Esempio n. 1
0
 function replace_glossary_tag($matches)
 {
     global $content;
     $inner = trim($matches[2]);
     // search keyword in glossary table
     $keyword = trim($matches[1]);
     if ($keyword !== '') {
         $keyword = html_entity_decode($keyword, ENT_QUOTES, PHPWCMS_CHARSET);
         // check against cache
         if (!isset($content['glossary_cache'][$keyword])) {
             $like = aporeplace($keyword);
             $where = 'glossary_status=1 AND glossary_highlight=1 AND (';
             $where .= "glossary_keyword LIKE '" . $like . "' OR ";
             $where .= "glossary_keyword LIKE '" . $like . ",%' OR ";
             $where .= "glossary_keyword LIKE '%, " . $like . ",%' OR ";
             $where .= "glossary_keyword LIKE '%, " . $like . "'";
             $where .= ')';
             // retrieve only single keyword that matches best
             $entry = _dbGet('phpwcms_glossary', 'glossary_title, glossary_keyword, glossary_text, COUNT(glossary_id) AS count_all', $where, 'glossary_id', 'count_all DESC', '1');
             if (isset($entry[0])) {
                 // get keywords to store each in cache
                 $keywords = convertStringToArray($entry[0]['glossary_keyword']);
                 $title = empty($entry[0]['glossary_title']) ? $inner : html($entry[0]['glossary_title']);
                 $text = trim(clean_slweg($entry[0]['glossary_text']));
                 // store glossary item in cache
                 foreach ($keywords as $key) {
                     $content['glossary_cache'][$key] = array('title' => $title, 'text' => $text);
                 }
             }
         }
         // create ABBR
         if (isset($content['glossary_cache'][$keyword])) {
             $inner = '<abbr class="glossary" title="' . $content['glossary_cache'][$keyword]['title'] . ' :: ' . $content['glossary_cache'][$keyword]['text'] . '">' . $inner . '</abbr>';
         }
     }
     return $inner;
 }
Esempio n. 2
0
require PHPWCMS_ROOT . '/include/inc_lib/dbcon.inc.php';
require PHPWCMS_ROOT . '/include/inc_lib/general.inc.php';
require PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php';
if (empty($_SESSION["wcs_user"])) {
    headerRedirect('', 401);
    die('Sorry, access forbidden');
}
if (isset($_POST['action'])) {
    $action = isset($_POST['action']) ? $_POST['action'] : false;
    $method = isset($_POST['method']) ? $_POST['method'] : 'json';
    $value = isset($_POST['value']) ? clean_slweg($_POST['value'], 0, false) : '';
    $jquery = false;
} elseif ($_GET['action']) {
    $action = isset($_GET['action']) ? $_GET['action'] : false;
    $method = isset($_GET['method']) ? $_GET['method'] : 'json';
    $value = isset($_GET['value']) ? clean_slweg($_GET['value'], 0, false) : '';
    $jquery = true;
}
if (empty($value)) {
    $action = 'empty';
}
// do charset conversions for value
if (PHPWCMS_CHARSET != 'utf-8') {
    $value = @mb_convert_encoding($value, PHPWCMS_CHARSET, 'utf-8');
}
$data = array();
switch ($action) {
    case 'category':
        $where = "cat_status=1 AND cat_type NOT IN('module_shop') AND ";
        $where .= "cat_name LIKE '%" . _dbEscape(preg_replace('/[^\\w\\- ]/', '', $value), false) . "%'";
        $result = _dbGet('phpwcms_categories', 'cat_name', $where, 'cat_name', 'cat_name', 20);
Esempio n. 3
0
<?php

/**
 * phpwcms content management system
 *
 * @author Oliver Georgi <*****@*****.**>
 * @copyright Copyright (c) 2002-2015, Oliver Georgi
 * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
 * @link http://www.phpwcms.de
 *
 **/
session_start();
$phpwcms = array();
require_once '../../include/config/conf.inc.php';
require_once '../inc_lib/default.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/helper.session.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/dbcon.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/general.inc.php';
checkLogin();
validate_csrf_tokens();
require_once PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php';
$chat_message = clean_slweg(trim($_POST['chatmsg']));
$chatlist = intval($_POST['chatlist']);
if ($chat_message) {
    $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_chat (chat_uid, chat_name, chat_text, chat_cat) ";
    $sql .= "VALUES (" . $_SESSION['wcs_user_id'] . "," . _dbEscape($_SESSION['wcs_user']) . "," . _dbEscape($chat_message) . ",0)";
    _dbQuery($sql, 'INSERT');
}
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=chat&p=1&l=' . $chatlist . '&' . get_token_get_string('csrftoken'));
/**
 * phpwcms content management system
 *
 * @author Oliver Georgi <*****@*****.**>
 * @copyright Copyright (c) 2002-2015, Oliver Georgi
 * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
 * @link http://www.phpwcms.de
 *
 **/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
    die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
$_userInfo['delimeter'] = clean_slweg($_POST['delimeter']);
if (empty($_userInfo['delimeter'])) {
    $_userInfo['delimeter'] = ';';
}
$_userInfo['subscribe_active'] = empty($_POST['subscribe_active']) ? 0 : 1;
$_userInfo['subscribe_all'] = empty($_POST['subscribe_all']) ? 0 : 1;
if (isset($_POST['subscribe_select']) && is_array($_POST['subscribe_select'])) {
    $_userInfo['subscribe_select'] = $_POST['subscribe_select'];
} else {
    $_userInfo['subscribe_select'] = array();
    $_userInfo['subscribe_all'] = 1;
}
// check uploaded FILE
if (getimagesize($_FILES['cvsfile']['tmp_name'])) {
    $_userInfo['csvError'] = 'False MIME TYPE. Be sure to upload CSV file only.';
} elseif (is_uploaded_file($_FILES['cvsfile']['tmp_name']) && !$_FILES['cvsfile']['error']) {
Esempio n. 5
0
$content["media_transparent"] = empty($_POST["cmedia_transparent"]) ? 0 : 1;
$content["media_control"] = empty($_POST["cmedia_control"]) ? 0 : 1;
$content["media_pos"] = intval($_POST["cimage_pos"]);
$content["media_width"] = intval($_POST["cmedia_width"]);
$content["media_width"] = $content["media_width"] ? $content["media_width"] : '';
$content["media_height"] = intval($_POST["cmedia_height"]);
$content["media_height"] = $content["media_height"] ? $content["media_height"] : '';
$content["media_id"] = intval($_POST["cmedia_id"]);
$content["media_name"] = clean_slweg($_POST["cmedia_name"]);
$content["media_extern"] = clean_slweg($_POST["cmedia_extern"]);
$content["image_name"] = clean_slweg($_POST["cimage_name"]);
