/**
* A page is not validated, so show a warning.
*
* @param ID_TEXT The zone the page is being loaded from
* @param ID_TEXT The codename of the page
* @param tempcode The edit URL (blank if no edit access)
* @return tempcode The warning
*/
function get_page_warning_details($zone, $codename, $edit_url)
{
$warning_details = new ocp_tempcode();
if (!has_specific_permission(get_member(), 'jump_to_unvalidated')) {
access_denied('SPECIFIC_PERMISSION', 'jump_to_unvalidated');
}
$uv_warning = do_lang_tempcode(get_param_integer('redirected', 0) == 1 ? 'UNVALIDATED_TEXT_NON_DIRECT' : 'UNVALIDATED_TEXT');
// Wear sun cream
if (!$edit_url->is_empty()) {
$menu_links = $GLOBALS['SITE_DB']->query('SELECT DISTINCT i_menu FROM ' . get_table_prefix() . 'menu_items WHERE ' . db_string_equal_to('i_url', $zone . ':' . $codename) . ' OR ' . db_string_equal_to('i_url', '_SEARCH:' . $codename));
if (count($menu_links) != 0) {
$menu_items_linking = new ocp_tempcode();
foreach ($menu_links as $menu_link) {
if (!$menu_items_linking->is_empty()) {
$menu_items_linking->attach(do_lang_tempcode('LIST_SEP'));
}
$menu_edit_url = build_url(array('page' => 'admin_menus', 'type' => 'edit', 'id' => $menu_link['i_menu']), get_module_zone('admin_menus'));
$menu_items_linking->attach(hyperlink($menu_edit_url, $menu_link['i_menu'], false, true));
}
$uv_warning = do_lang_tempcode('UNVALIDATED_TEXT_STAFF', $menu_items_linking);
}
}
$warning_details->attach(do_template('WARNING_TABLE', array('WARNING' => $uv_warning)));
return $warning_details;
}
/**
* Standard modular run function.
*
* @return tempcode The result of execution.
*/
function run()
{
if (get_forum_type() != 'ocf') {
warn_exit(do_lang_tempcode('NO_OCF'));
} else {
ocf_require_all_forum_stuff();
}
require_code('ocf_forumview');
if (is_guest()) {
access_denied('NOT_AS_GUEST');
}
require_css('ocf');
$type = get_param('type', 'misc');
if ($type == 'misc') {
list($title, $content) = $this->new_posts();
} elseif ($type == 'unread') {
list($title, $content) = $this->unread_topics();
} elseif ($type == 'recently_read') {
list($title, $content) = $this->recently_read();
} else {
$title = new ocp_tempcode();
$content = new ocp_tempcode();
}
$ret = ocf_wrapper($title, do_template('OCF_VFORUM', array('_GUID' => '8dca548982d65500ab1800ceec2ddc61', 'CONTENT' => $content)));
return $ret;
}
/**
* Standard modular run function.
*
* @return tempcode The result of execution.
*/
function run()
{
require_lang('bookmarks');
require_code('bookmarks');
require_css('bookmarks');
if (is_guest()) {
access_denied('NOT_AS_GUEST');
}
// Decide what we're doing
$type = get_param('type', 'misc');
if ($type == 'misc') {
return $this->manage_bookmarks();
}
if ($type == '_manage') {
return $this->_manage_bookmarks();
}
if ($type == '_edit') {
return $this->_edit_bookmark();
}
if ($type == 'ad') {
return $this->ad();
}
if ($type == '_ad') {
return $this->_ad();
}
return new ocp_tempcode();
}
/**
* Add a forum poll.
*
* @param AUTO_LINK The ID of the topic to add the poll to.
* @param SHORT_TEXT The question.
* @param BINARY Whether the result tallies are kept private until the poll is made non-private.
* @param BINARY Whether the poll is open for voting.
* @param integer The minimum number of selections that may be made.
* @param integer The maximum number of selections that may be made.
* @param BINARY Whether members must have a post in the topic before they made vote.
* @param array A list of pairs of the potential voteable answers and the number of votes.
* @param boolean Whether to check there are permissions to make the poll.
* @return AUTO_LINK The ID of the newly created forum poll.
*/
function ocf_make_poll($topic_id, $question, $is_private, $is_open, $minimum_selections, $maximum_selections, $requires_reply, $answers, $check_permissions = true)
{
require_code('ocf_polls');
if ($check_permissions && !ocf_may_attach_poll($topic_id)) {
access_denied('I_ERROR');
}
$poll_id = $GLOBALS['FORUM_DB']->query_insert('f_polls', array('po_question' => $question, 'po_cache_total_votes' => 0, 'po_is_private' => $is_private, 'po_is_open' => $is_open, 'po_minimum_selections' => $minimum_selections, 'po_maximum_selections' => $maximum_selections, 'po_requires_reply' => $requires_reply), true);
foreach ($answers as $answer) {
if (is_array($answer)) {
list($answer, $num_votes) = $answer;
} else {
$num_votes = 0;
}
$GLOBALS['FORUM_DB']->query_insert('f_poll_answers', array('pa_poll_id' => $poll_id, 'pa_answer' => $answer, 'pa_cache_num_votes' => $num_votes));
}
$map = array('t_poll_id' => $poll_id);
// Now make the topic validated if this is attaching immediately
if (get_param_integer('re_validate', 0) == 1) {
$forum_id = $GLOBALS['FORUM_DB']->query_value('f_topics', 't_forum_id', array('id' => $topic_id));
if (is_null($forum_id) || has_specific_permission(get_member(), 'bypass_validation_midrange_content', 'topics', array('forums', $forum_id))) {
$map['t_validated'] = 1;
}
}
$GLOBALS['FORUM_DB']->query_update('f_topics', $map, array('id' => $topic_id), '', 1);
return $poll_id;
}
/**
* Constructor method
*
* @access public
* @return void
*/
public function __construct()
{
parent::__construct();
// Load the required classes
$this->load->model('group_m');
$this->lang->load('groups');
is_sadmin() or access_denied();
}
/**
* Is the category accessible to the connected user ?
* If the user is not authorized to see this category, script exits
*
* @param int $category_id
*/
function check_restrictions($category_id)
{
global $user;
// $filter['visible_categories'] and $filter['visible_images']
// are not used because it's not necessary (filter <> restriction)
if (in_array($category_id, explode(',', $user['forbidden_categories']))) {
access_denied();
}
}
function post_only_user($level)
{
if (Request::$method != 'POST') {
return;
}
if (User::is("<{$level}")) {
access_denied();
}
}
/**
* Standard modular run function.
*
* @param array A map of parameters.
* @return tempcode The result of execution.
*/
function run($map)
{
if (!array_key_exists('param', $map)) {
return new ocp_tempcode();
}
if (!has_zone_access(get_member(), $map['param'])) {
access_denied('ZONE_ACCESS', $map['param']);
}
return new ocp_tempcode();
}
function gb_index()
{
global $template, $page, $conf;
if (isset($page['section']) and $page['section'] == 'guestbook') {
if (is_a_guest() && !$conf['guestbook']['guest_can_view']) {
access_denied();
}
include GUESTBOOK_PATH . '/include/guestbook.inc.php';
}
}
/**
* Standard modular render function for profile tab hooks.
*
* @param MEMBER The ID of the member who is being viewed
* @param MEMBER The ID of the member who is doing the viewing
* @param boolean Whether to leave the tab contents NULL, if tis hook supports it, so that AJAX can load it later
* @return array A triple: The tab title, the tab contents, the suggested tab order
*/
function render_tab($member_id_of, $member_id_viewing, $leave_to_ajax_if_possible = false)
{
$title = do_lang_tempcode('EDIT_EM');
require_lang('ocf');
require_css('ocf');
$order = 200;
if ($leave_to_ajax_if_possible && strtoupper(ocp_srv('REQUEST_METHOD')) != 'POST') {
return array($title, NULL, $order);
}
$tabs = array();
$hooks = find_all_hooks('systems', 'profiles_tabs_edit');
if (isset($hooks['settings'])) {
$hooks = array('settings' => $hooks['settings']) + $hooks;
}
foreach (array_keys($hooks) as $hook) {
require_code('hooks/systems/profiles_tabs_edit/' . $hook);
$ob = object_factory('Hook_Profiles_Tabs_Edit_' . $hook);
if ($ob->is_active($member_id_of, $member_id_viewing)) {
$tabs[] = $ob->render_tab($member_id_of, $member_id_viewing, $leave_to_ajax_if_possible);
}
}
if ($leave_to_ajax_if_possible) {
return array($title, NULL, $order);
}
global $M_SORT_KEY;
$M_SORT_KEY = 4;
usort($tabs, 'multi_sort');
$javascript = '';
$hidden = new ocp_tempcode();
// Session ID check, if saving
if (count($_POST) != 0 && count($tabs) != 0) {
global $SESSION_CONFIRMED;
if ($SESSION_CONFIRMED == 0) {
access_denied('SESSION', '', true);
}
}
$_tabs = array();
$first = true;
foreach ($tabs as $i => $tab) {
if (is_null($tab)) {
continue;
}
$javascript .= $tab[3];
if (isset($tab[5])) {
$hidden->attach($tab[5]);
}
$_tabs[] = array('TAB_TITLE' => $tab[0], 'TAB_FIELDS' => $tab[1], 'TAB_TEXT' => $tab[2], 'TAB_FIRST' => $first, 'TAB_LAST' => !array_key_exists($i + 1, $tabs));
$first = false;
}
$url = build_url(array('page' => '_SELF'), '_SELF', NULL, true, false, false);
$content = do_template('OCF_MEMBER_PROFILE_EDIT', array('JAVASCRIPT' => $javascript, 'HIDDEN' => $hidden, 'URL' => $url, 'SUBMIT_NAME' => do_lang_tempcode('SAVE'), 'AUTOCOMPLETE' => false, 'SKIP_VALIDATION' => true, 'TABS' => $_tabs));
return array($title, $content, $order);
}
/**
* Add a topic.
