl_pic'], 'max(pi_img_num)', "pi_pid = '" . $clid . "'") + 1;
} else {
$index_start = 1;
}
if (count($FILES) > 0 and $_CLASSIFIEDS_CONF['max_images_per_ad'] > 0) {
require_once $_CONF['path_system'] . 'classes/upload.class.php';
$upload = new upload();
//Debug with story debug function
if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
$upload->setLogFile($_CONF['path'] . 'logs/error.log');
$upload->setDebug(true);
}
$upload->setMaxFileUploads($_CLASSIFIEDS_CONF['max_images_per_ad']);
if (!empty($_CONF['image_lib'])) {
if ($_CONF['image_lib'] == 'imagemagick') {
// Using imagemagick
$upload->setMogrifyPath($_CONF['path_to_mogrify']);
} elseif ($_CONF['image_lib'] == 'netpbm') {
// using netPBM
$upload->setNetPBM($_CONF['path_to_netpbm']);
} elseif ($_CONF['image_lib'] == 'gdlib') {
// using the GD library
$upload->setGDLib();
}
$upload->setAutomaticResize(true);
$upload->keepOriginalImage(false);
if (isset($_CONF['jpeg_quality'])) {
$upload->setJpegQuality($_CONF['jpeg_quality']);
}
}
$upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
if (!$upload->setPath($_CLASSIFIEDS_CONF['path_images'])) {
$output = COM_siteHeader('menu', $LANG24[30]);
$output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= $upload->printErrors(false);
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$output .= COM_siteFooter();
echo $output;
exit;
}
// NOTE: if $_CONF['path_to_mogrify'] is set, the call below will
// force any images bigger than the passed dimensions to be resized.
// If mogrify is not set, any images larger than these dimensions
// will get validation errors
$upload->setMaxDimensions($_CLASSIFIEDS_CONF['max_image_width'], $_CLASSIFIEDS_CONF['max_image_height']);
$upload->setMaxFileSize($_CLASSIFIEDS_CONF['max_image_size']);
// size in bytes, 1048576 = 1MB
// Set file permissions on file after it gets uploaded (number is in octal)
$upload->setPerms('0644');
$filenames = array();
$end_index = $index_start + $upload->numFiles() - 1;
for ($z = $index_start; $z <= $end_index; $z++) {
$curfile = current($FILES);
if (!empty($curfile['name'])) {
$pos = strrpos($curfile['name'], '.') + 1;
$fextension = substr($curfile['name'], $pos);
$filenames[] = $clid . '_' . $z . '.' . $fextension;
}
next($FILES);
}
$upload->setFileNames($filenames);
reset($FILES);
$upload->uploadFiles();
if ($upload->areErrors()) {
$retval = COM_siteHeader('menu', $LANG24[30]);
$retval .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header'));
$retval .= $upload->printErrors(false);
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$retval .= COM_siteFooter();
echo $retval;
exit;
}
reset($filenames);
for ($z = $index_start; $z <= $end_index; $z++) {
DB_query("INSERT INTO {$_TABLES['cl_pic']} (pi_pid, pi_img_num, pi_filename) VALUES ('" . $clid . "', {$z}, '" . current($filenames) . "')");
next($filenames);
}
}
return true;
}
/**
* Display an expanded ad listing.
* @param string $pagename Name of page in index.php the called us
* @param integer $cat_id Optional category ID to be appended to url
* @param string $where_clause Additional SQL where clause
* @param string $limit_clause Optional limit clause
* @return string Page Content
*/
function adExpList($pagename = '', $cat_id = '', $where_clause = '', $limit_clause = '')
{
global $_TABLES, $LANG_ADVT, $_CONF, $_USER, $_CONF_ADVT;
// Fix time to check ad expiration
$time = time();
// Max number of ads per page
$maxAds = isset($_CONF_ADVT['maxads_pg_exp']) ? (int) $_CONF_ADVT['maxads_pg_exp'] : 20;
$T = new Template(CLASSIFIEDS_PI_PATH . '/templates');
$T->set_file('catlist', 'adExpList.thtml');
// Get the ads for this category, starting at the requested page
$sql = "SELECT ad.*, ad.add_date as ad_add_date, cat.*\n FROM {$_TABLES['ad_ads']} ad ,\n {$_TABLES['ad_category']} cat \n WHERE cat.cat_id = ad.cat_id \n AND ad.exp_date > {$time} " . COM_getPermSQL('AND', 0, 2, 'ad') . COM_getPermSQL('AND', 0, 2, 'cat');
if ($where_clause != '') {
$sql .= " AND {$where_clause} ";
}
$sql .= " ORDER BY ad.add_date DESC";
//echo $sql;die;
// first execute the query with the supplied limit clause to get
// the total number of ads eligible for viewing
$sql1 = $sql . ' ' . $limit_clause;
$result = DB_query($sql1);
if (!$result) {
return "Database Error";
}
$totalAds = DB_numRows($result);
// Figure out the page number, and execute the query
// with the appropriate LIMIT clause.
if ($totalAds <= $maxAds) {
$totalPages = 1;
} elseif ($totalAds % $maxAds == 0) {
$totalPages = $totalAds / $maxAds;
} else {
$totalPages = ceil($totalAds / $maxAds);
}
$page = COM_applyFilter($_REQUEST['start'], true);
if ($page < 1 || $page > $totalPages) {
$page = 1;
}
if ($totalAds == 0) {
$startEntry = 0;
} else {
$startEntry = $maxAds * $page - $maxAds + 1;
}
if ($page == $totalPages) {
$endEntry = $totalAds;
} else {
$endEntry = $maxAds * $page;
}
//$prePage = $page - 1;
//$nextPage = $page + 1;
$initAds = $maxAds * ($page - 1);
// Create the page menu string for display if there is more
// than one page
$pageMenu = '';
if ($totalPages > 1) {
$baseURL = CLASSIFIEDS_URL . "/index.php?page={$pagename}";
if ($cat_id != '') {
$baseURL .= "&id={$cat_id}";
}
$pageMenu = COM_printPageNavigation($baseURL, $page, $totalPages, "start=");
}
$T->set_var('pagemenu', $pageMenu);
$sql .= " LIMIT {$initAds}, {$maxAds}";
//echo $sql;die;
$result = DB_query($sql);
if (!$result) {
return CLASSIFIEDS_errorMsg($LANG_ADVT['database_error'], 'alert');
}
if ($totalAds == 0) {
$T->set_block('catlist', 'No_Ads', 'NoAdBlk');
$T->set_var('no_ads', $LANG_ADVT['no_ads_listed_cat']);
$T->parse('NoAdBlk', 'No_Ads', true);
}
$T->set_block('catlist', 'QueueRow', 'QRow');
while ($row = DB_fetchArray($result)) {
$T->set_var('bgColor', $bgColor);
$T->set_var('cat_id', $row['cat_id']);
$T->set_var('subject', strip_tags($row['subject']));
$T->set_var('ad_id', $row['ad_id']);
$T->set_var('ad_url', CLASSIFIEDS_makeURL('detail', $row['ad_id']));
//$T->set_var('add_date', date("m/d/y", $row['ad_add_date']));
$T->set_var('add_date', date($_CONF['shortdate'], $row['ad_add_date']));
//$T->set_var('ad_type', $row['forsale'] == 1 ?
