<div class="warning"><?php echo CMTX_MSG_DEMO; ?> </div> <div style="clear: left;"></div> <?php } else { if (isset($_POST['submit'])) { cmtx_check_csrf_form_key(); $powered_by = $_POST['powered_by']; if (isset($_POST['powered_by_new_window'])) { $powered_by_new_window = 1; } else { $powered_by_new_window = 0; } $powered_by_san = cmtx_sanitize($powered_by); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$powered_by_san}' WHERE `title` = 'powered_by'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$powered_by_new_window}' WHERE `title` = 'powered_by_new_window'"); ?> <div class="success"><?php echo CMTX_MSG_SAVED; ?> </div> <div style="clear: left;"></div> <?php } } ?> <p />
function cmtx_clean_form_defaults() { //clean default form field values global $cmtx_default_name, $cmtx_default_email, $cmtx_default_website, $cmtx_default_town, $cmtx_default_country, $cmtx_default_rating, $cmtx_default_comment; //globalise variables //remove " character $cmtx_default_name = str_replace('"', '', $cmtx_default_name); $cmtx_default_email = str_replace('"', '', $cmtx_default_email); $cmtx_default_website = str_replace('"', '', $cmtx_default_website); $cmtx_default_town = str_replace('"', '', $cmtx_default_town); $cmtx_default_country = str_replace('"', '', $cmtx_default_country); $cmtx_default_rating = str_replace('"', '', $cmtx_default_rating); //remove invalid characters $cmtx_default_name = preg_replace('/[^\\p{L}&\\-\'. 0-9]/u', '', $cmtx_default_name); // \p{L} (any kind of letter from any language) $cmtx_default_email = filter_var($cmtx_default_email, FILTER_SANITIZE_EMAIL); $cmtx_default_website = cmtx_url_encode_spaces($cmtx_default_website); $cmtx_default_website = filter_var($cmtx_default_website, FILTER_SANITIZE_URL); $cmtx_default_town = preg_replace('/[^\\p{L}&\\-\'. ]/u', '', $cmtx_default_town); $cmtx_default_country = preg_replace('/[^\\p{L}&\\-\'. ]/u', '', $cmtx_default_country); $cmtx_default_rating = preg_replace('/[^1-5]/', '', $cmtx_default_rating); //convert to HTML entities $cmtx_default_name = cmtx_sanitize($cmtx_default_name, true, false); $cmtx_default_email = cmtx_sanitize($cmtx_default_email, true, false); $cmtx_default_website = cmtx_sanitize($cmtx_default_website, true, false); $cmtx_default_town = cmtx_sanitize($cmtx_default_town, true, false); $cmtx_default_country = cmtx_sanitize($cmtx_default_country, true, false); $cmtx_default_rating = cmtx_sanitize($cmtx_default_rating, true, false); $cmtx_default_comment = cmtx_sanitize($cmtx_default_comment, true, false); }
<div class="warning"><?php echo CMTX_MSG_DEMO; ?> </div> <div style="clear: left;"></div> <?php } else { if (isset($_POST['submit'])) { cmtx_check_csrf_form_key(); if (isset($_POST['enabled'])) { $akismet_enabled = 1; } else { $akismet_enabled = 0; } $akismet_key = $_POST['akismet_key']; $akismet_key_san = cmtx_sanitize($akismet_key); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$akismet_enabled}' WHERE `title` = 'akismet_enabled'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$akismet_key_san}' WHERE `title` = 'akismet_key'"); ?> <div class="success"><?php echo CMTX_MSG_SAVED; ?> </div> <div style="clear: left;"></div> <?php } } ?> <p />
echo $cmtx_ratings; ?> <p /> <label class='edit_comment'><?php echo CMTX_FIELD_LABEL_COMMENT; ?> </label> <div style="margin-left:78px; width:650px"> <textarea name="comment" cols="39" rows="6"><?php echo cmtx_sanitize($comment, true, false); ?> </textarea> </div> <p /> <label class='edit_comment'><?php echo CMTX_FIELD_LABEL_ADMIN; ?> </label> <div style="margin-left:78px; width:650px"> <textarea name="reply" cols="39" rows="6"><?php echo cmtx_sanitize($reply, true, false); ?> </textarea> </div> <br /><hr class="separator"/><br /> <label class='edit_comment'><?php echo CMTX_FIELD_LABEL_PAGE; ?> </label> <select name="page_id"> <?php $pages = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "pages` ORDER BY `id` ASC"); while ($page = cmtx_db_fetch_assoc($pages)) { ?> <option value='<?php echo $page['id'];
?> </div> <div style="clear: left;"></div> <?php } else { if (isset($_POST['submit'])) { cmtx_check_csrf_form_key(); $subscriber_confirmation_subject = $_POST['subscriber_confirmation_subject']; $subscriber_confirmation_from_name = $_POST['subscriber_confirmation_from_name']; $subscriber_confirmation_from_email = $_POST['subscriber_confirmation_from_email']; $subscriber_confirmation_reply_to = $_POST['subscriber_confirmation_reply_to']; $email_content = $_POST['email_content']; $subscriber_confirmation_subject_san = cmtx_sanitize($subscriber_confirmation_subject); $subscriber_confirmation_from_name_san = cmtx_sanitize($subscriber_confirmation_from_name); $subscriber_confirmation_from_email_san = cmtx_sanitize($subscriber_confirmation_from_email); $subscriber_confirmation_reply_to_san = cmtx_sanitize($subscriber_confirmation_reply_to); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$subscriber_confirmation_subject_san}' WHERE `title` = 'subscriber_confirmation_subject'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$subscriber_confirmation_from_name_san}' WHERE `title` = 'subscriber_confirmation_from_name'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$subscriber_confirmation_from_email_san}' WHERE `title` = 'subscriber_confirmation_from_email'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$subscriber_confirmation_reply_to_san}' WHERE `title` = 'subscriber_confirmation_reply_to'"); $file = '../includes/emails/' . cmtx_setting('language_frontend') . '/user/custom/subscriber_confirmation.txt'; $handle = fopen($file, 'w'); fputs($handle, $email_content); fclose($handle); ?