function h5u_config_save($sC, $revert = false) { global $CONFIG, $superCage, $lang_plugin_html5upload, $lang_common, $lang_errors; if (!checkFormToken()) { global $lang_errors; cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__); } $grpn = 0; if ($superCage->post->keyExists('h5u_gSel')) { $grpn = (int) $superCage->post->getEscaped('h5u_gSel'); } $grpc = $grpn ? $grpn : ''; if ($revert && $grpc) { cpg_db_query("DELETE FROM {$CONFIG['TABLE_CONFIG']} WHERE name = 'html5upload_config{$grpc}'"); return; } $cfg = isset($CONFIG['html5upload_config' . $grpc]) ? unserialize($CONFIG['html5upload_config' . $grpc]) : unserialize($CONFIG['html5upload_config']); if ($superCage->post->keyExists('upsize')) { $uplsiz = (int) $superCage->post->getEscaped('upsize'); $uplsizm = (int) $superCage->post->getEscaped('upsizem'); for ($i = 0; $i < $uplsizm + 1; $i++) { $uplsiz = $uplsiz << 10; } $cfg['upldsize'] = $uplsiz; } if ($superCage->post->keyExists('concurrent')) { $cfg['concurrent'] = (int) $superCage->post->getEscaped('concurrent'); } if ($superCage->post->keyExists('acptmime')) { $mtypes = trim($superCage->post->getEscaped('acptmime')); $mtypes = str_replace('"', '', $mtypes); $mtypes = trim($mtypes); $mtypes = preg_replace('/([^,\\s])[,\\s]+([^,\\s])/', '$1,$2', $mtypes); $mtypes = preg_replace('/\\s+/', '', $mtypes); $cfg['acptmime'] = $mtypes; } $cfg['autoedit'] = $superCage->post->keyExists('autoedit') ? 1 : 0; $cfg['enabtitl'] = $superCage->post->keyExists('titlfld') ? 1 : 0; $cfg['enabdesc'] = $superCage->post->keyExists('descfld') ? 1 : 0; $cfg['enabkeys'] = $superCage->post->keyExists('keysfld') ? 1 : 0; $cfg['enabusr1'] = $superCage->post->keyExists('usr1fld') ? 1 : 0; $cfg['enabusr2'] = $superCage->post->keyExists('usr2fld') ? 1 : 0; $cfg['enabusr3'] = $superCage->post->keyExists('usr3fld') ? 1 : 0; $cfg['enabusr4'] = $superCage->post->keyExists('usr4fld') ? 1 : 0; $scfg = cpg_db_escape_string(serialize($cfg)); if (isset($CONFIG['html5upload_config' . $grpc])) { cpg_db_query("UPDATE {$CONFIG['TABLE_CONFIG']} SET value = '{$scfg}' WHERE name = 'html5upload_config{$grpc}'"); } else { cpg_db_query("INSERT INTO {$CONFIG['TABLE_CONFIG']} (name, value) VALUES ('html5upload_config{$grpc}', '{$scfg}')"); } starttable('100%', $lang_common['information']); echo <<<EOT \t<tr> \t\t<td class="tableb" width="200"> \t\t\t<div class="cpg_message_info">{$lang_plugin_html5upload['saved']}</div> \t\t</td> \t</tr> EOT; endtable(); echo '<br />'; }
function get_user_data($pri_group, $groups, $default_group_id = 3) { //Parameters : // $pri_group (scalar) : Group ID number of the user's 'main' group. This is the group that will be // the user's profile display. ($USER_DATA['group_id']) // // $groups (array) : List of group ids of all the groups that the user is a member of. IF this list // does not include the $pri_group, it will be added. // // $default_group_id (scalar) : The group used as a fall-back if no valid group ids are specified. // If this group also does not exist then CPG will abort with a critical // error. // // Returns an array containing most of the data to put into in $USER_DATA. global $CONFIG; foreach ($groups as $key => $val) { if (!is_numeric($val)) { unset($groups[$key]); } } if (!in_array($pri_group, $groups)) { array_push($groups, $pri_group); } $result = cpg_db_query("SELECT MAX(group_quota) AS disk_max, MIN(group_quota) AS disk_min, " . "MAX(can_rate_pictures) AS can_rate_pictures, MAX(can_send_ecards) AS can_send_ecards, " . "MAX(can_post_comments) AS can_post_comments, MAX(can_upload_pictures) AS can_upload_pictures, " . "MAX(can_create_albums) AS can_create_albums, " . "MAX(has_admin_access) AS has_admin_access, " . "MAX(access_level) AS access_level, " . "MIN(pub_upl_need_approval) AS pub_upl_need_approval, MIN( priv_upl_need_approval) AS\t priv_upl_need_approval " . "FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_id in (" . implode(",", $groups) . ")"); if ($result->numRows()) { $USER_DATA = $result->fetchAssoc(true); $result = cpg_db_query("SELECT group_name FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_id= " . $pri_group); $temp_arr = $result->fetchAssoc(); $USER_DATA["group_name"] = $temp_arr["group_name"]; } else { $result = cpg_db_query("SELECT * FROM {$CONFIG['TABLE_USERGROUPS']} WHERE group_id = {$default_group_id}"); if (!