*
* @param ?AUTO_LINK The ID of the forum the topic will be in (NULL: Private Topic).
* @param SHORT_TEXT Description of the topic.
* @param SHORT_TEXT The theme image code of the emoticon for the topic.
* @param ?BINARY Whether the topic is validated (NULL: detect whether it should be).
* @param BINARY Whether the topic is open.
* @param BINARY Whether the topic is pinned.
* @param BINARY Whether the topic is sunk.
* @param BINARY Whether the topic is cascading.
* @param ?MEMBER If it is a Private Topic, who is it 'from' (NULL: not a Private Topic).
* @param ?MEMBER If it is a Private Topic, who is it 'to' (NULL: not a Private Topic).
* @param boolean Whether to check the poster has permissions for the given topic settings.
* @param integer The number of times the topic has been viewed.
* @param ?AUTO_LINK Force an ID (NULL: don't force an ID)
* @param SHORT_TEXT Link related to the topic (e.g. link to view a ticket).
* @return AUTO_LINK The ID of the newly created topic.
*/
function ocf_make_topic($forum_id, $description = '', $emoticon = '', $validated = NULL, $open = 1, $pinned = 0, $sunk = 0, $cascading = 0, $pt_from = NULL, $pt_to = NULL, $check_perms = true, $num_views = 0, $id = NULL, $description_link = '')
{
if (is_null($pinned)) {
$pinned = 0;
}
if (is_null($sunk)) {
$sunk = 0;
}
if (is_null($description)) {
$description = '';
}
if (is_null($num_views)) {
$num_views = 0;
}
if ($check_perms) {
require_code('ocf_topics');
if (!ocf_may_post_topic($forum_id, get_member())) {
access_denied('I_ERROR');
}
if (!is_null($pt_to)) {
decache('side_ocf_personal_topics', array($pt_to));
decache('_new_pp', array($pt_to));
}
if (!is_null($forum_id)) {
require_code('ocf_posts_action');
ocf_decache_ocp_blocks($forum_id);
}
require_code('ocf_forums');
if (!ocf_may_moderate_forum($forum_id)) {
$pinned = 0;
$sunk = 0;
$open = 1;
$cascading = 0;
}
}
if (is_null($validated) || $check_perms && $validated == 1) {
if (!is_null($forum_id) && !has_specific_permission(get_member(), 'bypass_validation_midrange_content', 'topics', array('forums', $forum_id))) {
$validated = 0;
} else {
$validated = 1;
}
}
if (!addon_installed('unvalidated')) {
$validated = 1;
}
$map = array('t_pinned' => $pinned, 't_sunk' => $sunk, 't_cascading' => $cascading, 't_forum_id' => $forum_id, 't_pt_from' => $pt_from, 't_pt_to' => $pt_to, 't_description' => substr($description, 0, 255), 't_description_link' => substr($description_link, 0, 255), 't_emoticon' => $emoticon, 't_num_views' => $num_views, 't_validated' => $validated, 't_is_open' => $open, 't_poll_id' => NULL, 't_cache_first_post_id' => NULL, 't_cache_first_post' => NULL, 't_cache_first_time' => NULL, 't_cache_first_title' => '', 't_cache_first_username' => '', 't_cache_first_member_id' => NULL, 't_cache_last_post_id' => NULL, 't_cache_last_time' => NULL, 't_cache_last_title' => '', 't_cache_last_username' => '', 't_cache_last_member_id' => NULL, 't_cache_num_posts' => 0, 't_pt_from_category' => '', 't_pt_to_category' => '');
if (!is_null($id)) {
$map['id'] = $id;
}
return $GLOBALS['FORUM_DB']->query_insert('f_topics', $map, true);
}
/**
* Delete a forum poll.
*
* @param AUTO_LINK The ID of the poll we're deleting.
* @param LONG_TEXT The reason for deleting the poll.
* @return AUTO_LINK The ID of the topic the poll is on.
*/
function ocf_delete_poll($poll_id, $reason)
{
require_code('ocf_polls');
$topic_info = $GLOBALS['FORUM_DB']->query_select('f_topics', array('*'), array('t_poll_id' => $poll_id), '', 1);
if (!ocf_may_delete_poll_by($topic_info[0]['t_forum_id'], $topic_info[0]['t_cache_first_member_id'])) {
access_denied('I_ERROR');
}
$topic_id = $topic_info[0]['id'];
$name = $GLOBALS['FORUM_DB']->query_value('f_polls', 'po_question', array('id' => $poll_id));
$GLOBALS['FORUM_DB']->query_delete('f_polls', array('id' => $poll_id), '', 1);
$GLOBALS['FORUM_DB']->query_delete('f_poll_answers', array('pa_poll_id' => $poll_id));
$GLOBALS['FORUM_DB']->query_delete('f_poll_votes', array('pv_poll_id' => $poll_id));
$GLOBALS['FORUM_DB']->query_update('f_topics', array('t_poll_id' => NULL), array('t_poll_id' => $poll_id), '', 1);
require_code('ocf_general_action2');
ocf_mod_log_it('DELETE_TOPIC_POLL', strval($poll_id), $name, $reason);
return $topic_id;
}
/**
* Standard modular run function.
*
* @return tempcode The result of execution.
*/
function run()
{
require_lang('ecommerce');
require_code('ecommerce');
require_css('ecommerce');
// Kill switch
if (ecommerce_test_mode() && !$GLOBALS['IS_ACTUALLY_ADMIN'] && !has_specific_permission(get_member(), 'access_ecommerce_in_test_mode')) {
warn_exit(do_lang_tempcode('PURCHASE_DISABLED'));
}
if (is_guest()) {
access_denied('NOT_AS_GUEST');
}
$type = get_param('type', 'misc');
if ($type == 'misc') {
return $this->my();
}
if ($type == 'pay') {
return $this->pay();
}
return new ocp_tempcode();
}
/**
* Standard aed_module run_start.
*
* @param ID_TEXT The type of module execution
* @return tempcode The output of the run
*/
function run_start($type)
{
$GLOBALS['HELPER_PANEL_PIC'] = 'pagepics/news';
$GLOBALS['HELPER_PANEL_TUTORIAL'] = 'tut_news';
$this->posting_form_title = do_lang_tempcode('BLOG_NEWS_ARTICLE');
if (is_guest()) {
access_denied('NOT_AS_GUEST');
}
require_css('news');
require_lang('news');
// Decide what to do
if ($type == 'misc') {
return $this->misc();
}
if ($type == 'import_wordpress') {
return $this->import_wordpress();
}
if ($type == '_import_wordpress') {
return $this->_import_wordpress();
}
return new ocp_tempcode();
}
/**
* Standard aed_module run_start.
*
* @param ID_TEXT The type of module execution
* @return tempcode The output of the run
*/
function run_start($type)
{
require_lang('ocf_warnings');
if (get_forum_type() != 'ocf') {
warn_exit(do_lang_tempcode('NO_OCF'));
} else {
ocf_require_all_forum_stuff();
}
require_code('ocf_moderation_action');
require_code('ocf_moderation_action2');
if (!ocf_may_warn_members()) {
access_denied('SPECIFIC_PERMISSION', 'warn_members');
}
if ($type == 'history') {
return $this->history();
}
if ($type == 'undo_charge') {
return $this->undo_charge();
}
if ($type == 'undo_probation') {
return $this->undo_probation();
}
if ($type == 'undo_banned_ip') {
return $this->undo_banned_ip();
}
if ($type == 'undo_banned_member') {
return $this->undo_banned_member();
}
if ($type == 'undo_silence_from_topic') {
return $this->undo_silence_from_topic();
}
if ($type == 'undo_silence_from_forum') {
return $this->undo_silence_from_forum();
}
return new ocp_tempcode();
}
/**
* Move some topics.