> <div class="success"><?php echo CMTX_MSG_SAVED; ?> </div> <div style="clear: left;"></div> <?php
?> </div> <div style="clear: left;"></div> <?php } else { if (isset($_POST['submit'])) { cmtx_check_csrf_form_key(); $subscriber_notification_reply_subject = $_POST['subscriber_notification_reply_subject']; $subscriber_notification_reply_from_name = $_POST['subscriber_notification_reply_from_name']; $subscriber_notification_reply_from_email = $_POST['subscriber_notification_reply_from_email']; $subscriber_notification_reply_reply_to = $_POST['subscriber_notification_reply_reply_to']; $email_content = $_POST['email_content']; $subscriber_notification_reply_subject_san = cmtx_sanitize($subscriber_notification_reply_subject); $subscriber_notification_reply_from_name_san = cmtx_sanitize($subscriber_notification_reply_from_name); $subscriber_notification_reply_from_email_san = cmtx_sanitize($subscriber_notification_reply_from_email); $subscriber_notification_reply_reply_to_san = cmtx_sanitize($subscriber_notification_reply_reply_to); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$subscriber_notification_reply_subject_san}' WHERE `title` = 'subscriber_notification_reply_subject'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$subscriber_notification_reply_from_name_san}' WHERE `title` = 'subscriber_notification_reply_from_name'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$subscriber_notification_reply_from_email_san}' WHERE `title` = 'subscriber_notification_reply_from_email'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$subscriber_notification_reply_reply_to_san}' WHERE `title` = 'subscriber_notification_reply_reply_to'"); $file = '../includes/emails/' . cmtx_setting('language_frontend') . '/user/custom/subscriber_notification_reply.txt'; $handle = fopen($file, 'w'); fputs($handle, $email_content); fclose($handle); ?> <div class="success"><?php echo CMTX_MSG_SAVED; ?> </div> <div style="clear: left;"></div> <?php
<div class="warning"><?php echo CMTX_MSG_DEMO; ?> </div> <div style="clear: left;"></div> <?php } else { if (isset($_POST['bulk_delete']) && isset($_POST['bulk'])) { cmtx_check_csrf_form_key(); $items = $_POST['bulk']; $count = count($items); $success = 0; $failure = 0; for ($i = 0; $i < $count; $i++) { $id = $items[$i]; $id = cmtx_sanitize($id); if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `is_super` = '1' AND `id` = '{$id}'"))) { $failure++; } else { cmtx_db_query("DELETE FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `id` = '{$id}'"); $success++; } } if ($success == 1) { ?> <div class="success"><?php echo CMTX_MSG_ADMIN_BULK_DELETED; ?> </div><?php } if ($success > 1) {
echo CMTX_MSG_DEMO; ?> </div> <div style="clear: left;"></div> <?php } else { if (isset($_POST['submit'])) { cmtx_check_csrf_form_key(); $sort_order_fields = $_POST['sort_order_fields']; $sort_order_captchas = $_POST['sort_order_captchas']; $sort_order_checkboxes = $_POST['sort_order_checkboxes']; $sort_order_buttons = $_POST['sort_order_buttons']; $sort_order_fields_san = cmtx_sanitize($sort_order_fields); $sort_order_captchas_san = cmtx_sanitize($sort_order_captchas); $sort_order_checkboxes_san = cmtx_sanitize($sort_order_checkboxes); $sort_order_buttons_san = cmtx_sanitize($sort_order_buttons); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$sort_order_fields_san}' WHERE `title` = 'sort_order_fields'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$sort_order_captchas_san}' WHERE `title` = 'sort_order_captchas'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$sort_order_checkboxes_san}' WHERE `title` = 'sort_order_checkboxes'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$sort_order_buttons_san}' WHERE `title` = 'sort_order_buttons'"); ?> <div class="success"><?php echo CMTX_MSG_SAVED; ?> </div> <div style="clear: left;"></div> <?php } } ?>