$result->numRows()) { $this->synchronize_groups(); die('<strong>Coppermine critical error</strong>:<br />The group table does not contain the Anonymous group !'); } $USER_DATA = $result->fetchAssoc(true); } $result->free(); $result = cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_CATMAP']} WHERE group_id in (" . implode(",", $groups) . ")"); if ($result->result(0, 0, true) > 0) { $USER_DATA['can_create_public_albums'] = 1; } else { $USER_DATA['can_create_public_albums'] = 0; } $result->free(); $USER_DATA["group_quota"] = $USER_DATA["disk_min"] ? $USER_DATA["disk_max"] : 0; $USER_DATA['can_see_all_albums'] = $USER_DATA['has_admin_access']; $USER_DATA["group_id"] = $pri_group; $USER_DATA['groups'] = $groups; if (get_magic_quotes_gpc() == 0) { $USER_DATA['group_name'] = cpg_db_escape_string($USER_DATA['group_name']); } return $USER_DATA; }
function get_pic_pos($album, $pid) { global $USER, $CONFIG, $CURRENT_ALBUM_KEYWORD, $FORBIDDEN_SET_DATA, $USER_DATA; global $RESTRICTEDWHERE, $FORBIDDEN_SET; global $lang_errors; // Regular albums if (is_numeric($album)) { if (count($FORBIDDEN_SET_DATA) > 0) { $forbidden_set_string = ' AND aid NOT IN (' . implode(', ', $FORBIDDEN_SET_DATA) . ')'; } else { $forbidden_set_string = ''; } $album_name_keyword = get_album_name($album); //$album_name = $album_name_keyword['title']; $album_keyword = addslashes($album_name_keyword['keyword']); if (!empty($album_keyword)) { $keyword = "OR (keywords like '%{$album_keyword}%' {$forbidden_set_string} )"; } else { $keyword = ''; } $approved = GALLERY_ADMIN_MODE ? '' : 'AND approved=\'YES\''; $result = cpg_db_query("SELECT filename, title, pid, position, ctime FROM {$CONFIG['TABLE_PICTURES']} WHERE pid = {$pid}"); if (!$result->numRows()) { cpg_die(ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $pic = $result->fetchAssoc(true); $pic['title'] = cpg_db_escape_string($pic['title']); $sort_array = array('na' => "(filename < '{$pic['filename']}' OR filename = '{$pic['filename']}' AND pid < {$pic['pid']})", 'nd' => "(filename > '{$pic['filename']}' OR filename = '{$pic['filename']}' AND pid > {$pic['pid']})", 'ta' => "(title < '{$pic['title']}' OR title = '{$pic['title']}' AND pid < {$pic['pid']})", 'td' => "(title > '{$pic['title']}' OR title = '{$pic['title']}' AND pid > {$pic['pid']})", 'da' => "(ctime < '{$pic['ctime']}' OR ctime = '{$pic['ctime']}' AND pid < {$pic['pid']})", 'dd' => "(ctime > '{$pic['ctime']}' OR ctime = '{$pic['ctime']}' AND pid > {$pic['pid']})", 'pa' => "(position < {$pic['position']} OR position = {$pic['position']} AND pid < {$pic['pid']})", 'pd' => "(position > {$pic['position']} OR position = {$pic['position']} AND pid > {$pic['pid']})"); $sort_code = isset($USER['sort']) && $CONFIG['custom_sortorder_thumbs'] ? $USER['sort'] : $CONFIG['default_sort_order']; $sort_order = isset($sort_array[$sort_code]) ? $sort_array[$sort_code] : $sort_array[$CONFIG['default_sort_order']]; $query = "SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']}\n WHERE ((aid='{$album}' {$forbidden_set_string}) {$keyword}) {$approved}\n AND {$sort_order}"; $result = cpg_db_query($query); list($pos) = $result->fetchRow(true); return $pos; } // Meta albums switch ($album) { case 'lastcom': // Latest comments $superCage = Inspekt::makeSuperCage(); if (!