$content["image_id"] = empty($_POST["cimage_id"]) ? '' : intval($_POST["cimage_id"]);
$content["image_caption"] = clean_slweg($_POST["cimage_caption"]);
$content['media'] = array();
$content['media']["media_type"] = $content["media_type"];
$content['media']["media_player"] = $content["media_player"];
$content['media']["media_src"] = $content["media_src"];
$content['media']["media_auto"] = $content["media_auto"];
$content['media']["media_transparent"] = $content["media_transparent"];
$content['media']["media_control"] = $content["media_control"];
$content['media']["media_pos"] = $content["media_pos"];
$content['media']["media_width"] = $content["media_width"];
$content['media']["media_height"] = $content["media_height"];
$content['media']["media_id"] = $content["media_id"];
$content['media']["media_name"] = $content["media_name"];
$content['media']["media_extern"] = $content["media_extern"];
$content['media']["image_name"] = $content["image_name"];
$content['media']["image_id"] = $content["image_id"];
$content['media']["image_caption"] = $content["image_caption"];
$content["template"] = clean_slweg($_POST['template']);
$file_tags = '';
$file_granted = 0;
$file_gallerydownload = 0;
$file_sort = 0;
//Auswerten des Formulars
if (isset($_POST["file_aktion"]) && intval($_POST["file_aktion"]) == 1) {
    if (!ini_get('safe_mode') && function_exists('set_time_limit')) {
        set_time_limit(0);
    }
    $file_pid = intval($_POST["file_pid"]);
    $file_aktiv = empty($_POST["file_aktiv"]) ? 0 : 1;
    $file_public = empty($_POST["file_public"]) ? 0 : 1;
    $file_shortinfo = clean_slweg($_POST["file_shortinfo"]);
    $file_longinfo = slweg(trim($_POST["file_longinfo"]));
    $file_copyright = clean_slweg($_POST["file_copyright"]);
    $file_tags = trim(clean_slweg($_POST["file_tags"]), ',');
    $file_granted = empty($_POST["file_granted"]) ? 0 : 1;
    $file_gallerydownload = empty($_POST["file_gallerydownload"]) ? 0 : 1;
    $file_keys = '';
    $file_sort = intval($_POST["file_sort"]);
    if (count($phpwcms['allowed_lang']) > 1) {
        $file_vars = array();
        foreach ($phpwcms['allowed_lang'] as $lang) {
            $lang = strtolower($lang);
            if (isset($_POST['file_longinfo_' . $lang])) {
                $file_vars[$lang]['longinfo'] = slweg($_POST['file_longinfo_' . $lang]);
            }
            if (isset($_POST['file_copyright_' . $lang])) {
                $file_vars[$lang]['copyright'] = slweg($_POST['file_copyright_' . $lang]);
            }
        }
    $_SESSION['list_user_count'] = trim($_GET['c']) == 'all' ? '99999' : intval($_GET['c']);
}
if (isset($_GET['page'])) {
    $_SESSION['subscriber_page'] = intval($_GET['page']);
}
// set default values for paginating
if (empty($_SESSION['list_user_count'])) {
    $_SESSION['list_user_count'] = 25;
}
// get filter and paginating form values
if (isset($_POST['do_pagination'])) {
    $_SESSION['list_active'] = empty($_POST['showactive']) ? 0 : 1;
    $_SESSION['list_inactive'] = empty($_POST['showinactive']) ? 0 : 1;
    $_SESSION['list_channel'] = empty($_POST['showchannel']) ? 0 : 1;
    $_SESSION['subscriber_page'] = intval($_POST['page']);
    $_SESSION['filter_subscriber'] = clean_slweg($_POST['filter']);
    if (empty($_SESSION['filter_subscriber'])) {
        unset($_SESSION['filter_subscriber']);
    } else {
        $_SESSION['filter_subscriber'] = convertStringToArray($_SESSION['filter_subscriber'], ' ');
    }
}
if (empty($_SESSION['subscriber_page'])) {
    $_SESSION['subscriber_page'] = 1;
}
// default settings for listing selected users
$_userInfo['list_active'] = isset($_SESSION['list_active']) ? $_SESSION['list_active'] : 1;
$_userInfo['list_inactive'] = isset($_SESSION['list_inactive']) ? $_SESSION['list_inactive'] : 1;
$_userInfo['list_channel'] = isset($_SESSION['list_channel']) ? $_SESSION['list_channel'] : 0;
if ($_userInfo['list_channel'] && isset($_POST['showchannel'])) {
    $_userInfo['channel'] = empty($_POST['subscribe_select']) ? false : $_POST['subscribe_select'];
Esempio n. 8
0
 **/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
    die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
// try
if (isset($_GET['edit'])) {
    $glossary['id'] = intval($_GET['edit']);
} else {
    $glossary['id'] = 0;
}
// process post form
if (isset($_POST['glossary_title'])) {
    $glossary['data'] = array('glossary_id' => intval($_POST['glossary_id']), 'glossary_title' => clean_slweg($_POST['glossary_title']), 'glossary_created' => date('Y-m-d H:i:s'), 'glossary_changed' => date('Y-m-d H:i:s'), 'glossary_tag' => clean_slweg($_POST['glossary_tag']), 'glossary_keyword' => clean_slweg($_POST['glossary_keyword']), 'glossary_text' => slweg($_POST['glossary_text']), 'glossary_object' => array(), 'glossary_status' => empty($_POST['glossary_status']) ? 0 : 1, 'glossary_highlight' => empty($_POST['glossary_highlight']) ? 0 : 1);
    if (empty($glossary['data']['glossary_title'])) {
        $glossary['error']['glossary_title'] = 1;
    }
    if (empty($glossary['data']['glossary_keyword'])) {
        $glossary['error']['glossary_keyword'] = 1;
    } else {
        $sql = 'SELECT COUNT(*) FROM ' . DB_PREPEND . "phpwcms_glossary ";
        $sql .= "WHERE glossary_keyword LIKE '" . aporeplace($glossary['data']['glossary_keyword']);
        $sql .= "' AND glossary_id <> " . $glossary['data']['glossary_id'];
        if (_dbQuery($sql, 'COUNT')) {
            $glossary['error']['glossary_keyword'] = 1;
        }
    }
    if (!isset($glossary['error'])) {
        if ($glossary['data']['glossary_id']) {
Esempio n. 9
0
// ----------------------------------------------------------------
$new_login = genlogname();
$new_password = generic_string(8);
$new_email = '';
$new_name = '';
$set_user_aktiv = 0;
$set_user_admin = 0;
$set_user_fe = 0;
$send_verification = 1;
$user_err = '';
if (isset($_POST["form_aktion"]) && $_POST["form_aktion"] == "create_account") {
    //Create Account Daten verarbeiten
    $new_login = slweg($_POST["form_newloginname"]);
    $new_password = slweg($_POST["form_newpassword"]);
    $new_email = clean_slweg($_POST["form_newemail"]);
    $new_name = clean_slweg($_POST["form_newrealname"]);
    $set_user_aktiv = isset($_POST["form_active"]) ? 1 : 0;
    $set_user_admin = isset($_POST["form_admin"]) ? 1 : 0;
    $set_user_fe = isset($_POST["form_feuser"]) ? intval($_POST["form_feuser"]) : 0;