// $LANG_ADVT['forsale'] : $LANG_ADVT['wanted']);
$T->set_var('ad_type', CLASSIFIEDS_getAdTypeString($row['ad_type']));
$T->set_var('cat_name', $row['cat_name']);
$T->set_var('cat_url', CLASSIFIEDS_makeURL('home', $row['cat_id']));
$T->set_var('cmt_count', CLASSIFIEDS_commentCount($row['ad_id']));
$sql = "SELECT filename\n FROM {$_TABLES['ad_photo']}\n WHERE ad_id='{$row['ad_id']}'\n LIMIT 1";
$photo = DB_query($sql);
if (!$photo) {
return CLASSIFIEDS_errorMsg($LANG_ADVT['database_error'], 'alert');
}
// Retrieve the first image. If it is define AND exists on the
// filesystem, then use it. Otherwise display "not available".
if (DB_numRows($photo) == 1) {
$prow = DB_fetchArray($photo);
$T->set_var('img_url', CLASSIFIEDS_dispUrl($prow['filename']));
$T->set_var('thumb_url', CLASSIFIEDS_thumbUrl($prow['filename']));
} else {
$T->set_var('img_url', '');
}
// $T->set_var('descript', htmlspecialchars(COM_stripslashes(substr(strip_tags($row['descript']), 0, 300))));
$T->set_var('descript', substr(strip_tags($row['descript']), 0, 300));
if (strlen($row['descript']) > 300) {
$T->set_var('ellipses', "... ...");
}
if ($row['price'] != '') {
$T->set_var('price', COM_stripslashes($row['price']));
} else {
$T->set_var('price', '');
}
//Additional info
for ($j = 0; $j < 5; $j++) {
$T->set_var('name0' . $j, $row['name0' . $j]);
$T->set_var('value0' . $j, $row['value0' . $j]);
}
$T->parse('QRow', 'QueueRow', true);
}
// while
$T->set_var('totalAds', $totalAds);
$T->set_var('adsStart', $startEntry);
$T->set_var('adsEnd', $endEntry);
$T->parse('output', 'catlist');
return $T->finish($T->get_var('output'));
}
/**
* Save information of a weblog directory service
*
* @param int $pid ID of service or 0 for new entry
* @param string $name name of the service
* @param string $site_url Homepage URL of the service
* @param string $ping_url URL to ping at the service
* @param string $method method used for the ping
* @param string $enabled 'on' when enabled
* @return string HTML redirect or service editor
*
*/
function saveService($pid, $name, $site_url, $ping_url, $method, $enabled)
{
global $_CONF, $_TABLES, $LANG_TRB;
$enabled = $enabled == 'on' ? 1 : 0;
if ($method == 'extended') {
$method = 'weblogUpdates.extendedPing';
} else {
$method = 'weblogUpdates.ping';
}
$name = strip_tags(COM_stripslashes($name));
$site_url = strip_tags(COM_stripslashes($site_url));
$ping_url = strip_tags(COM_stripslashes($ping_url));
$errormsg = '';
if (empty($name)) {
$errormsg = $LANG_TRB['error_site_name'];
} else {
// all URLs must start with http: or https:
$parts = explode(':', $site_url);
if ($parts[0] != 'http' && $parts[0] != 'https') {
$errormsg = $LANG_TRB['error_site_url'];
} else {
$parts = explode(':', $ping_url);
if ($parts[0] != 'http' && $parts[0] != 'https') {
$errormsg = $LANG_TRB['error_ping_url'];
}
}
}
if (!empty($errormsg)) {
return editServiceForm($pid, $errormsg, $name, $site_url, $ping_url, $method, $enabled);
}
$name = DB_escapeString($name);
$site_url = DB_escapeString($site_url);
$ping_url = DB_escapeString($ping_url);
if ($pid > 0) {
DB_save($_TABLES['pingservice'], 'pid,name,site_url,ping_url,method,is_enabled', "'{$pid}','{$name}','{$site_url}','{$ping_url}','{$method}','{$enabled}'");
} else {
DB_save($_TABLES['pingservice'], 'name,site_url,ping_url,method,is_enabled', "'{$name}','{$site_url}','{$ping_url}','{$method}','{$enabled}'");
}
return COM_refresh($_CONF['site_admin_url'] . '/trackback.php?mode=listservice&msg=65');
}
/**
* Saves story to database
*
* @param string $type story submission or (new) story
* @param string $sid ID of story to save
* @param int $uid ID of user that wrote the story
* @param string $tid Topic ID story belongs to
* @param string $title Title of story
* @param string $page_title Title of the page
* @param string $introtext Introduction text
* @param string $bodytext Text of body
* @param int $hits Number of times story has been viewed
* @param string $unixdate Date story was originally saved
* @param int $featured Flag on whether or not this is a featured article
* @param string $commentcode Indicates if comments are allowed to be made to article
* @param string $trackbackcode Indicates if trackbacks are allowed to be made to article
* @param string $statuscode Status of the story
* @param string $postmode Is this HTML or plain text?
* @param string $frontpage Flag indicates if story will appear on front page and topic or just topic
* @param int $draft_flag Flag indicates if story is a draft or not
* @param int $numemails Number of times this story has been emailed to someone
* @param int $owner_id ID of owner (not necessarily the author)
* @param int $group_id ID of group story belongs to
* @param int $perm_owner Permissions the owner has on story
* @param int $perm_group Permissions the group has on story
* @param int $perm_member Permissions members have on story
* @param int $perm_anon Permissions anonymous users have on story
* @param int $delete String array of attached images to delete from article
*
*/
function submitstory($type = '')
{
$output = '';
$args =& $_POST;
// Handle Magic GPC Garbage:
while (list($key, $value) = each($args)) {
if (!is_array($value)) {
$args[$key] = COM_stripslashes($value);
} else {
while (list($subkey, $subvalue) = each($value)) {
$value[$subkey] = COM_stripslashes($subvalue);
}
}
}
/* ANY FURTHER PROCESSING on POST variables - COM_stripslashes etc.
* Do it HERE on $args */
PLG_invokeService('story', 'submit', $args, $output, $svc_msg);
echo $output;
}
/**
* Email story to a friend
*
* @param string $sid id of story to email
* @param string $to name of person / friend to email
* @param string $toemail friend's email address
* @param string $from name of person sending the email
* @param string $fromemail sender's email address
* @param string $shortmsg short intro text to send with the story
* @return string Meta refresh
*
* Modification History
*
* Date Author Description
* ---- ------ -----------
* 4/17/01 Tony Bibbs Code now allows anonymous users to send email
* and it allows user to input a message as well
* Thanks to Yngve Wassvik Bergheim for some of
* this code
*
*/
function mailstory($sid, $to, $toemail, $from, $fromemail, $shortmsg)
{
global $_CONF, $_TABLES, $LANG01, $LANG08;
require_once $_CONF['path_system'] . 'lib-story.php';
$storyurl = COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
if ($_CONF['url_rewrite']) {
$retval = COM_refresh($storyurl . '?msg=85');
} else {
$retval = COM_refresh($storyurl . '&msg=85');
}
// check for correct $_CONF permission
if (COM_isAnonUser() && ($_CONF['loginrequired'] == 1 || $_CONF['emailstoryloginrequired'] == 1)) {
return $retval;
}
// check if emailing of stories is disabled
if ($_CONF['hideemailicon'] == 1) {
return $retval;
}
// check mail speedlimit
COM_clearSpeedlimit($_CONF['speedlimit'], 'mail');
if (COM_checkSpeedlimit('mail') > 0) {
return $retval;
}
$story = new Story();
$result = $story->loadFromDatabase($sid, 'view');
if ($result != STORY_LOADED_OK) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$shortmsg = COM_stripslashes($shortmsg);
$mailtext = sprintf($LANG08[23], $from, $fromemail) . LB;
if (strlen($shortmsg) > 0) {
$mailtext .= LB . sprintf($LANG08[28], $from) . $shortmsg . LB;
}
// just to make sure this isn't an attempt at spamming users ...
