/**
* add the user to a specified group
*
* @param string $group the group name
*
* @return null
*/
function addToGroup($group)
{
$gid = dbOne('select id from groups where name="' . addslashes($group) . '"', 'id');
if (!$gid) {
dbQuery('insert into groups set name="' . addslashes($group) . '"');
$gid = dbLastInsertId();
}
dbQuery('insert into users_groups set groups_id=' . $gid . ',user_accounts_id=' . $this->id);
}
function dbInsert($table_name, $assoc_array)
{
global $database_connection;
$result = pg_insert($database_connection, $table_name, $assoc_array);
if ($result) {
return dbLastInsertId();
} else {
die("PG Error: " . pg_result_error($result));
}
}
/**
* create an issue
*
* @return array status
*/
function Issuetracker_issueCreate()
{
$name = $_REQUEST['name'];
$type_id = (int) $_REQUEST['type_id'];
$project_id = (int) $_REQUEST['project_id'];
$sql = 'insert into issuetracker_issues' . ' set name="' . addslashes($name) . '"' . ', type_id=' . $type_id . ', project_id=' . $project_id . ', meta="{}"' . ', date_created=now()' . ', date_modified=now()' . ', status=1';
dbQuery($sql);
$id = dbLastInsertId();
return array('id' => $id);
}
/**
* get a list of issue types
*
* @return array list
*/
function IssueTracker_adminTypeNew()
{
$name = $_REQUEST['name'];
if (!$name) {
return array('error' => 'no name provided');
}
$sql = 'select id from issuetracker_types where name="' . addslashes($name) . '"';
if (dbOne($sql, 'id')) {
return array('error' => 'an issue type with that name already exists');
}
dbQuery('insert into issuetracker_types set name="' . addslashes($name) . '"' . ', fields="[]"');
return array('id' => dbLastInsertId());
}
/**
* create an employee
*
* @return array
*/
function Meetings_adminEmployeeCreate()
{
$name = $_REQUEST['name'];
dbQuery('insert into user_accounts set name="' . addslashes($name) . '"');
$id = dbLastInsertId();
$gid = (int) dbOne('select id from groups where name="employees"', 'id');
if (!$gid) {
dbOne('insert into groups set name="employees"');
$gid = dbLastInsertId();
}
dbQuery('insert into users_groups set user_accounts_id=' . $id . ', groups_id=' . $gid);
return array('id' => $id);
}
/**
* display the forums, threads, and posts
*
* @param object &$PAGEDATA the page object
*
* @return string HTML of the forum
*/
function Forum_show(&$PAGEDATA)
{
$view = 0;
if (isset($_REQUEST['forum-t'])) {
$view = 2;
$thread_id = (int) $_REQUEST['forum-t'];
} else {
if (isset($_REQUEST['forum-f'])) {
$view = 1;
$forum_id = (int) $_REQUEST['forum-f'];
}
}
if ($view == 0) {
$forums = dbAll('select * from forums where parent_id=0 and page_id=' . $PAGEDATA->id);
if (!$forums) {
dbQuery('insert into forums ' . 'values(0,' . $PAGEDATA->id . ',0,"default", "1")');
$view = 1;
$forum_id = dbLastInsertId();
} else {
if (count($forums) == 1) {
$view = 1;
$forum_id = $forums[0]['id'];
}
}
}
switch ($view) {
case 1:
// { specific forum
$c = Forum_showForum($PAGEDATA, $forum_id);
break;
// }
// }
case 2:
// { specific thread
$c = Forum_showThread($PAGEDATA, $thread_id);
break;
// }
// }
default:
// { show all forums
$c = Forum_showForums($PAGEDATA, $forums);
// }
}
if (!isset($PAGEDATA->vars['footer'])) {
$PAGEDATA->vars['footer'] = '';
}
return $PAGEDATA->render() . $c . $PAGEDATA->vars['footer'];
}
function ClassifiedAds_publish($id)
{
$data = dbRow('select * from classifiedads_purchase_orders where id=' . $id);
$userEmail = dbOne('select email from user_accounts where id=' . $data['user_id'], 'email');
$sql = 'insert into classifiedads_ad set user_id=' . $data['user_id'] . ',email="' . addslashes($userEmail) . '",creation_date=now()' . ',title="' . addslashes($data['title']) . '"' . ',body="' . addslashes($data['description']) . '"' . ',expiry_date=date_add(now(), interval ' . $data['days'] . ' day)' . ', status=1, category_id=' . $data['category_id'];
dbQuery($sql);
$ad_id = dbLastInsertId();
$dir = USERBASE . '/f/userfiles/' . $data['user_id'];
if (file_exists($dir . '/classified-ads-upload/' . $data['id'])) {
@mkdir($dir . '/classified-ads', 0777, true);
rename($dir . '/classified-ads-upload/' . $data['id'], $dir . '/classified-ads/' . $ad_id);
}
Core_cacheClear('classifiedads_ad');
}
/**
* edit an ad type
*
* @return status
*/
function ClassifiedAds_adminTypeEdit()
{
$sql = 'classifiedads_types set maxchars=' . (int) $_REQUEST['maxchars'] . ', price_per_day=' . (double) $_REQUEST['price_per_day'] . ', minimum_number_of_days=' . (int) $_REQUEST['minimum_number_of_days'] . ', number_of_images=' . (int) $_REQUEST['number_of_images'] . ', name="' . addslashes($_REQUEST['name']) . '"';
$id = (int) $_REQUEST['id'];
if ($id) {
dbQuery('update ' . $sql . ' where id=' . $id);
} else {
dbQuery('insert into ' . $sql);
$id = dbLastInsertId();
}
return array('id' => $id, 'opts' => dbAll('select id, name from classifiedads_types order by name'));
}
function OnlineStoreEbay_adminImportOrders()
{
require_once 'eBaySession.php';
error_reporting(E_ALL);