cmtx_error_reporting('includes/logs/errors.log'); /* Time Zone */ cmtx_set_time_zone(cmtx_setting('time_zone')); $ip_address = cmtx_get_ip_address(); //get user's IP address if (isset($_POST['id']) && isset($_POST['rating'])) { $id = $_POST['id']; if (!ctype_digit($id)) { die; } $id = cmtx_sanitize($id, true, true); $rating = $_POST['rating']; if (!preg_match('/[1-5]/', $rating)) { die; } $rating = cmtx_sanitize($rating, true, true); //check if page exists $query = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "pages` WHERE `id` = '{$id}'"); $count = cmtx_db_num_rows($query); if ($count == 0) { echo CMTX_RATE_NO_PAGE; return; } //check if user has already rated as a poster $query = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "comments` WHERE `page_id` = '{$id}' AND `ip_address` = '{$ip_address}' AND `rating` != '0'"); $count = cmtx_db_num_rows($query); if ($count > 0) { echo CMTX_RATE_ALREADY_RATED; return; } //check if user has already rated as a guest
function cmtx_add_viewer() { //add viewer to database global $cmtx_mysql_table_prefix, $cmtx_reference, $cmtx_url, $cmtx_is_admin; //globalise variables cmtx_unban_viewer(); //unban viewer if requested by admin if (cmtx_setting('viewers_enabled') && !$cmtx_is_admin) { //if viewers feature is enabled and viewer is not admin $ip_address = cmtx_get_ip_address(); $user_agent = cmtx_get_user_agent(); $page_reference = cmtx_sanitize($cmtx_reference, true, true); $page_url = cmtx_sanitize($cmtx_url, true, true); $timestamp = time(); $timeout = $timestamp - cmtx_setting('viewers_timeout'); cmtx_db_query("DELETE FROM `" . $cmtx_mysql_table_prefix . "viewers` WHERE `timestamp` < '{$timeout}'"); cmtx_db_query("DELETE FROM `" . $cmtx_mysql_table_prefix . "viewers` WHERE `ip_address` = '{$ip_address}'"); cmtx_db_query("INSERT INTO `" . $cmtx_mysql_table_prefix . "viewers` (`user_agent`, `ip_address`, `page_reference`, `page_url`, `timestamp`) VALUES ('{$user_agent}', '{$ip_address}', '{$page_reference}', '{$page_url}', '{$timestamp}')"); } }
<?php if (isset($_POST['submit']) && cmtx_setting('is_demo')) { ?> <div class="warning"><?php echo CMTX_MSG_DEMO; ?> </div> <div style="clear: left;"></div> <?php } else { if (isset($_POST['submit'])) { cmtx_check_csrf_form_key(); $language_frontend = $_POST['language_frontend']; $language_backend = $_POST['language_backend']; $language_frontend_san = cmtx_sanitize($language_frontend); $language_backend_san = cmtx_sanitize($language_backend); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$language_frontend_san}' WHERE `title` = 'language_frontend'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$language_backend_san}' WHERE `title` = 'language_backend'"); ?> <div class="success"><?php echo CMTX_MSG_SAVED; ?> </div> <div style="clear: left;"></div> <?php } } ?> <p />
?> </div> <div style="clear: left;"></div> <?php } else { if (isset($_POST['submit'])) { cmtx_check_csrf_form_key(); $admin_new_ban_subject = $_POST['admin_new_ban_subject']; $admin_new_ban_from_name = $_POST['admin_new_ban_from_name']; $admin_new_ban_from_email = $_POST['admin_new_ban_from_email']; $admin_new_ban_reply_to = $_POST['admin_new_ban_reply_to']; $email_content = $_POST['email_content']; $admin_new_ban_subject_san = cmtx_sanitize($admin_new_ban_subject); $admin_new_ban_from_name_san = cmtx_sanitize($admin_new_ban_from_name); $admin_new_ban_from_email_san = cmtx_sanitize($admin_new_ban_from_email); $admin_new_ban_reply_to_san = cmtx_sanitize($admin_new_ban_reply_to); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$admin_new_ban_subject_san}' WHERE `title` = 'admin_new_ban_subject'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$admin_new_ban_from_name_san}' WHERE `title` = 'admin_new_ban_from_name'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$admin_new_ban_from_email_san}' WHERE `title` = 'admin_new_ban_from_email'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$admin_new_ban_reply_to_san}' WHERE `title` = 'admin_new_ban_reply_to'"); $file = '../includes/emails/' . cmtx_setting('language_frontend') . '/admin/custom/new_ban.txt'; $handle = fopen($file, 'w'); fputs($handle, $email_content); fclose($handle); ?> <div class="success"><?php echo CMTX_MSG_SAVED; ?> </div> <div style="clear: left;"></div> <?php
$default_notify = 1; } else { $default_notify = 0; } if (isset($_POST['default_remember'])) { $default_remember = 1; } else { $default_remember = 0; } $default_name_san = cmtx_sanitize($default_name); $default_email_san = cmtx_sanitize($default_email); $default_website_san = cmtx_sanitize($default_website); $default_town_san = cmtx_sanitize($default_town); $default_country_san = cmtx_sanitize($default_country); $default_rating_san = cmtx_sanitize($default_rating); $default_comment_san = cmtx_sanitize($default_comment); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$default_name_san}' WHERE `title` = 'default_name'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$default_email_san}' WHERE `title` = 'default_email'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$default_website_san}' WHERE `title` = 'default_website'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$default_town_san}' WHERE `title` = 'default_town'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$default_country_san}' WHERE `title` = 'default_country'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$default_rating_san}' WHERE `title` = 'default_rating'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$default_comment_san}' WHERE `title` = 'default_comment'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$default_notify}' WHERE `title` = 'default_notify'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$default_remember}' WHERE `title` = 'default_remember'"); ?> <div class="success"><?php echo CMTX_MSG_SAVED; ?> </div> <div style="clear: left;"></div>
