function blocks_rss2_block($row) { if (!pnSecAuthAction(0, 'RSSblock::', "{$row['title']}::", ACCESS_READ)) { return; } advheadlines2($row); }
function blocks_search_block($row) { if (!pnSecAuthAction(0, 'Searchblock::', "{$row['title']}::", ACCESS_READ)) { return; } $vars = getVarsFrom_search_Content($row); $content = "<form method=\"post\" action=\"modules.php\">" . "<input type=\"hidden\" name=\"op\" value=\"modload\">" . "<input type=\"hidden\" name=\"name\" value=\"Search\">" . "<input type=\"hidden\" name=\"file\" value=\"index\">" . "<input type=\"hidden\" name=\"action\" value=\"search\">" . "<input type=\"hidden\" name=\"overview\" value=\"1\">"; $content .= "<br><center><input type=\"text\" name=\"q\" size=\"14\">"; if (isset($vars[_SEARCH_DISPLAY_BTN])) { $content .= ' <input type="submit" value="' . _SEARCH . '">'; } $content .= '</center>'; // list of vars that don't need to be saved $avdsearch_reserved_vars = array(_SEARCH_DISPLAY_BTN, 'authid', 'bid', 'title', 'position', 'language', 'refresh'); foreach ($vars as $key => $value) { if (in_array($key, $avdsearch_reserved_vars)) { continue; } if (is_array($value)) { foreach ($value as $val) { $content .= "<input type=\"hidden\" name=\"{$key}\" value=\"{$val}\">\n"; } } else { $content .= "<input type=\"hidden\" name=\"{$key}\" value=\"{$value}\">\n"; } } $content .= "</form>"; if (empty($row['title'])) { $row['title'] = _SEARCH; } $row['content'] = $content; return themesideblock($row); }
function blocks_related_block($row) { global $sid, $story; list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!pnSecAuthAction(0, 'Relatedblock::', "{$row['title']}::", ACCESS_READ)) { return; } if ($story['topic']) { $row['content'] = '<font class="pn-normal">'; $column =& $pntable['stories_column']; $sql = "SELECT {$column['sid']} as sid, {$column['title']} as title FROM {$pntable['stories']} WHERE {$column['topic']}=" . pnVarPrepForStore($story['topic']) . " ORDER BY {$column['counter']} DESC"; $result = $dbconn->SelectLimit($sql, 1); $mrow = $result->GetRowAssoc(false); $result->MoveNext(); $column =& $pntable['related_column']; $result = $dbconn->Execute("SELECT {$column['name']} as name, {$column['url']} as url FROM {$pntable['related']} WHERE {$column['tid']}=" . pnVarPrepForStore($story['topic']) . ""); while (!$result->EOF) { $lrow = $result->GetRowAssoc(false); $result->MoveNext(); $row['content'] .= "<strong><big>·</big></strong> <a href=\"{$lrow['url']}\" target=\"_blank\">" . pnVarPrepForDisplay($lrow['name']) . "</a><br>\n"; } $row['content'] .= "<strong><big>·</big></strong> <a href=\"advtopics.php?topic={$story['topic']}\">" . _MOREABOUT . " " . pnVarPrepForDisplay($story['topicname']) . "</a><br>\n" . "<strong><big>·</big></strong> <a class=\"pn-normal\" href=\"modules.php?op=modload&name=Search&file=index&action=search&overview=1&active_stories=1&stories_author={$story['aid']}\">" . _NEWSBY . " " . pnVarPrepForDisplay($story['aid']) . "</a><br>\n" . '</font><br><hr noshade width="95%" size="1"><b>' . _MOSTREAD . " " . pnVarPrepForDisplay($story['topicname']) . ":</b><br>\n" . "<center><a href=\"advarticle.php?sid={$mrow['sid']}\">" . pnVarPrepForDisplay($mrow['title']) . "</a></center><br><br>\n" . '<div align="right">' . "<a href=\"print.php?sid={$mrow['sid']}\"><img src=\"images/global/print.gif\" border=\"0\" alt=\"" . _PRINTER . "\"></a> " . "<a class=\"pn-normal\" href=\"modules.php?op=modload&name=Recommend_Us&file=index&req=FriendSend&sid={$sid}\"><img src=\"images/global/friend.gif\" border=\"0\" Alt=\"" . _FRIEND . "\"></a>\n" . '</div>'; return themesideblock($row); } }
/** * Smarty function to display admin links for the example module * based on the user's permissions * * Example * <!--[exampleadminlinks start="[" end="]" seperator="|" class="pn-menuitem-title"]--> * * @author Andreas Krapohl * @since 10/01/04 * @see function.exampleadminlinks.php::smarty_function_exampleadminlinks() * @param array $params All attributes passed to this function from the template * @param object &$smarty Reference to the Smarty object * @param string $start start string * @param string $end end string * @param string $seperator link seperator * @param string $class CSS class * @return string the results of the module function */ function smarty_function_exampleadminlinks($params, &$smarty) { extract($params); unset($params); // set some defaults if (!isset($start)) { $start = '['; } if (!isset($end)) { $end = ']'; } if (!isset($seperator)) { $seperator = '|'; } if (!isset($class)) { $class = 'pn-menuitem-title'; } $adminlinks = "<span class=\"{$class}\">{$start} "; if (pnSecAuthAction(0, 'Example::', '::', ACCESS_READ)) { $adminlinks .