break; } if (ASKFORPASSWORD && $userpassword && !$canlogin) { print LoginPage($id, $userid, $emailcheck); break; } $success = (require 'admin/subscribelib2.php'); if ($success != 3) { print PreferencesPage($id, $userid); } break; case 'forward': print ForwardPage($id); break; case 'confirm': print ConfirmPage($id); break; #0013076: Blacklisting posibility for unknown users #0013076: Blacklisting posibility for unknown users case 'donotsend': case 'blacklist': case 'unsubscribe': print UnsubscribePage($id); break; default: FileNotFound(); } } else { FileNotFound(); } } else {
function selectPage($id) { if (!$id) { return '<!-- no subscribe page defined -->'; } $html = ''; # if (preg_match("/(\w+)/",$_GET["p"],$regs)) { switch ($_GET["p"]) { case "preferences": if (!$_GET["id"]) { $_GET["id"] = $id; } require $this->coderoot() . "/subscribelib2.php"; $html = PreferencesPage($id, $userid); break; case "confirm": $html = ConfirmPage($id); break; case "unsubscribe": $html = UnsubscribePage($id); break; default: case "subscribe": require $this->coderoot() . "/subscribelib2.php"; $html = SubscribePage($id); break; } return $html; }
/** * The screen to delete a weblog.. */ function main_blog_delete() { global $Weblogs, $Pivot_Vars; // Did the user confirm that he wants to delete? if ($Pivot_Vars['confirmed'] != 1) { // Not confirmed, show the confirmation option.. // Keep the (internal) name urlencoded since it is stored in the weblogs // array with an urlencoded key. $internal_name = urlencode($Pivot_Vars['name']); $vars = array('name', $internal_name, 'blog_delete', 1); $msg = lang('weblog_config', 'confirm_delete'); $msg = str_replace("%1", $Weblogs[$internal_name]['name'], $msg); ConfirmPage(lang('ufield_main', 'del_title'), $vars, $msg); } else { // Confirmed, so delete the weblog. // check against unauthorised direct access. check_csrf(); $name = $Pivot_Vars['name']; unset($Weblogs[$name]); save_serialize('pv_cfg_weblogs.php', $Weblogs); $msg = lang('weblog_config', 'deleted'); main_blogs($msg); } }
/** * Display the screen with entries. * * @param string $message */ function entries_screen($message = "") { global $config_array, $Pivot_Vars, $Cfg, $absmax; PageHeader(lang('userbar', 'entries'), 1); PageAnkeiler(lang('userbar', 'entries') . ' » ' . lang('userbar', 'entries_title')); // display a message, if there is one.. if ($message != "") { echo "<p><b>{$message}</b></p>"; } // if there is an 'action' to do if (isset($Pivot_Vars['doaction']) && $Pivot_Vars['action'] != "") { if ($Pivot_Vars['action'] == "delete" && $Pivot_Vars['confirmed'] != 1) { $vars = array("action", $Pivot_Vars['action'], "check", serialize($Pivot_Vars['check']), "doaction", "1"); if (count($Pivot_Vars['check']) == 1) { ConfirmPage("hmm ho hum", $vars, lang('entries', 'delete_one_confirm')); } else { ConfirmPage("hmm ho hum", $vars, lang('entries', 'delete_multiple_confirm')); } } entries_action($Pivot_Vars['action'], $Pivot_Vars['check']); } $db = new db(); if (!isset($Cfg['overview_entriesperpage'])) { $Cfg['overview_entriesperpage'] = 20; } $absmax = $db->get_entries_count(); $show = isset($Pivot_Vars['show']) ? $Pivot_Vars['show'] : $Cfg['overview_entriesperpage']; $offset = isset($Pivot_Vars['offset']) ? $Pivot_Vars['offset'] : 0; if (isset($Pivot_Vars['first'])) { $offset = $absmax - $show; } $myurl = sprintf("index.php?session=%s&menu=entries", $Pivot_Vars['session']); //Sort entries change //set initial values for sort values $entry_sort = ""; //goes in query string $sort = "date"; //goes in the getlist method call if (isset($Pivot_Vars['sort'])) { $entry_sort = "&sort=" . $Pivot_Vars['sort']; $sort = $Pivot_Vars['sort']; if (isset($Pivot_Vars['reverse'])) { $sort_order = TRUE; $entry_sort .= "&reverse"; } else { $sort_order = FALSE; $myurl .