function cn_extrn_morefields($t, $e)
{
$mb = member_get($e['u']);
// Personal info
if (preg_match_all('/\\{personal\\-(.*?)\\}/i', $t, $c, PREG_SET_ORDER)) {
foreach ($c as $v) {
if (isset($mb['more'][$v[1]])) {
$r = $mb['more'][$v[1]];
} else {
$r = '';
}
$t = str_replace($v[0], cn_htmlspecialchars($r), $t);
}
}
if (isset($e['mf'])) {
$mf = join('|', array_keys($e['mf']));
// Common purpose more fields
if (preg_match_all('/\\{(' . $mf . ')\\}/i', $t, $c, PREG_SET_ORDER)) {
foreach ($c as $v) {
$t = str_replace($v[0], $e['mf'][$v[1]], $t);
}
}
}
return $t;
}
<?php
echo $widget_settings;
?>
<hr/>
<div><input type="submit" name="submit_widget" value="Submit changes" /></div>
<?php
} elseif ($plugin_current) {
?>
<h1>"<?php
echo ucfirst($plugin_current);
?>
" plugin settings</h1>
<input type="hidden" name="plugin_name" value="<?php
echo cn_htmlspecialchars($plugin_current);
?>
" />
<hr>
<div><input type="checkbox" name="delete" style="vertical-align: middle;"> Remove plugin</div>
<hr>
<div><input type="submit" name="submit_plugin" value="Submit changes" /></div>
<?php
} else {
?>
<p>Select widget or plugin...</p>
<?php
}
echo isset($user['name']) ? cn_url_modify('user_name=' . $user['name']) : '';
?>
"><?php
echo isset($user['name']) ? cn_htmlspecialchars($user['name']) : '';
?>
</td>
<td align="center"><?php
echo isset($user['id']) ? date('Y-m-d H:i', $user['id']) : '';
?>
</td>
<td align="center"><?php
echo isset($user['cnt']) ? intval($user['cnt']) : 0;
?>
</td>
<td align="center"><?php
echo isset($user['acl']) && isset($grp[$user['acl']]['N']) ? cn_htmlspecialchars(ucfirst($grp[$user['acl']]['N'])) : '';
?>
</td>
</tr>
<?php
}
} else {
?>
<tr><td colspan="5">No users found</td> </tr><?php
}
?>
</table>
<!-- paginate -->
<?php
cn_snippet_paginate($st, $per_page, count($users));
echo '<a href="' . cn_url_modify('mod=editnews', 'add_category_filter=' . join(',', $entry['cats'])) . '" title="' . join(', ', $_cat_name) . '"><b>multiply</b></a>';
}
?>
</td>
<td align="center" title="<?php
echo $entry['date_full'];
?>
"><nobr><?php
echo $entry['date'];
?>
</nobr></td>
<td align="center"><a href="<?php
echo cn_url_modify('mod=editnews', 'add_user_filter=' . $entry['user']);
?>
"><?php
echo cn_htmlspecialchars($entry['user']);
?>
</a><sup></td>
<?php
hook('template/editnews/list_item_after', array($ID, $entry));
?>
<td align="center"><?php
if ($entry['can']) {
?>
<input name="selected_news[]" value="<?php
echo $ID;
?>
" style="border:0;" type='checkbox'><?php
}
?>
</td>
echo $name;
?>
" type="checkbox" name="acl[]" <?php
if ($desc['c']) {
echo 'checked';
}
?>
value="<?php
echo $name;
?>
" />
<?php
if ($desc['t']) {
echo '<a href="#" title="' . cn_htmlspecialchars($desc['t']) . '" onclick="return (tiny_msg(this));">' . cn_htmlspecialchars($desc['d']) . '</a>';
} else {
echo cn_htmlspecialchars($desc['d']);
}
?>
</span>
<?php
}
?>
<td>
</tr>
<?php
}
?>
<tr><td></td><td><hr/></td></tr>
<tr>
<td> </td>
<option <?php
if ($pw['dir'] == 'A') {
echo 'selected';
}
?>
value="A">asc</option>
</select>
</td>
</tr>
<tr><td>$page_alias</td> <td><input type="text" name="pw[page_alias]" value="<?php
echo isset($pw['page_alias']) ? cn_htmlspecialchars($pw['page_alias']) : '';
?>
"></td></tr>
<tr><td>$tag</td> <td><input type="text" name="pw[tag]" value="<?php
echo isset($pw['tag']) ? cn_htmlspecialchars($pw['tag']) : '';
?>
"></td></tr>
<tr><td>$static</td> <td><input type="checkbox" name="pw[static]" value="Y" <?php
if (isset($pw['static']) && $pw['static']) {
echo ' checked="checked" ';
}
?>
/></td></tr>
<tr><td>$reverse</td> <td><input type="checkbox" name="pw[reverse]" value="Y" <?php
if (isset($pw['reverse']) && $pw['reverse']) {
echo ' checked="checked" ';
}
?>
/></td></tr>
<option <?php
if ($codepage == 'koi8-r') {
echo 'selected';
}
?>
value="koi8-r">KOI8-R</option>
<option <?php
if ($codepage == 'koi8-u') {
echo 'selected';
}
?>
value="koi8-u">KOI8-U</option>
</select>
Old ID <input type="text" name="sample_id" value="<?php
echo cn_htmlspecialchars($sample_id);
?>
" />
</td>
</tr>
<tr><td style="text-align: right;"><input type="checkbox" name="conv[users]" value="Y" /></td><td>Convert users (<b>first</b>)</td></tr>
<tr><td style="text-align: right;"><input type="checkbox" name="conv[news]" value="Y" /></td><td>Convert all news, comments, more fields</td></tr>