= "<a href=\"" . pnVarPrepHTMLDisplay(pnModURL('Example', 'admin', 'view')) . "\">" . _VIEW . "</a> "; } if (pnSecAuthAction(0, 'Example::', '::', ACCESS_ADD)) { $adminlinks .= "{$seperator} <a href=\"" . pnVarPrepHTMLDisplay(pnModURL('Example', 'admin', 'new')) . "\">" . _NEW . "</a> "; } if (pnSecAuthAction(0, 'Example::', '::', ACCESS_ADMIN)) { $adminlinks .= "{$seperator} <a href=\"" . pnVarPrepHTMLDisplay(pnModURL('Example', 'admin', 'modifyconfig')) . "\">" . _MODIFYCONFIG . "</a> "; } $adminlinks .= "{$end}</span>\n"; return $adminlinks; }
function blocks_html_block($row) { if (!pnSecAuthAction(0, 'HTMLblock::', "{$row['title']}::", ACCESS_OVERVIEW)) { return; } return themesideblock($row); }
function SERVICE_CMSOPEN_postnuke($authenticate_only) { global $phpnuke, $default_access, $web_root, $root_dir, $cms_user_access, $cms_type, $include_path; if (!defined("LOADED_AS_MODULE") and $phpnuke == "false") { die("You can't access this file directly...<br><br>Generally this means that Jinzora was " . "installed as a PostNuke module and you're trying to access it outside of PostNuke"); } if (function_exists('pnSecAuthAction')) { if (!pnSecAuthAction(0, 'Jinzora::', "::", ACCESS_READ)) { include 'header.php'; die('Access Denied'); include 'footer.php'; } } // Now let's get the users name IF we need it if (pnUserGetVar('uname') != "") { $username = pnUserGetVar('uname'); } else { $username = "******"; } // Ok, now let's authenticate this user userAuthenticate($username); // Now let's see if we only wanted the user access if ($authenticate_only == true) { return; } include_once "header.php"; // Now let's open the table OpenTable(); }
function blocks_ephem_block($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $currentlang = pnUserGetLang(); if (!pnSecAuthAction(0, 'Ephemeridsblock::', "{$row['title']}::", ACCESS_READ)) { return; } if (pnConfigGetVar('multilingual') == 1) { $column =& $pntable['ephem_column']; $querylang = "AND ({$column['elanguage']}='" . pnVarPrepForStore($currentlang) . "' OR {$column['elanguage']}='')"; } else { $querylang = ""; } $today = getdate(); $eday = $today['mday']; $emonth = $today['mon']; $column =& $pntable['ephem_column']; $result = $dbconn->Execute("SELECT {$column['yid']}, {$column['content']}\n FROM {$pntable['ephem']}\n WHERE {$column['did']}='" . pnVarPrepForStore($eday) . "' AND {$column['mid']}='" . pnVarPrepForStore($emonth) . "' {$querylang}"); $boxstuff = '<span class="pn-normal"><b>' . _ONEDAY . '</b></span><br />'; while (list($yid, $content) = $result->fields) { $result->MoveNext(); $boxstuff .= '<br /><br />'; $boxstuff .= '<b>' . pnVarPrepForDisplay($yid) . '</b><br />' . pnVarPrepHTMLDisplay(nl2br($content)) . ''; } if (empty($row['title'])) { $row['title'] = _EPHEMERIDS; } $row['content'] = $boxstuff; return themesideblock($row); }
function blocks_rss_block($row) { if (!pnSecAuthAction(0, 'RSSblock::', "{$row['title']}::", ACCESS_READ)) { return; } $row = blocks_rss_refresh($row); blocks_rss_display($row); }
function blocks_thelang_block($row) { $currentlang = pnUserGetLang(); if (!pnSecAuthAction(0, 'Languageblock::', "{$row['title']}::", ACCESS_OVERVIEW)) { return; } if (!pnConfigGetVar('multilingual')) { return; } $currentURL = $_SERVER['REQUEST_URI']; if ($currentURL === "") { $currentURL = "index.php"; } $pattern = '/\\?newlang=.../'; $currentURL = preg_replace($pattern, '', $currentURL); $pattern = '/\\&newlang=.../'; $currentURL = pnVarPrepForDisplay(preg_replace($pattern, '', $currentURL)); $append = "&"; if (strpos($currentURL, '?') === false) { $append = "?"; } $lang = languagelist(); $handle = opendir('language'); while ($f = readdir($handle)) { if (is_dir("language/{$f}") && !empty($lang[$f])) { $langlist[$f] = $lang[$f]; $sel_lang[$f] = ''; } } asort($langlist); $content = '<center><font class="pn-normal">' . _SELECTGUILANG . '</font><br><br>'; if (pnConfigGetVar('useflags')) { $i = 1; foreach ($langlist as $k => $v) { if ($i > 3) { $content .= "<br>\n"; $i = 1; } $imgsize = @getimagesize("images/flags/flag-{$k}.png"); $content .= "<a href=\"{$currentURL}" . $append . "newlang={$k}\"><img src=\"images/flags/flag-{$k}.png\" border=\"0\" alt=\"{$lang[$k]}\" hspace=\"3\" vspace=\"3\" {$imgsize['3']}></a>"; $i++; } $content .= '</center>'; } else { $content .= '<form method="post" action="index.php"><select class="pn-text" name="newlanguage" onChange="top.location.href=this.options[this.selectedIndex].value">'; $sel_lang[$currentlang] = ' selected'; foreach ($langlist as $k => $v) { $content .= "<option value=\"{$currentURL}" . $append . "newlang={$k}\"{$sel_lang[$k]}>{$v}</option>\n"; } $content .= '</select></form></center>'; } if (empty($row['title'])) { $row['title'] = _SELECTLANGUAGE; } $row['content'] = $content; return themesideblock($row); }