?> </div> <div style="clear: left;"></div> <?php } else { if (isset($_POST['submit'])) { cmtx_check_csrf_form_key(); $admin_new_comment_okay_subject = $_POST['admin_new_comment_okay_subject']; $admin_new_comment_okay_from_name = $_POST['admin_new_comment_okay_from_name']; $admin_new_comment_okay_from_email = $_POST['admin_new_comment_okay_from_email']; $admin_new_comment_okay_reply_to = $_POST['admin_new_comment_okay_reply_to']; $email_content = $_POST['email_content']; $admin_new_comment_okay_subject_san = cmtx_sanitize($admin_new_comment_okay_subject); $admin_new_comment_okay_from_name_san = cmtx_sanitize($admin_new_comment_okay_from_name); $admin_new_comment_okay_from_email_san = cmtx_sanitize($admin_new_comment_okay_from_email); $admin_new_comment_okay_reply_to_san = cmtx_sanitize($admin_new_comment_okay_reply_to); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$admin_new_comment_okay_subject_san}' WHERE `title` = 'admin_new_comment_okay_subject'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$admin_new_comment_okay_from_name_san}' WHERE `title` = 'admin_new_comment_okay_from_name'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$admin_new_comment_okay_from_email_san}' WHERE `title` = 'admin_new_comment_okay_from_email'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$admin_new_comment_okay_reply_to_san}' WHERE `title` = 'admin_new_comment_okay_reply_to'"); $file = '../includes/emails/' . cmtx_setting('language_frontend') . '/admin/custom/new_comment_okay.txt'; $handle = fopen($file, 'w'); fputs($handle, $email_content); fclose($handle); ?> <div class="success"><?php echo CMTX_MSG_SAVED; ?> </div> <div style="clear: left;"></div> <?php
$rss_image_enabled = 1; } else { $rss_image_enabled = 0; } $rss_image_url = $_POST['rss_image_url']; $rss_image_width = $_POST['rss_image_width']; $rss_image_height = $_POST['rss_image_height']; if (isset($_POST['rss_most_recent_enabled'])) { $rss_most_recent_enabled = 1; } else { $rss_most_recent_enabled = 0; } $rss_most_recent_amount = $_POST['rss_most_recent_amount']; $rss_title_san = cmtx_sanitize($rss_title); $rss_link_san = cmtx_sanitize($rss_link); $rss_image_url_san = cmtx_sanitize($rss_image_url); $rss_image_width_san = (int) $rss_image_width; $rss_image_height_san = (int) $rss_image_height; $rss_most_recent_amount_san = (int) $rss_most_recent_amount; cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$show_rss}' WHERE `title` = 'show_rss'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$rss_title_san}' WHERE `title` = 'rss_title'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$rss_link_san}' WHERE `title` = 'rss_link'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$rss_image_enabled}' WHERE `title` = 'rss_image_enabled'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$rss_image_url_san}' WHERE `title` = 'rss_image_url'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$rss_image_width_san}' WHERE `title` = 'rss_image_width'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$rss_image_height_san}' WHERE `title` = 'rss_image_height'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$rss_most_recent_enabled}' WHERE `title` = 'rss_most_recent_enabled'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$rss_most_recent_amount_san}' WHERE `title` = 'rss_most_recent_amount'"); ?> <div class="success"><?php echo CMTX_MSG_SAVED;
cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "bans` SET `ip_address` = '{$ip_address_san}' WHERE `id` = '{$id_san}'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "bans` SET `reason` = '{$reason_san}' WHERE `id` = '{$id_san}'"); ?> <div class="success"><?php echo CMTX_MSG_BAN_UPDATED; ?> </div> <div style="clear: left;"></div> <?php } } ?> <?php $id = $_GET['id']; $id_san = cmtx_sanitize($id); $ban_query = cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "bans` WHERE `id` = '{$id_san}'"); $ban_result = cmtx_db_fetch_assoc($ban_query); $ip_address = $ban_result["ip_address"]; $reason = $ban_result["reason"]; $time = cmtx_format_date(date(CMTX_TIME_FORMAT, strtotime($ban_result["dated"]))); $date = cmtx_format_date(date(CMTX_DATE_FORMAT, strtotime($ban_result["dated"]))); ?> <p /> <form name="edit_ban" id="edit_ban" action="index.php?page=edit_ban&id=<?php echo $id; ?> " method="post"> <label class='edit_ban'><?php
