} URL::redirect(URL::admin('messages')); } else { if (isset($_GET['del']) && isset($_POST['confirm'])) { $db->sql_query('DELETE FROM ' . $prefix . '_message WHERE mid=' . intval($_GET['del'])); $db->optimize_table($prefix . '_message'); URL::redirect(URL::admin('messages')); } } require_once 'header.php'; GraphicAdmin('_AMENU3'); if (isset($_GET['del'])) { if (isset($_POST['cancel'])) { URL::redirect(URL::admin('messages')); } cpg_delete_msg(URL::admin('&del=' . intval($_GET['del'])), _REMOVEMSG); } else { if (isset($_GET['edit'])) { OpenTable(); $id = intval($_GET['edit']); $result = $db->sql_query('SELECT title, content, date, expire, active, view, mlanguage FROM ' . $prefix . '_message WHERE mid=' . $id); $row = $db->sql_fetchrow($result); echo '<div style="text-align:center;" class="option">' . _EDITMSG . '</div>' . '<form name="edit_message" action="' . URL::admin('messages&save=' . $id) . '" method="post" enctype="multipart/form-data" accept-charset="utf-8">' . '<br /><strong>' . _MESSAGETITLE . '</strong><br />' . '<input type="text" name="title" value="' . htmlprepare($row['title']) . '" size="50" maxlength="100" /><br /><br />' . '<strong>' . _MESSAGECONTENT . '</strong><br />' . bbcode_table('content', 'edit_message', 1) . '<div style="float:left;"><textarea name="content" rows="15" wrap="virtual" cols="63" onselect="storeCaret(this);" onclick="storeCaret(this);" onkeyup="storeCaret(this);" onchange="storeCaret(this);">' . htmlprepare($row['content']) . '</textarea></div> <div style="float:left; margin-left:5px;">' . smilies_table('inline', 'content', 'edit_message') . '</div><br /><br />'; if ($MAIN_CFG['global']['multilingual']) { echo '<strong>' . _LANGUAGE . '</strong> ' . lang_selectbox($row['mlanguage'], 'language') . '<br /><br />'; } else { echo '<input type="hidden" name="language" value="" />'; } echo "<strong>" . _EXPIRATION . '</strong> ' . select_box('expire', $row['expire'], array(86400 => '1 ' . _DAY, 172800 => '2 ' . _DAYS, 432000 => '5 ' . _DAYS, 1296000 => '15 ' . _DAYS, 2592000 => '30 ' . _DAYS, 0 => _UNLIMITED)) . '<br /><br />' . '<strong>' . _ACTIVATE2 . '</strong> ' . yesno_option('active', $row['active']); if ($row['active']) {
// Delete PM's if (isset($mark_list) && !is_array($mark_list)) { // Set to empty array instead of '0' if nothing is selected. $mark_list = array(); } if (!$confirm) { $s_hidden_fields = '<input type="hidden" name="mode" value="' . $mode . '" />'; $s_hidden_fields .= isset($_POST['delete']) ? '<input type="hidden" name="delete" value="true" />' : '<input type="hidden" name="deleteall" value="true" />'; for ($i = 0; $i < count($mark_list); $i++) { $s_hidden_fields .= '<input type="hidden" name="mark[]" value="' . intval($mark_list[$i]) . '" />'; } // // Output confirmation page // $pagetitle = $lang['Confirm_delete_pm']; cpg_delete_msg(URL::index('&folder=' . $folder), count($mark_list) == 1 ? $lang['Confirm_delete_pm'] : $lang['Confirm_delete_pms'], $s_hidden_fields); } else { if ($delete_all) { switch ($folder) { case 'inbox': $delete_type = "privmsgs_to_userid = {$userinfo['user_id']} AND (\n\t\t\t\tprivmsgs_type = " . PM_READ_MAIL . " OR privmsgs_type = " . PM_NEW_MAIL . " OR