function blocks_topic_block($row) { //global $topic, $catid; list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $currentlang = pnUserGetLang(); if (!pnSecAuthAction(0, 'Topicblock::', "{$row['title']}::", ACCESS_READ)) { return; } $language = pnConfigGetVar('language'); $topic = ""; $catid = ""; if (pnConfigGetVar('multilingual') == 1) { $column =& $pntable['stories_column']; $querylang = "AND ({$column['alanguage']}='{$currentlang}' OR {$column['alanguage']}='')"; /* the OR is needed to display stories who are posted to ALL languages */ } else { $querylang = ''; } $column =& $pntable['topics_column']; $result = $dbconn->Execute("SELECT {$column['topicid']} AS topicid, {$column['topicname']} as topicname FROM {$pntable['topics']} ORDER BY topicname"); if ($result->EOF) { return; } else { $boxstuff = '<span class="pn-normal">'; if ($topic == "") { $boxstuff .= "<strong><big>·</big></strong> <b><a href=\"modules.php?op=modload&name=Topics&file=index\">" . _ALL_TOPICS . "</a></b><br>"; } else { $boxstuff .= "<strong><big>·</big></strong> <a href=\"modules.php?op=modload&name=News&file=index&catid={$catid}\">" . _ALL_TOPICS . "</a><br>"; } while (!$result->EOF) { $srow = $result->GetRowAssoc(false); $result->MoveNext(); if (pnSecAuthAction(0, 'Topics::Topic', "{$srow['topicname']}::{$srow['topicid']}", ACCESS_READ)) { $column =& $pntable['stories_column']; $result2 = $dbconn->Execute("SELECT {$column['time']} AS unixtime FROM {$pntable['stories']} WHERE {$column['topic']}={$srow['topicid']} {$querylang} ORDER BY {$column['time']} DESC"); if (!$result2->EOF) { $story = $result2->GetRowAssoc(false); $story['unixtime'] = $result2->UnixTimeStamp($story['unixtime']); $sdate = ml_ftime(_DATEBRIEF, $story['unixtime']); if ($topic == $srow['topicid']) { $boxstuff .= "<strong><big>·</big></strong> <span class=\"pn-title\"><b>{$srow['topicname']}</b></span> <span class=\"pn-sub\">({$sdate})</span><br>"; } else { $boxstuff .= "<strong><big>·</big></strong> <a class=\"pn-normal\" href=\"modules.php?op=modload&name=News&file=index&catid={$catid}&topic={$srow['topicid']}\">{$srow['topicname']}</a> <span class=\"pn-sub\">({$sdate})</span><br>"; } } } } } $boxstuff .= '</span>'; if (empty($row['title'])) { $row['title'] = _TOPICS; } $row['content'] = $boxstuff; return themesideblock($row); }
function blocks_login_block($row) { global $HTTP_SERVER_VARS; if (empty($row['title'])) { $row['title'] = 'Login'; } if (!pnSecAuthAction(0, 'Loginblock::', "{$row['title']}::", ACCESS_READ)) { return; } // code taken pnGetBaseURI to fix issue with IIS not passing request_uri // markwest // Start of with REQUEST_URI if (isset($HTTP_SERVER_VARS['REQUEST_URI'])) { $path = $HTTP_SERVER_VARS['REQUEST_URI']; } else { $path = getenv('REQUEST_URI'); } if (empty($path) || substr($path, -1, 1) == '/') { // REQUEST_URI was empty or pointed to a path // Try looking at PATH_INFO $path = getenv('PATH_INFO'); if (empty($path)) { // No luck there either // Try SCRIPT_NAME if (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) { $path = $HTTP_SERVER_VARS['SCRIPT_NAME']; } else { $path = getenv('SCRIPT_NAME'); } } } if (!pnUserLoggedIn()) { // prettified a little with a table for inputs and button to avoid bugs like #493456 (Andy Varganov) $boxstuff = '<form action="user.php" method="post">'; $boxstuff .= '<table border="0" width="100%" cellspacing="0" cellpadding="1"><tr><td>'; $boxstuff .= '<span class="pn-normal"> ' . _BLOCKNICKNAME . '</span></td></tr><tr><td>'; $boxstuff .= '<input type="text" name="uname" size="14" maxlength="25"></td></tr><tr><td>'; $boxstuff .= '<span class="pn-normal"> ' . _BLOCKPASSWORD . '</span></td></tr><tr><td>'; $boxstuff .= '<input type="password" name="pass" size="14" maxlength="20"></td></tr><tr><td>'; if (pnConfigGetVar('seclevel') != 'High') { $boxstuff .