<tr><td style="text-align: right;"><input type="checkbox" name="conv[archives]" value="Y" /></td><td>Convert archives</td></tr>
<tr>
<td style="text-align: right;"><input type="checkbox" name="conv[sc]" value="Y" /><br/> </td>
<td>
Convert sysconf (configs, category, ipban, templates, replace words)*<br/>
<input type="checkbox" name="conv[ovconf]" value="Y" /> Overwrite current system settings
</td>
</tr>
<tr>
<td>Groups</td>
<td>
<?php
foreach ($groups as $id => $name) {
?>
<input type="checkbox" name="category_acl[]" <?php
if ($category_acl && in_array($id, $category_acl)) {
echo 'checked';
}
?>
value="<?php
echo $id;
?>
"/> <?php
echo cn_htmlspecialchars($name['N']);
?>
<?php
}
?>
</td>
</tr>
<tr><td></td><td><hr/></td></tr>
<tr><td> </td>
<td>
<div style="float:left;">
<?php
if (!$category_id) {
?>
function dashboard_script()
{
list($snippet, $text) = GET('snippet, text');
if ($snippet == '') {
$snippet = 'sandbox';
}
// Prevent subfoldering
$snippet = preg_replace('/[^a-z0-9\\-\\.]/i', '_', $snippet);
if (request_type('POST')) {
cn_dsi_check();
// Click select only
if (!REQ('select', 'POST')) {
if (REQ('delete', 'POST')) {
$_t = getoption('#snippets');
unset($_t[$snippet]);
setoption('#snippets', $_t);
$snippet = 'sandbox';
} else {
// Create new snippet
if (REQ('create', 'POST')) {
$snippet = REQ('create');
}
setoption('#snippets/' . $snippet, $text);
cn_throw_message('Changes saved');
}
} else {
cn_throw_message('Select snippet [' . cn_htmlspecialchars($snippet) . ']');
}
}
$list = getoption('#snippets');
if (empty($list)) {
$list['sandbox'] = '';
}
$opt_txt = getoption('#snippets/' . $snippet);
$params = array('list' => $list, 'text' => !empty($opt_txt) ? $opt_txt : '', 'can_delete' => $snippet !== 'sandbox' ? TRUE : FALSE, 'snippet' => $snippet, 'snippets' => getoption('#snippets'));
echoheader('-@dashboard/style.css', 'HTML Scripts');
echo exec_tpl('dashboard/script', $params);
echofooter();
}
<?php
list($catlist) = _GL('catlist');
foreach ($catlist as $id => $var) {
?>
<input style="vertical-align: middle;" type="checkbox" name="__append[cats][<?php
echo $id;
?>
]" value="Y" />
<?php
echo cn_htmlspecialchars($var['name']);
?>
<?php
}
?>
</div>
</td>
<td align="center"><?php
if ($opt_vars[0] == 'label') {
echo cn_htmlspecialchars($opt_vars['var']);
} elseif ($opt_vars[0] == 'text') {
echo '<input type="text" name="config[' . $opt_id . ']" style="width: 400px;" value="' . cn_htmlspecialchars($opt_vars['var']) . '"/>';
} elseif ($opt_vars[0] == 'int') {
echo '<input type="text" name="config[' . $opt_id . ']" size="8" value="' . intval($opt_vars['var']) . '"/>';
} elseif ($opt_vars[0] == 'Y/N') {
echo '<input type="checkbox" name="config[' . $opt_id . ']" ' . ($opt_vars['var'] ? 'checked="checked"' : '') . ' value="Y"/>';
} elseif ($opt_vars[0] == 'select') {
echo '<select name="config[' . $opt_id . ']"/>';
foreach ($opt_vars[2] as $_id => $_var) {
echo '<option value="' . cn_htmlspecialchars($_id) . '" ' . ($_id == $opt_vars['var'] ? 'selected="selected"' : '') . '>' . cn_htmlspecialchars($_var) . '</option>';
}
echo '</select>';
}
?>
</td>
</tr>
<?php
}
?>
<tr>
<td> </td>
<td align="center"><input type="submit" style="font-weight:bold;font-size:120%;" value="Save changes" /></td>
</tr>
</table>
</form>
<td bgcolor="#F7F6F4" colspan=2 ><input name="rss_encoding" value="<?php
echo cn_htmlspecialchars($rss_encoding);
?>
" size=20></td>
</tr>
<tr>
<td>Language (default: <i>en-us</i>)</td>
<td><input name="rss_language" value="<?php
echo cn_htmlspecialchars($rss_language);
?>
" size=5></td>
</tr>
<tr>
<td bgcolor="#F7F6F4">Number of articles to be shown in the RSS (default:10):</td>
<td bgcolor="#F7F6F4"><input id=number size=5 type="text" size="20" name="rss_number" value="<?php
echo cn_htmlspecialchars(REQ('rss_number'));
?>
"></td>
</tr>
<tr>
<td valign="top"><b>Show articles only from these categories:</b></td>
<td align="center" rowspan="2">
<?php
if ($categories) {
?>
<select <?php
if (REQ('rss_allcategory')) {
echo 'style="display: none;"';
function media_invoke()
{
$popup_form = '';
list($path, $opt) = GET('folder, opt', 'GETPOST');
list($do_action, $pending) = GET('do_action, pending', 'POST');
// Change default uploads dir