<div class="warning"><?php echo CMTX_MSG_DEMO; ?> </div> <div style="clear: left;"></div> <?php } else { if (isset($_POST['submit'])) { cmtx_check_csrf_form_key(); if (isset($_POST['rich_snippets'])) { $rich_snippets = 1; } else { $rich_snippets = 0; } $rich_snippets_markup = $_POST['rich_snippets_markups']; $rich_snippets_markup_san = cmtx_sanitize($rich_snippets_markup); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$rich_snippets}' WHERE `title` = 'rich_snippets'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$rich_snippets_markup_san}' WHERE `title` = 'rich_snippets_markup'"); ?> <div class="success"><?php echo CMTX_MSG_SAVED; ?> </div> <div style="clear: left;"></div> <?php } } ?> <p />
$reset_password_email_file = $cmtx_path . 'includes/emails/' . cmtx_setting('language_frontend') . '/admin/reset_password.txt'; //build path to reset password email file } $body = file_get_contents($reset_password_email_file); //get the file's contents $admin_link = cmtx_url_encode_spaces(cmtx_setting('commentics_url') . cmtx_setting('admin_folder')) . '/'; //build admin panel link //convert email variables with actual variables $body = str_ireplace('[username]', $username, $body); $body = str_ireplace('[password]', $password, $body); $body = str_ireplace('[admin link]', $admin_link, $body); $body = str_ireplace('[signature]', cmtx_setting('signature'), $body); //send email cmtx_email($email, null, cmtx_setting('admin_reset_password_subject'), $body, cmtx_setting('admin_reset_password_from_email'), cmtx_setting('admin_reset_password_from_name'), cmtx_setting('admin_reset_password_reply_to')); $password = md5($password); $password = cmtx_sanitize($password); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `password` = '{$password}' WHERE `email` = '{$email}'"); echo '<span class="positive">' . CMTX_RESET_SENT . '</span>'; } } else { echo '<span class="negative">' . CMTX_RESET_ADDR . '</span>'; } } } ?> </div> <div style="text-align:center; margin-top:10px;"> <span class="login_link"><a href="index.php" title="<?php echo CMTX_RESET_LOGIN; ?> "><?php
} if (isset($_POST['display_parsing'])) { $display_parsing = 1; } else { $display_parsing = 0; } $limit_comments = $_POST['limit_comments']; $admin_cookie_days = $_POST['admin_cookie_days']; $site_name_san = cmtx_sanitize($site_name); $time_zone_san = cmtx_sanitize($time_zone); $site_domain_san = cmtx_sanitize($site_domain); $site_url_san = cmtx_sanitize($site_url); $commentics_folder_san = cmtx_sanitize($commentics_folder); $commentics_url_san = cmtx_sanitize($commentics_url); $admin_folder_san = cmtx_sanitize($admin_folder); $mysqldump_path_san = cmtx_sanitize($mysqldump_path); $limit_comments_san = (int) $limit_comments; $admin_cookie_days_san = (int) $admin_cookie_days; cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$site_name_san}' WHERE `title` = 'site_name'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$time_zone_san}' WHERE `title` = 'time_zone'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$site_domain_san}' WHERE `title` = 'site_domain'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$site_url_san}' WHERE `title` = 'site_url'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$commentics_folder_san}' WHERE `title` = 'commentics_folder'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$commentics_url_san}' WHERE `title` = 'commentics_url'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$admin_folder_san}' WHERE `title` = 'admin_folder'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$mysqldump_path_san}' WHERE `title` = 'mysqldump_path'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$enabled_wysiwyg}' WHERE `title` = 'enabled_wysiwyg'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$display_parsing}' WHERE `title` = 'display_parsing'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$limit_comments_san}' WHERE `title` = 'limit_comments'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$admin_cookie_days_san}' WHERE `title` = 'admin_cookie_days'"); ?>
if (isset($_POST['dummy_names_enabled'])) { $dummy_names_enabled = 1; } else { $dummy_names_enabled = 0; } $dummy_names_action = $_POST['dummy_names_action']; if (isset($_POST['banned_names_enabled'])) { $banned_names_enabled = 1; } else { $banned_names_enabled = 0; } $banned_names_action = $_POST['banned_names_action']; $link_in_name_action_san = cmtx_sanitize($link_in_name_action); $reserved_names_action_san = cmtx_sanitize($reserved_names_action); $dummy_names_action_san = cmtx_sanitize($dummy_names_action); $banned_names_action_san = cmtx_sanitize($banned_names_action); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$one_name_enabled}' WHERE `title` = 'one_name_enabled'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$fix_name_enabled}' WHERE `title` = 'fix_name_enabled'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$detect_link_in_name_enabled}' WHERE `title` = 'detect_link_in_name_enabled'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$link_in_name_action_san}' WHERE `title` = 'link_in_name_action'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$reserved_names_enabled}' WHERE `title` = 'reserved_names_enabled'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$reserved_names_action_san}' WHERE `title` = 'reserved_names_action'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$dummy_names_enabled}' WHERE `title` = 'dummy_names_enabled'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$dummy_names_action_san}' WHERE `title` = 'dummy_names_action'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$banned_names_enabled}' WHERE `title` = 'banned_names_enabled'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$banned_names_action_san}' WHERE `title` = 'banned_names_action'"); ?> <div class="success"><?php echo CMTX_MSG_SAVED; ?> </div>