= '<input type="checkbox" value="1" name="rememberme" />'; $boxstuff .= '<span class="pn-normal"> ' . _REMEMBERME . '</span></td></tr><tr><td>'; } $boxstuff .= '<br>'; $boxstuff .= '<input type="hidden" name="module" value="NS-User" />'; $boxstuff .= '<input type="hidden" name="op" value="login" />'; $boxstuff .= '<input type="hidden" name="url" value="' . pnVarPrepForDisplay($path) . '" />'; $boxstuff .= '<input type="submit" value="' . _LOGIN . '" /></td></tr><tr><td>'; $boxstuff .= '<br /><span class="pn-normal">' . _ASREGISTERED . '</span></td></tr><tr><td></table></form>'; if (empty($row['title'])) { $row['title'] = _LOGIN; } $row['content'] = $boxstuff; return themesideblock($row); } }
function search_comments_opt() { global $bgcolor2, $textcolor1, $info; $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (pnSecAuthAction(0, 'Stories::', "::", ACCESS_READ)) { $output->Text("<table border=\"0\" width=\"100%\"><tr bgcolor=\"{$bgcolor2}\"><td><font class=\"pn-normal\" style=\"text-color:{$textcolor1}\"><input type=\"checkbox\" name=\"active_comments\" id=\"active_comments\" value=\"1\" checked> " . _SEARCH_COMMENTS . "</font></td></tr></table>"); } return $output->GetOutput(); }
function admin_menu($help_file = '') { $pntable = pnDBGetTables(); list($newsubs) = db_select_one_row("SELECT count(*) FROM {$pntable['queue']}"); if (!pnSecAuthAction(0, "::", '::', ACCESS_EDIT)) { // suppress admin display - return to index. pnRedirect('index.php'); } else { menu_title('admin.php', _ADMINMENU); menu_graphic(pnConfigGetVar('admingraphic')); if ($help_file != '') { menu_help($help_file, _ONLINEMANUAL); } $mods = pnModGetAdminMods(); if ($mods == false) { // there aren't admin modules return; } foreach ($mods as $mod) { // Hack until the new news module comes into being // TODO - remove this at appropriate time if ($mod['name'] == 'AddStory') { $mod['name'] = 'Stories'; } if (pnSecAuthAction(0, "{$mod['name']}::", '::', ACCESS_EDIT)) { if (file_exists("modules/" . pnVarPrepForOS($mod['directory']) . "/pnadmin.php")) { $file = "modules/" . pnVarPrepForOS($mod['directory']) . "/pnimages/admin."; if (file_exists($file . 'gif')) { $imgfile = $file . 'gif'; } elseif (file_exists($file . 'jpg')) { $imgfile = $file . 'jpg'; } elseif (file_exists($file . 'png')) { $imgfile = $file . 'png'; } else { $imgfile = 'modules/NS-Admin/images/default.gif'; } menu_add_option(pnVarPrepForDisplay(pnModURL($mod['name'], 'admin')), $mod['displayname'], $imgfile); } else { $file = "modules/" . pnVarPrepForOS($mod['directory']) . "/images/admin."; if (file_exists($file . 'gif')) { $imgfile = $file . 'gif'; } elseif (file_exists($file . 'jpg')) { $imgfile = $file . 'jpg'; } elseif (file_exists($file . 'png')) { $imgfile = $file . 'png'; } else { $imgfile = 'modules/NS-Admin/images/default.gif'; } menu_add_option("admin.php?module={$mod['directory']}&op=main", $mod['displayname'], $imgfile); } } } } }
function Tools_admin_main() { // Permission check. if (!pnSecAuthAction(0, 'Tools::', '::', ACCESS_ADMIN)) { return pnVarPrepHTMLDisplay(_MODNOAUTH); } // Create a new output object. $pnRender =& new pnRender('Tools'); // Return template. return $pnRender->fetch('tools_admin.htm'); }
function blocks_php_block($row) { if (!pnSecAuthAction(0, 'PHPblock::', "{$row['title']}::", ACCESS_READ)) { return; } ob_start(); print eval($row['content']); $row['content'] = ob_get_contents(); ob_end_clean(); return themesideblock($row); }
function blocks_category_block($row) { global $topic, $catid; list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!pnSecAuthAction(0, 'Categoryblock::', "{$row['title']}::", ACCESS_READ)) { return; } if (pnConfigGetVar('multilingual') == 1) { $column =& $pntable['stories_column']; $querylang = "AND ({$column['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$column['alanguage']}='')"; /* the OR is needed to display stories who are posted to ALL languages */ } else { $querylang = ''; } $column =& $pntable['stories_cat_column']; $result = $dbconn->Execute("SELECT {$column['catid']} as catid, {$column['title']} as title FROM {$pntable['stories_cat']} ORDER BY {$column['title']}"); if ($result->EOF) { return; } else { $boxstuff = '<span class="pn-normal">'; if ($catid == "") { // $boxstuff .= '<strong><big>·</big></strong> <b>'._ALL_CATEGORIES.'</b><br />'; $boxstuff .= ""; } else { $boxstuff .= "<strong><big>·</big></strong> <a href=\"modules.php?op=modload&name=News&file=index&topic={$topic}\">" . _ALL_CATEGORIES . "</a><br />"; } for (; !