$rs = dbAll('select * from online_store_vars where name like "ebay%"');
$vs = array();
foreach ($rs as $r) {
$vs[$r['name']] = $r['val'];
}
$production = (int) $vs['ebay_status'];
if ($production) {
$devID = $vs['ebay_devid'];
$appID = $vs['ebay_appid'];
$certID = $vs['ebay_certid'];
$serverUrl = 'https://api.ebay.com/ws/api.dll';
// server URL different for prod and sandbox
$userToken = $vs['ebay_usertoken'];
} else {
$devID = $vs['ebay_sandbox_devid'];
$appID = $vs['ebay_sandbox_appid'];
$certID = $vs['ebay_sandbox_certid'];
$serverUrl = 'https://api.sandbox.ebay.com/ws/api.dll';
$userToken = $vs['ebay_sandbox_usertoken'];
}
$compatabilityLevel = 827;
// eBay API version
$siteToUseID = 205;
$sess = new eBaySession($userToken, $devID, $appID, $certID, $serverUrl, $compatabilityLevel, $siteToUseID, 'GetOrders');
$xml = '<?xml version="1.0" encoding="utf-8"?>' . '<GetOrdersRequest xmlns="urn:ebay:apis:eBLBaseComponents">' . ' <RequesterCredentials>' . ' <eBayAuthToken>' . $userToken . '</eBayAuthToken>' . ' </RequesterCredentials>' . ' <NumberOfDays>10</NumberOfDays>' . ' <OrderRole>Seller</OrderRole>' . ' <OrderStatus>Completed</OrderStatus>' . ' <DetailLevel>ReturnAll</DetailLevel>' . ' <SortingOrder>Descending</SortingOrder>' . ' <WarningLevel>High</WarningLevel>' . '</GetOrdersRequest>';
$xmlstr = $sess->sendHttpRequest($xml);
$reply = new SimpleXMLElement($xmlstr);
if (isset($reply->Errors)) {
return array('sent' => $xml, 'reply' => new SimpleXMLElement($xmlstr), 'errors' => $reply->Errors);
}
$imported = 0;
foreach ($reply->OrderArray->Order as $order) {
$order = json_decode(json_encode($order));
$ebayOrderId = $order->OrderID;
$r = dbOne('select id from online_store_orders where ebayOrderId="' . $ebayOrderId . '"' . ' limit 1', 'id');
if ($r) {
continue;
}
$address = $order->ShippingAddress;
if ($address->PostalCode == '') {
$address->PostalCode = 'na';
}
$form_vals = array('FirstName' => preg_replace('/ .*/', '', $address->Name), 'Surname' => preg_replace('/.*? /', '', $address->Name), 'Phone' => $address->Phone, 'Email' => '*****@*****.**', 'Street' => $address->Street1, 'Street2' => $address->Street2, 'Town' => $address->CityName, 'County' => $address->StateOrProvince, 'PostCode' => $address->PostalCode, 'Country' => $address->CountryName, 'CountryCode' => $address->Country);
$form_vals = json_encode($form_vals);
$total = (double) $order->Total;
$date_created = date('Y-m-d h:i:s', strtotime($order->CreatedTime));
$transactions = array();
$tArr = $order->TransactionArray->Transaction;
if (!is_array($tArr)) {
$transactions = array($tArr);
} else {
$transactions = $tArr;
}
$items = array();
foreach ($transactions as $transaction) {
$item = $transaction->Item;
if (isset($item->ApplicationData)) {
$appData = json_decode(htmlspecialchars_decode($item->ApplicationData));
$itemId = $appData->productId;
} else {
$itemId = dbOne('select id from products where link="' . addslashes($item->Title) . '"', 'id');
}
$key = 'products_' . $itemId;
if (!isset($items[$key])) {
$items[$key] = array();
$r = dbRow('select * from products where id=' . $itemId . ' limit 1');
$items[$key] = array('short_desc' => $r['name'], 'id' => $itemId, 'amt' => 0);
}
$items[$key]['amt'] += $transaction->QuantityPurchased;
}
$jitems = json_encode($items);
// { create the order entry
dbQuery('insert into online_store_orders set total="' . $total . '"' . ', items="' . addslashes($jitems) . '"' . ', ebayOrderId="' . $ebayOrderId . '"' . ', form_vals="' . addslashes($form_vals) . '"' . ', date_created="' . addslashes($date_created) . '"' . ', status=1');
$id = dbLastInsertId();
// }
dbQuery('update online_store_orders set invoice_num=id where id=' . $id);
Core_cacheClear('online_store_orders');
OnlineStore_updateProductSales($id, $items, $date_created);
$imported++;
}
return array('imported' => $imported, 'reply' => new SimpleXMLElement($xmlstr));
}
}
if (isset($_SESSION['userdata'])) {
$user = $_SESSION['userdata'];
}
$id = (int) $_REQUEST['id'];
$tp = $DBVARS['tp'];
if ($_REQUEST['action'] == 'delete') {
dbQuery('delete from ' . $tp . 'tutorial where id=' . $id);
unset($_REQUEST['id']);
}
if ($_REQUEST['action'] == 'Save') {
$sql = 'set title="' . $_REQUEST['TITLE'] . '", content="' . $_REQUEST['CONTENT'] . '",isValidated =0 ,postedBy=' . $user['uid'] . ';';
if ($id == -1) {
//save to the main tutorial table
dbQuery('insert into ' . $tp . 'tutorial ' . $sql);
$dbTutId = dbLastInsertId();
//save the pics and videos
if (isset($_REQUEST['PICTURES'])) {
$pictures = reArrayFiles($_FILES['PICTURES']);
//die();
foreach ($pictures as $pic) {
//var_dump($value[]);
$baseFileName = $user['uid'] . '-' . $dbTutId . basename($pic['name']);
//save to the main tutorial_multimedia table
$sql1 = 'set tutorial_id="' . $dbTutId . '", type="PICTURES", value="' . $baseFileName . '";';
dbQuery('insert into ' . $tp . 'tutorial_multimedia ' . $sql1);
//move uploaded files to its location..