$result = PLG_checkforSpam($mailtext, $_CONF['spamx']);
if ($result > 0) {
COM_updateSpeedlimit('mail');
COM_displayMessageAndAbort($result, 'spamx', 403, 'Forbidden');
}
$mailtext .= '------------------------------------------------------------' . LB . LB . COM_undoSpecialChars($story->displayElements('title')) . LB . strftime($_CONF['date'], $story->DisplayElements('unixdate')) . LB;
if ($_CONF['contributedbyline'] == 1) {
$author = COM_getDisplayName($story->displayElements('uid'));
$mailtext .= $LANG01[1] . ' ' . $author . LB;
}
$introtext = $story->DisplayElements('introtext');
$bodytext = $story->DisplayElements('bodytext');
$introtext = COM_undoSpecialChars(strip_tags($introtext));
$bodytext = COM_undoSpecialChars(strip_tags($bodytext));
$introtext = str_replace(array("\n\r", "\r"), LB, $introtext);
$bodytext = str_replace(array("\n\r", "\r"), LB, $bodytext);
$mailtext .= LB . $introtext;
if (!empty($bodytext)) {
$mailtext .= LB . LB . $bodytext;
}
$mailtext .= LB . LB . '------------------------------------------------------------' . LB;
if ($story->DisplayElements('commentcode') == 0) {
// comments allowed
$mailtext .= $LANG08[24] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid . '#comments');
} else {
// comments not allowed - just add the story's URL
$mailtext .= $LANG08[33] . LB . COM_buildUrl($_CONF['site_url'] . '/article.php?story=' . $sid);
}
$mailto = COM_formatEmailAddress($to, $toemail);
$mailfrom = COM_formatEmailAddress($from, $fromemail);
$subject = 'Re: ' . COM_undoSpecialChars(strip_tags($story->DisplayElements('title')));
$sent = COM_mail($mailto, $subject, $mailtext, $mailfrom);
if ($sent && isset($_POST['cc']) && $_POST['cc'] == 'on') {
$ccmessage = sprintf($LANG08[38], $to);
$ccmessage .= "\n------------------------------------------------------------\n\n" . $mailtext;
$sent = COM_mail($mailfrom, $subject, $ccmessage, $mailfrom);
}
COM_updateSpeedlimit('mail');
// Increment numemails counter for story
DB_query("UPDATE {$_TABLES['stories']} SET numemails = numemails + 1 WHERE sid = '{$sid}'");
if ($_CONF['url_rewrite']) {
$retval = COM_refresh($storyurl . '?msg=' . ($sent ? '27' : '85'));
} else {
$retval = COM_refresh($storyurl . '&msg=' . ($sent ? '27' : '85'));
}
return $retval;
}
/**
* Create the banner list depending on the category given
*
* @param array $message message(s) to display
* @return string the banner page
*
*/
function banner_list($message)
{
global $_CONF, $_TABLES, $_BAN_CONF, $LANG_BANNER_ADMIN, $LANG_BANNER, $LANG_BANNER_STATS;
$cid = $_BAN_CONF['root'];
$display = '';
if (isset($_GET['category'])) {
$cid = strip_tags(COM_stripslashes($_GET['category']));
} elseif (isset($_POST['category'])) {
$cid = strip_tags(COM_stripslashes($_POST['category']));
}
$cat = addslashes($cid);
$page = 0;
if (isset($_GET['page'])) {
$page = COM_applyFilter($_GET['page'], true);
}
if ($page == 0) {
$page = 1;
}
if (empty($cid)) {
if ($page > 1) {
$page_title = sprintf($LANG_BANNER[114] . ' (%d)', $page);
} else {
$page_title = $LANG_BANNER[114];
}
} else {
if ($cid == $_BAN_CONF['root']) {
$category = $LANG_BANNER['root'];
} else {
$category = DB_getItem($_TABLES['bannercategories'], 'category', "cid = '{$cat}'");
}
if ($page > 1) {
$page_title = sprintf($LANG_BANNER[114] . ': %s (%d)', $category, $page);
} else {
$page_title = sprintf($LANG_BANNER[114] . ': %s', $category);
}
}
// Check has access to this category
if ($cid != $_BAN_CONF['root']) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['bannercategories']} WHERE cid='{$cat}'");
$A = DB_fetchArray($result);
if (SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) < 2) {
$display .= COM_siteHeader('menu', $page_title);
$display .= COM_showMessage(5, 'banner');
$display .= COM_siteFooter();
echo $display;
exit;
}
}
$display .= COM_siteHeader('menu', $page_title);
if (is_array($message) && !empty($message[0])) {
$display .= COM_startBlock($message[0], '', COM_getBlockTemplate('_msg_block', 'header'));
$display .= $message[1];
$display .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
} else {
if (isset($_REQUEST['msg'])) {
$msg = COM_applyFilter($_REQUEST['msg'], true);
if ($msg > 0) {
$display .= COM_showMessage($msg, 'banner');
}
}
}
$bannerlist = new Template($_CONF['path'] . 'plugins/banner/templates/');
$bannerlist->set_file(array('bannerlist' => 'banner.thtml', 'catbanner' => 'categorybanner.thtml', 'banner' => 'bannerdetails.thtml', 'catnav' => 'categorynavigation.thtml', 'catrow' => 'categoryrow.thtml', 'catcol' => 'categorycol.thtml', 'actcol' => 'categoryactivecol.thtml', 'pagenav' => 'pagenavigation.thtml', 'catdrop' => 'categorydropdown.thtml'));
$bannerlist->set_var('xhtml', XHTML);
$bannerlist->set_var('blockheader', COM_startBlock($LANG_BANNER[114]));
$bannerlist->set_var('layout_url', $_CONF['layout_url']);
if ($_BAN_CONF['bannercols'] > 0) {
// Create breadcrumb trail
$bannerlist->set_var('breadcrumbs', banner_breadcrumbs($_BAN_CONF['root'], $cid));
// Set dropdown for category jump
$bannerlist->set_var('lang_go', $LANG_BANNER[124]);
$bannerlist->set_var('banner_dropdown', banner_select_box(2, $cid));
// Show categories
$sql = "SELECT cid,pid,category,description FROM {$_TABLES['bannercategories']} WHERE pid='{$cat}'";
$sql .= COM_getLangSQL('cid', 'AND');
$sql .= COM_getPermSQL('AND') . " ORDER BY category";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
$bannerlist->set_var('lang_categories', $LANG_BANNER_ADMIN[14]);
for ($i = 1; $i <= $nrows; $i++) {
$C = DB_fetchArray($result);
// Get number of child banner user can see in this category
$ccid = addslashes($C['cid']);
$result1 = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['banner']} WHERE cid='{$ccid}'" . COM_getPermSQL('AND'));
$D = DB_fetchArray($result1);
// Get number of child categories user can see in this category
$result2 = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['bannercategories']} WHERE pid='{$ccid}'" . COM_getPermSQL('AND'));
$E = DB_fetchArray($result2);
// Format numbers for display
$display_count = '';
// don't show zeroes
if ($E['count'] > 0) {
$display_count = COM_numberFormat($E['count']);
}
if ($E['count'] > 0 && $D['count'] > 0) {
$display_count .= ', ';
}
if ($D['count'] > 0) {
$display_count .= COM_numberFormat($D['count']);
}
// add brackets if child items exist
if ($display_count != '') {
$display_count = '(' . $display_count . ')';
}
$bannerlist->set_var('category_name', $C['category']);
if ($_BAN_CONF['show_category_descriptions']) {
$bannerlist->set_var('category_description', $C['description']);
} else {
$bannerlist->set_var('category_description', '');
}
$bannerlist->set_var('category_link', $_CONF['site_url'] . '/banner/index.php?category=' . urlencode($C['cid']));
$bannerlist->set_var('category_count', $display_count);
$bannerlist->set_var('width', floor(100 / $_BAN_CONF['bannercols']));
if (!empty($cid) && $cid == $C['cid']) {
$bannerlist->parse('category_col', 'actcol', true);
} else {