$result->EOF; $result->MoveNext()) { $srow = $result->GetRowAssoc(false); if (pnSecAuthAction(0, 'Stories::Category', "{$srow['title']}::{$srow['catid']}", ACCESS_READ)) { $column =& $pntable['stories_column']; $result2 = $dbconn->Execute("SELECT {$column['time']} AS unixtime\n FROM {$pntable['stories']}\n WHERE {$column['catid']}=" . pnVarPrepForStore($srow['catid']) . " {$querylang}\n ORDER BY {$column['time']} DESC"); if (!$result2->EOF) { $story = $result2->GetRowAssoc(false); $story['unixtime'] = $result2->UnixTimeStamp($story['unixtime']); $sdate = ml_ftime(_DATEBRIEF, $story['unixtime']); if ($catid == $srow['catid']) { $boxstuff .= "<strong><big>·</big></strong> <span class=\"pn-title\"><b>" . pnVarPrepForDisplay($srow['title']) . "</b></span> <span class=\"pn-sub\">(" . pnVarPrepForDisplay($sdate) . ")</span><br />"; } else { $boxstuff .= "<strong><big>·</big></strong> <a class=\"pn-normal\" href=\"modules.php?op=modload&name=News&file=index&catid={$srow['catid']}&topic={$topic}\">" . pnVarPrepForDisplay($srow['title']) . "</a> <span class=\"pn-sub\">(" . pnVarPrepForDisplay($sdate) . ")</span><br />"; } } } } } $boxstuff .= '</span>'; if (empty($row['title'])) { $row['title'] = _CATEGORIES; } $row['content'] = $boxstuff; return themesideblock($row); }
function search_comments_opt() { global $bgcolor2, $textcolor1; if (!pnModAvailable('Comments')) { return; } $output =& new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (pnSecAuthAction(0, 'Stories::', "::", ACCESS_READ)) { $output->Text("<table border=\"0\" width=\"100%\"><tr style=\"background-color:{$bgcolor2}\"><td>\n\t\t<span style=\"text-color:{$textcolor1}\">\n\t\t<input type=\"checkbox\" name=\"active_comments\" id=\"active_comments\" value=\"1\" checked=\"checked\" tabindex=\"0\" /> \n\t\t<label for=\"active_comments\">" . _SEARCH_COMMENTS . "</label>\n\t\t</span></td></tr></table>"); } return $output->GetOutput(); }
function blocks_weblinks_display($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!pnSecAuthAction(0, 'Weblinksblock::', "{$row['title']}::", ACCESS_READ)) { return; } $url = explode('|', $row['url']); if (!$url[0]) { $row['content'] = 'You forgot to set the module name!'; return themesideblock($row); } if (!$url[1]) { $url[1] = 10; } $links_col =& $pntable['links_links_column']; $linksok = 0; $linkcount = 0; $result = $dbconn->Execute("SELECT {$links_col['cat_id']}, {$links_col['title']} FROM {$pntable['links_links']} ORDER BY {$links_col['date']} DESC"); while (list($cid, $title) = $result->fields) { $result->MoveNext(); $linkcount++; if (pnSecAuthAction(0, "Web Links::Category", "{$title}::{$cid}", ACCESS_READ)) { $linksok++; } if ($linksok == $url[1]) { break; } } $oldurl = $url[1]; $url[1] = $linkcount; $row['content'] = '<span class="pn-normal">'; $links_col =& $pntable['links_links_column']; $cats_col =& $pntable['links_categories_column']; $sql = "SELECT {$links_col['lid']} as lid, {$links_col['cat_id']} as catid, {$links_col['title']} as title, {$links_col['description']} as description, {$links_col['hits']} as hits, IF({$links_col['cat_id']}, CONCAT('/', {$cats_col['title']}), {$cats_col['title']}) AS cattitle\n FROM {$pntable['links_links']}\n LEFT JOIN {$pntable['links_categories']}\n ON {$cats_col['cat_id']}={$links_col['cat_id']}\n ORDER BY {$links_col['date']} DESC"; $result = $dbconn->SelectLimit($sql, $url[1]); while (!$result->EOF) { $lrow = $result->GetRowAssoc(false); if (pnSecAuthAction(0, "Web Links::Category", "{$lrow['cattitle']}::{$lrow['catid']}", ACCESS_READ)) { $lrow['title'] = pnVarPrepForDisplay($lrow['title']); $lrow['description'] = pnVarPrepHTMLDisplay($lrow['description']); $lrow['cattitle'] = pnVarPrepForDisplay($lrow['cattitle']); $row['content'] .= "<strong><big>·</big></strong> <a href=\"modules.php?op=modload&name={$url['0']}&file=index&req=visit&lid={$lrow['lid']}\" target=\"_blank\" title=\"{$lrow['cattitle']}:\n{$lrow['description']}\" class=\"pn-sub\">{$lrow['title']}</a><br>\n"; $result->MoveNext(); } } //$row['content'] .= "<div align=\"right\"><font class=\"pn-sub\"><a href=\"modules.php?op=modload&name=Web_Links&file=index&req=NewLinks&newlinkshowdays=10\">"._READMORE."</a></font></div>"; $row['content'] .= '</span>'; return themesideblock($row); }