= "&reverse"; } } if (isset($Pivot_Vars['filtercat'])) { $overview_arr = $db->getlist(-$show, $offset, "", array($Pivot_Vars['filtercat']), $sort_order, $sort); $filter = "&filtercat=" . $Pivot_Vars['filtercat']; $filtertitle = str_replace('%name%', $Pivot_Vars['filtercat'], lang('entries', 'filteron')); } else { if (isset($Pivot_Vars['filteruser'])) { $overview_arr = $db->getlist(-$show, $offset, $Pivot_Vars['filteruser'], "", $sort_order, $sort); $filter = "&filteruser="******"modules/module_search.php"; $overview_arr = search_entries($Pivot_Vars['search']); $filtertitle = str_replace('%name%', '…', lang('entries', 'filteron')); $offset = 0; $absmax = $show = 1; } else { $overview_arr = $db->getlist(-$show, $offset, "", "", $sort_order, $sort); $filter = ""; $filtertitle = str_replace('%name%', '…', lang('entries', 'filteron')); } } } if ($offset < $absmax - $show) { $prev = $offset + $show; $prevlink = sprintf('<a href="%s&offset=%s&show=%s%s%s">« ' . lang('entries', 'first') . '</a> ', $myurl, $absmax - $show, $show, $filter, $entry_sort); $prevlink .= sprintf('<a href="%s&offset=%s&show=%s%s%s">‹ ' . lang('entries', 'previous') . ' %s</a>', $myurl, $prev, $show, $filter, $entry_sort, $show); } else { $prevlink = " "; } if ($offset > 0) { $next = max(0, $offset - $show); $nextlink = sprintf('<a href="%s&offset=%s&show=%s%s%s">› ' . lang('entries', 'next') . ' %s</a> ', $myurl, $next, $show, $filter, $entry_sort, $show); $nextlink .= sprintf('<a href="%s&show=%s%s%s">» ' . lang('entries', 'last') . '</a>', $myurl, $show, $filter, $entry_sort); } else { $nextlink = " "; } // make the html for the paginator.. $numofpages = (int) ceil($absmax / abs($show)); if ($numofpages > 1) { for ($i = 0; $i < $numofpages; $i++) { $init = $i * abs($show); $pages_arr[] = sprintf("<option value=\"%s%s&show=%s%s&offset=%s\">%s</option>", $myurl, $entry_sort, abs($show), $filter, $init, $i + 1); } $title = str_replace('%num%', ceil($offset / abs($show)) + 1, lang('entries', 'jumptopage')); $pages = "<select name='selectedPage' onchange='changePage(this.form.selectedPage)' \tclass='input'>"; $pages .= sprintf("<option value='' selected='selected'>%s</option>", $title); $pages .= implode("\n", $pages_arr); $pages .= "</select>"; } // make the HTML for the filter box if (isset($Pivot_Vars['filtercat']) || isset($Pivot_Vars['filteruser'])) { $pages_arr = array(sprintf("<option value=\"%s%s&show=%s\">%s</option>", $myurl, $entry_sort, abs($show), lang('entries', 'filteroff'))); } else { $pages_arr = array(); } $cats = cfg_cats(); $pages_arr[] = "<option value=''>" . lang('entries', 'category') . "</option>"; foreach ($cats as $cat) { $pages_arr[] = sprintf("<option value=\"%s%s&show=%s&filtercat=%s\"> - %s</option>", $myurl, $entry_sort, abs($show), $cat['name'], $cat['name']); } $users = explode("|", $Cfg['users']); $pages_arr[] = "<option value=''>" . lang('entries', 'author') . "</option>"; foreach ($users as $user) { $pages_arr[] = sprintf("<option value=\"%s%s&show=%s&filteruser=%s\"> - %s</option>", $myurl, $entry_sort, abs($show), $user, $user); } $pages .= "<select name='selectedFilter' onchange='changePage(this.form.selectedFilter)' class='input'>"; $pages .= sprintf("<option value='' selected='selected'>%s</option>", $filtertitle); $pages .= implode("\n", $pages_arr); $pages .= "</select>"; $searchval = isset($Pivot_Vars['search']) ? $Pivot_Vars['search'] : 'search'; $pages .