privmsgs_type = " . PM_UNREAD_MAIL . " )"; break; case 'outbox': $delete_type = "privmsgs_from_userid = {$userinfo['user_id']} AND ( privmsgs_type = " . PM_NEW_MAIL . " OR privmsgs_type = " . PM_UNREAD_MAIL . " )"; break; case 'sentbox': $delete_type = "privmsgs_from_userid = {$userinfo['user_id']} AND privmsgs_type = " . PM_SENT_MAIL; break; case 'savebox': $delete_type = "( ( privmsgs_from_userid = {$userinfo['user_id']}\n\t\t\t\t\tAND privmsgs_type = " . PM_SAVED_OUT_MAIL . " )\n\t\t\t\tOR ( privmsgs_to_userid = " . $userinfo['user_id'] . "\n\t\t\t\t\tAND privmsgs_type = " . PM_SAVED_IN_MAIL . " ) )"; break;
} elseif (isset($_POST['saveEntry'])) { $id = intval($_POST['entry_id']); $year = Fix_Quotes($_POST['entry_year'], 1); $content = Fix_Quotes($_POST['entry_content']); $entry_language = $_POST['entry_lang']; $db->sql_query("UPDATE " . $prefix . "_history SET yid='{$year}', content='{$content}', language='{$entry_language}' WHERE eid='{$id}'"); URL::redirect(URL::admin('&edit=' . $id)); } elseif (isset($_GET['delete'])) { if (isset($_POST['cancel'])) { URL::redirect(URL::admin()); } if (isset($_POST['confirm'])) { $db->sql_query("DELETE FROM " . $prefix . "_history WHERE eid='" . intval($_GET['delete']) . "'"); URL::redirect(URL::admin()); } cpg_delete_msg(URL::admin('&delete=' . intval($_GET['delete'])), sprintf(_ERROR_DELETE_CONF, 'this entry')); } elseif (isset($_POST['transferEntry'])) { $entry_day = intval($_POST['day']); $entry_month = intval($_POST['month']); URL::redirect(URL::admin('&mode=show&month=' . $entry_month . '&day=' . $entry_day)); } elseif (isset($_GET['mode']) && $_GET['mode'] == 'show') { $entry_day = intval($_GET['day']); $entry_month = intval($_GET['month']); if (strlen($_GET['day']) < 1 || strlen($_GET['month']) < 1) { cpg_error(sprintf(_ERROR_NOT_SET, 'ID'), _SEC_ERROR); } $pagetitle .= ' ' . _BC_DELIM . ' ' . _EPHEMMAINT; require_once 'header.php'; GraphicAdmin('_AMENU5'); OpenTable(); echo '<span class="genmed"><strong>' . _EPHEMADMIN . '</strong></span><br /><br />';
} if (!is_admin()) { cpg_die(_ERROR, PERM_DENIED, __FILE__, __LINE__); } if ($CLASS['member']->demo) { pageheader(PERM_DENIED); cpg_die(_ERROR, PERM_DENIED, __FILE__, __LINE__); pagefooter(); } if (isset($_POST['cancel'])) { $redirect = URL::index("&file=usermgr"); URL::redirect($redirect); } if (!isset($_POST['confirm'])) { $msg = DEL_USER . ' - ' . $user_id . '<br />' . USER_CONFIRM_DEL; cpg_delete_msg(URL::index("&file=delete"), $msg, '<input type="hidden" name="what" value="user" /><input type="hidden" name="id" value="' . $user_id . '" />'); } $result = $db->sql_query("SELECT username FROM {$CONFIG['TABLE_USERS']} WHERE user_id = '{$user_id}'", false, __FILE__, __LINE__); if (!$db->sql_numrows($result)) { cpg_die(_CRITICAL_ERROR, $ERR_UNKNOWN_USE, __FILE__, __LINE__); } $user_data = $db->sql_fetchrow($result); $db->sql_freeresult($result); pageheader(DEL_USER); starttable("100%", DEL_USER . ' - ' . $user_data['username'], 6); // First delete the albums $result = $db->sql_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = '" . (FIRST_USER_CAT + $user_id) . "'", false, __FILE__, __LINE__); while ($album = $db->sql_fetchrow($result)) { delete_album($album['aid']); } // while