function blocks_banner_block($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!pnSecAuthAction(0, "Bannersblock::", "{$row['title']}::", ACCESS_READ)) { return; } $url = explode('|', $row['url']); // to have some start variables if (!$url[0]) { $url[0] = "3"; } // get the banner through the new banner api and assign type $row['content'] = "<br><center>" . pnBannerDisplay($url[0]) . "</center>"; return themesideblock($row); }
/** * display block */ function template_firstblock_display($blockinfo) { // Security check if (!pnSecAuthAction(0, 'Template:Firstblock:', "{$blockinfo['title']}::", ACCESS_READ)) { return; } // Get variables from content block $vars = pnBlockVarsFromContent($blockinfo['content']); // Defaults if (empty($vars['numitems'])) { $vars['numitems'] = 5; } // Database information pnModDBInfoLoad('Template'); list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $templatetable = $pntable['template']; $templatecolumn =& $pntable['template_column']; // Query $sql = "SELECT {$templatecolumn['tid']},\n {$templatecolumn['name']}\n FROM {$templatetable}\n ORDER by {$templatecolumn['name']}"; $result = $dbconn->SelectLimit($sql, $vars['numitems']); if ($dbconn->ErrorNo() != 0) { return; } if ($result->EOF) { return; } // Create output object $output = new pnHTML(); // Display each item, permissions permitting for (; !$result->EOF; $result->MoveNext()) { list($tid, $name) = $result->fields; if (pnSecAuthAction(0, 'Template::', "{$name}::{$tid}", ACCESS_OVERVIEW)) { if (pnSecAuthAction(0, 'Template::', "{$name}::{$tid}", ACCESS_READ)) { $output->URL(pnModURL('Template', 'user', 'viewdetail', array('tid' => $tid)), $name); } else { $output->Text($name); } $output->Linebreak(); } } // Populate block info and pass to theme $blockinfo['content'] = $output->GetOutput(); return themesideblock($blockinfo); }
function blocks_user_block($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!pnSecAuthAction(0, 'Userblock::', "{$row['title']}::", ACCESS_READ)) { return; } if (pnUserLoggedIn() && pnUserGetVar('ublockon') == 1) { $column =& $pntable['users_column']; $uid = pnUserGetVar('uid'); $getblock = $dbconn->Execute("SELECT {$column['ublock']} FROM {$pntable['users']} WHERE {$column['uid']}=" . pnVarPrepForStore($uid) . ""); list($ublock) = $getblock->fields; $username = pnUserGetVar('name'); $row['title'] = _MENUFOR . " " . pnVarPrepForDisplay($username) . ""; $row['content'] = $ublock; return themesideblock($row); } }
/** * view items * This is a standard function to provide an overview of all of the items * available from the module. */ function postcalendar_user_view() { if (!pnSecAuthAction(0, 'PostCalendar::', '::', ACCESS_OVERVIEW)) { return _POSTCALENDARNOAUTH; } // get the vars that were passed in list($Date, $print, $viewtype, $jumpday, $jumpmonth, $jumpyear) = pnVarCleanFromInput('Date', 'print', 'viewtype', 'jumpday', 'jumpmonth', 'jumpyear'); $Date =& postcalendar_getDate(); if (!isset($viewtype)) { $viewtype = _SETTING_DEFAULT_VIEW; } // added to allow the view & providers to remain as the user last saw it -- JRM if ($_SESSION['viewtype']) { $viewtype = $_SESSION['viewtype']; } if ($_SESSION['pc_username']) { $pc_username = $_SESSION['pc_username']; } return postcalendar_user_display(array('viewtype' => $viewtype, 'Date' => $Date, 'print' => $print)) . postcalendar_footer(); }
function blocks_button_display($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!pnSecAuthAction(0, 'Buttonblock::', "{$row['title']}::", ACCESS_READ)) { return; } $buttons = array(); $column =& $pntable['blocks_buttons_column']; $result = $dbconn->Execute("SELECT {$column['title']} as title, {$column['url']} as url, {$column['images']} as images\n FROM {$pntable['blocks_buttons']}\n WHERE {$column['bid']}={$row['bid']}"); while (!$result->EOF) { $brow = $result->getRowAssoc(false); $result->MoveNext(); $buttons[] = $brow; } srand(time()); shuffle($buttons); shuffle($buttons); $row['content'] = '<span style="text-align:center">'; $content = 0; foreach ($buttons as $v) { $img = explode('|', $v['images']); if (count($img) > 1) { $x = rand(0, count($img) - 1); $img = $img[$x]; } else { $img = $img[0]; } $v['title'] = pnVarPrepForDisplay($v['title']); if (!pnSecAuthAction(0, 'Buttonblock::', "{$row['title']}:{$row['url']}:{$img}", ACCESS_READ)) { continue; } $imgsize = @getimagesize($img); $row['content'] .= "<a href=\"{$v['url']}\" target=\"_blank\" title=\"{$v['title']}\"><img src=\"{$img}\"\n alt=\"{$v['title']}\" border=\"0\" {$imgsize['3']} /></a><br />\n"; $content = 1; } $row['content'] .= '</span>'; if ($content == 1) { return themesideblock($row); } }
