function update_txp_lang() { global $txp_lang_updated, $txpcfg; if ($re = mysql_connect('textpattern.otherwords.net', 'textpattern_user', 'textpattern')) { if (mysql_select_db('textpattern_master', $re)) { if ($q = mysql_query("select unix_timestamp(updated) from \n\t\t\t\t\t\ttextpattern_master.update where\n\t\t\t\t\t\t`table`='txp_lang'", $re)) { $updated = mysql_num_rows($q) != 0 ? mysql_result($q, 0) : false; if ($updated > $txp_lang_updated) { if ($get = mysql_query("select * from \n\t\t\t\t\t\t\t\ttextpattern_master.txp_lang order by var")) { if (mysql_num_rows($get) > 0) { while ($a = mysql_fetch_assoc($get)) { $incoming[] = $a; } mysql_close($re); } if (!empty($incoming)) { dbconnect($txpcfg['db'], $txpcfg['user'], $txpcfg['pass'], $txpcfg['host']); safe_query("truncate txp_lang"); foreach ($incoming as $b) { extract(doSlash($b)); safe_query("\n\t\t\t\t\t\t\t\t\t\tinsert into txp_lang set \n\t\t\t\t\t\t\t\t\t\tvar='{$var}',english='{$english}'"); } safe_query("update txp_prefs set val= \t\n\t\t\t\t\t\t\t\t\t" . time() . "\n\t\t\t\t\t\t\t\t\twhere `name`='txp_lang_updated'", 1); echo mysql_error(); } } } } } } }
function pagetop($pagetitle, $message = '', $msgclass = '') { global $css_mode, $siteurl, $sitename, $txp_user, $event; $area = gps('area'); $event = !$event ? 'article' : $event; $bm = gps('bm'); $privs = safe_field('privs', 'txp_users', "name = '" . doSlash($txp_user) . "'"); $GLOBALS['privs'] = $privs; $areas = areas(); $area = false; foreach ($areas as $k => $v) { if (in_array($event, $v)) { $area = $k; break; } } if (gps('logout')) { $body_id = 'page-logout'; } elseif (!$txp_user) { $body_id = 'page-login'; } else { $body_id = 'page-' . $event; } $theme = 'default'; include txpath . DS . 'theme' . DS . $theme . DS . 'header.php'; }
function section_save() { global $txpcfg; $in = psa(array('name', 'title', 'page', 'css', 'is_default', 'on_frontpage', 'in_rss', 'searchable', 'old_name')); extract(doSlash($in)); if (empty($title)) { $title = $name; } //Prevent non url chars on section names include_once $txpcfg['txpath'] . '/lib/classTextile.php'; $textile = new Textile(); $title = $textile->TextileThis($title, 1); $name = dumbDown($textile->TextileThis($name, 1)); $name = preg_replace("/[^[:alnum:]\\-_]/", "", str_replace(" ", "-", $name)); if ($name == 'default') { safe_update("txp_section", "page='{$page}',css='{$css}'", "name='default'"); } else { if ($is_default) { // note this means 'selected by default' not 'default page' safe_update("txp_section", "is_default=0", "name!='{$old_name}'"); } safe_update("txp_section", "name = '{$name}',\n\t\t\t\ttitle = '{$title}',\n\t\t\t\tpage = '{$page}',\n\t\t\t\tcss = '{$css}',\n\t\t\t\tis_default = '{$is_default}',\n\t\t\t\ton_frontpage = '{$on_frontpage}',\n\t\t\t\tin_rss = '{$in_rss}',\n\t\t\t\tsearchable = '{$searchable}'", "name = '{$old_name}'"); safe_update("textpattern", "Section='{$name}'", "Section='{$old_name}'"); } sec_section_list(messenger('section', $name, 'updated')); }