*
* @param AUTO_LINK The forum the topics are currently in.
* @param AUTO_LINK The forum the topics are being moved to.
* @param ?array A list of the topic IDs to move (NULL: move all topics from source forum).
*/
function ocf_move_topics($from, $to, $topics = NULL)
{
if ($from == $to) {
return;
}
// That would be nuts, and interfere with our logic
require_code('notifications');
require_code('ocf_topics');
require_code('ocf_forums_action2');
$forum_name = ocf_ensure_forum_exists($to);
if (!ocf_may_moderate_forum($from)) {
access_denied('I_ERROR');
}
$topic_count = 0;
if (is_null($topics)) {
if (is_null($from)) {
access_denied('I_ERROR');
}
$all_topics = $GLOBALS['FORUM_DB']->query_select('f_topics', array('id', 't_cache_num_posts', 't_validated'), array('t_forum_id' => $from));
$or_list = '';
$post_count = 0;
$topics = array();
foreach ($all_topics as $topic_info) {
$topics[] = $topic_info['id'];
if ($or_list != '') {
$or_list .= ' OR ';
}
$or_list .= 'id=' . strval((int) $topic_info['id']);
$post_count += $topic_info['t_cache_num_posts'];
if ($topic_info['t_validated'] == 1) {
$topic_count++;
}
}
$GLOBALS['FORUM_DB']->query_update('f_topics', array('t_forum_id' => $to), array('t_forum_id' => $from));
// Update forum IDs' for posts
$GLOBALS['FORUM_DB']->query_update('f_posts', array('p_cache_forum_id' => $to), array('p_cache_forum_id' => $from));
$or_list_2 = str_replace('id', 'p_topic_id', $or_list);
if ($or_list_2 == '') {
return;
}
} elseif (count($topics) == 1) {
$topic_info = $GLOBALS['FORUM_DB']->query_select('f_topics', array('t_forum_id', 't_pt_from', 't_pt_to', 't_cache_first_title', 't_cache_num_posts', 't_validated'), array('id' => $topics[0]));
if (!array_key_exists(0, $topic_info)) {
warn_exit(do_lang_tempcode('MISSING_RESOURCE'));
}
if ($topic_info[0]['t_forum_id'] != $from || $topic_info[0]['t_pt_from'] != get_member() && $topic_info[0]['t_pt_to'] != get_member() && !ocf_has_special_pt_access($topics[0]) && !has_specific_permission(get_member(), 'view_other_pt') && is_null($topic_info[0]['t_forum_id'])) {
access_denied('I_ERROR');
}
if ($topic_info[0]['t_validated'] == 1) {
$topic_count++;
}
$topic_title = $topic_info[0]['t_cache_first_title'];
$post_count = $topic_info[0]['t_cache_num_posts'];
$GLOBALS['FORUM_DB']->query_update('f_topics', array('t_pt_from' => NULL, 't_pt_to' => NULL, 't_forum_id' => $to), array('t_forum_id' => $from, 'id' => $topics[0]), '', 1);
// Extra where constraint for added security
log_it('MOVE_TOPICS', $topic_title, strval($topics[0]));
$or_list = 'id=' . strval($topics[0]);
$or_list_2 = 'p_topic_id=' . strval($topics[0]);
// Update forum IDs' for posts
$GLOBALS['FORUM_DB']->query_update('f_posts', array('p_cache_forum_id' => $to), array('p_topic_id' => $topics[0]));
} else {
if (count($topics) == 0) {
return;
}
// Nuts, lol
$or_list = '';
foreach ($topics as $topic_id) {
if ($or_list != '') {
$or_list .= ' OR ';
}
$or_list .= 'id=' . strval((int) $topic_id);
if (is_null($from)) {
$topic_info = $GLOBALS['FORUM_DB']->query_select('f_topics', array('t_forum_id', 't_pt_from', 't_pt_to'), array('id' => $topic_id));
if (array_key_exists(0, $topic_info)) {
if ($topic_info[0]['t_validated'] == 1) {
$topic_count++;
}
if ($topic_info[0]['t_forum_id'] != $from || $topic_info[0]['t_pt_from'] != get_member() && $topic_info[0]['t_pt_to'] != get_member() && !ocf_has_special_pt_access($topic_id) && !has_specific_permission(get_member(), 'view_other_pt')) {
access_denied('I_ERROR');
}
}
} else {
$topic_count++;
// Might not be validated, which means technically we shouldn't do this, but it's low chance, low impact, and the indicator is only a cache thing anyway
}
}
$GLOBALS['FORUM_DB']->query('UPDATE ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_topics SET t_forum_id=' . strval((int) $to) . ',t_pt_from=NULL,t_pt_to=NULL WHERE t_forum_id' . (is_null($from) ? ' IS NULL' : '=' . strval((int) $from)) . ' AND (' . $or_list . ')');
log_it('MOVE_TOPICS', do_lang('MULTIPLE'));
$post_count = $GLOBALS['FORUM_DB']->query_value_null_ok_full('SELECT SUM(t_cache_num_posts) FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_topics WHERE ' . $or_list);
// Update forum IDs' for posts
$or_list_2 = str_replace('id', 'p_topic_id', $or_list);
$GLOBALS['FORUM_DB']->query('UPDATE ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_posts SET p_cache_forum_id=' . strval((int) $to) . ' WHERE ' . $or_list_2);
}
require_code('ocf_posts_action2');
// Update source forum cache view
if (!is_null($from)) {
ocf_force_update_forum_cacheing($from, -$topic_count, -$post_count);
}
// Update dest forum cache view
ocf_force_update_forum_cacheing($to, $topic_count, $post_count);
if (!is_null($from)) {
// Update member post counts if we've switched between post-count countable forums
$post_count_info = $GLOBALS['FORUM_DB']->query('SELECT id,f_post_count_increment FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_forums WHERE id=' . strval((int) $from) . ' OR id=' . strval((int) $to), 2);
if ($post_count_info[0]['id'] == $from) {
$from_cnt = $post_count_info[0]['f_post_count_increment'];
$to_cnt = $post_count_info[1]['f_post_count_increment'];
} else {
$from_cnt = $post_count_info[1]['f_post_count_increment'];
$to_cnt = $post_count_info[0]['f_post_count_increment'];
}
require_code('ocf_posts_action');
if ($from_cnt != $to_cnt) {
$sql = 'SELECT p_poster FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_posts WHERE (' . $or_list_2 . ')';
if (addon_installed('unvalidated')) {
$sql .= ' AND p_validated=1';
}
$_member_post_counts = collapse_1d_complexity('p_poster', $GLOBALS['FORUM_DB']->query($sql));
$member_post_counts = array_count_values($_member_post_counts);
foreach ($member_post_counts as $member_id => $member_post_count) {
if ($to == 0) {
$member_post_count = -$member_post_count;
}
ocf_force_update_member_post_count($member_id, $member_post_count);
}
}
}
require_code('ocf_posts_action');
if (!is_null($from)) {
ocf_decache_ocp_blocks($from);
} else {
decache('side_ocf_personal_topics');
decache('_new_pp');
}
ocf_decache_ocp_blocks($to, $forum_name);
if (function_exists('set_time_limit')) {
@set_time_limit(0);
}
$start = 0;
do {
$topics2 = $GLOBALS['FORUM_DB']->query('SELECT id,t_cache_first_title,t_cache_last_time FROM ' . $GLOBALS['FORUM_DB']->get_table_prefix() . 'f_topics WHERE ' . $or_list, 100, $start);
require_code('urls2');
foreach ($topics2 as $_topic) {
if ($_topic['t_cache_last_time'] < time() - 60 * 60 * 24 * 14) {
continue;
}
$topic_id = $_topic['id'];
$topic_title = $_topic['t_cache_first_title'];
suggest_new_idmoniker_for('topicview', 'misc', strval($topic_id), $topic_title);
// Now lets inform people tracking the topic that it has moved
$subject = do_lang('TOPIC_MOVE_MAIL_SUBJECT', get_site_name(), $topic_title);
$mail = do_lang('TOPIC_MOVE_MAIL', comcode_escape(get_site_name()), comcode_escape($topic_title), array(comcode_escape($forum_name)));
dispatch_notification('ocf_topic', strval($topic_id), $subject, $mail);
}
} while (count($topics2) == 100);
}
/**
* Standard modular render function for profile tabs edit hooks.