$bannerlist->parse('category_col', 'catcol', true);
}
if ($i % $_BAN_CONF['bannercols'] == 0) {
$bannerlist->parse('category_row', 'catrow', true);
$bannerlist->set_var('category_col', '');
}
}
if ($nrows % $_BAN_CONF['bannercols'] != 0) {
$bannerlist->parse('category_row', 'catrow', true);
}
$bannerlist->parse('category_navigation', 'catnav', true);
} else {
$bannerlist->set_var('category_navigation', '');
}
} else {
$bannerlist->set_var('category_navigation', '');
}
if ($_BAN_CONF['bannercols'] == 0) {
$bannerlist->set_var('category_dropdown', '');
} else {
$bannerlist->parse('category_dropdown', 'catdrop', true);
}
$bannerlist->set_var('site_url', $_CONF['site_url']);
$bannerlist->set_var('cid', $cid);
$bannerlist->set_var('cid_plain', $cid);
$bannerlist->set_var('cid_encoded', urlencode($cid));
$bannerlist->set_var('lang_addabanner', $LANG_BANNER[116]);
// Build SQL for banner
$sql = 'SELECT bid,cid,url,description,title,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon';
$from_where = " FROM {$_TABLES['banner']}";
if ($_BAN_CONF['bannercols'] > 0) {
if (!empty($cid)) {
$from_where .= " WHERE cid='" . addslashes($cid) . "'";
} else {
$from_where .= " WHERE cid=''";
}
$from_where .= ' AND (publishstart IS NULL OR publishstart < NOW()) and (publishend IS NULL OR publishend > NOW())';
$from_where .= COM_getPermSQL('AND');
} else {
$from_where .= COM_getPermSQL();
}
$order = ' ORDER BY cid ASC,title';
$limit = '';
if ($_BAN_CONF['bannerperpage'] > 0) {
if ($page < 1) {
$start = 0;
} else {
$start = ($page - 1) * $_BAN_CONF['bannerperpage'];
}
$limit = ' LIMIT ' . $start . ',' . $_BAN_CONF['bannerperpage'];
}
$result = DB_query($sql . $from_where . $order . $limit);
$nrows = DB_numRows($result);
if ($nrows == 0) {
if ($cid == $_BAN_CONF['root'] && $page <= 1 && $_BAN_CONF['show_top10']) {
$result = DB_query("SELECT bid,url,title,description,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['banner']} WHERE (hits > 0) AND (publishstart IS NULL OR publishstart < NOW()) and (publishend IS NULL OR publishend > NOW())" . COM_getPermSQL('AND') . " ORDER BY hits DESC LIMIT 10");
$nrows = DB_numRows($result);
if ($nrows > 0) {
$bannerlist->set_var('banner_details', '');
$bannerlist->set_var('banner_category', $LANG_BANNER_STATS['stats_headline']);
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
prepare_banner_item($A, $bannerlist);
$bannerlist->parse('banner_details', 'banner', true);
}
$bannerlist->parse('category_banner', 'catbanner', true);
}
}
$bannerlist->set_var('page_navigation', '');
} else {
$currentcid = '';
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
if (strcasecmp($A['cid'], $currentcid) != 0) {
// print the category and banner
if ($i > 0) {
$bannerlist->parse('category_banner', 'catbanner', true);
$bannerlist->set_var('banner_details', '');
}
$currentcid = $A['cid'];
$currentcategory = DB_getItem($_TABLES['bannercategories'], 'category', "cid = '" . addslashes($currentcid) . "'");
$bannerlist->set_var('banner_category', $currentcategory);
}
prepare_banner_item($A, $bannerlist);
$bannerlist->parse('banner_details', 'banner', true);
}
$bannerlist->parse('category_banner', 'catbanner', true);
$result = DB_query('SELECT COUNT(*) AS count ' . $from_where);
list($numbanner) = DB_fetchArray($result);
$pages = 0;
if ($_BAN_CONF['bannerperpage'] > 0) {
$pages = (int) ($numbanner / $_BAN_CONF['bannerperpage']);
if ($numbanner % $_BAN_CONF['bannerperpage'] > 0) {
$pages++;
}
}
if ($pages > 0) {
if ($_BAN_CONF['bannercols'] > 0 && !empty($currentcid)) {
$catbanner = '?category=' . urlencode($currentcid);
} else {
$catbanner = '';
}
$bannerlist->set_var('page_navigation', COM_printPageNavigation($_CONF['site_url'] . '/banner/index.php' . $catbanner, $page, $pages));
} else {
$bannerlist->set_var('page_navigation', '');
}
}
$bannerlist->set_var('blockfooter', COM_endBlock());
$bannerlist->parse('output', 'bannerlist');
$display .= $bannerlist->finish($bannerlist->get_var('output'));
return $display;
}
/**
* used for the lists of submissions and draft stories in admin/moderation.php
*
* @param string $fieldName
* @param string $fieldValue
* @param array $A
* @param array $icon_arr
* @return string
*/
function ADMIN_getListField_moderation($fieldName, $fieldValue, $A, $icon_arr)
{
global $_CONF, $_TABLES, $LANG_ADMIN;
$type = '';
if (isset($A['_moderation_type'])) {
$type = $A['_moderation_type'];
}
switch ($fieldName) {
case 'edit':
$retval = COM_createLink($icon_arr['edit'], $A['edit']);
break;
case 'delete':
$retval = "<input type=\"radio\" name=\"action[{$A['row']}]\" value=\"delete\"" . XHTML . ">";
break;
case 'approve':
$retval = "<input type=\"radio\" name=\"action[{$A['row']}]\" value=\"approve\"" . XHTML . ">" . "<input type=\"hidden\" name=\"id[{$A['row']}]\" value=\"{$A[0]}\"" . XHTML . ">";
break;
case 'day':
$retval = strftime($_CONF['daytime'], $A['day']);
break;
case 'tid':
$retval = DB_getItem($_TABLES['topics'], 'topic', "tid = '{$A['tid']}'");
break;
case 'uid':
$name = '';
if ($A['uid'] == 1) {
$name = htmlspecialchars(COM_stripslashes(DB_getItem($_TABLES['commentsubmissions'], 'name', "cid = '{$A['id']}'")));
}
if (empty($name)) {
$name = COM_getDisplayName($A['uid']);
}
if ($A['uid'] == 1) {
$retval = $name;
} else {
$retval = COM_createLink($name, $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $A['uid']);
}
break;
case 'publishfuture':
if (!SEC_inGroup('Comment Submitters', $A['uid']) && $A['uid'] > 1) {
$retval = "<input type=\"checkbox\" name=\"publishfuture[]\" value=\"{$A['uid']}\"" . XHTML . ">";
} else {
$retval = $LANG_ADMIN['na'];
}
break;
default:
if ($fieldName == 4 && ($type === 'story' || $type === 'story_draft')) {
$retval = TOPIC_getTopicAdminColumn('article', $A[0]);
} elseif ($fieldName == 2 && $type === 'comment') {
$commentText = COM_getTextContent($A['comment']);
$excerpt = htmlspecialchars(COM_truncate($commentText, 140, '...'));
// try to provide a link to the parent item (e.g. article, poll)
$info = PLG_getItemInfo($A['type'], $A['sid'], 'title,url');
if (empty($info) || empty($info[0]) || empty($info[1])) {
// if not available, display excerpt from the comment
$retval = htmlspecialchars(COM_truncate($commentText, 40, '...'));
if (strlen($commentText) > 40) {
$retval = '<span title="' . $excerpt . '">' . $retval . '</span>';
}
} else {
$retval = COM_createLink($info[0], $info[1], array('title' => $excerpt));
}
} else {
$retval = COM_makeClickableLinks(stripslashes($fieldValue));
}
break;
}
return $retval;
}
function showtopic($showtopic, $mode = '', $onetwo = 1, $page = 1)
{
global $CONF_FORUM, $_CONF, $_TABLES, $_USER, $LANG_GF01, $LANG_GF02;
global $fromblock, $highlight;
global $oldPost, $forumfiles;
$oldPost = 0;
//$mytimer = new timerobject();
//$mytimer->setPercision(2);
//$mytimer->startTimer();
//$intervalTime = $mytimer->stopTimer();
//COM_errorLog("Show Topic Display Time1: $intervalTime");
if (!class_exists('StringParser')) {
require_once $_CONF['path_html'] . 'forum/include/bbcode/stringparser_bbcode.class.php';