    if ($set_user_admin) {
        $set_user_fe = 2;
    }
    $send_verification = isset($_POST["verification_email"]) ? 1 : 0;
    if (isEmpty($new_login)) {
        $user_err = $BL['be_admin_usr_err2'] . "\n";
    } else {
        $sql = "SELECT COUNT(*) AS anzahl FROM " . DB_PREPEND . "phpwcms_user WHERE usr_login='******'";
        if ($result = mysql_query($sql, $db)) {
            if ($check_anzahl = mysql_fetch_array($result)) {
                if ($check_anzahl["anzahl"]) {
                    $user_err .= $BL['be_admin_usr_err1'] . "\n";
Esempio n. 10
0
    $content['glossary']['detail_entry'] = render_cnt_template($content['glossary']['detail_entry'], 'TITLE', html_specialchars($content['glossary']['entry']['glossary_title']));
    $content['glossary']['item'] = $content['glossary']['detail_head'] . $content['glossary']['detail_entry'] . $content['glossary']['detail_footer'];
    $content['glossary']['item'] = str_replace('{GLOSSARY_ID}', $content['glossary']['entry']['glossary_id'], $content['glossary']['item']);
    $content['glossary']['item'] = str_replace('{BACKLINK}', rel_url(), $content['glossary']['item']);
    // fine we will display given glossary ID
    $CNT_TMP .= $content['glossary']['item'];
} else {
    // get list entries template sections
    $content['glossary']['list_head'] = get_tmpl_section('GLOSSARY_LIST_HEAD', $content['glossary']['glossary_template']);
    $content['glossary']['list_footer'] = get_tmpl_section('GLOSSARY_LIST_FOOTER', $content['glossary']['glossary_template']);
    $content['glossary']['list_entry'] = get_tmpl_section('GLOSSARY_LIST_ENTRY', $content['glossary']['glossary_template']);
    $content['glossary']['list_spacer'] = get_tmpl_section('GLOSSARY_LIST_SPACER', $content['glossary']['glossary_template']);
    // OK we build filter
    $content['glossary']['glossary_alphabet'] = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $content['glossary']['glossary_filter'] = convertStringToArray(strtoupper($content['glossary']['glossary_filter']), ' ');
    $content['glossary']['glossary_filter_active'] = empty($GLOBALS['_getVar']['glossary']) ? '' : strtoupper(clean_slweg($GLOBALS['_getVar']['glossary']));
    if (in_array($content['glossary']['glossary_filter_active'], $content['glossary']['glossary_filter'])) {
        // build SQL query
        if (strpos($content['glossary']['glossary_filter_active'], '-')) {
            $content['glossary']['filter'] = explode('-', $content['glossary']['glossary_filter_active']);
            $content['glossary']['filter'][0] = substr($content['glossary']['filter'][0], 0, 1);
            $content['glossary']['filter'][1] = empty($content['glossary']['filter'][1]) ? '?' : substr($content['glossary']['filter'][1], 0, 1);
            // is there start and end
            if (strpos($content['glossary']['glossary_alphabet'], $content['glossary']['filter'][0]) !== false && strpos($content['glossary']['glossary_alphabet'], $content['glossary']['filter'][1]) !== false) {
                $content['glossary']['glossary_alphabet'] = preg_split('//', $content['glossary']['glossary_alphabet'], -1, PREG_SPLIT_NO_EMPTY);
                $content['glossary']['filters'] = array();
                $content['glossary']['filter_run'] = false;
                foreach ($content['glossary']['glossary_alphabet'] as $content['glossary']['char']) {
                    // OK start here
                    if ($content['glossary']['char'] == $content['glossary']['filter'][0]) {
                        $content['glossary']['filter_run'] = true;
Esempio n. 11
0
 $keyword["id"] = intval($_GET["keyid"]);
 if ($keyword["id"]) {
     $sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_keyword WHERE keyword_id=" . $keyword["id"] . " LIMIT 1;";
     if ($result = mysql_query($sql, $db) or die("error while retrieving keywords")) {
         if ($row = mysql_fetch_array($result)) {
             $keyword["name"] = $row["keyword_name"];
         }
         mysql_free_result($result);
     }
     $sendbutton = $BL['be_admin_fcat_button1'];
 } else {
     $sendbutton = $BL['be_admin_fcat_button2'];
 }
 if (isset($_POST["keyword_aktion"]) && intval($_POST["keyword_aktion"])) {
     // show form for editing keywords
     $keyword["name"] = clean_slweg($_POST["keyword_name"], 250);
     $keyword["id"] = intval($_POST["keyword_id"]);
     $keyword["name"] = str_replace(';', ' ', $keyword["name"]);
     $keyword["name"] = str_replace(',', ' ', $keyword["name"]);
     $keyword["name"] = preg_replace('/\\s{1,}/', ' ', $keyword["name"]);
     if (empty($keyword["name"])) {
         $keyword["error"] = 1;
     } else {
         if (!$keyword["id"]) {
             $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_keyword SET ";
             $sql .= "keyword_name = '" . aporeplace($keyword["name"]) . "'";
         } else {
             $sql = "UPDATE " . DB_PREPEND . "phpwcms_keyword SET ";
             $sql .= "keyword_name='" . aporeplace($keyword["name"]);
             $sql .= "' WHERE keyword_id=" . $keyword["id"];
         }
Esempio n. 12
0
// set OnLoad (DomReady) JavaScript
if (count($block['js_ondomready'])) {
    jsOnDomReady(implode(LF, $block['js_ondomready']));
}
// set OnUnLoad JavaScript
if (count($block['js_onunload'])) {
    jsOnUnLoad(implode(LF, $block['js_onunload']));
}
// set Inline JS
if (count($block['js_inline'])) {
    $block['custom_htmlhead']['inline'] = '  <script' . SCRIPT_ATTRIBUTE_TYPE . '>' . LF . SCRIPT_CDATA_START . LF;
    $block['custom_htmlhead']['inline'] .= implode(LF, $block['js_inline']);
    $block['custom_htmlhead']['inline'] .= LF . SCRIPT_CDATA_END . LF . '  </script>';
}
if (!empty($_GET['highlight'])) {
    $highlight_words = explode(' ', clean_slweg(rawurldecode($_GET['highlight'])));
    $content['all'] = preg_replace_callback("/<!--SEARCH_HIGHLIGHT_START\\/\\/-->(.*?)<!--SEARCH_HIGHLIGHT_END\\/\\/-->/si", "pregReplaceHighlightWrapper", $content['all']);
}
$content['all'] = str_replace(array('<!--SEARCH_HIGHLIGHT_START//-->', '<!--SEARCH_HIGHLIGHT_END//-->'), '', $content['all']);
// render content part pagination
if (!empty($_CpPaginate)) {
    $content['all'] = str_replace(array('<!--CP_PAGINATE_START//-->', '<!--CP_PAGINATE_END//-->'), '', $content['all']);
    unset($_getVar['aid'], $_getVar['id']);