function blocks_big_block($row) { $pntable = pnDBGetTables(); if (!pnSecAuthAction(0, 'Bigblock::', "{$row['title']}::", ACCESS_READ)) { return; } $today = getdate(); $day = $today["mday"]; if ($day < 10) { $day = "0{$day}"; } $month = $today["mon"]; if ($month < 10) { $month = "0{$month}"; } $year = $today["year"]; $tdate = "{$year}-{$month}-{$day}"; $column =& $pntable['stories_column']; $articles = getArticles("{$column['time']} LIKE '%{$tdate}%'\n AND {$column['ihome']} = 0\n AND {$column['counter']} > 0", "{$column['counter']} DESC", "1"); if (empty($articles)) { return; } else { $info = genArticleInfo($articles[0]); if (pnSecAuthAction(0, 'Stories::Story', "{$info['aid']}:{$info['cattitle']}:{$info['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$info['topicname']}::{$info['tid']}", ACCESS_READ)) { $links = genArticleLinks($articles[0]); $preformat = genArticlePreformat($info, $links); $content = '<span class="pn-normal">' . _BIGSTORY . '</span><br /><br />'; $content .= $preformat['title']; } else { return; } } if (empty($row['title'])) { $row['title'] = _TODAYBIG; } if (empty($content)) { return; } $row['content'] = $content; return themesideblock($row); }
function blocks_finclude_block($row) { if (!pnSecAuthAction(0, "fincludeblock::", "{$row['title']}::", ACCESS_READ)) { return; } $url = explode('|', $row['url']); $file = $url[0]; $type = $url[1]; if (!file_exists($file)) { $row['content'] = "File: " . $file . " does not exist."; return themesideblock($row); } $lines = file($file); foreach ($lines as $line_num => $line) { if ($type == 1) { $row['content'] .= $line; } if ($type == 0) { $row['content'] .= $line . "<br/>"; } } return themesideblock($row); }
function blocks_online_block($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!pnSecAuthAction(0, 'Onlineblock::', "{$row['title']}::", ACCESS_READ)) { return; } $sessioninfocolumn =& $pntable['session_info_column']; $sessioninfotable = $pntable['session_info']; $sessioninfocolumn =& $pntable['session_info_column']; $sessioninfotable = $pntable['session_info']; $activetime = time() - pnConfigGetVar('secinactivemins') * 60; $query = "SELECT count( 1 )\n FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['lastused']} > {$activetime} AND {$sessioninfocolumn['uid']} >0\n\t\t GROUP BY {$sessioninfocolumn['uid']}\n\t\t "; $result = $dbconn->Execute($query); $numusers = $result->RecordCount(); $result->Close(); $query2 = "SELECT count( 1 )\n FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['lastused']} > {$activetime} AND {$sessioninfocolumn['uid']} = '0'\n\t\t\t GROUP BY {$sessioninfocolumn['ipaddr']}\n\t\t\t "; $result2 = $dbconn->Execute($query2); $numguests = $result2->RecordCount(); $result2->Close(); // Pluralise if ($numguests == 1) { $guests = _GUEST; } else { $guests = _GUESTS; } if ($numusers == 1) { $users = _MEMBER; } else { $users = _MEMBERS; } $content = "<span class=\"pn-normal\">" . _CURRENTLY . " " . pnVarPrepForDisplay($numguests) . " " . pnVarPrepForDisplay($guests) . " " . _AND . " " . pnVarPrepForDisplay($numusers) . " " . pnVarPrepForDisplay($users) . " " . _ONLINE . "<br />\n"; if (pnUserLoggedIn()) { $content .= '<br />' . _YOUARELOGGED . ' <b>' . pnUserGetVar('uname') . '</b>.<br />'; if (pnModAvailable('Messages')) { // display private messages only when module is active $column =& $pntable['priv_msgs_column']; $result2 = $dbconn->Execute("SELECT count(*) FROM {$pntable['priv_msgs']} WHERE {$column['to_userid']}=" . pnUserGetVar('uid')); list($numrow) = $result2->fields; // get unread messages $result3 = $dbconn->Execute("SELECT count(*) FROM {$pntable['priv_msgs']} WHERE {$column['to_userid']}=" . pnUserGetVar('uid') . " AND {$column['read_msg']}='0'"); list($unreadrow) = $result3->fields; if ($numrow == 0) { $content .= '<br /></span>'; } else { $content .= "<br />" . _YOUHAVE . " (<a class=\"pn-normal\" href=\"modules.php?op=modload&name=Messages&file=index\" title=\"" . _PRIVATEMSGS . "\">" . pnVarPrepForDisplay($numrow) . "</a>|<a class=\"pn-normal\" href=\"modules.php?op=modload&name=Messages&file=index\" title=\"" . _PRIVATEMSGNEW . "\">" . pnVarPrepForDisplay($unreadrow) . "</a>) "; if ($numrow == 1) { $content .= _PRIVATEMSG; } elseif ($numrow > 1) { $content .= _PRIVATEMSGS; } $content .= "</span><br />"; } } } else { $content .= '<br />' . _YOUAREANON . '</span><br />'; } if (empty($row['title'])) { $row['title'] = _WHOSONLINE; } $row['content'] = $content; return themesideblock($row); }