if ($pic['error'] == UPLOAD_ERR_OK) {
$uploadFile = MEDIABASE . 'pictures/' . $baseFileName;
if (!move_uploaded_file($pic['tmp_name'], $uploadFile)) {
var_dump($pic['tmp_name']);
// }
dbQuery('insert into products_types set' . ' name="' . $product_type . '",' . ' multiview_template="' . addslashes($type['multi']) . '",' . ' singleview_template="' . addslashes($type['single']) . '",' . ' data_fields="' . addslashes($fields) . '",' . ' is_for_sale=1');
$product_type_id = dbLastInsertId();
// }
// { add products page to database
$name = $_SESSION['wizard']['name'];
dbQuery('insert into pages set' . ' name="' . addslashes($name) . '",' . ' type="products",' . ' cdate="date()",' . ' edate="date()",' . ' special=0,' . ' alias="' . addslashes($name) . '"');
$products_id = dbLastInsertId();
// }
// { add products info to page vars
dbQuery('insert into page_vars (page_id,name,value) values' . '(' . $products_id . ',"products_what_to_show","1"),' . '(' . $products_id . ',"products_type_to_show","' . $product_type_id . '")');
// }
// { add online-store page to database
$body = file_get_contents('../body_template_sample.html');
dbQuery('insert into pages set' . ' name="Checkout",' . ' body="' . addslashes($body) . '",' . ' original_body="' . addslashes($body) . '",' . ' parent="' . $products_id . '",' . ' cdate="date()",' . ' edate="date()",' . ' special=2,' . ' type="online-store",' . ' alias="Checkout"');
$store_id = dbLastInsertId();
// }
// { add online store stuff to page vars
$store_vals = array('online_stores_admin_email' => $_SESSION['wizard']['payment']['email'], 'online_stores_vat_percent' => 0, 'online_stores_requires_login' => $_SESSION['wizard']['payment']['login']);
// { paypal
$store_vals['online_stores_paypal_address'] = @$_SESSION['wizard']['payment']['paypal'] == 1 ? $_SESSION['wizard']['payment']['paypal-email'] : '';
// }
// { bank transfer
$store_vals += array('online_stores_bank_transfer_bank_name' => @$_SESSION['wizard']['payment']['transfer'] == 1 ? $_SESSION['wizard']['payment']['transfer-bankname'] : '', 'online_stores_bank_transfer_sort_code' => @$_SESSION['wizard']['payment']['transfer'] == 1 ? $_SESSION['wizard']['payment']['transfer-sortcode'] : '', 'online_stores_bank_transfer_account_name' => @$_SESSION['wizard']['payment']['transfer'] == 1 ? $_SESSION['wizard']['payment']['transfer-accountname'] : '', 'online_stores_bank_transfer_account_number' => @$_SESSION['wizard']['payment']['transfer'] == 1 ? $_SESSION['wizard']['payment']['transfer-number'] : '', 'online_stores_bank_transfer_message' => @$_SESSION['wizard']['payment']['transfer'] == 1 ? $_SESSION['wizard']['payment']['transfer-message'] : '');
// }
// { realex
$store_vals += array('online_stores_realex_merchantid' => @$_SESSION['wizard']['payment']['realex'] == 1 ? $_SESSION['wizard']['payment']['realex-merchantid'] : '', 'online_stores_realex_sharedsecret' => @$_SESSION['wizard']['payment']['realex'] == 1 ? $_SESSION['wizard']['payment']['realex-secret'] : '', 'online_store_redirect_to' => @$_SESSION['wizard']['payment']['realex'] == 1 ? $_SESSION['wizard']['payment']['realex-redirect'] : '', 'online_stores_realex_testmode' => @$_SESSION['wizard']['payment']['realex'] == 1 ? $_SESSION['wizard']['payment']['realex-mode'] : '');
// }
// { form fields
$store_vals['online_stores_fields'] = '{"FirstName":{"required":"required","s' . 'how":1},"Surname":{"required":"required","show":1},"Phone":{"required":' . '"required","show":1},"Email":{"required":"required","show":1},"Street":' . '{"show":1},"Street2":{"show":1},"Town":{"show":1},"County":{"show":1},"' . 'country":{"show":1},"BillingAddressIsDifferentToDelivery":{"show":1},"B' . 'illing_FirstName":{"show":1},"Billing_Surname":{"show":1},"Billing_Phon' . 'e":{"show":1},"Billing_Email":{"show":1},"Billing_Street":{"show":1},"B' . 'illing_Street2":{"show":1},"Billing_Town":{"show":1},"Billing_County":{' . '"show":1},"Billing_Country":{"show":1}}';
// }
/**
* Creates a new group, adds the current user to it and sets it as a moderator
* group for that forum
*
* @return array
*/
function Forum_adminGroupNew()
{
$forum = $_REQUEST['forum'];
if (!is_numeric($_REQUEST['forum'])) {
Core_quit('Invalid forum id');
}
$name = $_REQUEST['name'];
dbQuery('insert into groups set name = "' . addslashes($name) . '"');
$group = dbLastInsertId();
if (!$group) {
return array('status' => 0, 'message' => 'Error creating group');
}
$user = $_SESSION['userdata']['id'];
dbQuery('insert into users_groups (user_accounts_id, groups_id)' . 'values(' . $user . ', ' . $group . ')');
$groups = dbOne('select moderator_groups from forums where id = ' . $forum, 'moderator_groups');
$groups = explode(',', $groups);
$groups[] = $group;
$groups = implode(',', $groups);
dbQuery('update forums set moderator_groups = "' . addslashes($groups) . '"' . ' where id = ' . $forum);
return array('name' => $name, 'forum' => (int) $forum);
}
/**
* import from an uploaded file
*
* @param array $vars array of parameters
*
* @return status
*/
function Products_importFile($vars = false)
{
// { set up variables
if ($vars === false) {
return false;
}
if (!@$vars->productsImportDeleteAfter['varvalue']) {
$vars->productsImportDeleteAfter = array('varvalue' => false);
}
if (!@$vars->productsImportDelimiter['varvalue']) {
$vars->productsImportDelimiter = array('varvalue' => ',');
}
if (!@$vars->productsImportFileUrl['varvalue']) {
$vars->productsImportFileUrl = array('varvalue' => 'ww.cache/products/import.csv');
}
if (!@$vars->productsImportImagesDir['varvalue']) {
$vars->productsImportImagesDir = array('varvalue' => 'ww.cache/products/images');
}
$fname = USERBASE . '/' . $vars->productsImportFileUrl['varvalue'];
// }
if (strpos($fname, '..') !== false) {
return array('message' => __('Invalid file URL'));
}
if (!file_exists($fname)) {
return array('message' => __('File not uploaded'));