    // first build [1][2][3] paginate pages
    if (strpos($content['all'], '{CP_PAGINATE}')) {
        $content['CpPaginateNavi'] = array();
        foreach ($content['CpPages'] as $key => $value) {
            $content['CpPaginateNavi'][$key] = $template_default['attributes']['cp-paginate']['link-prefix'];
            $content['CpPaginateNavi'][$key] .= '<a href="' . rel_url(array(), array(), $key ? 'aid=' . $aktion[1] . '-' . $key : '') . '" class="';
            $content['CpPaginateNavi'][$key] .= $key == $content['aId_CpPage'] ? $template_default['classes']['cp-paginate-link'] : $template_default['classes']['cp-paginate-link-active'];
            $content['CpPaginateNavi'][$key] .= '">' . $template_default['attributes']['cp-paginate']['value-prefix'] . $value . $template_default['attributes']['cp-paginate']['value-suffix'] . '</a>';
Esempio n. 13
0
 case 'newsletter':
     /*
      * Newsletter
      */
     $form_newletter_setting = array();
     $form_newletter_setting['double_optin'] = 0;
     $form_value = array();
     if ($POST_DO && ($cnt_form["fields"][$key]['required'] || isset($_POST[$POST_name]))) {
         if (isset($_POST[$POST_name]) && is_array($_POST[$POST_name])) {
             $POST_val[$POST_name] = array_map('combined_POST_cleaning', $_POST[$POST_name]);
             $POST_val[$POST_name] = array_diff($POST_val[$POST_name], array(''));
             if (!count($POST_val[$POST_name])) {
                 $POST_val[$POST_name] = false;
             }
         } else {
             $POST_val[$POST_name] = isset($_POST[$POST_name]) ? remove_unsecure_rptags(clean_slweg($_POST[$POST_name])) : false;
         }
         if ($cnt_form["fields"][$key]['required'] && ($POST_val[$POST_name] === false || $POST_val[$POST_name] == '')) {
             $POST_ERR[$key] = $cnt_form["fields"][$key]['error'];
             $cnt_form["fields"][$key]['class'] = getFieldErrorClass($value['class'], $cnt_form["error_class"]);
         } else {
             $cnt_form["fields"][$key]['value'] = str_replace(' checked', '', $cnt_form["fields"][$key]['value']);
         }
         if (isset($POST_val[$POST_name])) {
             $form_newletter_setting['selection'] = $POST_val[$POST_name];
         } else {
             $form_newletter_setting['selection'] = false;
         }
     }
     // prepare default settings for newsletter field
     $form_value_default = convertStringToArray($cnt_form["fields"][$key]['value'], "\n", 'UNIQUE', false);
Esempio n. 14
0
             mysql_free_result($guestbook['result']);
         }
     }
 }
 // Captcha check
 if (empty($guestbook['captcha'])) {
     $guestbook['form'] = replace_tmpl_section('CAPTCHA', $guestbook['form']);
 } else {
     $guestbook['captcha_maxchar'] = empty($guestbook['captcha_maxchar']) ? 5 : $guestbook['captcha_maxchar'];
     $guestbook['form'] = str_replace('{CAPTCHA}', '<img src="img/captcha.php?regen=y&amp;length=' . $guestbook['captcha_maxchar'] . '&amp;' . time() . '" alt="Captcha" id="gbCaptchaImage" />', $guestbook['form']);
 }
 if (isset($_POST['guestbook_email']) && !empty($guestbook['captcha'])) {
     include_once PHPWCMS_ROOT . '/include/inc_ext/SPAF_FormValidator.class.php';
     // instantiate the object
     $spaf_obj = new SPAF_FormValidator();
     $guestbook['post']['captcha'] = isset($_POST['guestbook_captcha']) ? clean_slweg($_POST['guestbook_captcha']) : '';
     if ($spaf_obj->validRequest($guestbook['post']['captcha'])) {
         // destroy successful code
         $spaf_obj->destroy();
     } else {
         $guestbook['error']['captcha'] = 'Fill in the correct captcha code. Proof it twice!';
     }
 }
 if (isset($_POST['guestbook_email']) && !$guestbook['flooding']) {
     // make global spam check
     if (!checkFormTrackingValue()) {
         $guestbook['flooding'] = 1;
         $guestbook['readform'] = 1;
         $guestbook['spamalert'] = '<div class="spamFormAlert">Your IP ' . getRemoteIP() . ' is not allowed to send form!</div>';
     }
 }
function update_404redirect()
{
    $data = array('error' => array(), 'data' => array('rid' => intval($_POST['rid']), 'alias' => clean_slweg($_POST['alias']), 'id' => trim($_POST['id']) === '' ? '' : intval($_POST['id']), 'aid' => trim($_POST['aid']) === '' || !intval($_POST['aid']) ? '' : intval($_POST['aid']), 'type' => empty($_POST['type']) || !in_array($_POST['type'], array('alias', 'id', 'aid', 'link')) ? '' : clean_slweg($_POST['type']), 'active' => empty($_POST['active']) ? 0 : 1, 'shortcut' => empty($_POST['shortcut']) ? 0 : 1, 'code' => empty($_POST['code']) || !in_array($_POST['code'], array('301', '307', '404', '401', '503')) ? '' : clean_slweg($_POST['code']), 'target' => clean_slweg($_POST['target']), 'changed' => date('Y-m-d H:i:s')));
    if (!$data['data']['aid'] && !$data['data']['alias'] && $data['data']['id'] == '' && !isset($_POST['delete_' . md5($data['data']['rid'])])) {
        $data['error'][] = $GLOBALS['BL']['be_redirect_error1'];
    }
    if ($data['data']['type'] && $data['data']['target'] === '') {
        $data['error'][] = $GLOBALS['BL']['be_redirect_error2'];
    } elseif (($data['data']['type'] == 'id' || $data['data']['type'] == 'aid') && !is_intval($data['data']['target'])) {
        $data['error'][] = $GLOBALS['BL']['be_redirect_error3'];
    }
    if (count($data['error'])) {
        $data['data']['active'] = 0;
        set_status_message(implode('<br />', $data['error']), 'error');
    } else {
        $data['error'] = NULL;
        $rid = $data['data']['rid'];
        unset($data['data']['rid']);
        if ($rid) {
            // Mark for deletion
            if (isset($_POST['delete_' . md5($rid)])) {
                $data['data']['active'] = 9;
                $result = _dbQuery('DELETE FROM ' . DB_PREPEND . 'phpwcms_redirect WHERE rid=' . $rid, 'DELETE');
            } else {
                $result = _dbUpdate('phpwcms_redirect', $data['data'], 'rid=' . $rid);
            }
        } else {
            $result = _dbInsert('phpwcms_redirect', $data['data']);
            if (isset($result['INSERT_ID'])) {
                $rid = $result['INSERT_ID'];
            }
        }
        $data['data']['rid'] = $rid;
        if ($result) {
            if ($data['data']['active'] == 9) {
                set_status_message(str_replace('{ID}', $data['data']['rid'], $GLOBALS['BL']['be_action_deleted']), 'success');