$superCage->get->getInt('msg_id')) { cpg_die(ERROR, $lang_errors['param_missing'], __FILE__, __LINE__); } $query = "SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} AS p\n INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS r ON r.aid = p.aid\n INNER JOIN {$CONFIG['TABLE_COMMENTS']} AS c ON c.pid = p.pid\n {$RESTRICTEDWHERE}\n AND approved = 'YES'\n AND approval = 'YES'\n AND msg_id > " . $superCage->get->getInt('msg_id'); $result = cpg_db_query($query); list($pos) = $result->fetchRow(true); return $pos; break; case 'lastcomby': // Latest comments by a specific user if (isset($USER['uid'])) { $uid = (int) $USER['uid']; } else { $uid = -1; } $superCage = Inspekt::makeSuperCage(); if (!$superCage->get->getInt('msg_id')) { cpg_die(ERROR, $lang_errors['param_missing'], __FILE__, __LINE__); } $query = "SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} AS p\n INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS r ON r.aid = p.aid\n INNER JOIN {$CONFIG['TABLE_COMMENTS']} AS c ON c.pid = p.pid\n {$RESTRICTEDWHERE}\n AND author_id = {$uid}\n AND approved = 'YES'\n AND approval = 'YES'\n AND msg_id > " . $superCage->get->getInt('msg_id'); $result = cpg_db_query($query); list($pos) = $result->fetchRow(true); return $pos; break; case 'lastup': // Latest (most recent) uploads $query = "SELECT ctime FROM {$CONFIG['TABLE_PICTURES']} WHERE pid = {$pid}"; $result = cpg_db_query($query); if (!$result->numRows()) { cpg_die(ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $ctime = $result->result(0, 0, true); $query = "SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} AS p\n INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS r ON r.aid = p.aid\n {$RESTRICTEDWHERE}\n AND approved = 'YES'\n AND (ctime > {$ctime}\n OR ctime = {$ctime} AND pid > {$pid})"; $result = cpg_db_query($query); list($pos) = $result->fetchRow(true); return $pos; break; case 'lastupby': // Latest (most recent) uploads by a specific user if (isset($USER['uid'])) { $uid = (int) $USER['uid']; } else { $uid = -1; } $query = "SELECT ctime FROM {$CONFIG['TABLE_PICTURES']} WHERE pid = {$pid}"; $result = cpg_db_query($query); if (!$result->numRows()) { cpg_die(ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $ctime = $result->result(0, 0, true); $query = "SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} AS p\n INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS r ON r.aid = p.aid\n {$RESTRICTEDWHERE}\n AND p.owner_id = {$uid}\n AND approved = 'YES'\n AND (ctime > {$ctime}\n OR ctime = {$ctime} AND pid > {$pid})"; $result = cpg_db_query($query); list($pos) = $result->fetchRow(true); return $pos; break; case 'topn': // Most viewed files $query = "SELECT hits FROM {$CONFIG['TABLE_PICTURES']} WHERE pid = {$pid}"; $result = cpg_db_query($query); if (!$result->numRows()) { cpg_die(ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $hits = $result->result(0, 0, true); $query = "SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} AS p\n INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS r ON r.aid = p.aid\n {$RESTRICTEDWHERE}\n AND approved = 'YES'\n AND (hits > {$hits}\n OR hits = {$hits} AND pid < {$pid})"; $result = cpg_db_query($query); list($pos) = $result->fetchRow(true); return $pos; break; case 'toprated': // Top rated pictures $query = "SELECT pic_rating, votes FROM {$CONFIG['TABLE_PICTURES']} WHERE pid = {$pid}"; $result = cpg_db_query($query); if (!$result->numRows()) { cpg_die(ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } list($pic_rating, $votes) = $result->fetchRow(true); $query = "SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} AS p\n INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS r ON r.aid = p.aid\n {$RESTRICTEDWHERE}\n AND approved = 'YES'\n AND p.votes >= '{$CONFIG['min_votes_for_rating']}'\n AND (pic_rating > {$pic_rating}\n OR (pic_rating = {$pic_rating} AND p.votes > {$votes})\n OR (pic_rating = {$pic_rating} AND p.votes = {$votes} AND pid > {$pid}))"; $result = cpg_db_query($query); list($pos) = $result->fetchRow(true); return $pos; break; case 'lasthits': // Last viewed files (most recently-viewed files) $query = "SELECT mtime FROM {$CONFIG['TABLE_PICTURES']} WHERE pid = {$pid}"; $result = cpg_db_query($query); if (!