}
if (function_exists('mb_detect_encoding')) {
$charset = mb_detect_encoding(file_get_contents($fname), 'UTF-8', true);
} else {
$charset = 'UTF-8';
}
$handle = fopen($fname, 'r');
if ($charset != 'UTF-8') {
stream_filter_register("utf8encode", "Utf8encode_Filter") or die(__('Failed to register filter'));
stream_filter_prepend($handle, "utf8encode");
}
$row = fgetcsv($handle, 1000, $vars->productsImportDelimiter['varvalue']);
// { check the headers
$headers = array();
foreach ($row as $k => $v) {
if ($v) {
$headers[$v] = $k;
}
}
if (!isset($headers['_name']) || !isset($headers['_ean']) || !isset($headers['_stocknumber']) || !isset($headers['_type']) || !isset($headers['_categories'])) {
$req = '_name, _ean, _stocknumber, _type, _categories';
return array('message' => __('Missing required headers (%1)', array($req), 'core') . '. ' . __('Please use the Download link to get a sample import file.'), 'headers-found' => $headers);
}
// }
$product_types = array();
$imported = 0;
$categoriesByName = array();
$preUpload = (int) @$vars->productsImportSetExisting['varvalue'];
$postUpload = (int) @$vars->productsImportSetImported['varvalue'];
if ($preUpload) {
dbQuery('update products set enabled=' . ($preUpload - 1) . ', date_edited=now()');
}
// { do the import
while (($data = fgetcsv($handle, 1000, $vars->productsImportDelimiter['varvalue'])) !== false) {
$id = 0;
$stocknumber = $data[$headers['_stocknumber']];
// { stockcontrol_total (how many are in stock)
$stockcontrol_total = '';
if (isset($headers['_stockcontrol_total']) && isset($data[$headers['_stockcontrol_total']])) {
$stockcontrol_total = ',stockcontrol_total=' . (int) $data[$headers['_stockcontrol_total']];
}
// }
$type = $data[$headers['_type']];
if (!$type) {
$type = 'default';
}
if (isset($product_types[$type]) && $product_types[$type]) {
$type_id = $product_types[$type];
} else {
$type_id = (int) dbOne('select id from products_types where name="' . addslashes($type) . '"', 'id');
if (!$type_id) {
$type_id = (int) dbOne('select id from products_types limit 1', 'id');
}
$product_types[$type] = $type_id;
}
$name = $data[$headers['_name']];
$ean = $data[$headers['_ean']];
if ($stocknumber) {
$id = (int) dbOne('select id from products where stock_number="' . addslashes($stocknumber) . '"', 'id');
if ($id) {
dbQuery('update products set ean="' . addslashes($ean) . '"' . ',product_type_id=' . $type_id . ',name="' . addslashes($name) . '",date_edited=now()' . $stockcontrol_total . ' where id=' . $id);
}
}
if (!$id) {
$sql = 'insert into products set ' . 'stock_number="' . addslashes($stocknumber) . '"' . $stockcontrol_total . ',product_type_id=' . $type_id . ',name="' . addslashes($name) . '"' . ',ean="' . addslashes($ean) . '"' . ',date_created=now()' . ',date_edited=now()' . ',activates_on=now()' . ',expires_on="2100-01-01"' . ',enabled=1' . ',data_fields="{}"' . ',online_store_fields="{}"';
dbQuery($sql);
$id = dbLastInsertId();
}
// { get data from Products table
$row = dbRow('select data_fields,online_store_fields,activates_on,expires_on' . ' from products where id=' . $id);
// }
$data_fields = json_decode($row['data_fields'], true);
$os_fields = json_decode($row['online_store_fields'], true);
foreach ($headers as $k => $v) {
if (preg_match('/^_/', $k)) {
continue;
}
foreach ($data_fields as $k2 => $v2) {
if ($v2['n'] == $k) {
unset($data_fields[$k2]);
}
}
$data_fields[] = array('n' => $k, 'v' => $data[$v]);
}
if (@$data[$headers['_price']]) {
$os_fields['_price'] = Products_importParseNumber(@$data[$headers['_price']]);
$os_fields['_saleprice'] = Products_importParseNumber(@$data[$headers['_saleprice']]);
$os_fields['_bulkprice'] = Products_importParseNumber(@$data[$headers['_bulkprice']]);
$os_fields['_bulkamount'] = (int) @$data[$headers['_bulkamount']];
} else {
$os_fields = array();
}
$dates = '';
$now = date('Y-m-d');
if ($postUpload && ($row['activates_on'] > $now || $row['expires_on'] < $now)) {
$dates = ',activates_on="' . $now . '",expires_on="2100-01-01"';
}
if (!$postUpload && ($row['activates_on'] < $now && $row['expires_on'] > $now)) {
$dates = ',activates_on="' . $now . '",expires_on="' . $now . '"';
}
// { update the product row
dbQuery('update products set ' . 'data_fields="' . addslashes(json_encode($data_fields)) . '"' . ',online_store_fields="' . addslashes(json_encode($os_fields)) . '"' . ',date_edited=now()' . $dates . ',enabled=' . $postUpload . ' where id=' . $id);
// }
$cid = (int) @$vars->productsImportCategory['varvalue'];
switch ($cid) {
case '-1':
// { from file
ProductsCategoriesProducts::deleteByProductId($id);
dbQuery('update products set num_of_categories=0 where id=' . $id);
Core_cacheClear('products');
if (@$data[$headers['_categories']]) {
$catnames = explode('|', $data[$headers['_categories']]);
foreach ($catnames as $catname) {
$cat = ProductCategory::getInstanceByName($catname);
if (!$cat) {
continue;
}
ProductsCategoriesProducts::insert($cat->vals['id'], $id);
Products_categoriesRecount(array($id));
}
}
break;
// }
// }
case '0':
break;
default:
// {
ProductsCategoriesProducts::deleteByProductId($id);
ProductsCategoriesProducts::insert($cid, $id);
break;
// }
}
$imported++;
}
// }
Core_cacheClear('products');
if ($imported) {
return array('message' => __('Imported %1 products', array($imported), 'core'));
}
return array('message' => __('No products imported'));
}
/**
* sends a form, or displays the form instead with errors on top
*
* @param array $page page db row
* @param array $vars page meta data
* @param array $form_fields array of fields
*
* @return HTML of either the result, or the form with errors on top
*/
function Form_send($page, $vars, $form_fields)
{
$c = '';
$plaintext = '';
$values = array();
$email = '';
foreach ($form_fields as $r2) {
$name = preg_replace('/[^a-zA-Z0-9_]/', '', $r2['name']);
$separator = "\n" . str_repeat('-', 80) . "\n";