                headerRedirect('phpwcms.php?' . get_token_get_string('csrftoken') . '&do=admin&p=14');
            } else {
                set_status_message($GLOBALS['BL']['be_successfully_saved'], 'success');
            }
        } else {
            set_status_message($GLOBALS['BL']['be_error_while_save'], 'error');
        }
    }
    return $data;
}
Esempio n. 16
0
function cleanUpFormMailerPostValue($string = '')
{
    if (strpos("\n", $string) !== false) {
        return '';
    }
    $string = clean_slweg($string);
    $string = cleanUpSpecialHtmlEntities($string);
    return $string;
}
Esempio n. 17
0
//load default language EN
require_once PHPWCMS_ROOT . '/include/inc_lang/backend/en/lang.inc.php';
include_once PHPWCMS_ROOT . "/include/inc_lang/code.lang.inc.php";
// check modules
require_once PHPWCMS_ROOT . '/include/inc_lib/modules.check.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/imagick.convert.inc.php';
if (isset($_POST['action'])) {
    $action = isset($_POST['action']) ? clean_slweg($_POST['action'], 0, false) : false;
    //	$method		= isset($_POST['method']) ? $_POST['method'] : 'json';
    $value = isset($_POST['value']) ? intval($_POST['value']) : 0;
    $aid = isset($_POST['aid']) ? intval($_POST['aid']) : 0;
    $cid = isset($_POST['cid']) ? intval($_POST['cid']) : 0;
    $jquery = true;
} elseif (isset($_GET['action'])) {
    $action = isset($_GET['action']) ? clean_slweg($_GET['action'], 0, false) : false;
    //	$method		= isset($_GET['method']) ? $_GET['method'] : 'json';
    $value = isset($_GET['value']) ? intval($_GET['value']) : 0;
    $aid = isset($_GET['aid']) ? intval($_GET['aid']) : 0;
    $cid = isset($_GET['cid']) ? intval($_GET['cid']) : 0;
    $jquery = true;
} else {
    $action = false;
    //	$method		= false;
    $value = false;
    $aid = 0;
    $cid = 0;
    $jquery = false;
}
if (empty($value)) {
    $action = 'empty';
Esempio n. 18
0
// show search tester text
// read template
if (empty($crow["acontent_template"]) && is_file(PHPWCMS_TEMPLATE . 'inc_default/search.tmpl')) {
    $crow["acontent_template"] = render_device(@file_get_contents(PHPWCMS_TEMPLATE . 'inc_default/search.tmpl'));
} elseif (is_file(PHPWCMS_TEMPLATE . 'inc_cntpart/search/' . $crow["acontent_template"])) {
    $crow["acontent_template"] = render_device(@file_get_contents(PHPWCMS_TEMPLATE . 'inc_cntpart/search/' . $crow["acontent_template"]));
} else {
    $crow["acontent_template"] = '';
}
$crow['template'] = array('header' => get_tmpl_section('SEARCH_HEADER', $crow["acontent_template"]), 'footer' => get_tmpl_section('SEARCH_FOOTER', $crow["acontent_template"]), 'item_space' => get_tmpl_section('SEARCH_ITEM_SPACER', $crow["acontent_template"]), 'item' => get_tmpl_section('SEARCH_ITEM', $crow["acontent_template"]), 'pagination' => trim(get_tmpl_section('SEARCH_PAGINATE', $crow["acontent_template"])), 'text' => '', 'form' => '', 'image_render' => false);
if (!empty($_POST["search_input_field"]) || !empty($_GET['searchwords'])) {
    $s_run = 0;
    // check search
    // remove unsecure replacement tags
    $content["search_word"] = empty($_POST["search_input_field"]) ? rawurldecode($_GET['searchwords']) : $_POST["search_input_field"];
    $content["search_word"] = clean_slweg($content["search_word"]);
    $content["search_word"] = clean_replacement_tags($content["search_word"]);
    $content["search_word"] = cleanUpSpecialHtmlEntities($content["search_word"]);
    // split all search words
    $content["search_word"] = explode(' ', $content["search_word"]);
    $content["search_word"] = array_unique($content["search_word"]);
    $content['search']['highlight_result'] = empty($content["search"]['highlight_result']) ? false : true;
    $content['search']['wordlimit'] = isset($content["search"]['wordlimit']) && is_intval($content["search"]['wordlimit']) ? intval($content["search"]['wordlimit']) : 35;
    $content["search"]["result_per_page"] = empty($content["search"]['result_per_page']) ? 15 : $content["search"]['result_per_page'];
    if ($content["search"]["result_per_page"] == -1) {
        $content["search"]["result_per_page"] = 100000;
    }
    if (!isset($content["search"]["show_always"])) {
        $content["search"]["show_always"] = 1;
    }
    if (!isset($content["search"]["show_top"])) {
Esempio n. 19
0
     if ($result = mysql_query($sql, $db) or die("error while getting file key infos")) {
         if ($row = mysql_fetch_array($result)) {
             $fkey["name"] = $row["fkey_name"];
             $fkey["active"] = $row["fkey_aktiv"];
             $fkey["cid"] = $row["fkey_cid"];
             $fkey["sort"] = $row["fkey_sort"];
         }
         mysql_free_result($result);
     }
     $sendbutton = $BL['be_admin_fcat_button1'];
 } else {
     $sendbutton = $BL['be_admin_fcat_button2'];
 }
 if (!empty($_POST["fkey_aktion"])) {
     //Formular zum Bearbeiten der Dateischlüssel-Namen
     $fkey["name"] = clean_slweg($_POST["fkey_name"], 250);
     $fkey["id"] = intval($_POST["fkey_id"]);
     $fkey["active"] = intval($_POST["fkey_active"]);
     $fkey["cid"] = intval($_POST["fkey_cid"]);
     $fkey["sort"] = empty($_POST["fkey_sort"]) ? 0 : intval($_POST["fkey_sort"]);
     if (isEmpty($fkey["name"])) {
         $fkey["error"] = 1;
     } else {
         if (!$fkey["id"]) {
             $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_filekey (fkey_name, fkey_aktiv, fkey_cid, fkey_sort) VALUES ('";
             $sql .= aporeplace($fkey["name"]) . "', " . $fkey["active"] . ", " . $fkey["cid"] . ", " . $fkey["sort"] . ")";
         } else {
             $sql = "UPDATE " . DB_PREPEND . "phpwcms_filekey SET fkey_name='" . aporeplace($fkey["name"]);
             $sql .= "', fkey_aktiv=" . $fkey["active"] . ", fkey_cid=" . $fkey["cid"] . ", fkey_sort=" . $fkey["sort"] . " WHERE fkey_id=" . $fkey["id"];
         }
         if ($result = mysql_query($sql, $db) or die("error while inserting/updating file key")) {
Esempio n. 20
0
 **/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
    die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
// try
if (isset($_GET['edit'])) {
    $plugin['id'] = intval($_GET['edit']);
} else {
    $plugin['id'] = 0;
}
// process post form
if (isset($_POST['adcampaign_title'])) {