} } elseif (isset($_GET['del']) && !($CLASS['member']->demo && $_GET['del'] == $MAIN_CFG['global']['language'])) { if (!preg_match('#^([a-zA-Z0-9_\\-]+)$#', $_GET['del'])) { cpg_error('Invalid title'); } if (!is_dir('language/' . $_GET['del'])) { cpg_error('Language does not exist'); } if (isset($_POST['cancel'])) { URL::redirect(URL::admin()); } if (isset($_POST['confirm'])) { del_folder($_GET['del']); cpg_error(get_lang_title($_GET['del']) . ' language pack successfully deleted', _TB_INFO, URL::admin()); } cpg_delete_msg(URL::admin('&del=' . $_GET['del']), 'Are you sure that you want to delete the ' . get_lang_title($_GET['del']) . ' language pack?'); } elseif (isset($_POST['cvs_lang'])) { require_once CORE_PATH . 'classes/cvs.php'; if (!preg_match('#^([a-zA-Z0-9_\\-]+)$#', $_POST['cvs_lang'])) { cpg_error('Invalid title'); } $path = 'language/' . $_POST['cvs_lang']; if (!CVS::create($path, 'dragonflycms.org', '/cvs', 'l10n/' . $_POST['cvs_lang'], $_POST['cvs_uname'], $_POST['cvs_pass'])) { cpg_error('Error creating important CVS files and folders'); } else { $log = CVS::update($path); if (!isset($log['error'])) { if (!isset($log['notes'])) { cpg_error(get_lang_title($_POST['cvs_lang']) . ' language pack successfully installed', _TB_INFO, URL::admin()); } $log = nl2br(CVS::formatlog($log));
cpg_error($lang['Group_joined'], 'Joined group', $groupurl); } else { if (isset($_POST['unsub']) || isset($_POST['unsubpending']) && $group_id) { // // Unsubscribe from a group // if (!is_user()) { URL::redirect(URL::index('Your_Account'), true); } if (isset($_POST['confirm'])) { $db->sql_query("DELETE FROM " . USER_GROUP_TABLE . " WHERE user_id=" . $userinfo['user_id'] . " AND group_id={$group_id}"); cpg_error($lang['Unsub_success'], 'Unsubscribed', URL::index()); } else { $unsub_msg = isset($_POST['unsub']) ? $lang['Confirm_unsub'] : $lang['Confirm_unsub_pending']; $hidden_fields = '<input type="hidden" name="g" value="' . $group_id . '" /><input type="hidden" name="unsub" value="1" />'; cpg_delete_msg(URL::index(), $unsub_msg, $hidden_fields); } } else { if ($group_id) { // // Did the group moderator get here through an email? // If so, check to see if they are logged in. // if (isset($_GET['validate']) && !is_user()) { URL::redirect(URL::index('Your_Account'), true); } // // For security, get the ID of the group moderator. // $result = $db->sql_query("SELECT group_moderator, group_type FROM " . GROUPS_TABLE . " WHERE group_id = {$group_id}"); if ($group_info = $db->sql_fetchrow($result)) {
BlocksEdit(intval($_GET['edit'])); } else { if (isset($_GET['del'])) { $bid = intval($_GET['del']); list($bposition, $weight, $title) = $db->sql_ufetchrow('SELECT bposition, weight, title from ' . $prefix . '_blocks where bid=' . $bid, SQL_NUM); if (!isset($bposition) || isset($_POST['cancel'])) { URL::redirect(URL::admin()); } if (isset($_POST['confirm'])) { $db->sql_uquery('UPDATE ' . $prefix . '_blocks SET weight=weight-1 WHERE bposition=\'' . $bposition . '\' AND weight>' . $weight); $db->sql_uquery('DELETE FROM ' . $prefix . '_blocks WHERE bid=' . $bid); $db->sql_uquery('DELETE FROM ' . $prefix . '_blocks_custom