/** * Weave the current template and show it ready to paste. */ static function export() { $f = file_get_contents(txpath . self::$template); foreach (self::$what as $table => $columns) { $tick = '`'; $cols = empty($columns) ? '*' : $tick . join('`,`', doSlash($columns)) . $tick; $rs = safe_rows($cols, $table, (empty($columns) ? '1=1' : $columns[0] . ' not like \'%.min%\'') . (empty($columns) ? '' : ' ORDER BY `' . $columns[0] . '`')); $rows = array(); foreach ($rs as $a) { // Enforce *nix new-lines $a = str_replace("\r\n", "\n", $a); // Literal backslash into corresponding MySQL literal foreach ($a as &$v) { $v = addcslashes(addcslashes($v, '\\'), '\\'); } $a = "'" . join("', '", doSlash($a)) . "'"; $rows[] = self::$where . ' = "INSERT INTO `".PFX."' . $table . '`(' . $cols . ') VALUES(' . $a . ')";'; } $f = preg_replace("#(// sql:{$table}).*(// /sql:{$table})#s", '$1' . n . join(n, $rows) . n . '$2', $f); } echo text_area('code', 600, '', $f, 'code'); echo script_js(<<<EOS \t\t\$('#code').focus(function() { \t\t\tthis.select(); \t\t}); EOS ); }
function insert_logit($in) { global $DB; $in = doSlash($in); extract($in); safe_insert("txp_log", "`time`=now(),page='{$uri}',ip='{$ip}',host='{$host}',refer='{$ref}',status='{$status}',method='{$method}'"); }
function article_rows($status, $time, $search, $searchsticky, $section, $category, $excerpted, $month, $author, $keywords, $custom, $frontpage, $sort) { $where = array(); if ($status) { $where['status'] = $status; } elseif ($searchsticky) { $where[] = 'status >= 4'; } else { $where['status'] = 4; } if ($search) { include_once txpath . '/publish/search.php'; $s_filter = $searchall ? filterSearch() : ''; $match = ", " . db_match('Title,Body', doSlash($q)); $words = preg_split('/\\s+/', $q); foreach ($words as $w) { $where[] = "(Title " . db_rlike() . " '" . doSlash(preg_quote($w)) . "' or Body " . db_rlike() . " '" . doSlash(preg_quote($w)) . "')"; } #$search = " and " . join(' and ', $rlike) . " $s_filter"; $where[] = $s_filter; // searchall=0 can be used to show search results for the current section only if ($searchall) { $section = ''; } if (!$sort) { $sort = 'score'; } } // ..etc.. }
function categorySelectInput($type, $name, $val, $id, $onchange = 0, $parent_id = NULL) { $rs = tree_get('txp_category', $parent_id, "parent > 0 and type='" . doSlash($type) . "'"); if ($rs) { return treeSelectInput($name, $rs, $val, $id, $onchange, 1, 'name'); } return false; }
function tree_rebuild($table, $parent, $left, $where = '1=1', $sortby = 'name') { $right = $left + 1; $result = safe_column("id", $table, "parent='" . doSlash($parent) . "' and {$where} order by {$sortby}"); foreach ($result as $row) { $right = tree_rebuild($table, $row, $right, $where, $sortby); } safe_update($table, "lft={$left}, rgt={$right}", "id='{$parent}' and {$where}"); return $right + 1; }
function mentionInsert($array) { extract(doSlash($array)); $chk = fetch('article_id', 'txp_log_mention', 'refpage', $refpage); if (!$chk) { safe_insert("txp_log_mention", "article_id = '{$id}', \n\t\t\t\trefpage = '{$refpage}', \n\t\t\t\treftitle = '{$reftitle}', \n\t\t\t\texcerpt = '{$excerpt}', \n\t\t\t\tcount = 1"); } else { safe_update("textpattern", "count=count+1", "refpage='{$refpage}'"); } }
/** * Constructor. * * @param mixed $value * @param array $options */ public function __construct($value, $options = array()) { static $choices = null; $options = lAtts(array('allow_blank' => true, 'type' => '', 'message' => 'unknown_form'), $options, false); if (null === $choices) { $choices = safe_column('name', 'txp_form', $options['type'] !== '' ? 'type=\'' . doSlash($options['type']) . '\'' : '1=1'); } $options['choices'] = $choices; parent::__construct($value, $options); }