$udir = cn_path_construct(SERVDIR, 'uploads');
if (getoption('uploads_dir')) {
$udir = preparation_path(getoption('uploads_dir'));
}
$edir = getoption('uploads_ext') ? getoption('uploads_ext') : getoption('http_script_dir') . '/uploads';
$dfile = cn_path_construct($udir, $path);
// Remove root identifier
$path = preparation_path($path);
// Path detection
$path = preg_replace('/[^a-z0-9\\/_\\\\]/i', '-', $path);
$root_dir = cn_path_construct($udir, $path) . DIRECTORY_SEPARATOR;
$just_uploaded = array();
// Get path struct
$pathes = spsep($path, DIRECTORY_SEPARATOR);
if (isset($pathes[0]) && $pathes[0] === '') {
unset($pathes[0]);
}
// Do upload files
if (request_type('POST')) {
cn_dsi_check();
// Allowed Exts.
$AE = spsep(getoption('allowed_extensions'));
// Generate thumbnail after upload
$thumbnail_with_upload = getoption('thumbnail_with_upload');
// UPLOAD FILES
if (REQ('upload', 'POST')) {
list($overwrite) = GET('overwrite');
$is_uploaded = FALSE;
// Try for fopen url upload
if ($upload_from_inet = REQ('upload_from_inet')) {
if (ini_get('allow_url_fopen')) {
// Get filename
$url_name = spsep($upload_from_inet, '/');
$url_name = $url_name[count($url_name) - 1];
$url_name = preg_replace('/(%20|\\s|\\?|&|\\/)/', '_', $url_name);
$url_name = str_replace('%', '_', $url_name);
// resolve filename
$c_file = $dfile . $url_name;
// Overwrite [if can], or add file
if ($overwrite && file_exists($c_file) || !file_exists($c_file)) {
// Use context for disable error notices
if (function_exists('stream_context_create')) {
$context = stream_context_create(array('http' => array('ignore_errors' => true)));
$fw = fopen($upload_from_inet, 'rb', false, $context);
} else {
// Read file
$fw = fopen($upload_from_inet, 'rb');
}
// --------- (fetch content) ------
ob_start();
fpassthru($fw);
$file_image = ob_get_clean();
fclose($fw);
// ---------
// write2disk
if ($wf = fopen($c_file, 'w')) {
fwrite($wf, $file_image);
fclose($wf);
}
// check image
list($w, $h) = getimagesize($c_file);
if ($w && $h) {
cn_throw_message('File uploaded');
$max_width = getoption('max_thumbnail_width');
if ($w > $max_width && $thumbnail_with_upload) {
$resize_result = resize_image($c_file, $max_width, 0);
cn_throw_message($resize_result['msg'], $resize_result['status'] ? 'n' : 'w');
}
$is_uploaded = TRUE;
$just_uploaded[$url_name] = TRUE;
} else {
cn_throw_message("Wrong image file", 'e');
unlink($c_file);
}
} else {
cn_throw_message("Can't overwrite or save", 'e');
}
} else {
cn_throw_message('allow_url_fopen=0, check server configurations');
}
}
// Upload from local
foreach ($_FILES['upload_file']['name'] as $id => $name) {
if ($name) {
$ext = NULL;
if (preg_match('/\\.(\\w+)$/i', $name, $c)) {
$ext = strtolower($c[1]);
}
// Check allowed ext
if ($ext && in_array($ext, $AE)) {
// encode url
$name = str_replace('%2F', '/', urlencode($name));
// encoded? replace filename
if (strpos($name, '%') !== FALSE) {
$name = str_replace('%', '', strtolower($name));
}
// check file for exist
if (file_exists($c_file = $dfile . $name)) {
if ($overwrite) {
cn_throw_message('File [' . cn_htmlspecialchars($c_file) . '] overwritten', 'w');
} else {
cn_throw_message('File [' . cn_htmlspecialchars($c_file) . '] already exists', 'e');
continue;
}
}
// Upload file to server
if (move_uploaded_file($_FILES['upload_file']['tmp_name'][$id], $c_file)) {
$just_uploaded[$name] = TRUE;
cn_throw_message('File uploaded [<b>' . cn_htmlspecialchars($name) . '</b>]');
$max_width = getoption('max_thumbnail_width');
list($w, $h) = getimagesize($c_file);
if ($w > $max_width && $thumbnail_with_upload) {
$resize_result = resize_image($c_file, $max_width, 0);
cn_throw_message($resize_result['msg'], $resize_result['status'] ? 'n' : 'w');
}
} else {
cn_throw_message('File [' . cn_htmlspecialchars($c_file) . '] not uploaded! Please, check upload_max_filesize in PHP settings.', 'e');
}
} else {
cn_throw_message('File extension [' . cn_htmlspecialchars($ext) . '] not allowed', 'e');
}
} elseif (!$is_uploaded) {
cn_throw_message('No selected files for upload', 'e');
}
}
} elseif ($do_action || $pending) {
list($rm) = GET('rm', 'POST');
// action --> delete entries
if ($do_action == 'delete') {
if (empty($rm)) {
cn_throw_message('No files selected', 'w');
} else {
foreach ($rm as $file) {