*
* @param MEMBER The ID of the member who is being viewed
* @param MEMBER The ID of the member who is doing the viewing
* @param boolean Whether to leave the tab contents NULL, if tis hook supports it, so that AJAX can load it later
* @return ?array A tuple: The tab title, the tab body text (may be blank), the tab fields, extra Javascript (may be blank) the suggested tab order, hidden fields (optional) (NULL: if $leave_to_ajax_if_possible was set)
*/
function render_tab($member_id_of, $member_id_viewing, $leave_to_ajax_if_possible = false)
{
$title = do_lang_tempcode('AVATAR');
$order = 20;
// Actualiser
if (post_param_integer('submitting_avatar_tab', 0) == 1) {
require_code('uploads');
if (has_specific_permission($member_id_viewing, 'own_avatars')) {
if (!(is_swf_upload(true) && array_key_exists('avatar_file', $_FILES) || array_key_exists('avatar_file', $_FILES) && is_uploaded_file($_FILES['avatar_file']['tmp_name']))) {
$urls = array();
$stock = post_param('avatar_alt_url', '');
if ($stock == '') {
$stock = post_param('avatar_stock', NULL);
if (!is_null($stock)) {
$urls[0] = $stock == '' ? '' : find_theme_image($stock, false, true);
} else {
$urls[0] = '';
}
// None
} else {
if (url_is_local($stock) && !$GLOBALS['FORUM_DRIVER']->is_super_admin($member_id_viewing)) {
$old = $GLOBALS['FORUM_DB']->query_value('f_members', 'm_avatar_url', array('id' => $member_id_of));
if ($old != $stock) {
access_denied('ASSOCIATE_EXISTING_FILE');
}
}
$urls[0] = $stock;
// URL
}
} else {
// We have chosen an upload. Note that we will not be looking at alt_url at this point, even though it is specified below for canonical reasons
$urls = get_url('avatar_alt_url', 'avatar_file', file_exists(get_custom_file_base() . '/uploads/avatars') ? 'uploads/avatars' : 'uploads/ocf_avatars', 0, OCP_UPLOAD_IMAGE, false, '', '', false, true);
if ((get_base_url() != get_forum_base_url() || array_key_exists('on_msn', $GLOBALS['SITE_INFO']) && $GLOBALS['SITE_INFO']['on_msn'] == '1') && $urls[0] != '' && url_is_local($urls[0])) {
$urls[0] = get_custom_base_url() . '/' . $urls[0];
}
}
$avatar_url = $urls[0];
} else {
$stock = post_param('avatar_stock');
$avatar_url = $stock == '' ? '' : find_theme_image($stock, false, true);
}
require_code('ocf_members_action');
require_code('ocf_members_action2');
ocf_member_choose_avatar($avatar_url, $member_id_of);
attach_message(do_lang_tempcode('SUCCESS_SAVE'), 'inform');
}
if ($leave_to_ajax_if_possible) {
return NULL;
}
// UI fields
$avatar_url = $GLOBALS['FORUM_DRIVER']->get_member_row_field($member_id_of, 'm_avatar_url');
require_javascript('javascript_multi');
$fields = new ocp_tempcode();
require_code('form_templates');
require_code('themes2');
$ids = get_all_image_ids_type('ocf_default_avatars', true);
$found_it = false;
foreach ($ids as $id) {
$pos = strpos($avatar_url, '/' . $id);
$selected = $pos !== false;
if ($selected) {
$found_it = true;
}
}
$hidden = new ocp_tempcode();
if (has_specific_permission($member_id_viewing, 'own_avatars')) {
$javascript = 'standardAlternateFields(\'avatar_file\',\'avatar_alt_url\',\'avatar_stock*\',true);';
$fields->attach(form_input_upload(do_lang_tempcode('UPLOAD'), do_lang_tempcode('DESCRIPTION_UPLOAD'), 'avatar_file', false, NULL, NULL, true, str_replace(' ', '', get_option('valid_images'))));
handle_max_file_size($hidden, 'image');
$fields->attach(form_input_line(do_lang_tempcode('ALT_FIELD', do_lang_tempcode('URL')), do_lang_tempcode('DESCRIPTION_ALTERNATE_URL'), 'avatar_alt_url', $found_it ? '' : $avatar_url, false));
$fields->attach(form_input_picture_choose_specific(do_lang_tempcode('ALT_FIELD', do_lang_tempcode('STOCK')), do_lang_tempcode('DESCRIPTION_ALTERNATE_STOCK'), 'avatar_stock', $ids, $avatar_url, NULL, NULL, true));
} else {
$javascript = '';
$fields->attach(form_input_picture_choose_specific(do_lang_tempcode('STOCK'), '', 'avatar_stock', $ids, $avatar_url, NULL, NULL, true));
}
if ($avatar_url != '') {
if (url_is_local($avatar_url)) {
$avatar_url = get_complex_base_url($avatar_url) . '/' . $avatar_url;
}
$avatar = do_template('OCF_TOPIC_POST_AVATAR', array('_GUID' => '50a5902f3ab7e384d9cf99577b222cc8', 'AVATAR' => $avatar_url));
} else {
$avatar = do_lang_tempcode('NONE_EM');
}
$width = ocf_get_member_best_group_property($member_id_of, 'max_avatar_width');
$height = ocf_get_member_best_group_property($member_id_of, 'max_avatar_height');
$text = do_template('OCF_EDIT_AVATAR_TAB', array('_GUID' => 'dbdac6ca3bc752b54d2a24a4c6e69c7c', 'MEMBER_ID' => strval($member_id_of), 'USERNAME' => $GLOBALS['FORUM_DRIVER']->get_username($member_id_of), 'AVATAR' => $avatar, 'WIDTH' => integer_format($width), 'HEIGHT' => integer_format($height)));
$hidden = new ocp_tempcode();
$hidden->attach(form_input_hidden('submitting_avatar_tab', '1'));
return array($title, $fields, $text, $javascript, $order, $hidden);
}
/**
* The actualiser to decline a members joining of a usergroup.
*
* @return tempcode The UI
*/
function decline()
{
$title = get_page_title('DECLINE_FROM_GROUP');
$id = post_param_integer('id', NULL);
if (is_null($id)) {
$id = get_param_integer('id');
require_code('form_templates');
$text = paragraph(do_lang_tempcode('OPTIONAL_REASON'));
$submit_name = do_lang_tempcode('DECLINE_FROM_GROUP');
$post_url = build_url(array('page' => '_SELF', 'type' => get_param('type')), '_SELF', NULL, true);
$fields = new ocp_tempcode();
$hidden = form_input_hidden('id', strval($id));
$fields->attach(form_input_line(do_lang_tempcode('REASON'), '', 'reason', '', false));
return do_template('FORM_SCREEN', array('SKIP_VALIDATION' => true, 'HIDDEN' => $hidden, 'TITLE' => $title, 'TEXT' => $text, 'URL' => $post_url, 'FIELDS' => $fields, 'SUBMIT_NAME' => $submit_name));
}
if (!ocf_may_control_group($id, get_member())) {
access_denied('I_ERROR');
}
$member_id = get_param_integer('member_id');
ocf_member_validate_into_group($id, $member_id, true, post_param('reason'));
$url = build_url(array('page' => '_SELF', 'type' => 'view', 'id' => $id), '_SELF');
return redirect_screen($title, $url, do_lang_tempcode('SUCCESS'));
}
/**
* Script handler for downloading a gallery, as specified by GET parameters.
*/
function download_gallery_script()
{
if (function_exists('set_time_limit')) {
@set_time_limit(0);
}
require_code('galleries');
// Closed site
$site_closed = get_option('site_closed');
if ($site_closed == '1' && !has_specific_permission(get_member(), 'access_closed_site') && !$GLOBALS['IS_ACTUALLY_ADMIN']) {
header('Content-Type: text/plain');
@exit(get_option('closed'));
}
require_lang('galleries');
require_code('zip');
$cat = get_param('cat');
if (!has_category_access(get_member(), 'galleries', $cat)) {
access_denied('CATEGORY_ACCESS');
}
check_specific_permission('may_download_gallery', array('galleries', $cat));
if (strpos($cat, chr(10)) !== false || strpos($cat, chr(13)) !== false) {
log_hack_attack_and_exit('HEADER_SPLIT_HACK');
}
$gallery_rows = $GLOBALS['SITE_DB']->query_select('galleries', array('*'), array('name' => $cat), '', 1);
if (!array_key_exists(0, $gallery_rows)) {
warn_exit(do_lang_tempcode('MISSING_RESOURCE'));
}
$gallery_row = $gallery_rows[0];
// Send header
header('Content-Type: application/octet-stream' . '; authoritative=true;');
if (strstr(ocp_srv('HTTP_USER_AGENT'), 'MSIE') !== false) {
header('Content-Disposition: filename="gallery-' . $cat . '.zip"');
} else {
header('Content-Disposition: attachment; filename="gallery-' . $cat . '.zip"');
}
disable_php_memory_limit();
$rows = array_merge($GLOBALS['SITE_DB']->query_select('videos', array('url', 'add_date'), array('cat' => $cat, 'validated' => 1)), $GLOBALS['SITE_DB']->query_select('images', array('url', 'add_date'), array('cat' => $cat, 'validated' => 1)));
$array = array();
foreach ($rows as $row) {
$full_path = NULL;
$data = NULL;
if (url_is_local($row['url']) && file_exists(get_file_base() . '/' . urldecode($row['url']))) {
$path = urldecode($row['url']);
$full_path = get_file_base() . '/' . $path;
if (file_exists($full_path)) {
$time = filemtime($full_path);
$name = $path;
} else {
continue;
}
} else {
continue;
// Actually we won't include them, if they are not local it implies it is not reasonable for them to lead to server load, and they may not even be native files
$time = $row['add_date'];
$name = basename(urldecode($row['url']));
$data = http_download_file($row['url']);
}
$array[] = array('name' => preg_replace('#^uploads/galleries/#', '', $name), 'time' => $time, 'data' => $data, 'full_path' => $full_path);
}
if ($gallery_row['rep_image'] != '') {
if (url_is_local($gallery_row['rep_image']) && file_exists(get_file_base() . '/' . urldecode($gallery_row['rep_image']))) {
$path = urldecode($gallery_row['rep_image']);
$full_path = get_file_base() . '/' . $path;
if (file_exists($full_path)) {
$time = filemtime($full_path);
$name = $path;
$data = file_get_contents($full_path);
}
} else {
$time = $gallery_row['add_date'];
$name = basename(urldecode($gallery_row['rep_image']));
$data = http_download_file($gallery_row['rep_image']);
}
$array[] = array('name' => preg_replace('#^uploads/(galleries|grepimages)/#', '', $name), 'time' => $time, 'data' => $data);
}
@ini_set('zlib.output_compression', 'Off');
//$zip_file=create_zip_file($array);
//header('Content-Length: '.strval(strlen($zip_file)));
//echo $zip_file;
create_zip_file($array, true);
}
/**
* Make sure that the user can reopen the specified bug.