function section_save() { $in = psa(array('name', 'page', 'css', 'is_default', 'on_frontpage', 'in_rss', 'searchable', 'old_name')); extract(doSlash($in)); if ($is_default) { safe_update("txp_section", "is_default=0", "name!='{$old_name}'"); } safe_update("txp_section", "name = '{$name}',\n\t\t\tpage = '{$page}',\n\t\t\tcss = '{$css}',\n\t\t\tis_default = '{$is_default}',\n\t\t\ton_frontpage = '{$on_frontpage}',\n\t\t\tin_rss = '{$in_rss}',\n\t\t\tsearchable = '{$searchable}'", "name = '{$old_name}'"); safe_update("textpattern", "Section='{$name}'", "Section='{$old_name}'"); section_list(messenger('section', $name, 'updated')); }
function filterSearch() { $rs = safe_column("name", "txp_section", "searchable != '1'"); if ($rs) { foreach ($rs as $name) { $filters[] = "and Section != '" . doSlash($name) . "'"; } return join(' ', $filters); } return false; }
function page_save() { extract(doSlash(gpsa(array('name', 'html', 'newname', 'copy')))); if ($newname && $copy) { safe_insert("txp_page", "name='{$newname}', user_html='{$html}'"); page_edit(messenger('page', $newname, 'created')); } else { safe_update("txp_page", "user_html='{$html}'", "name='{$name}'"); page_edit(messenger('page', $name, 'updated')); } }
function update_user_pref($name, $val) { global $prefs, $txp_user; if (empty($txp_user)) { return; } if (empty($prefs[$name]) or $prefs[$name] != $val) { $GLOBALS[$name] = $prefs[$name] = $val; return safe_upsert('txp_prefs_user', "val='" . doSlash($val) . "'", array("user='******'", "name='" . doSlash($name) . "'")); } return true; }
function sed_plugin_list($atts) { extract(lAtts(array('debug' => 0, 'type' => '', 'link_name' => 1, 'show_author' => 1, 'link_author' => 0, 'show_description' => 1, 'descriptionwrap' => 'p', 'descriptionclass' => 'plugin-description', 'show_version' => 1, 'versionwrap' => 'span', 'versionclass' => 'plugin-version', 'hide_disabled' => 1, 'sort_dir' => 'asc', 'sort_field' => 'name', 'wraptag' => 'ul', 'wrapclass' => 'plugin-list', 'break' => 'li', 'breakclass' => 'plugin-item', 'show_count' => 0, 'exclusions' => ''), $atts)); $exclusions = explode(',', $exclusions); # # Create out plugin search criteria... # $where = ''; $w = array(); if ('' !== $type) { $type = 'type=\'' . doSlash($type) . '\''; $w[] = $type; } if ($hide_disabled) { $w[] = 'status=\'1\''; } $where = join(' and ', $w); if (empty($where)) { $where = '1=1'; } $sort = ''; if ('' !== $sort_field) { $sort = ' order by `' . doSlash($sort_field) . '` ' . doSlash($sort_dir); } # # Grab the actual data... # $plugins = safe_rows('name,author,author_uri,version,description,status,type', 'txp_plugin', '(' . $where . ')' . $sort, $debug); # # Generate the XHTML results... # if ($plugins) { foreach ($plugins as $plugin) { if (in_array($plugin['name'], $exclusions)) { continue; } $item = tag($plugin['name'], 'span', ' class="plugin-name" '); if ($link_name) { $item = tag($item, 'a', ' href="' . $plugin['author_uri'] . '" rel="nofollow" '); } if ($show_version) { $item .= tag(' v' . $plugin['version'], $versionwrap, ' class="' . $versionclass . '" '); } if ($show_description) { $item .= tag($plugin['description'], $descriptionwrap, ' class="' . $descriptionclass . '" '); } $o[] = tag($item, $break, ' class="' . $breakclass . '" '); } } $o = n . join(n, $o); return n . tag($o, $wraptag, ' class="' . $wrapclass . '" ') . n . n; }