if (file_exists($cfile = $dfile . $file)) {
if (is_dir($cfile)) {
rmdir($cfile);
} else {
//get thumbnail path
$path_parts = pathinfo($cfile);
$thumbnail_path = $path_parts['dirname'] . DIRECTORY_SEPARATOR . '.thumb.' . $path_parts['basename'];
if (file_exists($thumbnail_path)) {
unlink($thumbnail_path);
}
unlink($cfile);
}
}
if (file_exists($cfile)) {
cn_throw_message('File [' . cn_htmlspecialchars($cfile) . '] not deleted!', 'e');
} else {
cn_throw_message('File [' . cn_htmlspecialchars($file) . '] deleted successfully');
}
}
}
} elseif ($do_action == 'create') {
$popup_form = i18n('Enter directory name') . ' <input type="text" name="new_dir" value="" />';
} elseif ($pending == 'create') {
$new_dir_arr = GET('new_dir', 'POST');
$new_folder = array_pop($new_dir_arr);
$new_folder = preg_replace('/[^a-z0-9_]/i', '-', $new_folder);
if ($new_folder) {
$cfile = $dfile . $new_folder;
if (is_dir($cfile)) {
cn_throw_message('Folder [' . $new_folder . '] already exists!', 'e');
} else {
mkdir($cfile);
if (!is_dir($cfile)) {
cn_throw_message('Folder [' . cn_htmlspecialchars($cfile) . ' not created]', 'e');
} else {
cn_throw_message('Folder [' . $new_folder . '] created!');
}
}
} else {
cn_throw_message('Specify folder name', 'w');
}
$popup_form = '';
} elseif ($do_action == 'rename') {
if ($rm) {
$popup_form = '<div class="big_font">' . i18n('Rename file to') . '</div>';
$popup_form .= i18n('Tip: Write new file name') . '<br />';
$popup_form .= '<table>';
foreach ($rm as $id => $fn) {
$hfn = cn_htmlspecialchars($fn);
$popup_form .= '<tr><td align="right" class="indent"><b>' . $hfn . '</b><td>';
$popup_form .= '<td><input type="hidden" name="ids[' . $id . ']" value="' . $hfn . '"/>→</td>';
$popup_form .= '<td><input style="width: 300px;" type="text" name="place[' . $id . ']" value="' . $hfn . '" /> ';
$popup_form .= '</td></tr>';
}
$popup_form .= '</table>';
} else {
cn_throw_message('Select files to rename', 'w');
}
} elseif ($pending == 'rename') {
// ...
list($ids, $place) = GET('ids, place', 'POST');
// prevent illegal moves
$safe_dir = scan_dir($root_dir);
foreach ($safe_dir as $id => $v) {
$safe_dir[$id] = md5($v);
}
// do move all files / dirs
foreach ($ids as $id => $file) {
if (in_array(md5($file), $safe_dir)) {
$filename = $place[$id];
if (strpos($filename, '\\') || strpos($filename, '/')) {
cn_throw_message(i18n('The name of file [%1] should not contain special characters', cn_htmlspecialchars($file)), 'e');
continue;
}
$renameto = $root_dir . $filename;
$thumb = $root_dir . '.thumb.' . $file;
// do move
if (rename($root_dir . $file, $renameto)) {
if (file_exists($thumb)) {
rename($thumb, $root_dir . '.thumb.' . $filename);
}
cn_throw_message(i18n('File [%1] renamed to [%2]', cn_htmlspecialchars($file), cn_htmlspecialchars($filename)));
} else {
cn_throw_message(i18n('File [%1] not renamed', cn_htmlspecialchars($file)), 'e');
}
}
}
} elseif ($do_action == 'move') {
if ($rm) {
$popup_form = '<div class="big_font">' . i18n('Move files to') . '</div>';
$popup_form .= i18n('Tip: You can select the folder to move the file') . '<br />';
$popup_form .= '<table>';
$folders = array();
$dirs = scan_dir($root_dir);
foreach ($dirs as $entry) {
if (is_dir($root_dir . $entry) && !($entry === '..' || $entry === '.')) {
$folders[] = $entry;
}
}
foreach ($rm as $id => $fn) {
$hfn = cn_htmlspecialchars($fn);
$popup_form .= '<tr><td align="right" class="indent"><b>' . $hfn . '</b><td>';
$popup_form .= '<td><input type="hidden" name="ids[' . $id . ']" value="' . $hfn . '"/>→</td>';
$popup_form .= '<td>';
$cnt_folders = count($folders);
if ($cnt_folders != 0 && !($cnt_folders == 1 && in_array($hfn, $folders))) {
$popup_form .= '<select name="place_folder_' . $id . '">';
foreach ($folders as $dirn) {
if ($dirn != $hfn) {
$popup_form .= '<option value="' . $dirn . '">' . $dirn . '</option>';
}
}
$popup_form .= '</select>';
}
if ($root_dir != $udir) {
$popup_form .= '<nobr><input type="checkbox" onclick="javascript:hideFolderList(this,' . $id . ')" name="moveup[' . $id . ']" value="Y" /> Move up</nobr>';
} else {
$popup_form .= '<nobr> X Move up (You are in root folder)</nobr>';
}
$popup_form .= '</td></tr>';
}
$popup_form .= '</table>';
} else {
cn_throw_message('Select files to move', 'w');
}
} elseif ($pending == 'move') {
// ...
