Esempio n. 1
0
/**
 * Log the user in
 * @param uname the name of the user logging in
 * @param pass the password of the user logging in
 * @param whether or not to remember this login
 * @returns bool
 * @return true if the user successfully logged in, false otherwise
 */
function pnUserLogIn($uname, $pass, $rememberme)
{
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    if (!pnUserLoggedIn()) {
        // Get user information
        $userscolumn =& $pntable['users_column'];
        $userstable = $pntable['users'];
        $query = "SELECT {$userscolumn['uid']},\n                         {$userscolumn['pass']}\n                  FROM {$userstable}\n                  WHERE {$userscolumn['uname']} = '" . pnVarPrepForStore($uname) . "'";
        $result = $dbconn->Execute($query);
        if ($result->EOF) {
            return false;
        }
        list($uid, $realpass) = $result->fields;
        $result->Close();
        // Confirm that passwords match
        if (!comparePasswords($pass, $realpass, $uname, substr($realpass, 0, 2))) {
            return false;
        }
        // Set user session information (new table)
        $sessioninfocolumn =& $pntable['session_info_column'];
        $sessioninfotable = $pntable['session_info'];
        $query = "UPDATE {$sessioninfotable}\n                  SET {$sessioninfocolumn['uid']} = " . pnVarPrepForStore($uid) . "\n                  WHERE {$sessioninfocolumn['sessid']} = '" . pnVarPrepForStore(session_id()) . "'";
        $dbconn->Execute($query);
        // Set session variables
        pnSessionSetVar('uid', (int) $uid);
        if (!empty($rememberme)) {
            pnSessionSetVar('rememberme', 1);
        }
    }
    return true;
}
Esempio n. 2
0
/**
 * confirm an authorisation key is valid
 * <br>
 * See description of <code>pnSecGenAuthKey</code> for information on
 * this function
 * @public
 * @returns bool
 * @return true if the key is valid, false if it is not
 */
function pnSecConfirmAuthKey($preview = false)
{
    list($module, $authid) = pnVarCleanFromInput('module', 'authid');
    // Regenerate static part of key
    $partkey = pnSessionGetVar('rand') . strtolower($module);
    if (md5($partkey) == $authid) {
        // Match - generate new random number for next key and leave happy
        if (!$preview) {
            srand((double) microtime() * 1000000);
            pnSessionSetVar('rand', rand());
        }
        return true;
    }
    // Not found, assume invalid
    return false;
}
Esempio n. 3
0
/**
 * This is a standard function to update the configuration parameters of the
 * module given the information passed back by the modification form
 */
function template_admin_updateconfig()
{
    // Get parameters from whatever input we need.  All arguments to this
    // function should be obtained from pnVarCleanFromInput(), getting them
    // from other places such as the environment is not allowed, as that makes
    // assumptions that will not hold in future versions of PostNuke
    $bold = pnVarCleanFromInput('bold');
    // Confirm authorisation code.  This checks that the form had a valid
    // authorisation code attached to it.  If it did not then the function will
    // proceed no further as it is possible that this is an attempt at sending
    // in false data to the system
    if (!pnSecConfirmAuthKey()) {
        pnSessionSetVar('errormsg', _BADAUTHKEY);
        pnRedirect(pnModURL('Template', 'admin', 'view'));
        return true;
    }
    // Update module variables.  Note that depending on the HTML structure used
    // to obtain the information from the user it is possible that the values
    // might be unset, so it is important to check them all and assign them
    // default values if required
    if (!isset($bold)) {
        $bold = 0;
    }
    pnModSetVar('template', 'bold', $bold);
    if (!isset($itemsperpage)) {
        $itemsperpage = 10;
    }
    pnModSetVar('template', 'itemsperpage', $itemsperpage);
    // This function generated no output, and so now it is complete we redirect
    // the user to an appropriate page for them to carry on their work
    pnRedirect(pnModURL('Template', 'admin', 'view'));
    // Return
    return true;
}
Esempio n. 4
0
/** 
 * Selects all of a given item from database.
 * 
 * @param  $from   STRING  required    table name to select items from.