$val = '';
switch ($r2['type']) {
case 'checkbox':
// {
$val = @$_REQUEST[$name];
$values[$r2['name']] = $val == 'on' ? 'yes' : 'no';
if ($val == 'on') {
$plaintext .= 'selected option: ' . htmlspecialchars($r2['name']) . $separator;
}
break;
// }
// }
case 'date':
case 'ccdate':
// {
$val = Core_dateM2H(@$_REQUEST[$name]);
if ($r2['type'] == 'ccdate') {
$val = preg_replace('#.* ([a-zA-Z]*, [0-9]+)#', "\$1", $val);
}
$values[$r2['name']] = $val;
$plaintext .= htmlspecialchars($r2['name']) . "\n" . htmlspecialchars($val) . $separator;
break;
// }
// }
case 'email':
// {
$val = @$_REQUEST[$name];
$values[$r2['name']] = $val;
$plaintext .= htmlspecialchars($r2['name']) . "\n" . htmlspecialchars($val) . $separator;
$email = $val;
break;
// }
// }
case 'file':
// { build $files array which emulates the $_FILES array
// { first remove old uploads
$dir = USERBASE . '/f/.files/forms/';
if (!is_dir($dir)) {
break;
}
$fs = new DirectoryIterator($dir);
$time = time();
foreach ($fs as $f) {
if ($f->isDot()) {
continue;
}
if ($f->isDir()) {
$diff = $time - $f->getMTime();
if ($diff > 600) {
// file is older than 10 minutes
CoreDirectory::delete($f->getPathname());
}
}
}
// }
$session_id = session_id();
$dir .= $session_id;
if (!is_dir($dir)) {
break;
}
$_FILES = array();
$uploads = new DirectoryIterator($dir);
foreach ($uploads as $upload) {
if ($upload->isDot() || $upload->isDir()) {
continue;
}
array_push($_FILES, array('name' => $upload->getFileName(), 'type' => mime_content_type($upload->getPathname()), 'tmp_name' => $upload->getPathname(), 'error' => 0, 'size' => $upload->getSize()));
}
break;
// }
// }
case 'html-block':
case 'next-page-link':
case 'previous-page-link':
case 'page-break':
// { not inputs - don't add them
break;
// }
// }
default:
// {
$val = @$_REQUEST[$name];
$values[$r2['name']] = $val;
$val = nl2br($val);
$plaintext .= htmlspecialchars($r2['name']) . "\n" . htmlspecialchars($val) . $separator;
// }
}
}
$from_field = preg_replace('/[^a-zA-Z]/', '', $vars['forms_replyto']);
$from = isset($_REQUEST[$from_field]) ? $_REQUEST[$from_field] : '';
if (@$vars['forms_create_user']) {
$id = dbOne('select id from user_accounts where email="' . addslashes($email) . '"', 'id');
if (!$id) {
dbQuery('insert into user_accounts set email="' . addslashes($email) . '",' . 'extras="' . addslashes(json_encode($values)) . '"');
$id = dbLastInsertId();
if (isset($_FILES) && count($_FILES)) {
@mkdir(USERBASE . '/f/user-files');
@mkdir(USERBASE . '/f/user-files/' . $id);
foreach ($_FILES as $file) {
copy($file['tmp_name'], USERBASE . '/f/user-files/' . $id . '/' . $file['name']);
}
}
}
}
if ($vars['forms_send_as_email']) {
$form = Form_readonly($page['id'], $vars, $form_fields);
$to = $vars['forms_recipient'];
$form = str_replace(array('<input type="submit" value="' . __('Submit Form') . '" />', '<form action="' . $_SERVER['REQUEST_URI'] . '" method="post" ' . 'class="ww_form" enctype="multipart/form-data">', '</form>'), '', $form);
cmsMail($to, $from, $_SERVER['HTTP_HOST'] . ' ' . __FromJson($page['name']), '<html><head></head><body>' . $form . '</body></html>', $_FILES);
if (is_dir(USERBASE . '/f/.files/forms/' . session_id())) {
// remove uploaded files
CoreDirectory::delete(USERBASE . '/f/.files/forms/' . session_id());
}
}
if ($vars['forms_record_in_db']) {
Form_saveValues($page['id'], $form_fields);
}
$c .= '<div id="thankyoumessage">' . $vars['forms_successmsg'] . '</div>';
return $c;
}
}
list($pid, $wid) = explode('-', preg_replace('/.*widget-id=([0-9]*-[0-9]*).*/', '\\1', $_SERVER['REQUEST_URI']));
require_once $_SERVER['DOCUMENT_ROOT'] . '/ww.incs/basics.php';
$panel = json_decode(dbOne('select body from panels where id=' . (int) $pid, 'body'));
foreach ($panel->widgets as $widget) {
if ($widget->id == $wid) {
$fbappid = $widget->fbappid;
$fbsecret = $widget->fbsecret;
$url = 'https://graph.facebook.com/oauth/access_token' . '?client_id=' . $fbappid . '&redirect_uri=http://' . $_SERVER['HTTP_HOST'] . preg_replace('/\\?.*/', '', $_SERVER['REQUEST_URI']) . '&client_secret=' . $fbsecret . '&code=' . $_REQUEST['code'];
$auth = file_get_contents($url);
$details = file_get_contents('https://graph.facebook.com/me?' . $auth);
$details = json_decode($details);
if (is_null($details)) {
// failed login
mail(DistConfig::get('email'), 'Facebook failed data', $details);
header('Location: /');
Core_quit();
}
$name = $details->name;
$email = $details->email;
$user = dbRow('select * from user_accounts where email="' . addslashes($email) . '"');
if ($user == false) {
$pass = md5($details->id);
dbQuery('insert into user_accounts set email="' . addslashes($email) . '",name="' . addslashes($name) . '",active=1,password="******"');
$user = dbRow('select * from user_accounts where id=' . dbLastInsertId());
}
$_SESSION['userdata'] = $user;
dbQuery('update user_accounts set last_login=now() where id=' . $user['id']);
}
}
header('Location: /');
/**
* make a purchase order
*
* @return null
*/
function Ads_makePurchaseOrder()
{
if (!isset($_SESSION['userdata']['id'])) {
$email = $_REQUEST['email'];
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
return array('error' => __('invalid email address'));
}
dbQuery('insert into user_accounts set email="' . addslashes($email) . '",' . 'name="' . addslashes($email) . '",active=1,date_created=now()');
$user_id = dbLastInsertId();
$dirname = USERBASE . '/f/userfiles/' . $user_id . '/ads-upload';
mkdir($dirname, 0777, true);
$olddirname = USERBASE . '/f/userfiles/' . $_SESSION['tmpUID'] . '/ads-upload';
$dir = new DirectoryIterator($olddirname);
foreach ($dir as $file) {
if ($file->isDot()) {
continue;
}
$fname = $file->getFilename();
copy($olddirname . '/' . $fname, $dirname . '/' . $fname);
}
} else {
$user_id = $_SESSION['userdata']['id'];
}
$type_id = (int) $_REQUEST['type_id'];
$days = (int) $_REQUEST['days'];