WHERE bid=' . $bid); Cache::array_delete('blocks_list'); URL::redirect(URL::admin()); } cpg_delete_msg(URL::admin('&del=' . $bid), sprintf(_ERROR_DELETE_CONF, '<strong>' . (defined($title) ? constant($title) : $title) . '</strong>')); } else { if (isset($_GET['save'])) { BlocksEditSave(intval($_GET['save'])); } else { if (isset($_POST['add']) && !BlocksAdd()) { rssfail(); return; } if (Security::check_post()) { $sides = array('l', 'c', 'r', 'd', 'n'); $count = count($_POST['id']); $blocks = blocks_list(); $mid = intval($_POST['mid']); $module = $db->sql_escape_string($_POST['module']); for ($i = 0; $i < $count; ++$i) {
$catname = trim($_POST['catname']) ? Fix_Quotes($_POST['catname']) : '<???>'; $description = Fix_Quotes($_POST['description']); $db->sql_query("INSERT INTO {$CONFIG['TABLE_CATEGORIES']} (pos, parent, catname, description) VALUES ('10000', '{$parent}', '{$catname}', '{$description}')", false, __FILE__, __LINE__); break; case 'deletecat': if (!isset($_POST['cid'])) { cpg_die(_CRITICAL_ERROR, sprintf(MISS_PARAM, 'deletecat'), __FILE__, __LINE__); } $cid = intval($_POST['cid']); if (isset($_POST['cancel'])) { $redirect = isset($CPG_SESS['user']['redirect']) ? $CPG_SESS['user']['redirect'] : URL::index("&file=catmgr"); URL::redirect($redirect); } if (!isset($_POST['confirm'])) { $msg = CONFIRM_DELETE_CAT . $_POST['catname']; cpg_delete_msg(URL::index("&file=catmgr"), $msg, '<input type="hidden" name="oppe" value="deletecat" /> <input type="hidden" name="cid" value="' . $cid . '" />'); } else { $result = $db->sql_query("SELECT parent FROM {$CONFIG['TABLE_CATEGORIES']} WHERE cid = '{$cid}'", false, __FILE__, __LINE__); if ($cid == 1) { cpg_die(_ERROR, USERGAL_CAT_RO, __FILE__, __LINE__); } if (!$db->sql_numrows($result)) { cpg_die(_ERROR, UNKNOWN_CAT, __FILE__, __LINE__); } $del_category = $db->sql_fetchrow($result); $parent = $del_category['parent']; $result = $db->sql_query("UPDATE {$CONFIG['TABLE_CATEGORIES']} SET parent='{$parent}' WHERE parent = '{$cid}'", false, __FILE__, __LINE__); $result = $db->sql_query("UPDATE {$CONFIG['TABLE_ALBUMS']} SET category='{$parent}' WHERE category = '{$cid}'", false, __FILE__, __LINE__); $result = $db->sql_query("DELETE FROM {$CONFIG['TABLE_CATEGORIES']} WHERE cid='{$cid}'", false, __FILE__, __LINE__); } break;
cpg_error(_ERROR_BAD_LINK, _SEC_ERROR); } if (!is_numeric($_GET['del_aid'])) { cpg_error(sprintf(_ERROR_NOT_SET, _ADMINID), _SEC_ERROR); } $del_aid = intval($_GET['del_aid']); if ($del_aid == 1) { cpg_error(_GODNOTDEL); } if (isset($_POST['confirm'])) { $db->sql_query('DELETE FROM ' . $prefix . "_admins WHERE admin_id='{$del_aid}'"); } else { if (!isset($_POST['cancel'])) { $pagetitle .= ' ' . _BC_DELIM . ' ' . _AUTHORDEL; list($author_name) = $db->sql_ufetchrow('SELECT aid FROM ' . $prefix . '_admins WHERE admin_id=' . $del_aid, SQL_NUM); cpg_delete_msg(URL::admin('admins&del_aid=' . $del_aid), sprintf(_ERROR_DELETE_CONF, '<strong>' . $author_name . '</strong>'), $hidden = ''); } } URL::redirect(URL::admin('admins')); } else { if (isset($_GET['update'])) { $adm_aid = intval($_GET['update']); if (!can_admin() && $CLASS['member']->admin['admin_id'] != $adm_aid || $CPG_SESS['admin']['page'] != 'admins' || $adm_aid < 1) { cpg_error(_ERROR_BAD_LINK, _SEC_ERROR); } $chng_email = trim($_POST['chng_email']); $chng_pwd = isset($_POST['chng_pwd']) ? $_POST['chng_pwd'] : ''; $chng_pwd2 = isset($_POST['chng_pwd2']) ? $_POST['chng_pwd2'] : ''; $fields = "email='{$chng_email}'"; if ($chng_pwd2 != '') { if (!preg_match('#[0-9]#', $chng_pwd) && !preg_match('#[a-z]#', $chng_pwd) && !preg_match('#[A-Z]#', $chng_pwd)) {