 * @return array of options for dropdowns. 
 */
function Meds_userapi_DBselect($args)
{
    // Initialize the return variable early on.
    $select = array();
    // Permission check.
    if (!pnSecAuthAction(0, 'Meds::', '::', ACCESS_OVERVIEW)) {
        return $select;
    }
    // Define table to select from. (comparable to $object in other functions)
    $from = (string) $args['from'];
    // Define tables that can be selected from for dropdowns.
    $tables = array('chem', 'company', 'moa', 'preserve');
    // Ensure a valid table name was passed.
    if (!in_array($from, $tables)) {
        pnSessionSetVar('errormsg', 'Error selecting table from database.');
        return false;
    }
    // Get database connection and tables references.
    $dbconn =& pnDBGetConn(true);
    $pntable =& pnDBGetTables();
    // Dynamically create the table/field references based on $from.
    $table =& $pntable['rx_' . $from];
    $field =& $pntable['rx_' . $from . '_column'];
    // Dynamically create the $id_field to select by.
    $id_field = substr($from, 0, 4) . '_id';
    // Create SQL to select the id and name of the item.
    $sql = "SELECT {$field[$id_field]},\n                   {$field['name']}\n              FROM {$table}\n          ORDER BY {$field['name']}";
    // Execute query.
    $result = $dbconn->Execute($sql);
    // Check for database errors.
    if ($dbconn->ErrorNo() != 0) {
        pnSessionSetVar('errormsg', _GETFAILED);
        return false;
    }
    // Loop through $result set.
    for (; !$result->EOF; $result->MoveNext()) {
        // Extract data from result set.
        list($id, $name) = $result->fields;
        // Assign the data to the select array.
        $select[$id] = array($id_field => $id, 'name' => $name);
    }
    // Close $result set.
    $result->Close();
    // Return.
    return $select;
}
/**
 * confirm an authorisation key is valid
 * <br />
 * See description of <code>pnSecGenAuthKey</code> for information on
 * this function
 * 
 * @public 
 * @return bool true if the key is valid, false if it is not
 */
function pnSecConfirmAuthKey()
{
    list($module, $authid) = pnVarCleanFromInput('module', 'authid');
    // get the module info
    $modinfo = pnModGetInfo(pnModGetIDFromName($module));
    // Regenerate static part of key
    $partkey = pnSessionGetVar('rand') . strtolower($modinfo['name']);
    // Not using time-sensitive keys for the moment
    // // Key life is 5 minutes, so search backwards and forwards 5
    // // minutes to see if there is a match anywhere
    // for ($i=-5; $i<=5; $i++) {
    // $testdate  = mktime(date('G'), date('i')+$i, 0, date('m') , date('d'), date('Y'));
    // $testauthid = md5($partkey . date('YmdGi', $testdate));
    // if ($testauthid == $authid) {
    // // Match
    // // We've used up the current random
    // // number, make up a new one
    // srand((double)microtime()*1000000);
    // pnSessionSetVar('rand', rand());
    // return true;
    // }
    // }
    if (md5($partkey) == $authid) {
        // Match - generate new random number for next key and leave happy
        srand((double) microtime() * 1000000);
        pnSessionSetVar('rand', rand());
        return true;
    }
    // Not found, assume invalid
    return false;
}
Esempio n. 6
0
/**
 * Initialise PostNuke
 * <br>
 * Carries out a number of initialisation tasks to get PostNuke up and
 * running.
 * @returns void
 */
function pnInit()
{
    // proper error_repoting
    // e_all for development
    // error_reporting(E_ALL);
    // without warnings and notices for release
    error_reporting(E_ALL & ~E_NOTICE & ~E_WARNING & ~E_DEPRECATED);
    // Hack for some weird PHP systems that should have the
    // LC_* constants defined, but don't
    if (!defined('LC_TIME')) {
        define('LC_TIME', 'LC_TIME');
    }
    // ADODB configuration
    define('ADODB_DIR', 'pnadodb');
    require 'pnadodb/adodb.inc.php';
    // Temporary fix for hacking the hlpfile global
    // TODO - remove with pre-0.71 code
    global $hlpfile;
    $hlpfile = '';
    // Initialise and load configuration
    global $pnconfig, $pndebug;
    $pnconfig = array();
    include 'config.php';
    // Set up multisites
    // added this @define for .71, ugly ?