    $plugin['data'] = array('adcampaign_id' => intval($_POST['adcampaign_id']), 'adcampaign_title' => clean_slweg($_POST['adcampaign_title']), 'adcampaign_created' => date('Y-m-d H:i:s'), 'adcampaign_changed' => date('Y-m-d H:i:s'), 'adcampaign_comment' => clean_slweg($_POST['adcampaign_comment']), 'adcampaign_data' => array('max_views' => intval($_POST['adcampaign_max_views']), 'max_click' => intval($_POST['adcampaign_max_click']), 'width' => intval($_POST['adcampaign_width']), 'height' => intval($_POST['adcampaign_height']), 'unique' => empty($_POST['adcampaign_unique']) ? 0 : 1, 'url' => clean_slweg($_POST['adcampaign_url']), 'target' => clean_slweg($_POST['adcampaign_target'])), 'adcampaign_status' => empty($_POST['adcampaign_status']) ? 0 : 1, 'adcampaign_date_start' => clean_slweg($_POST['adcampaign_date_start']), 'adcampaign_date_end' => clean_slweg($_POST['adcampaign_date_end']), 'adcampaign_time_start' => clean_slweg($_POST['adcampaign_time_start']), 'adcampaign_time_end' => clean_slweg($_POST['adcampaign_time_end']), 'adcampaign_format' => intval($_POST['adcampaign_format']));
    if (empty($plugin['data']['adcampaign_title'])) {
        $plugin['error']['adcampaign_title'] = 1;
    }
    $plugin['error'] = 1;
    if (false && !isset($plugin['error'])) {
        if ($plugin['data']['glossary_id']) {
            // UPDATE
            $sql = 'UPDATE ' . DB_PREPEND . 'phpwcms_glossary SET ';
            $sql .= "glossary_title='" . aporeplace($plugin['data']['glossary_title']) . "', ";
            $sql .= "glossary_tag='" . aporeplace($plugin['data']['glossary_tag']) . "', ";
            $sql .= "glossary_keyword='" . aporeplace($plugin['data']['glossary_keyword']) . "', ";
            $sql .= "glossary_text='" . aporeplace($plugin['data']['glossary_text']) . "', ";
            $sql .= "glossary_object='" . aporeplace(serialize($plugin['data']['glossary_object'])) . "', ";
            $sql .= "glossary_changed='" . aporeplace($plugin['data']['glossary_changed']) . "', ";
            $sql .= "glossary_status=" . $plugin['data']['glossary_status'] . ", ";
Esempio n. 21
0
            $fileinfo['filesize'] = $download['f_size'];
            $fileinfo['method'] = empty($phpwcms["inline_download"]) ? 'attachment' : 'inline';
            $fileinfo['mimetype'] = $download["f_type"];
            $fileinfo['file'] = $fileinfo['path'] . $fileinfo['filename'];
            $fileinfo['extension'] = $download["f_ext"];
            $fileinfo['realfname'] = $phpwcms['sanitize_dlname'] ? phpwcms_remove_accents($download["f_name"]) : $download["f_name"];
            // start download
            $success = dl_file_resume($fileinfo['file'], $fileinfo, true);
        }
    }
    // we hack in the stream.php here
} elseif ($file = isset($_GET['file']) ? clean_slweg($_GET['file'], 40) : '') {
    $filename = basename($file);
    $file = PHPWCMS_ROOT . '/' . PHPWCMS_FILES . $filename;
    if (is_file($file)) {
        $mime = empty($_GET['type']) ? '' : clean_slweg($_GET['type'], 100);
        if (!is_mimetype_format($mime)) {
            $mime = get_mimetype_by_extension(which_ext($file));
        }
        header('Content-Type: ' . $mime);
        if (BROWSER_OS == 'iOS') {
            require_once PHPWCMS_ROOT . '/include/inc_lib/functions.file.inc.php';
            rangeDownload($file);
        } else {
            header('Content-Transfer-Encoding: binary');
            if (!isset($_GET['ios'])) {
                header('Content-Disposition: inline; filename="' . ($phpwcms['sanitize_dlname'] ? phpwcms_remove_accents($filename) : $filename) . '"');
            }
            header('Content-Length: ' . filesize($file));
            readfile($file);
        }
Esempio n. 22
0
$content["guestbook"]["cookie"] = empty($_POST["cguestbook_cookie"]) ? 0 : 1;
$content["guestbook"]["captcha"] = empty($_POST["cguestbook_captcha"]) ? 0 : 1;
$content["guestbook"]["gb_login_show"] = empty($_POST["cguestbook_login_show"]) ? 0 : 1;
$content["guestbook"]["gb_login_post"] = empty($_POST["cguestbook_login_post"]) ? 0 : 1;
$content["guestbook"]["gb_urlcheck"] = empty($_POST["cguestbook_urlcheck"]) ? 0 : 1;
$content["guestbook"]["notify"] = empty($_POST["cguestbook_notify"]) ? 0 : 1;
$content["guestbook"]["notify_email"] = clean_slweg($_POST["cguestbook_notify_email"]);
if (empty($content["guestbook"]["notify_email"])) {
    $content["guestbook"]["notify"] = 0;
} else {
    $content["guestbook"]["notify_email"] = convertStringToArray(str_replace(',', ';', $content["guestbook"]["notify_email"]), ';');
    foreach ($content["guestbook"]["notify_email"] as $key => $item) {
        if (!is_valid_email($item)) {
            unset($content["guestbook"]["notify_email"][$key]);
        }
    }
    $content["guestbook"]["notify_email"] = implode(';', $content["guestbook"]["notify_email"]);
    if ($content["guestbook"]["notify_email"] == '') {
        $content["guestbook"]["notify"] = 0;
    }
}
$content["guestbook"]["captcha_maxchar"] = intval($_POST['cguestbook_captchamaxchar']);
if (!$content["guestbook"]["captcha_maxchar"]) {
    $content["guestbook"]["captcha_maxchar"] = 5;
} elseif ($content["guestbook"]["captcha_maxchar"] > 15) {
    $content["guestbook"]["captcha_maxchar"] = 15;
}
$content["guestbook"]["max_image_filesize"] = return_bytes_shorten(clean_slweg($_POST["cguestbook_maximgsize"]));
if (!return_bytes($content["guestbook"]["max_image_filesize"])) {
    $content["guestbook"]["max_image_filesize"] = return_bytes_shorten($phpwcms['file_maxsize']);
}
         foreach ($plugin['data']['shopprod_images'] as $key => $value) {
             if (isset($temp_img_row[$value])) {
                 $img_all[$key]['f_id'] = $temp_img_row[$value]['f_id'];
                 $img_all[$key]['f_name'] = $temp_img_row[$value]['f_name'];
                 $img_all[$key]['f_hash'] = $temp_img_row[$value]['f_hash'];
                 $img_all[$key]['f_ext'] = $temp_img_row[$value]['f_ext'];
                 $img_all[$key]['caption'] = isset($plugin['data']['shopprod_caption'][$key]) ? trim($plugin['data']['shopprod_caption'][$key]) : '';
             }
         }
         $plugin['data']['shopprod_caption'] = array();
         $plugin['data']['shopprod_images'] = $img_all;
         unset($img_all);
     }
 }
 // Attachments
 $plugin['data']['shopprod_filecaption'] = clean_slweg($_POST["shopprod_filecaption"], 0, false);
 $plugin['data']['shopprod_filecaption'] = explode(LF, $plugin['data']['shopprod_filecaption']);