function doTxpValidate() { global $logout, $txpcfg, $txp_user; $p_userid = ps('p_userid'); $p_password = ps('p_password'); $logout = gps('logout'); $stay = ps('stay'); if ($logout) { setcookie('txp_login', '', time() - 3600); } if (!empty($_COOKIE['txp_login']) and !$logout) { @(list($c_userid, $cookie_hash) = split(',', cs('txp_login'))); $nonce = safe_field('nonce', 'txp_users', "name='" . doSlash($c_userid) . "'"); if ($nonce && $nonce === md5($c_userid . pack('H*', $cookie_hash))) { // cookie is good, create $txp_user $txp_user = $c_userid; return ''; } else { // something's gone wrong $txp_user = ''; setcookie('txp_login', '', time() - 3600); return gTxt('bad_cookie'); } } elseif ($p_userid and $p_password) { sleep(3); // should grind dictionary attacks to a halt if (txp_validate($p_userid, $p_password)) { $cookie_hash = md5(uniqid(rand())); safe_update('txp_users', "nonce = '" . doSlash(md5($p_userid . pack('H*', $cookie_hash))) . "'", "name = '" . doSlash($p_userid) . "'"); if ($stay) { setcookie('txp_login', $p_userid . ',' . $cookie_hash, time() + 3600 * 24 * 365); // expires in 1 year if (cs('txp_nostay')) { setcookie('txp_nostay', '', time() - 3600); } } else { setcookie('txp_login', $p_userid . ',' . $cookie_hash); setcookie('txp_nostay', '1', time() + 3600 * 24 * 365); // remember nostay for 1 year } $txp_user = $p_userid; // login is good, create $txp_user return ''; } else { $txp_user = ''; return gTxt('could_not_log_in'); } } else { $txp_user = ''; return gTxt('login_to_textpattern'); } }
function reset_author_pass($name) { $email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'"); $new_pass = doSlash(generate_password(6)); $rs = safe_update('txp_users', "pass = password(lower('{$new_pass}'))", "name = '" . doSlash($name) . "'"); if ($rs) { if (send_new_password($new_pass, $email, $name)) { return gTxt('password_sent_to') . ' ' . $email; } else { return gTxt('could_not_mail') . ' ' . $email; } } else { return gTxt('could_not_update_author') . ' ' . htmlspecialchars($name); } }
function author_save_new() { extract(doSlash(psa(array('privs', 'name', 'email', 'RealName')))); $pw = generate_password(6); $nonce = md5(uniqid(rand(), true)); if ($name) { $rs = safe_insert("txp_users", "privs = '{$privs}',\n\t\t\t\t name = '{$name}',\n\t\t\t\t email = '{$email}',\n\t\t\t\t RealName = '{$RealName}',\n\t\t\t\t pass = password(lower('{$pw}')),\n\t\t\t\t nonce = '{$nonce}'"); } if ($rs) { send_password($pw, $email); admin(gTxt('password_sent_to') . sp . $email); } else { admin(gTxt('error_adding_new_author')); } }
function reset_author_pass($name) { $email = safe_field('email', 'txp_users', "name = '" . doSlash($name) . "'"); $new_pass = generate_password(PASSWORD_LENGTH); $hash = doSlash(txp_hash_password($new_pass)); $rs = safe_update('txp_users', "pass = '******'", "name = '" . doSlash($name) . "'"); if ($rs) { if (send_new_password($new_pass, $email, $name)) { return gTxt('password_sent_to') . ' ' . $email; } else { return gTxt('could_not_mail') . ' ' . $email; } } else { return gTxt('could_not_update_author') . ' ' . txpspecialchars($name); } }