= "<input type='text' name='search' value='" . $searchval . "' class='input' style='padding: 2px; height: 19px; width: 90px;' onfocus='this.select();' />"; // Some JS for the paginator and filter menus echo "<scr" . "ipt language='JavaScript' type='text/JavaScript'>\nfun" . "ction changePage(newLoc)\n{\nnextPage = newLoc.options[newLoc.selectedIndex].value;\nif (nextPage != '') { document.location.href = nextPage; } }</scr" . "ipt>"; printf("<form name='form1' method='post' action='%s&doaction=1'>\n<table cellspacing='0' class='tabular_border' border='0'>\n", $myurl); echo "<tr class='tabular_nav'><td colspan='8'>\n"; echo '<table cellspacing="0" cellpadding="0" class="tabular_border" style="border:0px;" border="0" width="100%"><tr>'; printf('<td>%s </td>', $prevlink); printf('<td align="center">%s</td>', $pages); printf('<td align="right" class="tabular_nav"> %s</td></tr></table>', $nextlink); echo "\n</td></tr><tr class='tabular_header'><td> </td>"; echo '<td><a href="' . $myurl . '&sort=status">' . lang('entries', 'status') . '</a></td>'; echo '<td><a href="' . $myurl . '&sort=title">' . lang('entries', 'title') . '</a></td>'; echo '<td><a href="' . $myurl . '&sort=category">' . lang('entries', 'category') . '</a></td>'; echo '<td><a href="' . $myurl . '&sort=user">' . lang('entries', 'author') . '</a></td>'; echo '<td><a href="' . $myurl . '&sort=date">' . lang('entries', 'date') . '</a></td>'; echo '<td><a href="' . $myurl . '&sort=commcount">' . lang('entries', 'comm') . '</a></td>'; echo '<td><a href="' . $myurl . '&sort=trackcount">' . lang('entries', 'track') . '</a></td>'; echo '</tr>'; //End Sort Entry Changes foreach ($overview_arr as $overview_line) { print_row($overview_line); } echo '<tr class="tabular_header"><td colspan="8"><img src="pics/arrow_ltr.gif" width="29" height="14" border="0" alt="" />'; echo '<a href="#" onclick=\'setCheckboxes("form1", true); return false;\'>' . lang('forms', 'c_all') . '</a> / '; echo '<a href="#" onclick=\'setCheckboxes("form1", false); return false;\'>' . lang('forms', 'c_none') . '</a>'; echo ' - ' . lang('forms', 'with_checked_entries'); echo '<select name="action" class="input"> <option value="" selected="selected">' . lang('forms', 'choose') . '</option> <option value="publish">' . lang('forms', 'publish') . '</option> <option value="hold" >' . lang('forms', 'hold') . '</option> <option value="delete">' . lang('forms', 'delete') . '</option> <option value="generate">' . lang('forms', 'generate') . '</option> </select>'; echo ' <input type="submit" value="' . lang('go') . '" class="button" /></td></tr>'; echo '</table></form>'; PageFooter(); }
/** * Saves the user settings. * * @param int $admin */ function libsave_change_user($admin = 0) { global $Pivot_Vars, $Users, $Cfg, $Paths; // Sanitize passed variables to prevent people from inserting characters that // could be interpreted as dividers. foreach ($Pivot_Vars as $key => $val) { $Pivot_Vars[$key] = preg_replace("/[!|\n]/i", "", $Pivot_Vars[$key]); } $userfields = get_userfields($admin); $ufields = GetUserFields(); if ($admin == 1) { $theuser = $Pivot_Vars['username']; } else { $theuser = $Pivot_Vars['user']; } if ($Pivot_Vars['delete_user'] == 1 && $Users[$Pivot_Vars['user']]['userlevel'] >= 3) { if ($Pivot_Vars['confirmed'] == 1) { //delete him from the config file, nothing else. $tmp_arr = explode("|", $Cfg['users']); foreach ($tmp_arr as $candidate) { if ($candidate != $Pivot_Vars['username']) { $tmp_arr2[] = $candidate; } } $Cfg['users'] = implode("|", $tmp_arr2); unset($Users[$Pivot_Vars['username']]); unset($Cfg['user-' . $Pivot_Vars['username']]); see_users(); } else { $vars = array('username', $Pivot_Vars['username'], 'delete_user', 1); ConfirmPage(lang('ufield_main', 'del_title'), $vars, sprintf(lang('config', 'delete_user_confirm'), $Pivot_Vars['username'])); } } else { foreach ($ufields as $keyname => $intarr) { // Skipping fields that we aren't allowed to change if ($admin != 1 && $Users[$theuser]['userlevel'] < $ufields[$keyname]['minlevel']) { continue; } array_push($userfields, array($keyname, $ufields[$keyname]['disp'], '', $ufields[$keyname]['type'], $Users[$theuser][$keyname], $ufields[$keyname]['size'], $maxl)); if ($ufields[$keyname]['filter'] != '' && strlen($Pivot_Vars[$keyname]) > 0) { $tfunk = 'is' . $ufields[$keyname]['filter']; if (!