list($ids, $moveup) = GET('ids, moveup', 'POST');
// prevent illegal moves
$safe_dir = scan_dir($root_dir);
foreach ($safe_dir as $id => $v) {
$safe_dir[$id] = md5($v);
}
// do move all files / dirs
foreach ($ids as $id => $file) {
list($place_folder) = GET('place_folder_' . $id);
if (in_array(md5($file), $safe_dir)) {
$NF = '';
$foldername = preg_replace('/\\.\\//i', '', $place_folder);
// move this file up
if (isset($moveup[$id]) && count($pathes) > 0) {
$nwfolder = dirname($root_dir);
$foldername = 'up folder';
} else {
$nwfolder = $root_dir . ($NF = isset($rm[0]) ? $rm[0] : '') . DIRECTORY_SEPARATOR . $foldername;
if ($rm[0]) {
$NF = $rm[0] . DIRECTORY_SEPARATOR;
}
}
$moveto = $nwfolder . DIRECTORY_SEPARATOR . $file;
//check for image thumbnail
$thumb = $root_dir . '.thumb.' . $file;
// do move
if (rename($root_dir . $file, $moveto)) {
if (file_exists($thumb)) {
rename($thumb, $nwfolder . DIRECTORY_SEPARATOR . '.thumb.' . $file);
}
cn_throw_message(i18n('File [%1] moved to [%2]', cn_htmlspecialchars($file), cn_htmlspecialchars($foldername)));
} else {
cn_throw_message(i18n('File [%1] not moved', cn_htmlspecialchars($file)), 'e');
}
}
}
} elseif ($do_action == 'thumb') {
if (!empty($_POST['rm'])) {
$popup_form = get_sizes_form('Make thumbnails', $do_action);
} else {
cn_throw_message('Select files to make thumbnail', 'w');
}
} elseif ($pending == 'thumb') {
do_resize_image($root_dir);
} elseif ($do_action == 'resize') {
if (!empty($_POST['rm'])) {
$popup_form = get_sizes_form('Resize source image', $do_action);
} else {
cn_throw_message('Select files to resize', 'w');
}
} elseif ($pending == 'resize') {
do_resize_image($root_dir, false);
} elseif (!hook('media/post_action')) {
msg_info("Action error");
}
}
}
// Check dir exists
if (is_dir($root_dir)) {
$raw_files = scan_dir($root_dir);
} else {
cn_throw_message('Dir not exists', 'e');
$raw_files = array();
}
$dirs = $files = array();
foreach ($raw_files as $file) {
if (preg_match('/avatar_/', $file)) {
continue;
}
$file_location = "{$root_dir}/{$file}";
if (is_dir($file_location)) {
$dirs[] = array('url' => "{$path}/{$file}", 'name' => $file);
} elseif (filesize(cn_path_construct($udir, $path) . $file) != 0) {
list($w, $h) = getimagesize(cn_path_construct($udir, $path) . $file);
$is_thumb = preg_match('/\\.thumb\\./', $file);
$files[] = array('name' => $file, 'url' => $edir . '/' . ($path ? $path . '/' : '') . $file, 'thumb' => file_exists($root_dir . '/.thumb.' . pathinfo($file, PATHINFO_BASENAME)) ? $edir . '/' . ($path ? $path . '/' : '') . '.thumb.' . pathinfo($file, PATHINFO_BASENAME) : '', 'local' => ($path ? $path . '/' : '') . $file, 'just_uploaded' => isset($just_uploaded[$file]) ? TRUE : FALSE, 'is_thumb' => $is_thumb, 'w' => $w, 'h' => $h, 'fs' => round(filesize($file_location) / 1024, 1));
}
}
uasort($dirs, 'usort_by_name_asc');
uasort($files, 'usort_by_name_asc');
// Top level (dashboard)
cn_bc_add('Dashboard', cn_url_modify(array('reset')));
cn_bc_add('Media manager', cn_url_modify());
cn_assign("files, dirs, path, pathes, popup_form, root_dir", $files, $dirs, $path, $pathes, $popup_form, $root_dir);
if ($opt === 'inline') {
echo exec_tpl('window', 'title=Quick insert image', 'style=media/style.css', 'content=' . exec_tpl('media/general'));
} else {
echoheader('-@media/style.css', 'Media manager');
echo exec_tpl('media/general');
echofooter();
}
}
<?php
cn_form_open('mod, opt, sub');
?>
<div><textarea name="text" style="width: 770px; height: 400px;"><?php
echo cn_htmlspecialchars($__text);
?>
</textarea></div>
<br/>
<div class="panel">
<input type="submit" value="Save changes" />
<select name="snippet">
<?php
foreach ($__list as $id => $_t) {
echo '<option ' . ($id == $__snippet ? 'selected' : '') . '>' . cn_htmlspecialchars($id) . '</option>';
}
?>
</select>
<input type="submit" name="select" value="Select" />