function txp_validate($user, $password) { $safe_user = addslashes($user); $r = safe_field("name", "txp_users", "name = '{$safe_user}'\n\t\t\tand (pass = password(lower('" . doSlash($password) . "')) or pass = password('" . doSlash($password) . "')) and privs > 0"); if ($r) { // update the last access time safe_update("txp_users", "last_access = now()", "name = '{$safe_user}'"); return true; } else { // try old_password mysql hash $r_old = safe_field("name", "txp_users", "name = '{$safe_user}'\n\t\t\t\tand (pass = old_password(lower('" . doSlash($password) . "')) or pass = old_password('" . doSlash($password) . "')) and privs > 0"); if ($r_old) { safe_update("txp_users", "last_access = now()", "name = '{$safe_user}'"); return true; } } return false; }
function discuss_save() { $varray = array_map('assert_string', gpsa(array('email', 'name', 'web', 'message', 'ip'))); $varray = $varray + array_map('assert_int', gpsa(array('discussid', 'visible', 'parentid'))); extract(doSlash($varray)); $message = $varray['message'] = preg_replace('#<(/?txp:.+?)>#', '<$1>', $message); $constraints = array('status' => new ChoiceConstraint($visible, array('choices' => array(SPAM, MODERATE, VISIBLE), 'message' => 'invalid_status'))); callback_event_ref('discuss_ui', 'validate_save', 0, $varray, $constraints); $validator = new Validator($constraints); if ($validator->validate() && safe_update('txp_discuss', "email = '{$email}',\n name = '{$name}',\n web = '{$web}',\n message = '{$message}',\n visible = {$visible}", "discussid = {$discussid}")) { update_comments_count($parentid); update_lastmod('discuss_saved', compact('discussid', 'email', 'name', 'web', 'message', 'ip', 'visible', 'parentid')); $message = gTxt('comment_updated', array('{id}' => $discussid)); } else { $message = array(gTxt('comment_save_failed'), E_ERROR); } discuss_list($message); }
/** * Parses the form "jmd_dashboard". * * @param string $event * @param string $step */ function jmd_dashboard($event, $step) { pageTop(gTxt('jmd_dashboard_tab')); include_once txpath . DS . 'publish.php'; if (empty($GLOBALS['pretext'])) { $GLOBALS['pretext'] = array('id' => '', 'q' => ''); } $contents = safe_field("Form", "txp_form", "name = 'jmd_dashboard'"); if ($contents === FALSE) { $contents = <<<FORM <h1 style="text-align:center"> Hey, you haven’t customized jmd_dashboard yet. <a href="?event=form&step=form_edit&name=jmd_dashboard"> Do it now! </a> </h1> <div style="margin: 0 auto; width: 400px;"> <h1> <txp:site_name/>: Last modified on <txp:jmd_dashboard_lastmod/> </h1> <h2>Recently published articles</h2> <txp:article_custom break="li" wraptag="ul"> <txp:title/> – <txp:jmd_dashboard_edit> edit #<txp:article_id/> </txp:jmd_dashboard_edit> </txp:article_custom> <h2>Recent comments</h2> <txp:recent_comments break="li" wraptag="ul"> <txp:comment_message/> – <txp:comment_name link="0"/> (<txp:jmd_dashboard_edit type="comment">edit</txp:jmd_dashboard_edit>) </txp:recent_comments> </div> FORM; safe_insert("txp_form", "Form='" . doSlash($contents) . "',\n type='misc', name='jmd_dashboard'"); } echo parse($contents); }
function tc_shopping_cart_add($atts) { session_start(); global $thisarticle; extract(lAtts(array('redirect_section' => false, 'class' => 'tc_cart', 'add_message' => 'Add to Cart'), $atts)); extract(doSlash($_POST)); if (empty($_SESSION['cart'])) { $cart = new bckCart(); } else { $cart = $_SESSION['cart']; } if (intval($qty) > 0 and intval($product_id) != 0 and $product_id == $thisarticle['thisid']) { $cart->add_item($product_id, $qty); $_SESSION['cart'] = $cart; } if (intval($qty) != 0 && $redirect_section) { header("Location: /{$redirect_section}/"); } $form = str_replace('action="index.php"', "", form(hInput("product_id", $GLOBALS['thisarticle']['thisid']) . hInput("qty", 1) . fInput("submit", "submit", $add_message))); return $form; }