<label class="ulog" for="headlinesurl">' . _RSSFILE . '</label> <input type="text" name="headlinesurl" size="50" maxlength="200" value="' . $headlinesurl . '" /><br /><br /> <input type="hidden" name="save" value="' . $hid . '" /> <input type="submit" value="' . _SAVECHANGES . '" /> ' . close_form(); CloseTable(); } else { if (isset($_GET['del'])) { if (isset($_POST['cancel'])) { URL::redirect(URL::admin()); } if (isset($_POST['confirm'])) { $db->sql_query('DELETE FROM ' . $prefix . "_headlines WHERE hid='" . intval($_GET['del']) . "'"); URL::redirect(URL::admin()); } cpg_delete_msg(URL::admin('&del=' . intval($_GET['del'])), _SURE2DELHEADLINE); } else { require_once 'header.php'; GraphicAdmin('_AMENU6'); OpenTable(); echo '<span class="genmed"><strong>' . _HEADLINESADMIN . '</strong></span><br /><br /> <table border="0" width="100%"> <tr bgcolor="' . $bgcolor2 . '"> <td><strong>' . _SITENAME . '</strong></td> <td><strong>' . _URL . '</strong></td> <td><strong>' . _FUNCTIONS . '</strong></td> </tr>'; $result = $db->sql_uquery("SELECT hid, sitename, headlinesurl FROM " . $prefix . "_headlines ORDER BY hid"); $bgcolor = $bgcolor3; while (list($hid, $sitename, $headlinesurl) = $db->sql_fetchrow($result)) { $bgcolor = $bgcolor == '' ? ' bgcolor="' . $bgcolor3 . '"' : '';
} if ($module->radmin) { $db->alter_table($prefix . '_admins DROP radmin' . strtolower($class)); unset($_SESSION['CPG_ADMIN']); } $mid = $db->sql_fetchrow($db->sql_query('SELECT mid FROM ' . $prefix . "_modules WHERE title='{$class}'")); $db->sql_query('DELETE FROM ' . $prefix . "_modules WHERE title='{$class}'"); $db->optimize_table($prefix . '_modules'); $db->sql_query('DELETE FROM ' . $prefix . "_blocks_custom WHERE mid='{$mid['0']}'"); $db->optimize_table($prefix . 'blocks_custom'); Cache::clear_conf(); cpg_error('The module "' . $class . '" has been properly uninstalled, you can safely delete the files associated with it', 'Module Uninstall', URL::admin('modules')); } } else { if (!isset($_POST['cancel'])) { cpg_delete_msg(URL::admin('&uninstall=' . $class), 'Are you sure that you want to remove all data associated with <strong>' . $class . '</strong>?'); } } URL::redirect(URL::admin('modules')); } } $mods = array(); $result = $db->sql_query("SELECT mid, title, custom_title, active, view, inmenu, uninstall, blocks FROM " . $prefix . "_modules"); while ($row = $db->sql_fetchrow($result, SQL_ASSOC)) { if (!file_exists("modules/{$row['title']}/index.php")) { $db->sql_query("DELETE FROM {$prefix}_modules WHERE title='{$row['title']}'"); $db->optimize_table($prefix . '_modules'); $db->sql_query("DELETE FROM {$prefix}_blocks_custom WHERE mid='{$row['mid']}'"); $db->optimize_table($prefix . '_blocks_custom'); Cache::array_delete('blocks_list'); } else {