}
$topictemplate = new Template($_CONF['path_layout'] . 'forum/layout');
$topictemplate->set_file(array('topictemplate' => 'topic.thtml', 'profile' => 'links/profile.thtml', 'pm' => 'links/pm.thtml', 'email' => 'links/email.thtml', 'website' => 'links/website.thtml', 'quote' => 'links/quotetopic.thtml', 'edit' => 'links/edittopic.thtml'));
// if preview, only stripslashes is gpc=on, else assume from db so strip
if ($mode == 'preview') {
$showtopic['subject'] = COM_stripslashes($showtopic['subject']);
$topictemplate->set_var('show_topicrow1', 'none');
$topictemplate->set_var('show_topicrule', 'none');
$topictemplate->set_var('lang_postpreview', $LANG_GF01['PREVIEW_HEADER']);
} else {
$showtopic['subject'] = stripslashes($showtopic['subject']);
$topictemplate->set_var('show_topicrow2', 'none');
}
$min_height = 50;
// Base minimum height of topic - will increase if avatar or sig is used
$date = strftime($CONF_FORUM['default_Topic_Datetime_format'], $showtopic['date']);
$userQuery = DB_query("SELECT * FROM {$_TABLES['users']} WHERE uid='{$showtopic['uid']}'");
if ($showtopic['uid'] > 1 and DB_numRows($userQuery) == 1) {
$userarray = DB_fetchArray($userQuery);
$username = COM_getDisplayName($showtopic['uid']);
$userlink = "<a href=\"{$_CONF['site_url']}/users.php?mode=profile&uid={$showtopic['uid']}\" ";
$userlink .= "class=\"authorname {$onetwo}\"><b>{$username}</b></a>";
$uservalid = true;
$postcount = DB_query("SELECT * FROM {$_TABLES['gf_topic']} WHERE uid='{$showtopic['uid']}'");
$posts = DB_numRows($postcount);
// STARS CODE
$starimage = "<IMG SRC=\"%s\" ALT=\"{$LANG_GF01['FORUM']} %s\" TITLE=\"{$LANG_GF01['FORUM']} %s\">";
if ($posts < $CONF_FORUM['level2']) {
$user_level = sprintf($starimage, gf_getImage('rank1', 'ranks'), $CONF_FORUM['level1name'], $CONF_FORUM['level1name']);
$user_levelname = $CONF_FORUM['level1name'];
} elseif ($posts >= $CONF_FORUM['level2'] && $posts < $CONF_FORUM['level3']) {
$user_level = sprintf($starimage, gf_getImage('rank2', 'ranks'), $CONF_FORUM['level2name'], $CONF_FORUM['level2name']);
$user_levelname = $CONF_FORUM['level2name'];
} elseif ($posts >= $CONF_FORUM['level3'] && $posts < $CONF_FORUM['level4']) {
$user_level = sprintf($starimage, gf_getImage('rank3', 'ranks'), $CONF_FORUM['level3name'], $CONF_FORUM['level3name']);
$user_levelname = $CONF_FORUM['level3name'];
} elseif ($posts >= $CONF_FORUM['level4'] && $posts < $CONF_FORUM['level5']) {
$user_level = sprintf($starimage, gf_getImage('rank4', 'ranks'), $CONF_FORUM['level4name'], $CONF_FORUM['level4name']);
$user_levelname = $CONF_FORUM['level4name'];
} elseif ($posts > $CONF_FORUM['level5']) {
$user_level = sprintf($starimage, gf_getImage('rank5', 'ranks'), $CONF_FORUM['level5name'], $CONF_FORUM['level5name']);
$user_levelname = $CONF_FORUM['level5name'];
}
if (forum_modPermission($showtopic['forum'], $showtopic['uid'])) {
$user_level = sprintf($starimage, gf_getImage('rank_mod', 'ranks'), $LANG_GF01['moderator'], $LANG_GF01['moderator']);
$user_levelname = $LANG_GF01['moderator'];
}
if (SEC_inGroup(1, $showtopic['uid'])) {
$user_level = sprintf($starimage, gf_getImage('rank_admin', 'ranks'), $LANG_GF01['admin'], $LANG_GF01['admin']);
$user_levelname = $LANG_GF01['admin'];
}
if ($userarray['photo'] != "") {
$avatar = USER_getPhoto($showtopic['uid'], '', '', $CONF_FORUM['avatar_width']);
$min_height = $min_height + 50;
}
$regdate = $LANG_GF01['REGISTERED'] . ': ' . strftime('%m/%d/%y', strtotime($userarray['regdate'])) . '<br>';
$numposts = $LANG_GF01['POSTS'] . ': ' . $posts;
if (DB_count($_TABLES['sessions'], 'uid', $showtopic['uid']) > 0 and DB_getItem($_TABLES['userprefs'], 'showonline', "uid={$showtopic['uid']}") == 1) {
$avatar .= '<br>' . $LANG_GF01['STATUS'] . ' ' . $LANG_GF01['ONLINE'];
} else {
$avatar .= '<br>' . $LANG_GF01['STATUS'] . ' ' . $LANG_GF01['OFFLINE'];
}
if ($userarray['sig'] != '') {
$sig = '<hr width="95%" size="1" style="color=:black; text-align:left; margin-left:0; margin-bottom:5;padding:0" noshade>';
$sig .= '<B>' . $userarray['sig'] . '</B>';
$min_height = $min_height + 30;
}
} else {
$uservalid = false;
$userlink = '<b>' . $showtopic['name'] . '</b>';
$userlink = '<font size="-2">' . $LANG_GF01['ANON'] . '</font>' . $showtopic['name'];
}
if ($CONF_FORUM['show_moods'] && $showtopic['mood'] != "") {
$moodimage = '<img align="absmiddle" src="' . gf_getImage($showtopic['mood'], 'moods') . '" title="' . $showtopic['mood'] . '"><br>';
$min_height = $min_height + 30;
}
//$intervalTime = $mytimer->stopTimer();
//COM_errorLog("Show Topic Display Time3: $intervalTime");
// Handle Pre ver 2.5 quoting and New Line Formatting - consider adding this to a migrate function
if ($CONF_FORUM['pre2.5_mode']) {
// try to determine if we have an old post...
if (strstr($showtopic['comment'], '<pre class="forumCode">') !== false) {
$oldPost = 1;
}
if (strstr($showtopic['comment'], "[code]<code>") !== false) {
$oldPost = 1;
}
if (strstr($showtopic['comment'], "<pre>") !== false) {
$oldPost = 1;
}
if (stristr($showtopic['comment'], '[code') == false || stristr($showtopic['comment'], '[code]<code>') == true) {
if (strstr($showtopic['comment'], "<pre>") !== false) {
$oldPost = 1;
}
$showtopic['comment'] = str_replace('<pre>', '[code]', $showtopic['comment']);
$showtopic['comment'] = str_replace('</pre>', '[/code]', $showtopic['comment']);
}
$showtopic['comment'] = str_ireplace("[code]<code>", '[code]', $showtopic['comment']);
$showtopic['comment'] = str_ireplace("</code>[/code]", '[/code]', $showtopic['comment']);
$showtopic['comment'] = str_replace(array("<br />\r\n", "<br />\n\r", "<br />\r", "<br />\n"), '<br />', $showtopic['comment']);
$showtopic['comment'] = preg_replace("/\\[QUOTE\\sBY=\\s(.+?)\\]/i", "[QUOTE] Quote by \$1:", $showtopic['comment']);
/* Reformat code blocks - version 2.3.3 and prior */
$showtopic['comment'] = str_replace('<pre class="forumCode">', '[code]', $showtopic['comment']);
$showtopic['comment'] = preg_replace("/\\[QUOTE\\sBY=(.+?)\\]/i", "[QUOTE] Quote by \$1:", $showtopic['comment']);
if ($oldPost) {
if (strstr($showtopic['comment'], "\\'") !== false) {
$showtopic['comment'] = stripslashes($showtopic['comment']);
}
}
}
// Check and see if there are now no [file] bbcode tags in content and reset the show_inline value
// This is needed in case user had used the file bbcode tag and then removed it
if ($mode == 'preview' and strpos($showtopic['comment'], '[file]') === false) {
$usql = "UPDATE {$_TABLES['gf_attachments']} SET show_inline = 0 ";
if (isset($_POST['uniqueid']) and $_POST['uniqueid'] > 0) {
// User is previewing a new post
$usql .= "WHERE topic_id = {$_POST['uniqueid']} AND tempfile=1 ";
} else {
if (isset($showtopic['id'])) {
$usql .= "WHERE topic_id = {$showtopic['id']} ";
}
}
DB_query($usql);
}
$showtopic['comment'] = gf_formatTextBlock($showtopic['comment'], $showtopic['postmode'], $mode);
$showtopic['subject'] = gf_formatTextBlock($showtopic['subject'], 'text', $mode);