/** * Generates a list of authors. * * @param array $atts * @param string $thing * @return string */ public static function renderAuthors($atts, $thing = null) { global $thisauthor, $txp_groups; extract(lAtts(array('break' => '', 'class' => '', 'form' => '', 'group' => '', 'label' => '', 'labeltag' => '', 'limit' => '', 'name' => '', 'offset' => '', 'sort' => 'name ASC', 'wraptag' => ''), $atts)); $sql = array('1 = 1'); $sql_limit = ''; $sql_sort = " ORDER BY " . doSlash($sort); if ($name) { $sql[] = "name IN (" . join(', ', quote_list(do_list($name))) . ")"; } if ($group !== '') { $privs = do_list($group); $groups = array_flip($txp_groups); foreach ($privs as &$priv) { if (isset($groups[$priv])) { $priv = $groups[$priv]; } } $sql[] = 'convert(privs, char) in (' . join(', ', quote_list($privs)) . ')'; } if ($limit !== '' || $offset) { $sql_limit = " LIMIT " . intval($offset) . ", " . ($limit === '' ? PHP_INT_MAX : intval($limit)); } $rs = safe_rows_start("user_id as id, name, RealName as realname, email, privs, last_access", 'txp_users', join(" AND ", $sql) . " {$sql_sort} {$sql_limit}"); if ($rs && numRows($rs)) { $out = array(); if ($thing === null && $form !== '') { $thing = fetch_form($form); } while ($a = nextRow($rs)) { $oldauthor = $thisauthor; $thisauthor = $a; $out[] = parse($thing); $thisauthor = $oldauthor; } unset($thisauthor); return doLabel($label, $labeltag) . doWrap($out, $wraptag, $break, $class); } return ''; }
function page_save() { extract(doSlash(gpsa(array('name', 'html', 'copy')))); if ($copy) { $newname = doSlash(trim(preg_replace('/[<>&"\']/', '', gps('newname')))); if ($newname and safe_field('name', 'txp_page', "name = '{$newname}'")) { $message = gTxt('page_already_exists', array('{name}' => $newname)); } elseif ($newname) { safe_insert('txp_page', "name = '{$newname}', user_html = '{$html}'"); update_lastmod(); $message = gTxt('page_created', array('{name}' => $newname)); } else { $message = gTxt('page_name_invalid'); } page_edit($message); } else { safe_update('txp_page', "user_html = '{$html}'", "name = '{$name}'"); update_lastmod(); $message = gTxt('page_updated', array('{name}' => $name)); page_edit($message); } }
function feed($type) { global $prefs; set_error_handler('feedErrorHandler'); ob_clean(); extract($prefs); extract(doSlash(gpsa(array('category', 'section', 'limit', 'area')))); if ($area != 'link') { $area = 'article'; } $sitename .= $section ? ' - ' . fetch_section_title($section) : ''; $sitename .= $category ? ' - ' . fetch_category_title($category, $area) : ''; $self_ref = pagelinkurl(array('atom' => 1, 'area' => $area == 'article' ? '' : $area, 'section' => $section, 'category' => $category, 'limit' => $limit)); $id_ext = ($section ? '/' . $section : '') . ($category ? '/' . $category : ''); if ($area == 'article') { $sfilter = $section ? "and Section = '" . $section . "'" : ''; $cfilter = $category ? "and (Category1='" . $category . "' or Category2='" . $category . "')" : ''; $limit = $limit ? $limit : $rss_how_many; $limit = intval(min($limit, max(100, $rss_how_many))); $frs = safe_column("name", "txp_section", "in_rss != '1'"); $query = array(); foreach ($frs as $f) { $query[] = "and Section != '" . doSlash($f) . "'"; } $query[] = $sfilter; $query[] = $cfilter; $expired = $publish_expired_articles ? '' : ' and (now() <= Expires or Expires = ' . NULLDATETIME . ') '; $rs = safe_rows_start("*, ID as thisid, unix_timestamp(Posted) as uPosted, unix_timestamp(Expires) as uExpires, unix_timestamp(LastMod) as uLastMod", "textpattern", "Status=4 and Posted <= now() {$expired}" . join(' ', $query) . "order by Posted desc limit {$limit}"); return render_feed($rs, $area, $type, $sitename, $self_ref, $id_ext); } elseif ($area == 'link') { $cfilter = $category ? "category='" . $category . "'" : '1'; $limit = $limit ? $limit : $rss_how_many; $limit = intval(min($limit, max(100, $rss_how_many))); $rs = safe_rows_start("*" . ($atom ? '' : ", unix_timestamp(date) as uDate"), "txp_link", "{$cfilter} order by date desc" . ($atom ? ", id desc" : '') . " limit {$limit}"); return render_feed($rs, $area, $type, $sitename, $self_ref, $id_ext); } }
function file_download_link($atts, $thing) { global $thisfile, $permlink_mode; extract(lAtts(array('filename' => '', 'id' => ''), $atts)); $from_form = false; if ($id) { $thisfile = fileDownloadFetchInfo('id = ' . intval($id)); } elseif ($filename) { $thisfile = fileDownloadFetchInfo("filename = '" . doSlash($filename) . "'"); } else { assert_file(); $from_form = true; } if ($thisfile) { $url = filedownloadurl($thisfile['id'], $thisfile['filename']); $out = $thing ? href(parse($thing), $url) : $url; // cleanup: this wasn't called from a form, // so we don't want this value remaining if (!$from_form) { $thisfile = ''; } return $out; } }
function zem_older($atts, $thing = false) { global $thispage, $pretext, $permlink_mode; extract(lAtts(array('showalways' => 0), $atts)); $numPages = $thispage['numPages']; $pg = $thispage['pg']; if ($numPages > 1 and $pg != $numPages) { $nextpg = $pg + 1; // author urls should use RealName, rather than username if (!empty($pretext['author'])) { $author = safe_field('RealName', 'txp_users', "name = '" . doSlash($pretext['author']) . "'"); } else { $author = ''; } $parts = array('pg' => $nextpg, 's' => @$pretext['s'], 'c' => @$pretext['c'], 'q' => @$pretext['q'], 'author' => $author); $parts = $parts + $_GET; $url = pagelinkurl($parts); if ($thing) { return '<a href="' . $url . '"' . (empty($title) ? '' : ' title="' . $title . '"') . '>' . parse($thing) . '</a>'; } return $url; } return $showalways ? parse($thing) : ''; }
function customers_list($event = '', $step = '', $message = '') { global $statuses, $comments_disabled_after, $step, $txp_user; pagetop("Customers", $message); extract(get_prefs()); extract(gpsa(array('page', 'sort', 'dir', 'crit', 'qty', 'search_method'))); $sesutats = array_flip($statuses); $dir = $dir == 'desc' ? 'desc' : 'asc'; switch ($sort) { case 'RealName': $sort_sql = 'RealName ' . $dir; break; case 'orders': $sort_sql = 'orders ' . $dir; break; default: $dir = 'desc'; $sort_sql = 'user_id ' . $dir; break; } $switch_dir = $dir == 'desc' ? 