if (isset($_POST['dummy_towns_enabled'])) { $dummy_towns_enabled = 1; } else { $dummy_towns_enabled = 0; } $dummy_towns_action = $_POST['dummy_towns_action']; if (isset($_POST['banned_towns_enabled'])) { $banned_towns_enabled = 1; } else { $banned_towns_enabled = 0; } $banned_towns_action = $_POST['banned_towns_action']; $link_in_town_action_san = cmtx_sanitize($link_in_town_action); $reserved_towns_action_san = cmtx_sanitize($reserved_towns_action); $dummy_towns_action_san = cmtx_sanitize($dummy_towns_action); $banned_towns_action_san = cmtx_sanitize($banned_towns_action); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$fix_town_enabled}' WHERE `title` = 'fix_town_enabled'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$detect_link_in_town_enabled}' WHERE `title` = 'detect_link_in_town_enabled'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$link_in_town_action_san}' WHERE `title` = 'link_in_town_action'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$reserved_towns_enabled}' WHERE `title` = 'reserved_towns_enabled'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$reserved_towns_action_san}' WHERE `title` = 'reserved_towns_action'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$dummy_towns_enabled}' WHERE `title` = 'dummy_towns_enabled'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$dummy_towns_action_san}' WHERE `title` = 'dummy_towns_action'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$banned_towns_enabled}' WHERE `title` = 'banned_towns_enabled'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$banned_towns_action_san}' WHERE `title` = 'banned_towns_action'"); ?> <div class="success"><?php echo CMTX_MSG_SAVED; ?> </div> <div style="clear: left;"></div>
$reserved_emails_action = $_POST['reserved_emails_action']; if (isset($_POST['dummy_emails_enabled'])) { $dummy_emails_enabled = 1; } else { $dummy_emails_enabled = 0; } $dummy_emails_action = $_POST['dummy_emails_action']; if (isset($_POST['banned_emails_enabled'])) { $banned_emails_enabled = 1; } else { $banned_emails_enabled = 0; } $banned_emails_action = $_POST['banned_emails_action']; $reserved_emails_action_san = cmtx_sanitize($reserved_emails_action); $dummy_emails_action_san = cmtx_sanitize($dummy_emails_action); $banned_emails_action_san = cmtx_sanitize($banned_emails_action); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$reserved_emails_enabled}' WHERE `title` = 'reserved_emails_enabled'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$reserved_emails_action_san}' WHERE `title` = 'reserved_emails_action'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$dummy_emails_enabled}' WHERE `title` = 'dummy_emails_enabled'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$dummy_emails_action_san}' WHERE `title` = 'dummy_emails_action'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$banned_emails_enabled}' WHERE `title` = 'banned_emails_enabled'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$banned_emails_action_san}' WHERE `title` = 'banned_emails_action'"); ?> <div class="success"><?php echo CMTX_MSG_SAVED; ?> </div> <div style="clear: left;"></div> <?php } }
} if (isset($_POST['receive_email_new_comment_okay'])) { $receive_email_new_comment_okay = 1; } else { $receive_email_new_comment_okay = 0; } if (isset($_POST['receive_email_new_flag'])) { $receive_email_new_flag = 1; } else { $receive_email_new_flag = 0; } $username_san = cmtx_sanitize($username); if (!empty($_POST['password_1'])) { $password_san = cmtx_sanitize($password); } $email_san = cmtx_sanitize($email); if (cmtx_db_num_rows(cmtx_db_query("SELECT * FROM `" . $cmtx_mysql_table_prefix . "admins` WHERE `username` = '{$username_san}' AND `id` != '{$admin_id}'"))) { ?> <div class="error"><?php echo CMTX_MSG_ADMIN_EXISTS; ?> </div> <div style="clear: left;"></div> <?php } else { cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `username` = '{$username_san}' WHERE `id` = '{$admin_id}'"); if (!empty($_POST['password_1'])) { cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `password` = '{$password_san}' WHERE `id` = '{$admin_id}'"); } cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `email` = '{$email_san}' WHERE `id` = '{$admin_id}'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "admins` SET `receive_email_new_ban` = '{$receive_email_new_ban}' WHERE `id` = '{$admin_id}'");