if (strlen($showtopic['subject']) > $CONF_FORUM['show_subject_length']) {
$showtopic['subject'] = substr("{$showtopic['subject']}", 0, $CONF_FORUM['show_subject_length']);
$showtopic['subject'] .= "...";
}
//$intervalTime = $mytimer->stopTimer();
//COM_errorLog("Show Topic Display Time2: $intervalTime");
if ($mode != 'preview' && $uservalid && $_USER['uid'] > 1 && $_USER['uid'] == $showtopic['uid']) {
/* Check if user can still edit this post - within allowed edit timeframe */
$editAllowed = false;
if ($CONF_FORUM['allowed_editwindow'] > 0) {
$t1 = $showtopic['date'];
$t2 = $CONF_FORUM['allowed_editwindow'];
if (time() - $t2 < $t1) {
$editAllowed = true;
}
} else {
$editAllowed = true;
}
if ($editAllowed) {
$editlink = "{$_CONF['site_url']}/forum/createtopic.php?method=edit&forum={$showtopic['forum']}&id={$showtopic['id']}&editid={$showtopic['id']}&page={$page}";
$editlinkimg = '<img src="' . gf_getImage('edit_button') . '" border="0" align="absmiddle" alt="' . $LANG_GF01['EDITICON'] . '" TITLE="' . $LANG_GF01['EDITICON'] . '">';
$topictemplate->set_var('editlink', $editlink);
$topictemplate->set_var('editlinkimg', $editlinkimg);
$topictemplate->set_var('LANG_edit', $LANG_GF01['EDITICON']);
$topictemplate->parse('edittopic_link', 'edit');
}
}
if ($highlight != '') {
$showtopic['subject'] = str_replace("{$highlight}", "<font class=highlight>{$highlight}</font>", $showtopic['subject']);
$showtopic['comment'] = str_replace("{$highlight}", "<font class=highlight>{$highlight}</font>", $showtopic['comment']);
}
if ($showtopic['pid'] == 0) {
$replytopicid = $showtopic['id'];
$is_lockedtopic = $showtopic['locked'];
$views = $showtopic['views'];
$topictemplate->set_var('read_msg', sprintf($LANG_GF02['msg49'], $views));
if ($is_lockedtopic) {
$topictemplate->set_var('locked_icon', '<img src="' . gf_getImage('padlock') . '" TITLE="' . $LANG_GF02['msg114'] . '">');
}
} else {
$replytopicid = $showtopic['pid'];
$is_lockedtopic = DB_getItem($_TABLES['gf_topic'], 'locked', "id={$showtopic['pid']}");
$topictemplate->set_var('read_msg', '');
}
// Bookmark feature
if ($_USER['uid'] > 1) {
if (DB_count($_TABLES['gf_bookmarks'], array('uid', 'topic_id'), array($_USER['uid'], $showtopic['id']))) {
$topictemplate->set_var('bookmark_icon', '<img src="' . gf_getImage('star_on_sm') . '" TITLE="' . $LANG_GF02['msg204'] . '">');
} else {
$topictemplate->set_var('bookmark_icon', '<img src="' . gf_getImage('star_off_sm') . '" TITLE="' . $LANG_GF02['msg203'] . '">');
}
}
if ($CONF_FORUM['allow_user_dateformat']) {
$date = COM_getUserDateTimeFormat($showtopic['date']);
$topictemplate->set_var('posted_date', $date[0]);
} else {
$date = strftime($CONF_FORUM['default_Topic_Datetime_format'], $showtopic['date']);
$topictemplate->set_var('posted_date', $date);
}
if ($mode != 'preview') {
if ($is_lockedtopic == 0) {
$is_readonly = DB_getItem($_TABLES['gf_forums'], 'is_readonly', 'forum_id=' . $showtopic['forum']);
if ($is_readonly == 0 or forum_modPermission($showtopic['forum'], $_USER['uid'], 'mod_edit')) {
$quotelink = "{$_CONF['site_url']}/forum/createtopic.php?method=postreply&forum={$showtopic['forum']}&id={$replytopicid}"eid={$showtopic['id']}";
$quotelinkimg = '<img src="' . gf_getImage('quote_button') . '" border="0" align="absmiddle" alt="' . $LANG_GF01['QUOTEICON'] . '" TITLE="' . $LANG_GF01['QUOTEICON'] . '">';
$topictemplate->set_var('quotelink', $quotelink);
$topictemplate->set_var('quotelinkimg', $quotelinkimg);
$topictemplate->set_var('LANG_quote', $LANG_GF01['QUOTEICON']);
$topictemplate->parse('quotetopic_link', 'quote');
}
}
//$topictemplate->set_var ('topic_post_link_begin', '<a name="'.$showtopic['id'].'">');
//$topictemplate->set_var ('topic_post_link_end', '</a>');
$mod_functions = forum_getmodFunctions($showtopic);
if ($showtopic['uid'] > 1 && $uservalid) {
$profile_link = "{$_CONF['site_url']}/users.php?mode=profile&uid={$showtopic['uid']}";
$profile_linkimg = '<img src="' . gf_getImage('profile_button') . '" border="0" align="absmiddle" alt="' . $LANG_GF01['ProfileLink'] . '" TITLE="' . $LANG_GF01['ProfileLink'] . '">';
$topictemplate->set_var('profilelink', $profile_link);
$topictemplate->set_var('profilelinkimg', $profile_linkimg);
$topictemplate->set_var('LANG_profile', $LANG_GF01['ProfileLink']);
$topictemplate->parse('profile_link', 'profile');
if ($CONF_FORUM['use_pm_plugin']) {
$pmusernmame = COM_getDisplayName($showtopic['uid']);
$pmplugin_link = forumPLG_getPMlink($pmusernmame);
if ($pmplugin_link != '') {
$pm_link = $pmplugin_link;
$pm_linkimg = '<img src="' . gf_getImage('pm_button') . '" border="0" align="absmiddle" alt="' . $LANG_GF01['PMLink'] . '" TITLE="' . $LANG_GF01['PMLink'] . '">';
$topictemplate->set_var('pmlink', $pm_link);
$topictemplate->set_var('pmlinkimg', $pm_linkimg);
$topictemplate->set_var('LANG_pm', $LANG_GF01['PMLink']);
$topictemplate->parse('pm_link', 'pm');
}
}
}
if ($userarray['email'] != '' && $showtopic["uid"] > 1) {
$email_link = "{$_CONF['site_url']}/profiles.php?uid={$showtopic['uid']}";
$email_linkimg = '<img src="' . gf_getImage('email_button') . '" border="0" align="absmiddle" alt="' . $LANG_GF01['EmailLink'] . '" TITLE="' . $LANG_GF01['EmailLink'] . '">';
$topictemplate->set_var('emaillink', $email_link);
$topictemplate->set_var('emaillinkimg', $email_linkimg);
$topictemplate->set_var('LANG_email', $LANG_GF01['EmailLink']);
$topictemplate->parse('email_link', 'email');
}
if ($userarray['homepage'] != '') {
$homepage = $userarray['homepage'];
if (!eregi("http", $homepage)) {
$homepage = 'http://' . $homepage;
}
$homepageimg = '<img src="' . gf_getImage('website_button') . '" border="0" align="absmiddle" alt="' . $LANG_GF01['WebsiteLink'] . '" TITLE="' . $LANG_GF01['WebsiteLink'] . '">';
$topictemplate->set_var('websitelink', $homepage);
$topictemplate->set_var('websitelinkimg', $homepageimg);
$topictemplate->set_var('LANG_website', $LANG_GF01['WebsiteLink']);
$topictemplate->parse('website_link', 'website');
}
if ($fromblock != "") {
$back2 = $LANG_GF01['back2parent'];
} else {
$back2 = $LANG_GF01['back2top'];
}
$backlink = '<center><a href="' . $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . $replytopicid . '">' . $back2 . '</a></center>';
} else {
if ($_GET['onlytopic'] != 1) {
$topictemplate->set_var('posted_date', '');
$topictemplate->set_var('preview_topic_subject', $showtopic['subject']);
} else {
$topictemplate->set_var('preview_topic_subject', '');
}
$topictemplate->set_var('read_msg', '');
$topictemplate->set_var('locked_icon', '');
$topictemplate->set_var('preview_mode', 'none');
// Check and see if there are no [file] bbcode tags in content and reset the show_inline value
// This is needed in case user had used the file bbcode tag and then removed it
$imagerecs = '';
if (is_array($forumfiles)) {
$imagerecs = implode(',', $forumfiles);
}
if (!empty($_POST['uniqueid'])) {
$sql = "UPDATE {$_TABLES['gf_attachments']} SET show_inline = 0 WHERE topic_id={$_POST['uniqueid']} ";