* Calls access_denied if user has no access to terminate script
* @see access_can_reopen_bug
* @param BugData $p_bug Bug to check access against
* @param int|null $p_user_id integer representing user id, defaults to null to use current user
* @access public
*/
function access_ensure_can_reopen_bug($p_bug, $p_user_id = null)
{
if (!access_can_reopen_bug($p_bug, $p_user_id)) {
access_denied();
}
}
/**
* Retrieve user id of current user
* @return int user id
* @access public
*/
function auth_get_current_user_id()
{
global $g_cache_current_user_id;
if (null !== $g_cache_current_user_id) {
return $g_cache_current_user_id;
}
$t_cookie_string = auth_get_current_user_cookie();
if ($t_result = user_search_cache('cookie_string', $t_cookie_string)) {
$t_user_id = (int) $t_result['id'];
$g_cache_current_user_id = $t_user_id;
return $t_user_id;
}
$t_user_table = db_get_table('user');
/** @todo error with an error saying they aren't logged in? Or redirect to the login page maybe? */
$query = "SELECT id\n\t\t\t\t FROM {$t_user_table}\n\t\t\t\t WHERE cookie_string=" . db_param();
$result = db_query_bound($query, array($t_cookie_string));
# The cookie was invalid. Clear the cookie (to allow people to log in again)
# and give them an Access Denied message.
if (db_num_rows($result) < 1) {
auth_clear_cookies();
access_denied();
exit;
}
$t_user_id = (int) db_result($result);
$g_cache_current_user_id = $t_user_id;
return $t_user_id;
}
/**
* Actualiser to edit a test section.
*
* @return tempcode The result of execution.
*/
function __ed()
{
check_specific_permission('edit_own_tests');
$id = get_param_integer('id');
$rows = $GLOBALS['SITE_DB']->query_select('test_sections', array('*'), array('id' => $id), '', 1);
if (!array_key_exists(0, $rows)) {
warn_exit('MISSING_RESOURCE');
}
$section = $rows[0];
if (!(has_specific_permission(get_member(), 'edit_own_tests') && ($section['s_assigned_to'] == get_member() || $GLOBALS['FORUM_DRIVER']->is_staff(get_member())))) {
access_denied('ACCESS_DENIED');
}
if (post_param_integer('delete', 0) == 1) {
$title = get_page_title('DELETE_TEST_SECTION');
$GLOBALS['SITE_DB']->query_delete('test_sections', array('id' => $id), '', 1);
$GLOBALS['SITE_DB']->query_delete('tests', array('t_section' => $id));
return inform_screen($title, do_lang_tempcode('SUCCESS'));
} else {
$title = get_page_title('EDIT_TEST_SECTION');
// New tests
$this->_add_new_tests($id);
$assigned_to = post_param_integer('assigned_to');
if ($assigned_to == -1) {
$assigned_to = NULL;
}
$GLOBALS['SITE_DB']->query_update('test_sections', array('s_section' => post_param('section'), 's_notes' => post_param('notes'), 's_inheritable' => post_param_integer('inheritable', 0), 's_assigned_to' => $assigned_to), array('id' => get_param_integer('id')), '', 1);
// Tests that are edited/deleted (or possibly unchanged, but we count that as edited)
foreach (array_keys($_POST) as $key) {
$matches = array();
if (preg_match('#edit_(\\d+)_test#', $key, $matches) != 0) {
$tid = $matches[1];
$delete = post_param_integer('edit_' . $tid . '_delete', 0);
if ($delete == 1) {
$GLOBALS['SITE_DB']->query_delete('tests', array('id' => $tid), '', 1);
} else {
$assigned_to = post_param_integer('edit_' . $tid . '_assigned_to');
if ($assigned_to == -1) {
$assigned_to = NULL;
}
$inherit_section = post_param_integer('edit_' . $tid . '_inherit_section');
if ($inherit_section == -1) {
$inherit_section = NULL;
}
$GLOBALS['SITE_DB']->query_update('tests', array('t_test' => post_param('edit_' . $tid . '_test'), 't_assigned_to' => $assigned_to, 't_enabled' => post_param_integer('edit_' . $tid . '_enabled', 0), 't_inherit_section' => $inherit_section), array('id' => $tid), '', 1);
}
}
}
// Show it worked / Refresh
$url = build_url(array('page' => '_SELF', 'type' => 'go'), '_SELF');
return redirect_screen($title, $url, do_lang_tempcode('SUCCESS'));
}
}
/**
* Standard modular UI to edit an entry.
*
* @return tempcode The UI
*/
function _ed()
{
$doing = 'EDIT_' . $this->lang_type;
if ($this->catalogue && get_param('catalogue_name', '') != '') {
$catalogue_title = get_translated_text($GLOBALS['SITE_DB']->query_value('catalogues', 'c_title', array('c_name' => get_param('catalogue_name'))));
if ($this->type_code == 'd') {
$doing = do_lang('CATALOGUE_GENERIC_EDIT', escape_html($catalogue_title));
} elseif ($this->type_code == 'c') {
$doing = do_lang('CATALOGUE_GENERIC_EDIT_CATEGORY', escape_html($catalogue_title));
}
}
$title = get_page_title($doing);
//$submit_name=(strpos($doing,' ')!==false)?protect_from_escaping($doing):do_lang($doing);
//if (!is_null($this->edit_submit_name)) $submit_name=$this->edit_submit_name;
$submit_name = do_lang_tempcode('SAVE');
//$test=$this->choose_catalogue($title);
//if (!is_null($test)) return $test;
$id = mixed();
// Define type as mixed
$id = $this->non_integer_id ? get_param('id', false, true) : strval(get_param_integer('id'));
$map = array('page' => '_SELF', 'type' => '__e' . $this->type_code, 'id' => $id);
if (get_param('catalogue_name', '') != '') {
$map['catalogue_name'] = get_param('catalogue_name');
}
if (!is_null(get_param('redirect', NULL))) {
$map['redirect'] = get_param('redirect');
}
if (!is_null(get_param('continue', NULL))) {
$map['continue'] = get_param('continue');
}
if (!is_null($this->upload) || $this->possibly_some_kind_of_upload) {
$map['uploading'] = 1;
}
$post_url = build_url($map, '_SELF');
if (multi_lang() && has_actual_page_access(get_member(), 'admin_lang') && user_lang() != get_site_default_lang()) {
require_code('lang2');
$switch_url = get_self_url(false, false, array('keep_lang' => get_site_default_lang()));
attach_message(do_lang_tempcode('lang:EDITING_CONTENT_IN_LANGUAGE_STAFF', escape_html(lookup_language_full_name(user_lang())), escape_html(lookup_language_full_name(get_site_default_lang())), escape_html($switch_url->evaluate())), 'warn');
}
if (method_exists($this, 'get_submitter')) {
list($submitter, $date_and_time) = $this->get_submitter($id);
} else {
$submitter = NULL;
$date_and_time = NULL;
}
if (!is_null($this->permissions_require)) {
check_edit_permission($this->permissions_require, $submitter, array($this->permissions_cat_require, is_null($this->permissions_cat_name) ? NULL : $this->get_cat($id), $this->permissions_cat_require_b, is_null($this->permissions_cat_name_b) ? NULL : $this->get_cat_b($id)), $this->permission_page_name);
}
if (!is_null($this->permissions_cat_require) && !has_category_access(get_member(), $this->permissions_cat_require, $this->get_cat($id))) {
access_denied('CATEGORY_ACCESS');
}
if (!is_null($this->permissions_cat_require_b) && !has_category_access(get_member(), $this->permissions_cat_require_b, $this->get_cat_b($id))) {
access_denied('CATEGORY_ACCESS');
}
$bits = $this->fill_in_edit_form($id);
$delete_fields = new ocp_tempcode();
$all_delete_fields_given = false;
$fields2 = new ocp_tempcode();
if (is_array($bits)) {
$fields = $bits[0];
$hidden = $bits[1];
if (array_key_exists(2, $bits) && !is_null($bits[2])) {
$delete_fields = $bits[2];
}
if (array_key_exists(3, $bits) && !is_null($bits[3])) {
$this->edit_text = $bits[3];
}
if (array_key_exists(4, $bits) && $bits[4]) {
$all_delete_fields_given = true;
}
if (array_key_exists(5, $bits) && !is_null($bits[5])) {
$this->posting_form_text = $bits[5];
}
if (array_key_exists(6, $bits) && !is_null($bits[6])) {
$fields2 = $bits[6];
}
if (array_key_exists(7, $bits)) {
$this->posting_form_text_parsed = $bits[7];
}
} else {
$fields = $bits;
$hidden = new ocp_tempcode();
}
// Add in custom fields
if ($this->has_tied_catalogue()) {
require_code('fields');
$fields->attach(do_template('FORM_SCREEN_FIELD_SPACER', array('TITLE' => do_lang_tempcode('MORE'))));
append_form_custom_fields($this->award_type, $id, $fields, $hidden);
}
// SEO?