} else { if (cmtx_approval_needed()) { //if approval needed if (!cmtx_page_exists()) { //if page does not exist cmtx_create_page(); //create it now } if (cmtx_setting('approve_comments')) { //if approving all comments $cmtx_approve_reason = CMTX_APPROVE_REASON_ALL; } else { $cmtx_approve_reason = substr_replace($cmtx_approve_reason, "", -2); //remove ending line break } $cmtx_approve_reason = cmtx_sanitize($cmtx_approve_reason, true, true); //sanitize approve reason //insert user's comment into 'comments' database table cmtx_db_query("INSERT INTO `" . $cmtx_mysql_table_prefix . "comments` (`name`, `email`, `website`, `town`, `country`, `rating`, `reply_to`, `comment`, `reply`, `ip_address`, `page_id`, `is_approved`, `approval_reasoning`, `is_admin`, `is_sent`, `sent_to`, `likes`, `dislikes`, `is_sticky`, `is_locked`, `is_verified`, `dated`) VALUES ('{$cmtx_name}', '{$cmtx_email}', '{$cmtx_website}', '{$cmtx_town}', '{$cmtx_country}', '{$cmtx_rating}', '{$cmtx_reply_to}', '{$cmtx_comment}', '', '{$cmtx_ip_address}', '{$cmtx_page_id}', 0, '{$cmtx_approve_reason}', '{$cmtx_is_admin}', 0, 0, 0, 0, 0, 0, 0, NOW())"); $cmtx_comment_id = cmtx_db_insert_id(); //get the ID of the comment //build the approval box $cmtx_box = "<div class='cmtx_approval_box'>"; $cmtx_box .= "<div class='cmtx_approval_message_line_1'>"; $cmtx_box .= CMTX_APPROVAL_OPENING; $cmtx_box .= "</div>"; $cmtx_box .= "<div class='cmtx_approval_message_line_2'>"; $cmtx_box .= CMTX_APPROVAL_TEXT; $cmtx_box .= "</div>"; $cmtx_box .= "</div>"; $cmtx_box .= "<div style='clear: left;'></div>";
curl_setopt($ch, CURLOPT_MAXREDIRS, 5); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt($ch, CURLOPT_TIMEOUT, 10); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); curl_setopt($ch, CURLOPT_USERAGENT, 'Commentics'); curl_setopt($ch, CURLOPT_URL, $news_url); $news = curl_exec($ch); curl_close($ch); } else { if ((bool) ini_get('allow_url_fopen')) { //if allow_url_fopen is available $news = file_get_contents($news_url); } } $news = cmtx_sanitize($news, true, false); echo nl2br($news); } ?> </div> </div> <div class="dashboard_block"> <div class="dashboard_title"><?php echo CMTX_DASH_QUICK_LINKS; ?> </div> <div class="dashboard_content"> <?php $pages = cmtx_db_query("SELECT `page`, COUNT(*) AS `frequency` FROM `" . $cmtx_mysql_table_prefix . "access` WHERE `page` != 'dashboard' AND `page` != 'spam' AND `page` NOT LIKE 'edit%' GROUP BY `page` ORDER BY `frequency` DESC LIMIT 5"); if (cmtx_db_num_rows($pages) != 5) {
?> </div> <div style="clear: left;"></div> <?php } else { if (isset($_POST['submit'])) { cmtx_check_csrf_form_key(); $admin_email_test_subject = $_POST['admin_email_test_subject']; $admin_email_test_from_name = $_POST['admin_email_test_from_name']; $admin_email_test_from_email = $_POST['admin_email_test_from_email']; $admin_email_test_reply_to = $_POST['admin_email_test_reply_to']; $email_content = $_POST['email_content']; $admin_email_test_subject_san = cmtx_sanitize($admin_email_test_subject); $admin_email_test_from_name_san = cmtx_sanitize($admin_email_test_from_name); $admin_email_test_from_email_san = cmtx_sanitize($admin_email_test_from_email); $admin_email_test_reply_to_san = cmtx_sanitize($admin_email_test_reply_to); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$admin_email_test_subject_san}' WHERE `title` = 'admin_email_test_subject'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$admin_email_test_from_name_san}' WHERE `title` = 'admin_email_test_from_name'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$admin_email_test_from_email_san}' WHERE `title` = 'admin_email_test_from_email'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$admin_email_test_reply_to_san}' WHERE `title` = 'admin_email_test_reply_to'"); $file = '../includes/emails/' . cmtx_setting('language_frontend') . '/admin/custom/email_test.txt'; $handle = fopen($file, 'w'); fputs($handle, $email_content); fclose($handle); ?> <div class="success"><?php echo CMTX_MSG_SAVED; ?> </div> <div style="clear: left;"></div> <?php
?> <div class="warning"><?php echo CMTX_MSG_DEMO; ?> </div> <div style="clear: left;"></div> <?php } else { if (isset($_POST['submit'])) { cmtx_check_csrf_form_key(); $setup_from_name = $_POST['setup_from_name']; $setup_from_email = $_POST['setup_from_email']; $setup_reply_to = $_POST['setup_reply_to']; $setup_from_name_san = cmtx_sanitize($setup_from_name); $setup_from_email_san = cmtx_sanitize($setup_from_email); $setup_reply_to_san = cmtx_sanitize($setup_reply_to); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$setup_from_name_san}' WHERE `title` = 'setup_from_name'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$setup_from_email_san}' WHERE `title` = 'setup_from_email'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$setup_reply_to_san}' WHERE `title` = 'setup_reply_to'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$setup_from_name_san}' WHERE `title` = 'subscriber_confirmation_from_name'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$setup_from_email_san}' WHERE `title` = 'subscriber_confirmation_from_email'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$setup_reply_to_san}' WHERE `title` = 'subscriber_confirmation_reply_to'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$setup_from_name_san}' WHERE `title` = 'subscriber_notification_admin_from_name'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$setup_from_email_san}' WHERE `title` = 'subscriber_notification_admin_from_email'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$setup_reply_to_san}' WHERE `title` = 'subscriber_notification_admin_reply_to'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$setup_from_name_san}' WHERE `title` = 'subscriber_notification_basic_from_name'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$setup_from_email_san}' WHERE `title` = 'subscriber_notification_basic_from_email'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$setup_reply_to_san}' WHERE `title` = 'subscriber_notification_basic_reply_to'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$setup_from_name_san}' WHERE `title` = 'subscriber_notification_reply_from_name'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$setup_from_email_san}' WHERE `title` = 'subscriber_notification_reply_from_email'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$setup_reply_to_san}' WHERE `title` = 'subscriber_notification_reply_reply_to'");
} else { if (isset($_POST['submit'])) { cmtx_check_csrf_form_key(); if (isset($_POST['enabled'])) { $captcha_type = 'recaptcha'; } else { $captcha_type = 'securimage'; } $recaptcha_public_key = $_POST['recaptcha_public_key']; $recaptcha_private_key = $_POST['recaptcha_private_key']; $recaptcha_theme = $_POST['recaptcha_themes']; $recaptcha_language = $_POST['recaptcha_languages']; $recaptcha_public_key_san = cmtx_sanitize($recaptcha_public_key); $recaptcha_private_key_san = cmtx_sanitize($recaptcha_private_key); $recaptcha_theme_san = cmtx_sanitize($recaptcha_theme); $recaptcha_language_san = cmtx_sanitize($recaptcha_language); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$captcha_type}' WHERE `title` = 'captcha_type'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$recaptcha_public_key_san}' WHERE `title` = 'recaptcha_public_key'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$recaptcha_private_key_san}' WHERE `title` = 'recaptcha_private_key'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$recaptcha_theme_san}' WHERE `title` = 'recaptcha_theme'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$recaptcha_language_san}' WHERE `title` = 'recaptcha_language'"); ?> <div class="success"><?php echo CMTX_MSG_SAVED; ?> </div> <div style="clear: left;"></div> <?php } } ?>
if (isset($_POST['submit'])) { cmtx_check_csrf_form_key(); $transport_method = $_POST['transport_method']; $smtp_host = $_POST['smtp_host']; $smtp_port = $_POST['smtp_port']; $smtp_encrypt = $_POST['smtp_encrypt']; $smtp_username = $_POST['smtp_username']; $smtp_password = $_POST['smtp_password']; $sendmail_path = $_POST['sendmail_path']; $transport_method_san = cmtx_sanitize($transport_method); $smtp_host_san = cmtx_sanitize($smtp_host); $smtp_port_san = (int) $smtp_port; $smtp_encrypt_san = cmtx_sanitize($smtp_encrypt); $smtp_username_san = cmtx_sanitize($smtp_username); $smtp_password_san = cmtx_sanitize($smtp_password); $sendmail_path_san = cmtx_sanitize($sendmail_path); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$transport_method_san}' WHERE `title` = 'transport_method'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$smtp_host_san}' WHERE `title` = 'smtp_host'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$smtp_port_san}' WHERE `title` = 'smtp_port'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$smtp_encrypt_san}' WHERE `title` = 'smtp_encrypt'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$smtp_username_san}' WHERE `title` = 'smtp_username'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$smtp_password_san}' WHERE `title` = 'smtp_password'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$sendmail_path_san}' WHERE `title` = 'sendmail_path'"); ?> <div class="success"><?php echo CMTX_MSG_SAVED; ?> </div> <div style="clear: left;"></div> <?php }
<div class="warning"><?php echo CMTX_MSG_DEMO; ?> </div> <div style="clear: left;"></div> <?php } else { if (isset($_POST['submit'])) { cmtx_check_csrf_form_key(); if (isset($_POST['enabled'])) { $maintenance_mode = 1; } else { $maintenance_mode = 0; } $maintenance_message = $_POST['message']; $maintenance_message_san = cmtx_sanitize($maintenance_message); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$maintenance_mode}' WHERE `title` = 'maintenance_mode'"); cmtx_db_query("UPDATE `" . $cmtx_mysql_table_prefix . "settings` SET `value` = '{$maintenance_message_san}' WHERE `title` = 'maintenance_message'"); ?> <div class="success"><?php echo CMTX_MSG_SAVED; ?> </div> <div style="clear: left;"></div> <?php } } ?> <p />