$target_url = isset($_REQUEST['target_url']) ? $_REQUEST['target_url'] : '';
$target_type = (int) $_REQUEST['target_type'];
$sql = 'insert into ads_purchase_orders set user_id=' . $user_id . ', type_id=' . $type_id . ', days=' . $days . ', target_url="' . addslashes($target_url) . '"' . ', target_type=' . $target_type . ', meta="' . addslashes(json_encode($_REQUEST['meta'])) . '"';
mail('kae.verens@gmail.com,sales@monaghanlife.ie', '[kvwebme] ad created', $sql);
dbQuery($sql);
return array('id' => dbLastInsertId());
}
/**
* make a purchase order
*
* @return null
*/
function ClassifiedAds_makePurchaseOrder()
{
if (!isset($_SESSION['userdata']['id'])) {
$email = $_REQUEST['email'];
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
return array('error' => __('invalid email address'));
}
dbQuery('insert into user_accounts set email="' . addslashes($email) . '",' . 'name="' . addslashes($email) . '",active=1,date_created=now()');
$user_id = dbLastInsertId();
$dirname = USERBASE . '/f/userfiles/' . $user_id . '/classified-ads-upload';
mkdir($dirname, 0777, true);
$olddirname = USERBASE . '/f/userfiles/' . $_SESSION['tmpUID'] . '/classified-ads-upload';
$dir = new DirectoryIterator($olddirname);
foreach ($dir as $file) {
if ($file->isDot()) {
continue;
}
$fname = $file->getFilename();
rename($olddirname . '/' . $fname, $dirname . '/' . $fname);
}
} else {
$user_id = $_SESSION['userdata']['id'];
$dirname = USERBASE . '/f/userfiles/' . $user_id . '/classified-ads-upload';
}
$type_id = (int) $_REQUEST['type_id'];
$days = (int) $_REQUEST['days'];
$phone = $_REQUEST['phone'];
$location = $_REQUEST['location'];
$cost = $_REQUEST['cost'];
$title = $_REQUEST['title'];
$description = $_REQUEST['description'];
dbQuery('insert into classifiedads_purchase_orders set user_id=' . $user_id . ', type_id=' . $type_id . ', days=' . $days . ', title="' . addslashes($title) . '"' . ', phone="' . addslashes($phone) . '", location="' . addslashes($location) . '"' . ', cost="' . addslashes($cost) . '", category_id=' . (int) $_REQUEST['category_id'] . ', description="' . addslashes($description) . '"');
$ad_id = dbLastInsertId();
$dir = new DirectoryIterator($dirname);
mkdir($dirname . '/' . $ad_id, 0777, true);
foreach ($dir as $file) {
if ($file->isDot() || $file->isDir()) {
continue;
}
$fname = $file->getFilename();
rename($dirname . '/' . $fname, $dirname . '/' . $ad_id . '/' . $fname);
}
$id = dbLastInsertId();
if ($cost == 0) {
ClassifiedAds_publish($id);
}
return array('id' => $id);
}
/**
* edit a post (must be an admin or the article's owner)
*
* @return status
*/
function Blog_postEdit()
{
$title = @$_REQUEST['blog_title'];
$body = @$_REQUEST['blog_body'];
$excerpt = @$_REQUEST['blog_excerpt'];
$excerpt_image = @$_REQUEST['blog_excerpt-image'];
$tags = @$_REQUEST['blog_tags'];
$pdate = @$_REQUEST['blog_pdate'];
$user_id = (int) @$_REQUEST['blog_user_id'];
$id = (int) @$_REQUEST['blog_id'];
$status = (int) @$_REQUEST['blog_status'];
$allow_comments = (int) @$_REQUEST['blog_allow_comments'];
$featured_post = isset($_REQUEST['blog_featured-post']) ? 1 : 0;
// TODO: make sure only verified users are allowed edit or create an entry
$sql = 'title="' . addslashes($title) . '"' . ', body="' . addslashes($body) . '"' . ', featured="' . $featured_post . '"' . ', excerpt="' . addslashes($excerpt) . '"' . ', excerpt_image="' . addslashes($excerpt_image) . '"' . ', tags="' . addslashes($tags) . '"' . ', pdate="' . addslashes($pdate) . '"' . ', status="' . $status . '"' . ', allow_comments="' . $allow_comments . '"' . ', udate=now()';
if ($id) {
$sql = 'update blog_entry set ' . $sql . ' where id=' . $id;
dbQuery($sql);
} else {
$sql = 'insert into blog_entry set ' . $sql . ',cdate=now(),user_id=' . (int) $_SESSION['userdata']['id'];
dbQuery($sql);
$id = dbLastInsertId();
}
dbQuery('delete from blog_tags where entry_id=' . $id);
$tags = explode('|', $tags);
foreach ($tags as $tag) {
dbQuery('insert into blog_tags set entry_id=' . $id . ', tag="' . addslashes($tag) . '"');
}
Core_cacheClear('blog_tags,blog_entry');
return array('ok' => $id);
}
foreach (explode("\n", $_REQUEST['user_emails']) as $email) {
$email = trim($email);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
continue;
}
$users_list['emails'][] = $email;
}
$users_list['users'] = array();
foreach ($_REQUEST['user_ids'] as $uid => $checked) {
$users_list['users'][] = $uid;
}
}
$sql = 'name="' . addslashes($name) . '",' . 'code="' . addslashes($_REQUEST['code']) . '",' . 'user_constraints="' . addslashes($_REQUEST['user_constraints']) . '",' . 'users_list="' . addslashes(json_encode($users_list)) . '",' . 'value="' . addslashes($_REQUEST['value']) . '",' . 'value_type="' . addslashes($_REQUEST['value_type']) . '",' . 'usages_per_user="******",' . 'usages_in_total="' . addslashes($_REQUEST['usages_in_total']) . '",' . 'start_date="' . addslashes($_REQUEST['start_date']) . '",' . 'end_date="' . addslashes($_REQUEST['end_date']) . '"';
if (!$r) {
dbQuery('insert into online_store_vouchers set ' . $sql);
$v_id = dbLastInsertId();
} else {
dbQuery('update online_store_vouchers set ' . $sql . ' where id=' . $v_id);
}
}
$r = dbRow("select * from online_store_vouchers where id={$v_id}");
if (!$r) {
$r = array('name' => '', 'code' => md5(microtime()), 'user_constraints' => 'public', 'users_list' => '{}', 'value' => '5', 'value_type' => 'percentage', 'usages_per_user' => 1, 'usages_in_total' => 0, 'start_date' => date('Y-m-d'), 'end_date' => date('Y') + 1 . date('-m-d'));
}
echo '<form method="post" action="' . $_url . '&voucher_id=' . $v_id . '">' . '<table id="onlinestore-vouchers-table">' . '<tr><th>' . __('Name') . '</th><td><input name="name" value="' . htmlspecialchars($r['name']) . '"/></td></tr>' . '<tr><th>' . __('Code') . '</th><td><input name="code" value="' . htmlspecialchars($r['code']) . '"/></td></tr>' . '<tr><th>' . __('Usable by') . '</th><td><select name="user_constraints">';