if (!is_null($this->seo_type)) {
require_code('seo2');
$fields2->attach(seo_get_fields($this->seo_type, $id));
}
// Awards?
if (addon_installed('awards')) {
if (!is_null($this->award_type)) {
require_code('awards');
$fields2->attach(get_award_fields($this->award_type, $id));
}
}
// Action fields / deletion options
$delete_permission = true;
if (!is_null($this->permissions_require)) {
$delete_permission = has_delete_permission($this->permissions_require, get_member(), $submitter, is_null($this->permission_page_name) ? get_page_name() : $this->permission_page_name, array($this->permissions_cat_require, is_null($this->permissions_cat_name) ? NULL : $this->get_cat($id), $this->permissions_cat_require_b, is_null($this->permissions_cat_name_b) ? NULL : $this->get_cat_b($id)));
}
$may_delete = (!method_exists($this, 'may_delete_this') || $this->may_delete_this($id)) && (!is_numeric($id) || intval($id) >= db_get_first_id() + $this->protect_first) && $delete_permission;
// Deletion options
$action_fields = new ocp_tempcode();
if ($may_delete) {
if (!$all_delete_fields_given) {
$action_fields->attach(form_input_tick(do_lang_tempcode('DELETE'), do_lang_tempcode('DESCRIPTION_DELETE'), 'delete', false));
}
if (addon_installed('points') && !is_null($submitter) && !is_null($date_and_time)) {
$points_test = $GLOBALS['SITE_DB']->query_value_null_ok('gifts', 'id', array('date_and_time' => $date_and_time, 'gift_to' => $submitter, 'gift_from' => $GLOBALS['FORUM_DRIVER']->get_guest_id()));
if (!is_null($points_test)) {
require_lang('points');
$action_fields->attach(form_input_tick(do_lang_tempcode('REVERSE_TITLE'), do_lang_tempcode('REVERSE_TITLE_DESCRIPTION'), 'reverse_point_transaction', false));
}
}
$action_fields->attach($delete_fields);
}
if (!$this->appended_actions_already && !$action_fields->is_empty()) {
$fields2->attach(do_template('FORM_SCREEN_FIELD_SPACER', array('TITLE' => do_lang_tempcode('ACTIONS'))));
}
$fields2->attach($action_fields);
if (!is_object($this->edit_text)) {
$this->edit_text = make_string_tempcode(is_null($this->edit_text) ? '' : $this->edit_text);
}
if (!is_null($this->upload)) {
if ($this->upload == 'image') {
require_code('images');
$max = floatval(get_max_image_size()) / floatval(1024 * 1024);
if ($max < 3.0) {
require_code('files2');
$config_url = get_upload_limit_config_url();
$this->edit_text->attach(paragraph(do_lang_tempcode(is_null($config_url) ? 'MAXIMUM_UPLOAD' : 'MAXIMUM_UPLOAD_STAFF', escape_html($max > 10.0 ? integer_format(intval($max)) : float_format($max)), escape_html(is_null($config_url) ? '' : $config_url))));
}
} else {
require_code('files2');
$max = floatval(get_max_file_size()) / floatval(1024 * 1024);
if ($max < 30.0) {
$config_url = get_upload_limit_config_url();
$this->edit_text->attach(paragraph(do_lang_tempcode(is_null($config_url) ? 'MAXIMUM_UPLOAD' : 'MAXIMUM_UPLOAD_STAFF', escape_html($max > 10.0 ? integer_format(intval($max)) : float_format($max)), escape_html(is_null($config_url) ? '' : $config_url))));
}
}
}
if (get_param('type', '_ed') == '_edit_catalogue') {
require_javascript('javascript_catalogues');
// Existing fields
$field_count = 0;
$c_name = get_param('id', false, true);
$rows = $GLOBALS['SITE_DB']->query_select('catalogue_fields', array('*'), array('c_name' => $c_name), 'ORDER BY cf_order');
$fields_existing = new ocp_tempcode();
foreach ($rows as $i => $myrow) {
$name = get_translated_text($myrow['cf_name']);
$description = get_translated_text($myrow['cf_description']);
$prefix = 'existing_field_' . strval($myrow['id']) . '_';
list($_fields_existing, $_fields_hidden) = $this->get_field_fields($i == 0 && substr($c_name, 0, 1) != '_', count($rows) + 10, $prefix, $field_count, $name, $description, $myrow['cf_type'], $myrow['cf_defines_order'], $myrow['cf_visible'], $myrow['cf_searchable'], $myrow['cf_default'], $myrow['cf_required'], $myrow['cf_put_in_category'], $myrow['cf_put_in_search']);
if (!is_ecommerce_catalogue($c_name) || $i > 9) {
$_fields_existing->attach(do_template('FORM_SCREEN_FIELD_SPACER', array('TITLE' => do_lang_tempcode('ACTIONS'))));
$_fields_existing->attach(form_input_tick(do_lang_tempcode('DELETE'), do_lang_tempcode('DESCRIPTION_DELETE'), $prefix . 'delete', false));
}
$temp = do_template('FORM_FIELD_SET_GROUPER', array('_GUID' => '1492d973db45cbecff892ad4ac1af28f' . get_class($this), 'NAME' => $name, 'ID' => 'FIELD_' . strval($i + 1), 'FIELDS' => $_fields_existing->evaluate()));
$fields_existing->attach($temp);
$hidden->attach($_fields_hidden);
$field_count++;
}
// New field
$fields_new = new ocp_tempcode();
for ($i = 0; $i < 5; $i++) {
list($_fields_new, $_fields_hidden) = $this->get_field_fields(false, count($rows) + 10, 'new_field_' . strval($i) . '_', $field_count);
$temp = do_template('FORM_FIELD_SET_GROUPER', array('_GUID' => '8b9a632eafae003ccc6b007eefb0ce3d' . get_class($this), 'NAME' => do_lang_tempcode('NEW_FIELD', strval($i + 1)), 'ID' => 'NEW_FIELD_' . strval($i + 1), 'FIELDS' => $_fields_new->evaluate()));
$fields_new->attach($temp);
$hidden->attach($_fields_hidden);
$field_count++;
}
$fields->attach($fields2);
return do_template('CATALOGUE_EDITING_SCREEN', array('_GUID' => '584d7dc7c2c13939626102374f13f508' . get_class($this), 'HIDDEN' => $hidden, 'TITLE' => $title, 'TEXT' => $this->add_text, 'URL' => $post_url, 'FIELDS' => $fields->evaluate(), 'FIELDS_EXISTING' => $fields_existing->evaluate(), 'FIELDS_NEW' => $fields_new->evaluate(), 'SUBMIT_NAME' => $submit_name, 'JAVASCRIPT' => $this->javascript));
}
list($warning_details, $ping_url) = handle_conflict_resolution();
if (!is_null($this->posting_form_title)) {
$posting_form = get_posting_form($submit_name, $this->posting_form_text, $post_url, $hidden, $fields, $this->posting_form_title, '', $fields2, $this->posting_form_text_parsed, $this->javascript, NULL, $this->posting_field_required);
return do_template('POSTING_SCREEN', array('_GUID' => '841b9af3aa80bcab86b907e4b942786a' . get_class($this), 'PREVIEW' => $this->do_preview, 'TITLE' => $title, 'SEPARATE_PREVIEW' => $this->second_stage_preview, 'PING_URL' => $ping_url, 'WARNING_DETAILS' => $warning_details, 'TEXT' => $this->add_text, 'POSTING_FORM' => $posting_form->evaluate(), 'JAVASCRIPT' => $this->javascript));
} else {
$fields->attach($fields2);
return do_template('FORM_SCREEN', array('_GUID' => '2d70be34595a16c6f170d966b894bfe2' . get_class($this), 'PREVIEW' => $this->do_preview, 'SEPARATE_PREVIEW' => $this->second_stage_preview, 'TITLE' => $title, 'SKIP_VALIDATION' => $this->skip_validation, 'PING_URL' => $ping_url, 'WARNING_DETAILS' => $warning_details, 'HIDDEN' => $hidden, 'TEXT' => $this->edit_text, 'URL' => $post_url, 'FIELDS' => $fields->evaluate(), 'SUBMIT_NAME' => $submit_name, 'JAVASCRIPT' => $this->javascript));
}
}
function news_ensure_enabled()
{
if (!news_is_enabled()) {
access_denied();
}
}
/**
* Abord script if user has no access to a particular ACCESS_*
*
* @return int $access_type one of ACCESS_* constants
* @param string $user_status used if $user not initialized
*/
function check_status($access_type, $user_status = '')
{