 $plugin['data']['shopprod_files'] = isset($_POST['shopprod_files']) && is_array($_POST['shopprod_files']) ? $_POST['shopprod_files'] : array();
 if (is_array($plugin['data']['shopprod_files']) && count($plugin['data']['shopprod_files'])) {
     $plugin['data']['shopprod_files'] = array_map('intval', $plugin['data']['shopprod_files']);
     $plugin['data']['shopprod_files'] = array_diff($plugin['data']['shopprod_files'], array(0, '', NULL, false));
     if (count($plugin['data']['shopprod_files'])) {
         $img_all = _dbQuery('SELECT * FROM ' . DB_PREPEND . 'phpwcms_file WHERE f_id IN (' . implode(',', $plugin['data']['shopprod_files']) . ')');
         // take all values from db
         $temp_img_row = array();
         foreach ($img_all as $value) {
             $temp_img_row[$value['f_id']] = $value;
         }
         $img_all = array();
         // now run though image result - but keep sorting
         foreach ($plugin['data']['shopprod_files'] as $key => $value) {
Esempio n. 24
0
<!--
body { background-color: #EBF2F4; }
-->
</style>
</head>
<body bgcolor="#EBF2F4" text="#000000" link="#000000" vlink="#000000" alink="#000000" leftmargin="15" topmargin="15" marginwidth="15" marginheight="15">
<?php 
if (!$ftp["error"]) {
    $ftp["dir"] = intval($_POST["file_dir"]);
    $ftp["short_info"] = clean_slweg($_POST["file_shortinfo"]);
    $ftp["aktiv"] = empty($_POST["file_aktiv"]) ? 0 : 1;
    $ftp["public"] = empty($_POST["file_public"]) ? 0 : 1;
    $ftp["replace"] = empty($_POST["file_replace"]) ? 0 : 1;
    $ftp["long_info"] = slweg($_POST["file_longinfo"]);
    $ftp["copyright"] = slweg($_POST["file_copyright"]);
    $ftp["tags"] = trim(trim(clean_slweg($_POST["file_tags"]), ','));
    $ftp["keywords"] = isset($_POST["file_keywords"]) ? $_POST["file_keywords"] : array();
    $ftp["keys"] = "";
    if (is_array($ftp["keywords"]) && count($ftp["keywords"])) {
        foreach ($ftp["keywords"] as $key => $value) {
            unset($ftp["keywords"][$key]);
            $key = intval($key);
            if ($value != "0_1") {
                $ftp["keys"] .= ($ftp["keys"] ? ":" : "") . $key . "_" . intval($value);
                $ftp["keywords"][$key] = intval($value);
            } else {
                $file_error["keywords"][$key] = 1;
            }
        }
    }
    $ftp['fileVarsField'] = '';
 **/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
    die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
// try
if (isset($_GET['edit'])) {
    $plugin['id'] = intval($_GET['edit']);
} else {
    $plugin['id'] = 0;
}
// process post form
if (isset($_POST['adcampaign_title'])) {
    $plugin['data'] = array('adcampaign_id' => intval($_POST['adcampaign_id']), 'adcampaign_title' => clean_slweg($_POST['adcampaign_title']), 'adcampaign_created' => date('Y-m-d H:i:s'), 'adcampaign_changed' => date('Y-m-d H:i:s'), 'adcampaign_comment' => clean_slweg($_POST['adcampaign_comment']), 'adcampaign_data' => array('width' => intval($_POST['adcampaign_width']), 'height' => intval($_POST['adcampaign_height']), 'unique' => empty($_POST['adcampaign_unique']) ? 0 : 1, 'url' => clean_slweg($_POST['adcampaign_url']), 'target' => clean_slweg($_POST['adcampaign_target']), 'image' => isset($_POST['adcampaign_image']) ? clean_slweg($_POST['adcampaign_image']) : '', 'flash' => isset($_POST['adcampaign_flash']) ? clean_slweg($_POST['adcampaign_flash']) : '', 'html' => slweg($_POST['adcampaign_html']), 'alt_text' => clean_slweg($_POST['adcampaign_alt_text']), 'title_text' => clean_slweg($_POST['adcampaign_title_text']), 'css' => isset($_POST['adcampaign_css']) ? clean_slweg($_POST['adcampaign_css']) : '', 'bgcolor' => clean_slweg($_POST['adcampaign_bgcolor']), 'bordercolor' => clean_slweg($_POST['adcampaign_bordercolor']), 'flashversion' => clean_slweg($_POST['adcampaign_flashversion'])), 'adcampaign_status' => empty($_POST['adcampaign_status']) ? 0 : 1, 'adcampaign_date_start' => clean_slweg($_POST['adcampaign_date_start']), 'adcampaign_date_end' => clean_slweg($_POST['adcampaign_date_end']), 'adcampaign_time_start' => clean_slweg($_POST['adcampaign_time_start']), 'adcampaign_time_end' => clean_slweg($_POST['adcampaign_time_end']), 'adcampaign_type' => empty($_POST['adcampaign_type']) ? 0 : intval($_POST['adcampaign_type']), 'adcampaign_place' => intval($_POST['adcampaign_place']), 'adcampaign_maxview' => intval($_POST['adcampaign_max_views']), 'adcampaign_maxclick' => intval($_POST['adcampaign_max_click']), 'adcampaign_maxviewuser' => intval($_POST['adcampaign_max_viewuser']), 'adcampaign_duplicate' => empty($_POST['adcampaign_duplicate']) ? 0 : 1);
    if (empty($plugin['data']['adcampaign_data']['flashversion'])) {
        $plugin['data']['adcampaign_data']['flashversion'] = '7';
    }
    if ($plugin['data']['adcampaign_type'] > 4) {
        $plugin['data']['adcampaign_type'] = 0;
    }
    // clean up date/time
    include_once $phpwcms['modules'][$module]['path'] . 'inc/processing.datetime.inc.php';
    if (empty($plugin['data']['adcampaign_title'])) {
        $plugin['error']['adcampaign_title'] = 1;
    }
    // handle media upload
    if ($plugin['data']['adcampaign_id'] && !empty($_FILES['adcampaign_upload_image']['name'])) {
        // image upload
        $plugin['data']['upload'] = saveUploadedFile('adcampaign_upload_image', PHPWCMS_CONTENT . 'ads/' . $plugin['data']['adcampaign_id'] . '/', '', '1,2,3', '1,4');
Esempio n. 26
0
			window.opener.document.articlecontent.cmap_location_x.value=kx;
			window.opener.document.articlecontent.cmap_location_y.value=ky;
			window.opener.document.articlecontent.cmap_location_edited.value='1';
		}
	</script>
	<style type="text/css">
		body {
			font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
			font-size: 10px;
			margin:0;
			padding:0;
		}
	</style>
</head>
<body><?php 
$map_img = clean_slweg($_GET['map']);
if ($map_img && ($map_data = getimagesize(PHPWCMS_TEMPLATE . 'inc_cntpart/map/map_img/' . $map_img))) {
    $map = '';
    $p = array();
    if (isset($_GET['points'])) {
        $points = explode(':|:', $_GET['points']);
        if (count($points)) {
            foreach ($points as $value) {
                $point = explode(':::', $value);
                if (empty($point[1])) {
                    $point[1] = 0;
                }
                if (empty($point[2])) {
                    $point[2] = '';