$user_constraints = array('public' => 'Anyone can use this voucher', 'userlist' => 'Only people on the following list');
foreach ($user_constraints as $k => $v) {
echo '<option value="' . $k . '"';
if ($k == $r['user_constraints']) {
echo ' selected="selected"';
}
$id = (int) $_REQUEST['id'];
if ($_REQUEST['action'] == 'delete') {
dbQuery("delete from user_accounts where id={$id}");
unset($_REQUEST['id']);
}
if ($_REQUEST['action'] == 'Save') {
$groups = $_REQUEST['groups'];
if (!count($groups)) {
$groups = array(0);
}
$grs = dbAll('select name from groups where id in (' . addslashes(join(',', array_keys($groups))) . ') order by name');
$groups = array();
foreach ($grs as $r) {
$groups[] = $r['name'];
}
$sql = 'set email="' . addslashes($_REQUEST['email']) . '",active="' . (int) $_REQUEST['active'] . '",groups="' . addslashes(json_encode($groups)) . '"';
if (isset($_REQUEST['password']) && $_REQUEST['password'] != '') {
if ($_REQUEST['password'] !== $_REQUEST['password2']) {
echo '<em>Password not updated. Must be entered the same twice.</em>';
} else {
$sql .= ',password=md5("' . addslashes($_REQUEST['email'] . '|' . $_REQUEST['password']) . '")';
}
}
if ($id == -1) {
dbQuery('insert into user_accounts ' . $sql);
$_REQUEST['id'] = dbLastInsertId();
} else {
dbQuery('update user_accounts ' . $sql . ' where id=' . $id);
}
echo '<em>users updated</em>';
}
/**
* submit a post to a forum
*
* @return status of the forum
*/
function Forum_post()
{
if (!isset($_SESSION['userdata']) || !$_SESSION['userdata']['id']) {
Core_quit();
}
$title = $_REQUEST['title'];
$body = $_REQUEST['body'];
$forum_id = (int) @$_REQUEST['forum_id'];
$thread_id = (int) @$_REQUEST['thread_id'];
$errs = array();
if (!$body) {
$errs[] = 'no post body supplied';
}
if (!$forum_id) {
$errs[] = 'no forum selected';
} else {
$forum = dbRow('select * from forums where id=' . $forum_id);
if (!$forum || !count($forum)) {
$errs[] = 'forum does not exist';
} else {
if ($thread_id) {
$title = '';
$thread = dbRow('select * from forums_threads where id=' . $thread_id . ' and forum_id=' . $forum_id);
if (!$thread || !count($thread)) {
$errs[] = 'thread does not exist or doesn\'t belong to that forum';
}
} else {
if (!$title) {
$errs[] = 'no thread title supplied';
}
}
}
}
if (count($errs)) {
return array('errors' => $errs);
}
if (!$thread_id) {
$sql = 'insert into forums_threads set forum_id=' . $forum_id . ',' . 'name="' . addslashes($title) . '",creator_id=' . $_SESSION['userdata']['id'] . ',created_date=now(),num_posts=0,last_post_date=now(),last_post_by=0,' . 'subscribers="' . $_SESSION['userdata']['id'] . '"';
dbQuery($sql);
$thread_id = dbLastInsertId();
} else {
// add user to the subscribers list
$subscribers = dbOne('select subscribers from forums_threads where id=' . $thread_id, 'subscribers');
$subscribers = explode(',', $subscribers);
if (!in_array($_SESSION['userdata']['id'], $subscribers)) {
$subscribers[] = $_SESSION['userdata']['id'];
dbQuery('update forums_threads set subscribers="' . join(',', $subscribers) . '" where id=' . $thread_id);
}
}
// { insert the post into the thread
$moderated = 1 - $forum['is_moderated'];
dbQuery('insert into forums_posts set thread_id=' . $thread_id . ',author_id=' . $_SESSION['userdata']['id'] . ',created_date=now()' . ',body="' . addslashes($body) . '",moderated=' . $moderated);
$post_id = (int) dbLastInsertId();
dbQuery('update forums_threads set num_posts=num_posts+1,' . 'last_post_date=now(),last_post_by=' . $_SESSION['userdata']['id'] . ' where id=' . $thread_id);
// }
// { alert subscribers that a new post is available
$post_author = User::getInstance($_SESSION['userdata']['id']);
$row = dbRow('select subscribers,name from forums_threads where id=' . $thread_id);
$subscribers = explode(',', $row['subscribers']);
$url = Page::getInstance($forum['page_id'])->getRelativeUrl() . '?forum-f=' . $forum_id . '&forum-t=' . $thread_id . '&' . $post_id . '#forum-c-' . $post_id;
foreach ($subscribers as $subscriber) {
if ($subscriber == $_SESSION['userdata']['id']) {
continue;
}
$user = User::getInstance($subscriber);
if (!$user) {
continue;
}
Core_mail($user->get('email'), '[' . $_SERVER['HTTP_HOST'] . '] ' . $row['name'], "A new post has been added to this forum thread which you are subscribed" . " to.<br/>\n<br/>\n" . 'http://www.' . $_SERVER['HTTP_HOST'] . $url . "<br/>\n<br/>\n" . $post_author->get('name') . " said:<hr/>" . $body . '<hr/>', 'no-reply@' . $_SERVER['HTTP_HOST']);
}
// }
return array('forum_id' => $forum_id, 'thread_id' => $thread_id, 'post_id' => $post_id);
}
/**
* copy a product type
*
* @return array status of the copy
*/
function Products_adminTypeCopy()
{
if (is_numeric($_REQUEST['id'])) {
$id = (int) $_REQUEST['id'];
$r = dbRow('select * from products_types where id=' . $id);
} else {
$n = $_REQUEST['id'];
if (strpos($n, '..') !== false) {
Core_quit();
}
$r = json_decode(file_get_contents(dirname(__FILE__) . '/templates/' . $n . '.json'), true);
$r['data_fields'] = json_encode($r['data_fields']);
}
dbQuery('insert into products_types set' . ' name="' . addslashes($r['name'] . ' (copy)') . '"' . ', multiview_template="' . addslashes($r['multiview_template']) . '"' . ', singleview_template="' . addslashes($r['singleview_template']) . '"' . ', data_fields="' . addslashes($r['data_fields']) . '"' . ', is_for_sale=' . (int) $r['is_for_sale'] . ', is_voucher=' . (int) $r['is_voucher'] . ', default_category=' . (int) @$r['default_category'] . ', voucher_template="' . addslashes(@$r['voucher_template']) . '"' . ', multiview_template_header="' . addslashes($r['multiview_template_header']) . '"' . ', multiview_template_footer="' . addslashes($r['multiview_template_footer']) . '"' . ', meta="' . addslashes($r['meta']) . '"');
Core_cacheClear();
return array('id' => dbLastInsertId());