/** * Selects all of a given item from database. * * @param $from STRING required table name to select items from. * @return array of options for dropdowns. */ function Meds_userapi_DBselect($args) { // Initialize the return variable early on. $select = array(); // Permission check. if (!pnSecAuthAction(0, 'Meds::', '::', ACCESS_OVERVIEW)) { return $select; } // Define table to select from. (comparable to $object in other functions) $from = (string) $args['from']; // Define tables that can be selected from for dropdowns. $tables = array('chem', 'company', 'moa', 'preserve'); // Ensure a valid table name was passed. if (!in_array($from, $tables)) { pnSessionSetVar('errormsg', 'Error selecting table from database.'); return false; } // Get database connection and tables references. $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); // Dynamically create the table/field references based on $from. $table =& $pntable['rx_' . $from]; $field =& $pntable['rx_' . $from . '_column']; // Dynamically create the $id_field to select by. $id_field = substr($from, 0, 4) . '_id'; // Create SQL to select the id and name of the item. $sql = "SELECT {$field[$id_field]},\n {$field['name']}\n FROM {$table}\n ORDER BY {$field['name']}"; // Execute query. $result = $dbconn->Execute($sql); // Check for database errors. if ($dbconn->ErrorNo() != 0) { pnSessionSetVar('errormsg', _GETFAILED); return false; } // Loop through $result set. for (; !$result->EOF; $result->MoveNext()) { // Extract data from result set. list($id, $name) = $result->fields; // Assign the data to the select array. $select[$id] = array($id_field => $id, 'name' => $name); } // Close $result set. $result->Close(); // Return. return $select; }
// ---------------------------------------------------------------------- // Original Author of file: Francisco Burzi // Purpose of file: // ---------------------------------------------------------------------- // include base api include 'includes/pnAPI.php'; // start PN pnInit(); // Get module $module = pnVarCleanFromInput('module'); if (empty($module)) { // call for admin.php without module parameter pnRedirect(pnModURL('Admin', 'admin', 'adminpanel')); exit; } else { if (!pnModAvailable($module) || !pnSecAuthAction(0, "{$module}::", '::', ACCESS_EDIT)) { // call for an unavailable module - either not available or not authorized header('HTTP/1.0 403 Access Denied'); include 'header.php'; echo 'Module <strong>' . pnVarPrepForDisplay($module) . '</strong> not available'; include 'footer.php'; exit; } } // get the module information $modinfo = pnModGetInfo(pnModGetIDFromName($module)); if ($modinfo['type'] == 2 || $modinfo['type'] == 3) { // Redirect to new style admin panel pnRedirect(pnModURL($module, 'admin')); exit; }
function authorised($testrealm, $testcomponent, $testinstance, $testlevel) { $testrealm = isset($testrealm) ? $testrealm : null; $testcomponent = isset($testcomponent) ? $testcomponent : null; $testinstance = isset($testinstance) ? $testinstance : null; $testlevel = isset($testlevel) ? $testlevel : 0; // Wrapper for new pnSecAuthAction() function return pnSecAuthAction($testrealm, $testcomponent, $testinstance, $testlevel); }
/** * clean user input * <br> * Gets a global variable, cleaning it up to try to ensure that * hack attacks don't work * @param var name of variable to get * @param ... * @returns string/array * @return prepared variable if only one variable passed * in, otherwise an array of prepared variables */ function pnVarCleanFromInput() { $search = array('|</?\\s*SCRIPT.*?>|si', '|</?\\s*FRAME.*?>|si', '|</?\\s*OBJECT.*?>|si', '|</?\\s*META.*?>|si', '|</?\\s*APPLET.*?>|si', '|</?\\s*LINK.*?>|si', '|</?\\s*IFRAME.*?>|si', '|STYLE\\s*=\\s*"[^"]*"|si'); $replace = array(''); $resarray = array(); foreach (func_get_args() as $var) { // Get var global ${$var}; if (empty($var)) { return; } $ourvar = ${$var}; if (!isset($ourvar)) { array_push($resarray, NULL); continue; } if (empty($ourvar)) { array_push($resarray, $ourvar); continue; } // Clean var if (check_magic_quotes()) { pnStripslashes($ourvar); } if (!pnSecAuthAction(0, '::', '::', ACCESS_ADMIN)) { $ourvar = preg_replace($search, $replace, $ourvar); } // Add to result array array_push($resarray, $ourvar); } // Return vars if (func_num_args() == 1) { return $resarray[0]; } else { return $resarray; } }