<input type="text" value="" name="create" style="width: 250px;"/>
<input type="submit" value="Create new" />
<?php
if ($__can_delete) {
?>
<input type="submit" name="delete" value="Delete snippet" />
<?php
}
<input type="submit" name="create" value="Clone template" />
<?php
if ($can_delete) {
?>
<input type="submit" name="delete" value="Delete" />
<?php
} else {
?>
<input type="submit" name="reset" value="Reset" />
<?php
}
?>
<?php
echo cn_htmlspecialchars(ucfirst($template));
?>
</div>
<?php
}
?>
</form>
<div style="text-align: right; margin: 16px 0 0 0">
<a href="#" onclick="<?php
echo cn_snippet_open_win(PHP_SELF . '?mod=help§ion=templates');
?>
" class="external">Understanding Templates</a>
<td><?php
echo cn_htmlspecialchars($u);
?>
</td>
<td>
<?php
if (is_array($v)) {
echo '<a href="' . cn_url_modify('path=' . $path . '/' . $u) . '">click to expand →</a>';
$edit = FALSE;
} elseif (is_numeric($v)) {
echo $v;
$edit = TRUE;
} elseif (strlen($v) > 128) {
echo cn_htmlspecialchars(clever_truncate($v, 128));
$edit = TRUE;
} else {
echo cn_htmlspecialchars($v);
$edit = TRUE;
}
if ($edit) {
echo ' [<a href="#" onclick="' . cn_snippet_open_win(cn_url_modify('edit=' . $u), array('w' => 800, 'h' => 550, 'l' => 'auto')) . '" class="external">edit</a>]';
}
?>
</td>
</tr>
<?php
}
?>
</table>
?>
<?php
if ($item['req']) {
echo '<span class="req">*</span>';
}
?>
</span>
</div>
<?php
}
?>
<?php
if ($item['desc']) {
echo '<div style="font-size: 10px; color: #808080; margin: 0 0 15px 0;">' . cn_htmlspecialchars($item['desc']) . '</div>';
}
?>
<?php
}
?>
<?php
if ($section !== '#basic') {
?>
</div><?php
}
?>
<?php
}
function cn_modify_bb_comm_submit($e, $t)
{
$echo = '<input type="submit" value="' . cn_htmlspecialchars($t) . '" class="cn_submit_bb"/>';
if ((test('Mea') || test('Mes')) && intval(REQ('edit_id'))) {
$echo .= '<input type="submit" name="cm_edit_comment" value="Edit comment" class="cn_edit_bb"/>';
}
return $echo;
}
<tr <?php
if ($id == $exid) {
echo 'class="row_selected"';
}
?>
>
<td><a href="<?php
echo cn_url_modify('lang_token=' . $lang_token, 'exid=' . $id);
?>
"><?php
echo $id;
?>
</a></td>
<td><?php
echo cn_htmlspecialchars($tran);
?>
</td>
</tr>
<?php
}
?>
</table>
<br/>
<div><input type="submit" name="submit" value="Submit" /></div>
</form>
}
if (empty($files)) {
?>
<tr><td colspan="6" align="center"><b>Files not found</b></td></tr><?php
}
?>
</table>
<!-- Action not work with popup -->
<?php
if ($popup_form) {
?>
<input type="hidden" name="pending" value="<?php
echo cn_htmlspecialchars(REQ('do_action', 'POST'));
?>
" />
<div class="media_popup_form"><?php
echo $popup_form;
?>
<input type="submit" value="Submit"></div>
<?php
} else {
?>
<div class="media_rgt_button">
Action
<select name="do_action">
<option value="move">Move</option>
<tr>
<th width="75">Date</th>
<th>Message</th>
</tr>
<?php
foreach ($logs as $item) {
?>
<tr>
<td width="75" style="color: #707070;"><nobr><?php
echo $item['date'];
?>
</nobr></td>
<td><?php
echo cn_htmlspecialchars($item['msg']);
?>
</td>
</tr>
<?php
}
?>
</table>
<p style='color: #808080;'>You may manually clean log there ./cdata/log/<?php
if (!$section) {
echo "error_dump.log";
} else {
echo 'user.log';
}
</nobr></td>
<td><?php
if (!$item[2]['id']) {
echo ' ---comment deleted--- ';
} else {
echo '<a target="_blank" href="' . $item[3] . '">' . cn_htmlspecialchars(clever_truncate($item[2]['c'])) . '</a>';
}
?>
</td>
<td align="center"><?php
echo cn_htmlspecialchars($item[2]['ip']);
?>
</td>
<td><?php
echo cn_htmlspecialchars($item[2]['e']);
?>
</td>
<td><?php
echo cn_htmlspecialchars($item[2]['u']);
?>
</td>
</tr>
<?php
}
?>
</table>
<p>Total written comments: <b><?php
echo $__count;
?>
</b></p>
<td width=85>Password: <span class="required">*</span></td>
<td>
<div><input tabindex="1" type="password" name=regpassword id="regpassword" onkeyup="password_strength();" style="width:134px" size="20"></div>