}
function Ads_adminOrderMarkPaid()
{
$id = (int) $_REQUEST['item_number'];
// create ad
$data = dbRow('select * from ads_purchase_orders where id=' . $id);
if (!$data) {
return array('error' => 'no such ad');
}
$sql = 'insert into ads set name="ad",customer_id=' . $data['user_id'] . ',target_url="' . addslashes($data['target_url']) . '",cdate=now()' . ',target_type="' . addslashes($data['target_type']) . '"' . ',is_active=1,type_id=' . $data['type_id'] . ',date_expire=date_add(now(), interval ' . $data['days'] . ' day)';
dbQuery($sql);
$ad_id = dbLastInsertId();
$type = dbRow('select * from ads_types where id=' . $data['type_id']);
// { poster
$url = false;
$dirname = USERBASE . '/f/userfiles/' . $data['user_id'] . '/ads-upload-poster';
$dir = new DirectoryIterator($dirname);
foreach ($dir as $file) {
if ($file->isDot()) {
continue;
}
$url = 'userfiles/' . $data['user_id'] . '/ads-upload-poster/' . $file->getFilename();
}
$newName = '/f/userfiles/' . $data['user_id'] . '/ad-poster-' . $ad_id . '.' . preg_replace('/.*\\./', '', $url);
if ($url) {
rename(USERBASE . '/f/' . $url, USERBASE . $newName);
dbQuery('update ads set poster="' . addslashes($newName) . '" where id=' . $ad_id);
}
// }
// { image
$url = false;
$dir = new DirectoryIterator(USERBASE . '/f/userfiles/' . $data['user_id'] . '/ads-upload');
foreach ($dir as $file) {
if ($file->isDot()) {
continue;
}
$url = 'userfiles/' . $data['user_id'] . '/ads-upload/' . $file->getFilename();
}
$newName = '/f/userfiles/' . $data['user_id'] . '/ad-' . $ad_id . '.' . preg_replace('/.*\\./', '', $url);
if (file_exists(USERBASE . '/f/' . $url)) {
rename(USERBASE . '/f/' . $url, USERBASE . $newName);
}
dbQuery('update ads set image_url="' . addslashes($newName) . '" where id=' . $ad_id);
// }
if ($type['type'] == '1') {
// page
$page = Page::getInstanceByType('ads');
$pid = $page->id;
$page->initValues();
$pid = (int) $page->vars['ads_fullpage_parent'];
$meta = json_decode($data['meta'], true);
$body = '<h1>' . htmlspecialchars($meta['name']) . '</h1>';
if (isset($meta['address']) && $meta['address']) {
$body .= '<strong>Address</strong>: ' . htmlspecialchars($meta['address']) . '<br/>';
}
if (isset($meta['landline']) && $meta['landline']) {
$body .= '<strong>Landline</strong>: ' . htmlspecialchars($meta['landline']) . '<br/>';
}
if (isset($meta['mobile']) && $meta['mobile']) {
$body .= '<strong>Mobile</strong>: ' . htmlspecialchars($meta['mobile']) . '<br/>';
}
if (isset($meta['email']) && $meta['email']) {
$body .= '<span class="email"><a href="mailto:' . htmlspecialchars($meta['email']) . '">Send Email</a></span> ';
}
if (isset($meta['url']) && $meta['url']) {
$body .= '<span class="url"><a target="_blank" href="' . htmlspecialchars($meta['url']) . '">' . 'Visit Website</a></span> ';
}
if (isset($meta['twitter']) && $meta['twitter']) {
$body .= '<span class="twitter"><a target="_blank" href="http://twitter.com/' . htmlspecialchars(str_replace('@', '', $meta['twitter'])) . '">' . htmlspecialchars($meta['twitter']) . '</a></span> ';
}
if (isset($meta['facebook']) && $meta['facebook']) {
$body .= '<span class="facebook"><a target="_blank" href="' . htmlspecialchars($meta['facebook']) . '">Facebook</a></span> ';
}
$body .= str_replace("\n", '</p><p>', '<p>' . htmlspecialchars($meta['content']) . '</p>');
if (isset($meta['address']) && $meta['address']) {
$body .= '<iframe frameborder="0" height="320" scrolling="no" src="//maps.google.com/maps?q=' . htmlspecialchars($meta['address']) . '&num=1&t=m&ie=UTF8&z=14&output=embed" width="480"></iframe>';
}
$sql = 'insert into pages set parent=' . $pid . ', date_publish="0000-00-00"' . ', body="' . addslashes($body) . '"' . ', date_unpublish=date_add(now(), interval ' . $data['days'] . ' day)' . ', name="' . addslashes($meta['name']) . '"' . ', category=""' . ', alias="' . addslashes($meta['name']) . '", type=0';
dbQuery($sql);
Core_cacheClear('pages');
}
dbQuery('delete from ads_purchase_orders where id=' . $id);
}
/**
* create a copy of a page
*
* @return array status of the copy
*/
function Core_adminPageCopy()
{
$id = (int) $_REQUEST['id'];
if (!$id) {
return array('error' => 'no ID provided');
}
$p = dbRow('select * from pages where id=' . $id);
$name = $p['name'];
$parts = array();
foreach ($p as $k => $v) {
if ($k == 'id') {
continue;
}
$parts[] = $k . '="' . addslashes($v) . '"';
}
dbQuery('insert into pages set ' . join(',', $parts));
$id = dbLastInsertId();
dbQuery('update pages set name="' . addslashes($name) . '_' . $id . '" where id=' . $id);
Core_cacheClear();
return array('name' => $name . '_' . $id, 'id' => $id, 'pid' => $p['parent']);
}
* @link www.kvweb.me
*/
$session_id = @$_POST['PHPSESSID'];
session_id($session_id);
require '../../../ww.incs/basics.php';
if (!Core_isAdmin()) {
Core_quit();
}
$gallery_id = (int) @$_POST['gallery_id'];
if (!$gallery_id) {
Core_quit();
}
$dir = dbOne('select value from page_vars where name="image_gallery_directory"' . ' and page_id=' . $gallery_id, 'value');
if (!$dir) {
$dir = 'image-galleries/imagegallery-' . $gallery_id;
}
$dir = USERBASE . '/f/' . $dir;
if (!file_exists($dir)) {
@mkdir(USERBASE . '/f/image-galleries');
// parent dir
mkdir($dir);
}
$position = dbOne('select position from image_gallery where gallery_id=1265' . ' order by position desc limit 1', 'position');
$dimensions = getimagesize($_FILES['Filedata']['tmp_name']);
$meta = addslashes(json_encode(array('width' => $dimensions[0], 'height' => $dimensions[1], 'name' => $_FILES['Filedata']['name'], 'caption' => '')));
$query = 'insert into image_gallery (gallery_id,position,media,meta) values' . '("' . $gallery_id . '","' . ($position + 1) . '","image","' . $meta . '")';
dbQuery($query);
$last_id = dbLastInsertId();
move_uploaded_file($_FILES['Filedata']['tmp_name'], $dir . '/' . $_FILES['Filedata']['name']);
echo $last_id;
Core_quit();