if (!is_autorize_status($access_type, $user_status)) {
access_denied();
}
}
function kplaylist_filelist($pwd, $d, $n3)
{
global $runinit, $mark, $marksid, $setctl, $bd, $cfg, $valuser;
$kpdir = new kpdir();
$kpdir->setpwd(base64_decode($pwd));
$kpdir->setdrive($d);
if (strlen($n3) > 0) {
$ln = explode('_', $n3);
if (count($ln) == 2) {
$kpdir->finddest($ln[0], $ln[1]);
}
}
if (frm_isset('mark') && !frm_empty('mark')) {
$mark = explode(' ', strtoupper(trim(frm_get('mark'))));
} else {
$mark = array();
}
if (frm_ok('marksid', 1)) {
$marksid = frm_get('marksid', 1);
}
$kpd = new kpdesign();
$kpd->top();
$list = true;
if ($valuser->isadmin()) {
if ($bd->getcnt() == 1 && $bd->getpath(0) == '/path/to/my/music/archive/') {
$list = false;
eval(gethtml('welcome'));
}
if ($setctl->get('basedir_changed') && $bd->getpath(0) != '/path/to/my/music/archive/') {
$setctl->set('basedir_changed', 0);
if ($setctl->get('base_dir') != $setctl->get('oldbase_dir')) {
$setctl->set('oldbase_dir', $setctl->get('base_dir'));
$list = false;
eval(gethtml('basedirchange'));
}
} else {
if ($setctl->get('reupdate')) {
$setctl->set('reupdate', 0);
$list = false;
eval(gethtml('needupdate'));
}
}
}
$dcnt = $fcnt = 0;
if ($list) {
$kpdir = new kpdir();
$kpdir->setdrive($d);
$kpdir->setpwd($runinit['pdir']);
if (!$kpdir->determine()) {
access_denied();
}
showdir($kpdir->pwd, '', $d);
echo '<table width="100%" border="0" cellspacing="0" cellpadding="0">';
if ($cfg['mergerootdir']) {
$kpdir->merge();
}
$kpdir->dsort();
$dcnt = $kpdir->show();
$fcnt = $kpdir->showfiles($dcnt);
if ($fcnt == 0 && $dcnt == 0) {
echo '<tr><td class="file">' . get_lang(156) . '</td></tr>';
}
echo '</table>';
}
endmp3table(1, $dcnt, $fcnt);
$kpd->bottom();
}
/**
* Shows an HTML page of all attachments we can access with selection buttons.
*/
function attachment_popup_script()
{
require_lang('comcode');
require_javascript('javascript_editing');
$connection = get_page_name() == 'topics' ? $GLOBALS['FORUM_DB'] : $GLOBALS['SITE_DB'];
$members = array();
if (!is_guest()) {
$members[get_member()] = $GLOBALS['FORUM_DRIVER']->get_username(get_member());
}
if (has_specific_permission(get_member(), 'reuse_others_attachments')) {
$_members = $connection->query_select('attachments', array('DISTINCT a_member_id'));
foreach ($_members as $_member) {
$members[$_member['a_member_id']] = $GLOBALS['FORUM_DRIVER']->get_username($_member['a_member_id']);
}
}
asort($members);
$member_now = post_param_integer('member_id', get_member());
if (!array_key_exists($member_now, $members)) {
access_denied('REUSE_ATTACHMENT');
}
$list = new ocp_tempcode();
foreach ($members as $member_id => $username) {
$list->attach(form_input_list_entry(strval($member_id), $member_id == $member_now, $username));
}
$field_name = get_param('field_name', 'post');
$keep = symbol_tempcode('KEEP', array(0, 1));
$post_url = find_script('attachment_popup') . '?field_name=' . $field_name . $keep->evaluate();
if (get_param('utheme', '') != '') {
$post_url .= '&utheme=' . get_param('utheme');
}
$rows = $connection->query_select('attachments', array('*'), array('a_member_id' => $member_now));
$content = new ocp_tempcode();
foreach ($rows as $myrow) {
$myrow['description'] = $myrow['a_description'];
$tpl = render_attachment('attachment', array(), $myrow, uniqid('', true), get_member(), false, $connection, NULL, get_member());
$content->attach(do_template('ATTACHMENTS_BROWSER_ATTACHMENT', array('_GUID' => '64356d30905c99325231d3bbee92128c', 'FIELD_NAME' => $field_name, 'TPL' => $tpl, 'DESCRIPTION' => $myrow['a_description'], 'DELETE_URL' => $post_url, 'ID' => strval($myrow['id']))));
}
$content = do_template('ATTACHMENTS_BROWSER', array('_GUID' => '7773aad46fb0bfe563a142030beb1a36', 'LIST' => $list, 'CONTENT' => $content, 'URL' => $post_url));
global $EXTRA_HEAD;
if (!isset($EXTRA_HEAD)) {
$EXTRA_HEAD = new ocp_tempcode();
}
$EXTRA_HEAD->attach('<meta name="robots" content="noindex" />');
// XHTMLXHTML
$echo = do_template('POPUP_HTML_WRAP', array('TITLE' => do_lang_tempcode('ATTACHMENT_POPUP'), 'CONTENT' => $content));
$echo->evaluate_echo();
}
function graph_edit()
{
global $colors, $struct_graph, $image_types, $consolidation_functions, $graph_item_types, $struct_graph_item;
/* ================= input validation ================= */
input_validate_input_number(get_request_var("id"));
/* ==================================================== */
/* modify for multi user start */
if ($_SESSION["permission"] < ACCESS_ADMINISTRATOR) {
// graph add
if ($_GET["id"] == "") {
if ($_GET["host_id"] != -1) {
input_validate_input_number(get_request_var("host_id"));
if (!check_host($_GET["host_id"])) {
access_denied();
}
}
// graph edit
} else {
$permission = check_graph($_GET["id"]);
if ($permission != GRAPH_PRIVATE && $permission != GRAPH_PRIVATE + GRAPH_PUBLIC) {
access_denied();
}
}
}
/* modify for multi user end */
$use_graph_template = true;
if (!empty($_GET["id"])) {
$local_graph_template_graph_id = db_fetch_cell("select local_graph_template_graph_id from graph_templates_graph where local_graph_id=" . $_GET["id"]);
$graphs = db_fetch_row("select * from graph_templates_graph where local_graph_id=" . $_GET["id"]);
$graphs_template = db_fetch_row("select * from graph_templates_graph where id={$local_graph_template_graph_id}");
$host_id = db_fetch_cell("select host_id from graph_local where id=" . $_GET["id"]);
$header_label = "[edit: " . htmlspecialchars(get_graph_title($_GET["id"])) . "]";
if ($graphs["graph_template_id"] == "0") {
$use_graph_template = false;
}
} else {
$header_label = "[new]";
$use_graph_template = false;
}
/* modify for multi user start */
if ($_SESSION["permission"] < ACCESS_ADMINISTRATOR) {
unset($_GET["debug"]);
}
/* modify for multi user end */
/* handle debug mode */
if (isset($_GET["debug"])) {
if ($_GET["debug"] == "0") {
kill_session_var("graph_debug_mode");
} elseif ($_GET["debug"] == "1") {
$_SESSION["graph_debug_mode"] = true;
}
}
if (!empty($_GET["id"])) {
?>
<table width="100%" align="center">
<tr>
<td class="textInfo" colspan="2" valign="top">
<?php
print htmlspecialchars(get_graph_title($_GET["id"]));
?>
</td>
<td class="textInfo" align="right" valign="top">
<?php
/* modify for multi user start */
if ($_SESSION["permission"] == ACCESS_ADMINISTRATOR) {
?>
<span style="color: #c16921;">*<a href='<?php
print htmlspecialchars("graphs.php?action=graph_edit&id=" . (isset($_GET["id"]) ? $_GET["id"] : "0") . "&debug=" . (isset($_SESSION["graph_debug_mode"]) ? "0" : "1"));
?>
'>Turn <strong><?php
print isset($_SESSION["graph_debug_mode"]) ? "Off" : "On";
?>
</strong> Graph Debug Mode.</a></span><br>
<?php
}
if (!empty($graphs["graph_template_id"]) && $_SESSION["permission"] == ACCESS_ADMINISTRATOR) {
?>
<span style="color: #c16921;">*<a href='<?php
print htmlspecialchars("graph_templates.php?action=template_edit&id=" . (isset($graphs["graph_template_id"]) ? $graphs["graph_template_id"] : "0"));
?>
'>Edit Graph Template.</a></span><br><?php
}
/* modify for multi user end */
if (!empty($_GET["host_id"]) || !empty($host_id)) {
?>
<span style="color: #c16921;">*<a href='<?php