<div id="password_strength"></div></td>
<td> <input type="text" style="border: none; width: 150px;" id="pass_msg" disabled="true" value="Enter password"></td>
</tr>
<tr>
<td width=85>Confirm: <span class="required">*</span></td>
<td colspan="2"><input tabindex="1" type="password" name="confirm" style="width:134px" size="20"></td>
</tr>
<tr>
<td width=85>Email: <span class="required">*</span></td>
<td colspan="2"><input tabindex="1" type="text" name="regemail" value="<?php
echo cn_htmlspecialchars($regemail);
?>
" style="width:134px" size="20"></td>
</tr>
<tr>
<td width=85>Captcha: <span class="required">*</span></td>
<td colspan="2"><input tabindex="1" type="text" name="captcha" style="width:134px" size="20"></td>
</tr>
<tr>
<td width=85><a href="#" style="border-bottom: 1px dotted #000080;" onclick="getId('capcha').src='captcha.php?r='+Math.random(); return(false);">Refresh code</a></td>
<td colspan="2"><img src="captcha.php" id="capcha" alt=""></td>
</tr>
<tr>
?>
<input type="text" style="width: 500px;" name="more[<?php
echo $name;
?>
]" value="<?php
echo isset($pdata['value']) ? cn_htmlspecialchars($pdata['value']) : '';
?>
">
<?php
} elseif ($pdata['type'] == 'textarea') {
?>
<textarea style="width: 500px; height: 100px;" name="more[<?php
echo $name;
?>
]"><?php
echo isset($pdata['value']) ? cn_htmlspecialchars($pdata['value']) : '';
?>
</textarea>
<?php
}
?>
</td>
</tr>
<?php
}
}
?>
<tr>
<td> </td>
- {input_username}
- {input_email}
- {input_commentbox}
- {smiles}
- [captcha] ... {captcha} ... [/captcha] - if captcha enabled only
- [submit]..[/submit] - make submit box
*/
$member = member_get();
if ($member && test('Mac') || !$member) {
$comment_url = getoption('rw_engine') ? $_SERVER['REQUEST_URI'] : PHP_SELF;
echo '<form name="comment_frm" action="' . $comment_url . '" method="POST"/>';
echo '<input type="hidden" name="id" value="' . $id . '" />';
echo '<input type="hidden" name="subaction" value="addcomment" />';
echo '<input type="hidden" name="popup" value="' . cn_htmlspecialchars(REQ('popup')) . '" />';
echo '<input type="hidden" name="referer" value="' . cn_htmlspecialchars($_SERVER['REQUEST_URI']) . '" />';
$edit_id = intval(REQ('edit_id'));
if ($edit_id) {
echo '<input id="edt_comm_mode" type="hidden" name="edit_id" value="' . intval($edit_id) . '" />';
}
if ($is_encode) {
$comments = $entry['co'];
foreach ($comments as $item) {
$ni = iconv('UTF-8', $user_encoding . '//TRANSLIT', $item['c']);
if ($ni) {
$entry['co'][$item['id']]['c'] = $ni;
}
}
}
$echo = entry_make($entry, 'form', $template, 'comm');
// Keep [bb]codes[/bb]
if ($user && !$user != $item['u']) {
continue;
}
// Query string not found
if (!preg_match('/' . join('.*?', $_query) . '/uis', $Fs . $Ss)) {
continue;
}
$st++;
if ($st < $search_st) {
continue;
}
if ($found == 0) {
echo "<p class='cutenews_found_news'>" . i18n('Search results for') . " "" . cn_htmlspecialchars($search) . ""</p><div class='cn_search_body'>";
}
$found++;
$title = cn_htmlspecialchars($item['t']);
// Call: id, archiveid, template
if (getoption('rw_engine')) {
$url = cn_rewrite('full_story', cn_put_alias($id));
if (getoption('search_hl')) {
$url .= "?qhl=" . urlencode($search);
}
} else {
if (getoption('search_hl')) {
$url = cn_url_modify($_static_qr, 'id=' . $id, "qhl=" . urlencode($search));
} else {
$url = cn_url_modify($_static_qr, 'id=' . $id);
}
}
$itemid++;
echo "<div class='cutenews_search_item'>{$itemid} <b><a href='{$url}'>{$title}</a></b> (" . date("d F, Y", $id) . ")</div>";
}
if (preg_match($regex_site, $comment)) {
echo '<div class="cn_error_comment">' . i18n('Your not allowed to put URL\'s in the comments field.') . '. <a href="' . $refer . '">Go back</a></div>';
return FALSE;
}
if (getoption('only_registered_comment') && !$logged_as_member) {
echo '<div class="cn_error_comment">' . i18n('Only registered users can post comments') . '. <a href="' . $refer . '">Go back</a></div>';