if ($imagerecs != '') {
$sql .= "AND id NOT IN ({$imagerecs})";
}
DB_query($sql);
} else {
if (isset($_POST['id'])) {
$sql = "UPDATE {$_TABLES['gf_attachments']} SET show_inline = 0 WHERE topic_id={$_POST['id']} ";
if ($imagerecs != '') {
$sql .= "AND id NOT IN ({$imagerecs})";
}
DB_query($sql);
}
}
}
//$intervalTime = $mytimer->stopTimer();
//COM_errorLog("Show Topic Display Time4: $intervalTime");
$showtopic['comment'] = str_replace('{', '{', $showtopic['comment']);
$showtopic['comment'] = str_replace('}', '}', $showtopic['comment']);
$uniqueid = COM_applyFilter($_POST['uniqueid'], true);
if ($showtopic['id'] > 0) {
$topictemplate->set_var('attachments', gf_showattachments($showtopic['id']));
} elseif ($uniqueid > 0) {
$topictemplate->set_var('attachments', gf_showattachments($uniqueid));
}
$topictemplate->set_var('layout_url', $_CONF['layout_url']);
$topictemplate->set_var('csscode', $onetwo);
$topictemplate->set_var('postmode', $showtopic['postmode']);
$topictemplate->set_var('userlink', $userlink);
$topictemplate->set_var('lang_forum', $LANG_GF01['FORUM']);
$topictemplate->set_var('user_levelname', $user_levelname);
$topictemplate->set_var('user_level', $user_level);
$topictemplate->set_var('magical_image', $moodimage);
$topictemplate->set_var('avatar', $avatar);
$topictemplate->set_var('regdate', $regdate);
$topictemplate->set_var('numposts', $numposts);
$topictemplate->set_var('location', $location);
$topictemplate->set_var('site_url', $_CONF['site_url']);
$topictemplate->set_var('imgset', $CONF_FORUM['imgset']);
$topictemplate->set_var('topic_subject', $showtopic['subject']);
$topictemplate->set_var('LANG_ON2', $LANG_GF01['ON2']);
$topictemplate->set_var('mod_functions', $mod_functions);
$topictemplate->set_var('topic_comment', $showtopic['comment']);
$topictemplate->set_var('comment_minheight', "min-height:{$min_height}px");
if (trim($sig) != '') {
$topictemplate->set_var('sig', PLG_replaceTags($sig));
$topictemplate->set_var('show_sig', '');
} else {
$topictemplate->set_var('sig', '');
$topictemplate->set_var('show_sig', 'none');
}
$topictemplate->set_var('forumid', $showtopic['forum']);
$topictemplate->set_var('topic_id', $showtopic['id']);
$topictemplate->set_var('back_link', $backlink);
$topictemplate->set_var('member_badge', forumPLG_getMemberBadge($showtopic['uid']));
$topictemplate->parse('output', 'topictemplate');
$retval .= $topictemplate->finish($topictemplate->get_var('output'));
//$intervalTime = $mytimer->stopTimer();
//COM_errorLog("Show Topic Display Time5: $intervalTime");
return $retval;
}
/**
* Save a group to the database
*
* @param string $grp_id ID of group to save
* @param string $grp_name Group Name
* @param string $grp_descr Description of group
* @param boolean $grp_admin Flag that indicates this is an admin use group
* @param boolean $grp_gl_core Flag that indicates if this is a core Geeklog group
* @param boolean $grp_default Flag that indicates if this is a default group
* @param boolean $grp_applydefault Flag that indicates whether to apply a change in $grp_default to all existing user accounts
* @param array $features Features the group has access to
* @param array $groups Groups this group will belong to
* @return string HTML refresh or error message
*
*/
function savegroup($grp_id, $grp_name, $grp_descr, $grp_admin, $grp_gl_core, $grp_default, $grp_applydefault, $features, $groups)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $_GROUP_VERBOSE;
$retval = '';
if (!empty($grp_name) && !empty($grp_descr)) {
$GroupAdminGroups = SEC_getUserGroups();
if (!empty($grp_id) && $grp_id > 0 && !in_array($grp_id, $GroupAdminGroups) && !SEC_groupIsRemoteUserAndHaveAccess($grp_id, $GroupAdminGroups)) {
COM_accessLog("User {$_USER['username']} tried to edit group '{$grp_name}' ({$grp_id}) with insufficient privileges.");
return COM_refresh($_CONF['site_admin_url'] . '/group.php');
}
if ($grp_gl_core == 1 and !is_array($features)) {
COM_errorLog("Sorry, no valid features were passed to this core group ({$grp_id}) and saving could cause problem...bailing.");
return COM_refresh($_CONF['site_admin_url'] . '/group.php');
}
// group names have to be unique, so check if this one exists already
$g_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = '{$grp_name}'");
if ($g_id > 0) {
if (empty($grp_id) || $grp_id != $g_id) {
// there already is a group with that name - complain
$retval .= COM_showMessageText($LANG_ACCESS['groupexistsmsg'], $LANG_ACCESS['groupexists']) . editgroup($grp_id);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor']));
return $retval;
}
}
$grp_descr = COM_stripslashes($grp_descr);
$grp_descr = DB_escapeString($grp_descr);
$grp_applydefault_add = true;
if (empty($grp_id)) {
DB_save($_TABLES['groups'], 'grp_name,grp_descr,grp_gl_core,grp_default', "'{$grp_name}','{$grp_descr}',{$grp_gl_core},{$grp_default}");
$grp_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = '{$grp_name}'");
$new_group = true;
} else {
if ($grp_applydefault == 1) {
// check if $grp_default changed
$old_default = DB_getItem($_TABLES['groups'], 'grp_default', "grp_id = {$grp_id}");
if ($old_default == $grp_default) {
// no change required
$grp_applydefault = 0;
} elseif ($old_default == 1) {
$grp_applydefault_add = false;
}
}
DB_save($_TABLES['groups'], 'grp_id,grp_name,grp_descr,grp_gl_core,grp_default', "{$grp_id},'{$grp_name}','{$grp_descr}',{$grp_gl_core},{$grp_default}");
$new_group = false;
}
if (empty($grp_id) || $grp_id < 1) {
// "this shouldn't happen"
COM_errorLog("Internal error: invalid group id");
$retval .= COM_showMessage(95);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor']));
return $retval;
}
// Use the field grp_gl_core to indicate if this non-core GL Group
// is an Admin related group
if ($grp_gl_core != 1 and $grp_id > 1) {
if ($grp_admin == 1) {
DB_query("UPDATE {$_TABLES['groups']} SET grp_gl_core=2 WHERE grp_id={$grp_id}");
} else {
DB_query("UPDATE {$_TABLES['groups']} SET grp_gl_core=0 WHERE grp_id={$grp_id}");
}
}
// now save the features
DB_delete($_TABLES['access'], 'acc_grp_id', $grp_id);
$num_features = count($features);
if (SEC_inGroup('Root')) {
foreach ($features as $f) {
DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id,acc_grp_id) VALUES ({$f},{$grp_id})");
}
} else {
$GroupAdminFeatures = SEC_getUserPermissions();
$availableFeatures = explode(',', $GroupAdminFeatures);
foreach ($features as $f) {
if (in_array($f, $availableFeatures)) {
DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id,acc_grp_id) VALUES ({$f},{$grp_id})");
}
}
}
if ($_GROUP_VERBOSE) {
COM_errorLog('groups = ' . $groups);
COM_errorLog("deleting all group_assignments for group {$grp_id}/{$grp_name}", 1);
}
DB_delete($_TABLES['group_assignments'], 'ug_grp_id', $grp_id);
if (!empty($groups)) {
foreach ($groups as $g) {
if (in_array($g, $GroupAdminGroups)) {
if ($_GROUP_VERBOSE) {
COM_errorLog("adding group_assignment {$g} for {$grp_name}", 1);
}
$sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_grp_id) VALUES ({$g},{$grp_id})";