print htmlspecialchars("host.php?action=edit&id=" . (isset($_GET["host_id"]) ? $_GET["host_id"] : $host_id));
?>
'>Edit Host.</a></span><br><?php
}
?>
</td>
</tr>
</table>
<br>
<?php
}
html_start_box("<strong>Graph Template Selection</strong> {$header_label}", "100%", $colors["header"], "3", "center", "");
$form_array = array("graph_template_id" => array("method" => "drop_sql", "friendly_name" => "Selected Graph Template", "description" => "Choose a graph template to apply to this graph. Please note that graph data may be lost if you change the graph template after one is already applied.", "value" => isset($graphs) ? $graphs["graph_template_id"] : "0", "none_value" => "None", "sql" => "select graph_templates.id,graph_templates.name from graph_templates order by name"), "host_id" => array("method" => "drop_sql", "friendly_name" => "Host", "description" => "Choose the host that this graph belongs to.", "value" => isset($_GET["host_id"]) ? $_GET["host_id"] : $host_id, "none_value" => "None", "sql" => "select id,CONCAT_WS('',description,' (',hostname,')') as name from host order by description,hostname"), "graph_template_graph_id" => array("method" => "hidden", "value" => isset($graphs) ? $graphs["id"] : "0"), "local_graph_id" => array("method" => "hidden", "value" => isset($graphs) ? $graphs["local_graph_id"] : "0"), "local_graph_template_graph_id" => array("method" => "hidden", "value" => isset($graphs) ? $graphs["local_graph_template_graph_id"] : "0"), "_graph_template_id" => array("method" => "hidden", "value" => isset($graphs) ? $graphs["graph_template_id"] : "0"), "_host_id" => array("method" => "hidden", "value" => isset($host_id) ? $host_id : "0"));
/* modify for multi user start */
if ($_SESSION["permission"] < ACCESS_ADMINISTRATOR) {
unset($form_array["graph_template_id"]["none_value"]);
$form_array["graph_template_id"]["sql"] = "SELECT graph_templates.id,graph_templates.name FROM graph_templates WHERE name NOT LIKE '%@system' ORDER BY name";
unset($form_array["host_id"]["none_value"]);
$form_array["host_id"]["sql"] = "\r\n SELECT host.id,CONCAT_WS('',host.description,' (',host.hostname,')') AS name FROM host \r\n INNER JOIN user_auth_perms ON host.id = user_auth_perms.item_id AND user_auth_perms.user_id = '" . $_SESSION["sess_user_id"] . "' AND user_auth_perms.type = '3' \r\n ORDER BY host.description,host.hostname";
}
/* modify for multi user end */
draw_edit_form(array("config" => array(), "fields" => $form_array));
html_end_box();
/* only display the "inputs" area if we are using a graph template for this graph */
if (!empty($graphs["graph_template_id"])) {
html_start_box("<strong>Supplemental Graph Template Data</strong>", "100%", $colors["header"], "3", "center", "");
draw_nontemplated_fields_graph($graphs["graph_template_id"], $graphs, "|field|", "<strong>Graph Fields</strong>", true, true, 0);
draw_nontemplated_fields_graph_item($graphs["graph_template_id"], $_GET["id"], "|field|_|id|", "<strong>Graph Item Fields</strong>", true);
html_end_box();
}
/* graph item list goes here */
if (!empty($_GET["id"]) && empty($graphs["graph_template_id"])) {
item();
}
if (!empty($_GET["id"])) {
?>
<table width="100%" align="center">
<tr>
<td align="center" class="textInfo" colspan="2">
<img src="<?php
print htmlspecialchars("graph_image.php?action=edit&local_graph_id=" . $_GET["id"] . "&rra_id=" . read_graph_config_option("default_rra_id"));
?>
" alt="">
</td>
<?php
if (isset($_SESSION["graph_debug_mode"]) && isset($_GET["id"])) {
$graph_data_array["output_flag"] = RRDTOOL_OUTPUT_STDERR;
$graph_data_array["print_source"] = 1;
?>
<td>
<span class="textInfo">RRDTool Command:</span><br>
<pre><?php
print @rrdtool_function_graph($_GET["id"], 1, $graph_data_array);
?>
</pre>
<span class="textInfo">RRDTool Says:</span><br>
<?php
unset($graph_data_array["print_source"]);
?>
<pre><?php
print @rrdtool_function_graph($_GET["id"], 1, $graph_data_array);
?>
</pre>
</td>
<?php
}
?>
</tr>
</table>
<br>
<?php
}
if ((isset($_GET["id"]) || isset($_GET["new"])) && empty($graphs["graph_template_id"])) {
html_start_box("<strong>Graph Configuration</strong>", "100%", $colors["header"], "3", "center", "");
$form_array = array();
while (list($field_name, $field_array) = each($struct_graph)) {
$form_array += array($field_name => $struct_graph[$field_name]);
$form_array[$field_name]["value"] = isset($graphs) ? $graphs[$field_name] : "";
$form_array[$field_name]["form_id"] = isset($graphs) ? $graphs["id"] : "0";
if (!($use_graph_template == false || $graphs_template["t_" . $field_name] == "on")) {
$form_array[$field_name]["method"] = "template_" . $form_array[$field_name]["method"];
$form_array[$field_name]["description"] = "";
}
}
draw_edit_form(array("config" => array("no_form_tag" => true), "fields" => $form_array));
html_end_box();
}
if (isset($_GET["id"]) || isset($_GET["new"])) {
form_hidden_box("save_component_graph", "1", "");
form_hidden_box("save_component_input", "1", "");
} else {
form_hidden_box("save_component_graph_new", "1", "");
}
form_hidden_box("rrdtool_version", read_config_option("rrdtool_version"), "");
form_save_button("graphs.php");
//Now we need some javascript to make it dynamic
?>
<script language="JavaScript">
dynamic();
function dynamic() {
//alert("RRDTool Version is '" + document.getElementById('rrdtool_version').value + "'");
//alert("Log is '" + document.getElementById('auto_scale_log').checked + "'");
if (document.getElementById('scale_log_units')) {
document.getElementById('scale_log_units').disabled=true;
if ((document.getElementById('rrdtool_version').value != 'rrd-1.0.x') &&
(document.getElementById('auto_scale_log').checked)) {
document.getElementById('scale_log_units').disabled=false;
}
}
}
function changeScaleLog() {
//alert("Log changed to '" + document.getElementById('auto_scale_log').checked + "'");
if (document.getElementById('scale_log_units')) {
document.getElementById('scale_log_units').disabled=true;
if ((document.getElementById('rrdtool_version').value != 'rrd-1.0.x') &&
(document.getElementById('auto_scale_log').checked)) {
document.getElementById('scale_log_units').disabled=false;
}
}
}
</script>
<?php
}
<?php
required_params('id');
$pool = Pool::find(Request::$params->id);
if (!$pool->can_be_updated_by(User::$current)) {
access_denied();
}
if (Request::$post) {
foreach (Request::$params->pool_post_sequence as $i => $seq) {
PoolPost::update($i, array('sequence' => $seq));
}
$pool->reload();
$pool->update_pool_links();
notice("Ordering updated");
// flash[:notice] = "Ordering updated"
redirect_to('#show', array('id' => Request::$params->id));
} else {
$pool_posts = $pool->pool_posts;
}
/**
* check token comming from form posted or get params to prevent csrf attacks.
* if pwg_token is empty action doesn't require token
* else pwg_token is compare to server token
*
* @return void access denied if token given is not equal to server token
*/
function check_pwg_token()
{
if (!empty($_REQUEST['pwg_token'])) {
if (get_pwg_token() != $_REQUEST['pwg_token']) {
access_denied();
}
} else {
bad_request('missing token');
}
}