$result->numRows()) { cpg_die(ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $mtime = $result->result(0, 0, true); $query = "SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} AS p\n INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS r ON r.aid = p.aid\n {$RESTRICTEDWHERE}\n AND approved = 'YES'\n AND hits > 0\n AND (mtime > '{$mtime}'\n OR mtime = '{$mtime}' AND pid < {$pid})"; $result = cpg_db_query($query); list($pos) = $result->fetchRow(true); return $pos; break; case 'search': // Search results $superCage = Inspekt::makeSuperCage(); if (isset($USER['search']['search'])) { $search_string = $USER['search']['search']; } else { $search_string = ''; } $get_pic_pos = true; include 'include/search.inc.php'; return $pos; break; case 'favpics': // Favorite Files global $FAVPICS; if (empty($FAVPICS)) { return 0; } $favs = implode(', ', $FAVPICS); $query = "SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} AS p\n INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS r ON r.aid = p.aid\n {$RESTRICTEDWHERE}\n AND approved = 'YES'\n AND pid IN ({$favs})\n AND pid < {$pid}"; $result = cpg_db_query($query); list($pos) = $result->fetchRow(true); return $pos; break; case 'datebrowse': // Browsing by uploading date $superCage = Inspekt::makeSuperCage(); // Using getRaw(): The date is sanitized in the called function $date = $superCage->get->keyExists('date') ? cpgValidateDate($superCage->get->getRaw('date')) : null; $query = "SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} AS p\n INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS r ON r.aid = p.aid\n {$RESTRICTEDWHERE}\n AND approved = 'YES'\n AND substring(from_unixtime(ctime),1,10) = '" . substr($date, 0, 10) . "'\n AND pid < {$pid}"; $result = cpg_db_query($query); list($pos) = $result->fetchRow(true); return $pos; break; default: // Invalid/custom meta album $pos = CPGPluginAPI::filter('meta_album_get_pic_pos', $album); if (is_numeric($pos)) { return $pos; // Custom meta album } else { return FALSE; // Invalid meta album } } // switch }
**********************************************/ define('IN_COPPERMINE', true); define('DB_ECARD_PHP', true); define('ECARDS_PHP', true); define('SMILIES_PHP', true); require 'include/init.inc.php'; require 'include/smilies.inc.php'; if (!$superCage->get->keyExists('data')) { cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__); } /** * Clean up GPC and other Globals here */ $tmpData['data'] = @unserialize(@base64_decode($superCage->get->getRaw('data'))); if (!is_array($tmpData['data'])) { $CLEAN['data'] = cpg_db_escape_string($tmpData['data']); } else { // Remove HTML tags as we can't trust what we receive foreach ($tmpData['data'] as $key => $value) { $CLEAN['data'][$key] = $value; if ($key == 'pid') { $CLEAN['data'][$key] = (int) $CLEAN['data'][$key]; } else { $CLEAN['data'][$key] = htmlspecialchars($CLEAN['data'][$key]); } } } // attempt to obtain full link from db if ecard logging enabled and min 12 chars of data is provided and only 1 match if (!is_array($CLEAN['data']) && $CONFIG['log_ecards'] && strlen($CLEAN['data']) > 12) { $result = cpg_db_query("SELECT link FROM {$CONFIG['TABLE_ECARDS']} WHERE link LIKE '{$CLEAN['data']}%'"); if ($result->numRows() === 1) {
/** * Returns the value escaped using database method. * * @param mixed $value * @return string * * @tag filter */ public static function getEscaped($value) { if (is_array($value)) { return self::_walkArray($value, 'getEscaped'); } elseif (!empty($value)) { global $CONFIG; if (isset($CONFIG['LINK_ID']) && $CONFIG['LINK_ID']) { return cpg_db_escape_string(htmlspecialchars($value, ENT_QUOTES), $CONFIG['LINK_ID']); } else { return cpg_db_escape_string(htmlspecialchars($value, ENT_QUOTES)); } } else { return $value; } }
function html5upload_install() { global $CONFIG, $h5a_upload; $scfg = cpg_db_escape_string(serialize($h5a_upload->h5u_config_default)); cpg_db_query("INSERT INTO {$CONFIG['TABLE_CONFIG']} (name, value) VALUES ('html5upload_config', '{$scfg}')"); return true; }