$tfunk($Pivot_Vars[$keyname])) { $userfields[count($userfields) - 1][2] = 'hey, that input doesn\'t go along with the filter in place'; $Piverr++; } } } $arraycount = Count($userfields); if (strlen($Pivot_Vars['pass1']) + strlen($Pivot_Vars['pass2']) >= 1) { if (trim($Pivot_Vars['pass1']) != trim($Pivot_Vars['pass2'])) { $userfields[2][2] = lang('userinfo', 'pass_dont_match'); $Piverr++; } if (strlen($Pivot_Vars['pass1']) < 4) { $userfields[1][2] = lang('userinfo', 'pass_too_short'); $Piverr++; } if ($Pivot_Vars['pass1'] == $Pivot_Vars['username']) { $userfields[1][2] = lang('userinfo', 'pass_equal_name'); $Piverr++; } } if ($Piverr == 0) { // make sure the superadmin doesn't demote himsef/herself.. if ($Users[$theuser]['userlevel'] == 4) { $Pivot_Vars['userlevel'] = 4; } // get confirmation if user gets admin rights if ($Pivot_Vars['userlevel'] == 3 && $Users[$theuser]['userlevel'] < 3 && $Pivot_Vars['confirmed'] != 1) { $vars = array(); $arraycount = Count($userfields); for ($i = 0; $i < $arraycount; $i++) { array_push($vars, $userfields[$i][0], $Pivot_Vars[$userfields[$i][0]]); } ConfirmPage(lang('userinfo', 'c_admin_title'), $vars, sprintf(lang('userinfo', 'c_admin_message'), $theuser)); } else { //it's all good. if (strlen($Pivot_Vars['pass1']) >= 6) { $Users[$theuser]['pass'] = md5($Pivot_Vars['pass1']); if ($_COOKIE['mode'] == 'stayloggedin' && $Pivot_Vars['user'] == $theuser) { setcookie('pass', md5($Pivot_Vars['pass1']), time() + $Cfg['cookie_length'], $Paths['cookie_url']); } //change the session key too.. $Cfg['tempsessions'][$Pivot_Vars['session']][1] = md5($Pivot_Vars['pass1']); } for ($i = 0; $i < $arraycount; $i++) { if ($userfields[$i][0] != 'heading' && $userfields[$i][0] != 'pass1' && $userfields[$i][0] != 'pass2') { $Users[$theuser][$userfields[$i][0]] = $Pivot_Vars[$userfields[$i][0]]; } } // set the categories.. if ($Users[$Pivot_Vars['user']]['userlevel'] > 2) { foreach (explode("|", $Cfg['cats']) as $category) { $allowed_users = explode("|", $Cfg['cat-' . $category]); if (isset($Pivot_Vars['allowed'][urlencode($category)])) { // add the user.. if (!in_array($theuser, $allowed_users)) { $allowed_users[] = $theuser; } } else { // remove the user.. if (in_array($theuser, $allowed_users)) { foreach ($allowed_users as $key => $user) { if ($user == $theuser) { unset($allowed_users[$key]); } } } } $Cfg['cat-' . $category] = implode("|", $allowed_users); } } /** * Rather crude check to prevent corrupting the file: * if $Users[$theuser]['username'] is empty, we refuse to save. */ if ($Users[$theuser]['username'] != "") { debug("changes saved for " . $theuser); SaveSettings(); } else { // not right.. debug("Changes not saved.."); } //so we can reload the languages and such if ($admin == 1) { redirect('index.php?session=' . $Pivot_Vars['session'] . '&menu=admin&func=admin&do=seeusers'); die; } else { redirect('index.php?session=' . $Pivot_Vars['session'] . '&menu=userinfo&func=u_settings'); die; } } } else { //reshow the spage $Pivot_Vars['edituser'] = $Pivot_Vars['username']; //regroup the old settings. for ($i = 0; $i < $arraycount; $i++) { if ($userfields[$i][3] == 0) { $userfields[$i][4] = $Pivot_Vars[$userfields[$i][0]]; } elseif ($userfields[$i][3] == 3) { $userfields[$i][6] = $Pivot_Vars[$userfields[$i][0]]; } } } if ($Users[$theuser]['userlevel'] > 3) { //ARGHH!!!!!! $unf[0] = $userfields[4][6]; $unf[1] = 'disabled'; unset($userfields[4][6]); $userfields[4][6] = $unf; } if ($admin == 1) { change_user(1, $userfields); } else { u_settings_screen(1, $userfields); } } PutUserInfo(); }