'asc' : 'desc'; $criteria = "privs = 0"; if ($search_method and $crit) { $crit_escaped = doSlash($crit); $critsql = array('id' => "ID = '{$crit_escaped}'", 'title_body' => "Title rlike '{$crit_escaped}' or Body rlike '{$crit_escaped}'", 'section' => "Section rlike '{$crit_escaped}'", 'categories' => "Category1 rlike '{$crit_escaped}' or Category2 rlike '{$crit_escaped}'", 'status' => "Status = '" . @$sesutats[gTxt($crit_escaped)] . "'", 'author' => "AuthorID rlike '{$crit_escaped}'"); if (array_key_exists($search_method, $critsql)) { $criteria = $critsql[$search_method]; $limit = 500; } else { $search_method = ''; $crit = ''; } } else { $search_method = ''; $crit = ''; } $total = safe_count('txp_users', "{$criteria}"); if (isset($qty)) { $customers_list_pageby = $qty; } else { $customers_list_pageby = 15; } $limit = max(@$customers_list_pageby, 15); list($page, $offset, $numPages) = pager($total, $limit, $page); $rs = safe_rows_start('*', 'txp_users', "{$criteria} order by {$sort_sql} limit {$offset}, {$limit}"); $customersOnPage = $offset + $limit; if ($rs) { echo n . n . '<form name="longform" method="post" action="index.php" onsubmit="return verify(\'' . gTxt('are_you_sure') . '\')">' . n . startTable('list', '', '', '', '700') . n . tr(n . tda("Displaying {$offset} - {$customersOnPage} of {$total} customers", ' colspan="2" style="border: none; padding-bottom: 15px;"') . n . tda('<a href="?event=customers&step=edit_customer" class="navlink">Add a new customer</a> <a href="?event=customers&step=export_customer" class="navlink">Export customers</a>', ' colspan="2" style="text-align: right; border: none; padding-bottom: 15px;"')) . n . tr(n . column_head('Customer', 'RealName', 'customers', true, $switch_dir, $crit, $search_method) . column_head('Phone', 'shipping_phone', 'customers', true, $switch_dir, $crit, $search_method) . column_head('Email', 'email', 'customers', true, $switch_dir, $crit, $search_method) . column_head('Orders', 'order_num', 'customers', true, $switch_dir, $crit, $search_method)); include_once txpath . '/publish/taghandlers.php'; while ($a = nextRow($rs)) { extract($a); $order_num = safe_count("orders", "user_id = {$user_id}"); $RealName = eLink('customers', 'edit_customer', 'user_id', $user_id, $RealName); $Orders = eLink('order', 'edit', 'customer', $name, $order_num); echo n . n . tr(n . td($RealName, "25%") . td($billing_phone, "25%") . td($email, "25%") . td($Orders, "25%")); } echo n . endTable() . n . '</form>' . n . nav_form('customers', $page, $numPages, $sort, $dir, $crit, $search_method) . n . pageby_form('customers', $customers_list_pageby); } }
function createTxp() { $GLOBALS['textarray'] = setup_load_lang(ps('lang')); if (!is_valid_email(ps('email'))) { exit(graf(gTxt('email_required'))); } require txpath . '/config.php'; $ddb = $txpcfg['db']; $duser = $txpcfg['user']; $dpass = $txpcfg['pass']; $dhost = $txpcfg['host']; $dprefix = $txpcfg['table_prefix']; $dbcharset = $txpcfg['dbcharset']; $siteurl = str_replace("http://", '', ps('siteurl')); $siteurl = rtrim($siteurl, "/"); define("PFX", trim($dprefix)); define('TXP_INSTALL', 1); include_once txpath . '/lib/txplib_update.php'; include txpath . '/setup/txpsql.php'; // This has to come after txpsql.php, because otherwise we can't call mysql_real_escape_string extract(doSlash(psa(array('name', 'pass', 'RealName', 'email')))); $nonce = md5(uniqid(rand(), true)); mysql_query("INSERT INTO `" . PFX . "txp_users` VALUES\n\t\t\t(1,'{$name}',password(lower('{$pass}')),'{$RealName}','{$email}',1,now(),'{$nonce}')"); mysql_query("update `" . PFX . "txp_prefs` set val = '" . doSlash($siteurl) . "' where `name`='siteurl'"); mysql_query("update `" . PFX . "txp_prefs` set val = '" . LANG . "' where `name`='language'"); mysql_query("update `" . PFX . "txp_prefs` set val = '" . getlocale(LANG) . "' where `name`='locale'"); echo fbCreate(); }