                }
                $map .= '<area shape="rect" coords="' . ($point[0] - 3) . ',' . ($point[1] - 3) . ',' . ($point[0] + 4) . ',' . ($point[1] + 4) . '" href="#" title="' . $point[2] . '">';
 *
 **/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
    die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
$dir_error = 0;
//Auswerten des Formulars
if (isset($_POST["dir_aktion"]) && intval($_POST["dir_aktion"]) == 2) {
    $dir_id = abs(intval($_POST["dir_id"]));
    $dir_aktiv = empty($_POST["dir_aktiv"]) ? 0 : 1;
    $dir_public = empty($_POST["dir_public"]) ? 0 : 1;
    $dir_newname = clean_slweg($_POST["dir_newname"]);
    $dir_longinfo = clean_slweg($_POST["dir_longinfo"]);
    $dir_gallery = empty($_POST["dir_gallery"]) ? 0 : intval($_POST["dir_gallery"]);
    $dir_sort = intval($_POST["dir_sort"]);
    $dir_pid = abs(intval($_POST['dir_pid']));
    switch ($dir_gallery) {
        case 2:
        case 3:
            break;
        default:
            $dir_gallery = 0;
    }
    if ($dir_id == $dir_pid) {
        $dir_error += 2;
    }
    if (empty($dir_newname)) {
        $dir_error += 1;
Esempio n. 28
0
 **/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
    die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
// Content Type Article List Menu
$content["alist"]["cat"] = isset($_POST['calist_cat']) ? intval($_POST['calist_cat']) : 0;
$content["alist"]["catid"] = intval($_POST['calist_catid']);
$content["alist"]["headertext"] = isset($_POST['calist_headertext']) ? 1 : 0;
$content["alist"]["ul"] = isset($_POST['calist_ul']) ? intval($_POST['calist_ul']) : 0;
$content["alist"]["class"] = clean_slweg($_POST['calist_class']);
$content["alist"]["maxchar"] = intval($_POST['calist_maxchar']);
$content["alist"]["morelink"] = slweg($_POST['calist_morelink']);
$content["alist"]["titlewrap"] = clean_slweg($_POST['calist_titlewrap']);
$content["alist"]["hideactive"] = empty($_POST['calist_hideactive']) ? 0 : 1;
$content["alist"]["titleasnumber"] = empty($_POST['calist_titleasnumber']) ? 0 : 1;
$content["alist"]["break"] = slweg($_POST['calist_break'], 0, false);
$content["alist"]["label"] = slweg($_POST['calist_label']);
switch ($content["alist"]["ul"]) {
    case 4:
        break;
        // SPAN
    // SPAN
    case 3:
        break;
        // DL
    // DL
    case 2:
        break;
 * phpwcms content management system
 * This script is a module for PHPWCMS Copyright (c) 2002-2013, Oliver Georgi http://www.phpwcms.de
 *
 * SliderJS Module
 * @version v1.3
 * @author breitsch - webrealisierung gmbh <*****@*****.**>
 * @copyright Copyright (c) 2013, webrealisierung gmbh
 * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
 *
 **/
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
    die("You Cannot Access This Script Directly, Have a Nice Day.");
}
//SLIDESJS
$content['br_sliderjs']['slidesjs']['jqs_autoplay'] = empty($_POST['jqs_slidesjs_autoplay']) ? 0 : 1;
$content['br_sliderjs']['slidesjs']['jqs_caption'] = empty($_POST['jqs_slidesjs_caption']) ? 0 : 1;
$content['br_sliderjs']['slidesjs']['jqs_cssadv'] = empty($_POST['jqs_slidesjs_cssadv']) ? 0 : 1;
$content['br_sliderjs']['slidesjs']['jqs_jscode'] = empty($_POST['jqs_slidesjs_jscode']) ? '' : clean_slweg($_POST['jqs_slidesjs_jscode']);
$content['br_sliderjs']['slidesjs']['jqs_effect'] = empty($_POST['jqs_slidesjs_effect']) ? 'slide' : clean_slweg($_POST['jqs_slidesjs_effect']);
$content['br_sliderjs']['slidesjs']['jqs_imgheight'] = empty($_POST['jqs_slidesjs_imgheight']) ? '300' : intval($_POST['jqs_slidesjs_imgheight']);
$content['br_sliderjs']['slidesjs']['jqs_imgrand'] = empty($_POST['jqs_slidesjs_imgrand']) ? 0 : 1;
$content['br_sliderjs']['slidesjs']['jqs_imgwidth'] = empty($_POST['jqs_slidesjs_imgwidth']) ? '600' : intval($_POST['jqs_slidesjs_imgwidth']);
$content['br_sliderjs']['slidesjs']['jqs_interval'] = empty($_POST['jqs_slidesjs_interval']) ? '5000' : intval($_POST['jqs_slidesjs_interval']);
$content['br_sliderjs']['slidesjs']['jqs_navigation'] = empty($_POST['jqs_slidesjs_navigation']) ? 0 : 1;
$content['br_sliderjs']['slidesjs']['jqs_pagination'] = empty($_POST['jqs_slidesjs_pagination']) ? 0 : 1;
$content['br_sliderjs']['slidesjs']['jqs_pauseOnHover'] = empty($_POST['jqs_slidesjs_pauseOnHover']) ? 0 : 1;
$content['br_sliderjs']['slidesjs']['jqs_play'] = empty($_POST['jqs_slidesjs_play']) ? 0 : 1;
$content['br_sliderjs']['slidesjs']['jqs_speed'] = empty($_POST['jqs_slidesjs_speed']) ? '200' : intval($_POST['jqs_slidesjs_speed']);
$content['br_sliderjs']['slidesjs']['jqs_theme'] = empty($_POST['jqs_slidesjs_theme']) ? 'default' : clean_slweg($_POST['jqs_slidesjs_theme']);
$content['br_sliderjs']['slidesjs']['plugin_name'] = 'SLIDESJS';
 **/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
    die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
// try
if (isset($_GET['edit'])) {
    $plugin['id'] = intval($_GET['edit']);
} else {
    $plugin['id'] = 0;
}
// process post form
if (isset($_POST['adplace_title'])) {
    $plugin['data'] = array('adplace_id' => intval($_POST['adplace_id']), 'adplace_title' => clean_slweg($_POST['adplace_title']), 'adplace_created' => date('Y-m-d H:i:s'), 'adplace_changed' => date('Y-m-d H:i:s'), 'adplace_status' => empty($_POST['adplace_status']) ? 0 : 1, 'adplace_format' => intval($_POST['adplace_format']), 'adplace_width' => intval($_POST['adplace_width']), 'adplace_height' => intval($_POST['adplace_height']), 'adplace_prefix' => slweg($_POST['adplace_prefix']), 'adplace_suffix' => slweg($_POST['adplace_suffix']));
    if (empty($plugin['data']['adplace_title'])) {
        $plugin['error']['adplace_title'] = 1;
    }
    if (empty($plugin['data']['adplace_format'])) {
        $plugin['error']['adplace_format'] = 1;
    }
    if (!isset($plugin['error'])) {
        if ($plugin['data']['adplace_id']) {
            // UPDATE
            $sql = 'UPDATE ' . DB_PREPEND . 'phpwcms_ads_place SET ';
            $sql .= "adplace_changed='" . aporeplace($plugin['data']['adplace_changed']) . "', ";
            $sql .= "adplace_status=" . $plugin['data']['adplace_status'] . ", ";
            $sql .= "adplace_title='" . aporeplace($plugin['data']['adplace_title']) . "', ";
            $sql .= "adplace_format=" . $plugin['data']['adplace_format'] . ", ";
            $sql .= "adplace_width=" . $plugin['data']['adplace_width'] . ", ";