DB_query($sql);
}
}
}
// Make sure Root group belongs to any new group
if (DB_getItem($_TABLES['group_assignments'], 'COUNT(*)', "ug_main_grp_id = {$grp_id} AND ug_grp_id = 1") == 0) {
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_grp_id) VALUES ({$grp_id}, 1)");
}
// make sure this Group Admin belongs to the new group
if (!SEC_inGroup('Root')) {
if (DB_count($_TABLES['group_assignments'], 'ug_uid', "(ug_uid = {$_USER['uid']}) AND (ug_main_grp_id = {$grp_id})") == 0) {
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$grp_id},{$_USER['uid']})");
}
}
if ($grp_applydefault == 1) {
applydefaultgroup($grp_id, $grp_applydefault_add);
}
if ($new_group) {
PLG_groupChanged($grp_id, 'new');
} else {
PLG_groupChanged($grp_id, 'edit');
}
if (isset($_REQUEST['chk_showall']) && $_REQUEST['chk_showall'] == 1) {
return COM_refresh($_CONF['site_admin_url'] . '/group.php?msg=49&chk_showall=1');
} else {
return COM_refresh($_CONF['site_admin_url'] . '/group.php?msg=49');
}
} else {
$retval .= COM_showMessageText($LANG_ACCESS['missingfieldsmsg'], $LANG_ACCESS['missingfields']) . editgroup($grp_id);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor']));
return $retval;
}
}
function LIB_Edit($pi_name, $id, $edt_flg, $msg = '', $errmsg = "", $mode = "edit")
{
global $_CONF;
global $_TABLES;
global $LANG_ADMIN;
global $MESSAGE;
global $LANG_ACCESS;
global $_USER;
$lang_box_admin = "LANG_" . strtoupper($pi_name) . "_ADMIN";
global ${$lang_box_admin};
$lang_box_admin = ${$lang_box_admin};
$lang_box = "LANG_" . strtoupper($pi_name);
global ${$lang_box};
$lang_box = ${$lang_box};
$lang_box_noyes = "LANG_" . strtoupper($pi_name) . "_NOYES";
global ${$lang_box_noyes};
$lang_box_noyes = ${$lang_box_noyes};
$lang_box_inputtype = "LANG_" . strtoupper($pi_name) . "_INPUTTYPE";
global ${$lang_box_inputtype};
$lang_box_inputtype = ${$lang_box_inputtype};
$table = $_TABLES[strtoupper($pi_name) . '_def_group'];
$table1 = $_TABLES[strtoupper($pi_name) . '_def_category'];
$table2 = $_TABLES[strtoupper($pi_name) . '_def_field'];
// $cur_year = date( 'Y' );
// $year_startoffset=1990 - $cur_year +1;
// $year_endoffset=0;
$retval = '';
$delflg = false;
//メッセージ表示
if (!empty($msg)) {
$retval .= COM_showMessage($msg, $pi_name);
$retval .= $errmsg;
// clean 'em up
$code = COM_applyFilter($_POST['code']);
$name = COM_applyFilter($_POST['name']);
$description = $_POST['description'];
//COM_applyFilter($_POST['description']);
$orderno = COM_applyFilter($_POST['orderno']);
$parent_flg = COM_applyFilter($_POST['parent_flg'], true);
$input_type = COM_applyFilter($_POST['input_type'], true);
$uuid = $_USER['uid'];
} else {
if (empty($id)) {
$id = 0;
$code = "";
$name = "";
$description = "";
$orderno = "";
$parent_flg = 0;
$uuid = 0;
$udatetime = "";
//"";
} else {
$sql = "SELECT ";
$sql .= " *";
$sql .= " ,UNIX_TIMESTAMP(udatetime) AS udatetime_un" . LB;
$sql .= " FROM ";
$sql .= $table;
$sql .= " WHERE ";
$sql .= " group_id = {$id}";
$result = DB_query($sql);
$A = DB_fetchArray($result);
$code = COM_stripslashes($A['code']);
$name = COM_stripslashes($A['name']);
$description = COM_stripslashes($A['description']);
$orderno = COM_stripslashes($A['orderno']);
$parent_flg = COM_stripslashes($A['parent_flg']);
$input_type = COM_stripslashes($A['input_type']);
$uuid = COM_stripslashes($A['uuid']);
$wary = COM_getUserDateTimeFormat(COM_stripslashes($A['udatetime_un']));
$udatetime = $wary[0];
if ($edt_flg == FALSE) {
$delflg = true;
}
}
}
if ($mode === "copy") {
$id = 0;
//作成日付
$created = 0;
$created_month = 0;
$created_day = 0;
$created_year = 0;
$created_hour = 0;
$created_minute = 0;
//
$delflg = false;
}
$retval .= COM_startBlock($lang_box_admin['edit'], '', COM_getBlockTemplate('_admin_block', 'header'));
$tmplfld = DATABOX_templatePath('admin', 'default', $pi_name);
$templates = new Template($tmplfld);
$templates->set_file('editor', "group_editor.thtml");
//--
$templates->set_var('about_thispage', $lang_box_admin['about_admin_group']);
$templates->set_var('lang_must', $lang_box_admin['must']);
$templates->set_var('site_url', $_CONF['site_url']);
$templates->set_var('site_admin_url', $_CONF['site_admin_url']);
$token = SEC_createToken();
$retval .= SEC_getTokenExpiryNotice($token);
$templates->set_var('gltoken_name', CSRF_TOKEN);
$templates->set_var('gltoken', $token);
$templates->set_var('xhtml', XHTML);
$templates->set_var('script', THIS_SCRIPT);
//
$templates->set_var('lang_link_admin', $lang_box_admin['link_admin']);
$templates->set_var('lang_link_admin_top', $lang_box_admin['link_admin_top']);
//id
$templates->set_var('lang_group_id', $lang_box_admin['group_id']);
$templates->set_var('id', $id);
//コード、名前&説明
$templates->set_var('lang_code', $lang_box_admin['code']);
$templates->set_var('code', $code);
$templates->set_var('lang_name', $lang_box_admin['name']);
$templates->set_var('name', $name);
$templates->set_var('lang_description', $lang_box_admin['description']);
$templates->set_var('description', $description);
//順番
$templates->set_var('lang_orderno', $lang_box_admin['orderno']);
$templates->set_var('orderno', $orderno);
//親ブループ?
$templates->set_var('lang_parent_flg', $lang_box_admin['parent_flg']);
$list_parent_flg = DATABOX_getradiolist($lang_box_noyes, "parent_flg", $parent_flg);
$templates->set_var('list_parent_flg', $list_parent_flg);
//入力タイプ
$templates->set_var('lang_input_type', $lang_box_admin['input_type']);
$list_input_type = DATABOX_getradiolist($lang_box_inputtype, "input_type", $input_type);
$templates->set_var('list_input_type', $list_input_type);
//保存日時
$templates->set_var('lang_udatetime', $lang_box_admin['udatetime']);
$templates->set_var('udatetime', $udatetime);
$templates->set_var('lang_uuid', $lang_box_admin['uuid']);
$templates->set_var('uuid', $uuid);
// SAVE、CANCEL ボタン
$templates->set_var('lang_save', $LANG_ADMIN['save']);
$templates->set_var('lang_cancel', $LANG_ADMIN['cancel']);
$templates->set_var('lang_preview', $LANG_ADMIN['preview']);
//delete_option
if ($delflg) {
$wkcnt = DB_count($table1, "categorygroup_id", $id);
if ($wkcnt > 0) {
$templates->set_var('lang_delete_help', $lang_box_admin['delete_help_group']);
} else {
$delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s>';
$jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"';
$templates->set_var('delete_option', sprintf($delbutton, $jsconfirm));
}
}
//
$templates->parse('output', 'editor');
$retval .= $templates->finish($templates->get_var('output'));
$retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
return $retval;
}
/**
* Filter parameters passed per GET (URL) or POST.
*
* @param string $parameter the parameter to test
* @param boolean $isnumeric true if $parameter is supposed to be numeric
* @return string the filtered parameter (may now be empty or 0)
* @see COM_applyBasicFilter
*
*/
function COM_applyFilter($parameter, $isnumeric = false)
{
$p = COM_stripslashes($parameter);
return COM_applyBasicFilter($p, $isnumeric);
}