return FALSE;
}
// Check ip/nick ban filter ----
$block_list = getoption('#ipban');
foreach ($block_list as $ip_test => $_t) {
// Create test string
$match = '/' . str_replace('\\x2a', '.*?', preg_sanitize($ip_test)) . '/';
if (preg_match($match, CLIENT_IP) || !$logged_as_member && preg_match($match, $name)) {
echo '<div class="cn_error_comment">' . i18n('Sorry but you have been blocked from posting comments') . ' (IP=' . cn_htmlspecialchars(CLIENT_IP) . '). <a href="' . $refer . '">Go back</a></div>';
return FALSE;
}
}
// Check for flood (if enabled)
if ($flood_time = getoption('flood_time')) {
if (!file_exists($fn = cn_path_construct(SERVDIR, 'cdata') . 'flood.txt')) {
fclose(fopen($fn, 'w+'));
}
$flood = file($fn);
$found = FALSE;
$w = fopen($fn, 'w+');
flock($w, LOCK_EX);
foreach ($flood as $item) {
list($ip, $time) = explode('|', $item);
if (time() <= intval($time)) {
<?php
if (!defined('EXEC_TIME')) {
die('Access restricted');
}
// Loading filters
require_once SERVDIR . '/core/modules/hooks/common.php';
// Require module -----
$_module = REQ('mod', 'GPG');
// Loading all modules (internal + external)
$_init_modules = hook('modules/init_modules', array('main' => array('path' => 'dashboard', 'acl' => 'Cd'), 'addnews' => array('path' => 'add_news', 'acl' => 'Can'), 'editnews' => array('path' => 'edit_news', 'acl' => 'Cvn'), 'media' => array('path' => 'media', 'acl' => 'Cmm'), 'maint' => array('path' => 'maint', 'acl' => 'Cmt'), 'help' => array('path' => 'help', 'acl' => ''), 'logout' => array('path' => 'logout', 'acl' => '')));
// Required module not exist
if (!isset($_init_modules[$_module])) {
// external module chk
$_module = hook('modules/init', 'main', $_module);
}
// Check restrictions, if user is authorized
if (($user = member_get()) && defined('AREA') && AREA == 'ADMIN') {
if (test($_init_modules[$_module]['acl'])) {
// Request module
$_mod_cfg = $_init_modules[$_module];
include MODULE_DIR . '/' . $_mod_cfg['path'] . '.php';
} else {
//check user for ban group
if ($user['acl'] == ACL_LEVEL_BANNED) {
global $_SESS;
$_SESSION = array();
}
msg_info('Section [' . cn_htmlspecialchars($_module) . '] disabled for you', PHP_SELF);
}
}
<td><?php
echo cn_htmlspecialchars($var);
?>
</td>
</tr>
<?php
}
} else {
?>
<tr><td colspan="2">Entries not found</td></tr><?php
}
?>
</table>
<br/>
<table class="panel">
<tr><td align="right">Word</td> <td><input type="text" style="width: 350px;" name="word" value="<?php
echo cn_htmlspecialchars($word);
?>
"/></td></tr>
<tr><td align="right">Replace</td> <td><input type="text" style="width: 350px;" name="replace" value="<?php
echo cn_htmlspecialchars($replace);
?>
"/></td></tr>
<tr><td align="right"><input type="checkbox" name="delete" value="Y"/></td> <td>Delete word</td></tr>
<tr><td> </td> <td><input type="submit" name="submit" value="Submit"/></td></tr>
</table>
</form>
<div class="name">Article meta [<a href="#" onclick="return(tiny_msg(this));" title="Some additional optional data">?</a>]</div>
<hr/>
<div class="name">Page alias</div>
<div><input type="text" style="width: 100%" value="<?php
echo cn_htmlspecialchars($vPage);
?>
" name="page" tabindex=4></div>
<div style="font-size: 10px; color: #808080; margin: 0 0 15px 0;">The unique name of the page. Use $page_alias parameter before include show_news.php, charset [a-zA-Z0-9_-]</div>
<!-- tags line -->
<div class="section">
<div class="name">Tagline</div>
<div><input type="text" style="width: 100%" value="<?php
echo cn_htmlspecialchars($vTags);
?>
" name="tags" tabindex=5></div>
<div style="font-size: 10px; color: #808080; margin: 0 0 15px 0;">List the tags for news, separated by commas</div>
</div>
</div>
<?php
hook('template/AdditionalFieldsBottom');
?>
<div class="section" id="options">
<div class="name">Article options</div>
<hr/>