    // i guess the E_ALL stuff.
    @define('WHERE_IS_PERSO', '');
    // Initialise and load pntables
    global $pntable;
    $pntable = array();
    // if a multisite has its own pntables.
    if (file_exists(WHERE_IS_PERSO . 'pntables.php')) {
        include WHERE_IS_PERSO . 'pntables.php';
    } else {
        require 'pntables.php';
    }
    // Decode encoded DB parameters
    if ($pnconfig['encoded']) {
        $pnconfig['dbuname'] = base64_decode($pnconfig['dbuname']);
        $pnconfig['dbpass'] = base64_decode($pnconfig['dbpass']);
        $pnconfig['encoded'] = 0;
    }
    // Connect to database
    if (!pnDBInit()) {
        die('Database initialisation failed');
    }
    // debugger if required
    if ($pndebug['debug']) {
        include_once 'includes/lensdebug.inc.php';
        global $dbg, $debug_sqlcalls;
        $dbg = new LensDebug();
        $debug_sqlcalls = 0;
    }
    // Build up old config array
    pnConfigInit();
    // Set compression on if desired
    //
    if (pnConfigGetVar('UseCompression') == 1) {
        ob_start("ob_gzhandler");
    }
    // Other includes
    include 'includes/pnSession.php';
    include 'includes/pnUser.php';
    // Start session
    if (!pnSessionSetup()) {
        die('Session setup failed');
    }
    if (!pnSessionInit()) {
        die('Session initialisation failed');
    }
    include 'includes/security.php';
    // See if a language update is required
    $newlang = pnVarCleanFromInput('newlang');
    if (!empty($newlang)) {
        $lang = $newlang;
        pnSessionSetVar('lang', $newlang);
    } else {
        $lang = pnSessionGetVar('lang');
    }
    // Load global language defines
    if (isset($lang) && file_exists('language/' . pnVarPrepForOS($lang) . '/global.php')) {
        $currentlang = $lang;
    } else {
        $currentlang = pnConfigGetVar('language');
        pnSessionSetVar('lang', $currentlang);
    }
    include 'language/' . pnVarPrepForOS($currentlang) . '/global.php';
    include 'modules/NS-Languages/api.php';
    // Cross-Site Scripting attack defense - Sent by larsneo
    // some syntax checking against injected javascript
    $pnAntiCrackerMode = pnConfigGetVar('pnAntiCracker');
    if ($pnAntiCrackerMode == 1) {
        pnSecureInput();
    }
    // Banner system
    include 'includes/pnBanners.php';
    // Other other includes
    include 'includes/advblocks.php';
    include 'includes/counter.php';
    include 'includes/pnHTML.php';
    include 'includes/pnMod.php';
    include 'includes/queryutil.php';
    include 'includes/xhtml.php';
    include 'includes/oldfuncs.php';
    // Handle referer
    if (pnConfigGetVar('httpref') == 1) {
        include 'referer.php';
        httpreferer();
    }
    return true;
}
Esempio n. 7
0
/**
 * load an API for a module
 * @param modname - registered name of the module
 * @param type - type of functions to load
 * @returns bool
 * @return true on success, false on failure
 */
function pnModAPILoad($modname, $type = 'user')
{
    static $loaded = array();
    if (empty($modname)) {
        return false;
    }
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    if (!empty($loaded["{$modname}{$type}"])) {
        // Already loaded from somewhere else
        return true;
    }
    $modulestable = $pntable['modules'];
    $modulescolumn =& $pntable['modules_column'];
    $query = "SELECT {$modulescolumn['name']},\n                     {$modulescolumn['directory']},\n                     {$modulescolumn['state']}\n              FROM {$modulestable}\n              WHERE {$modulescolumn['name']} = '" . pnVarPrepForStore($modname) . "'";
    $result = $dbconn->Execute($query);
    if ($dbconn->ErrorNo() != 0) {
        return;
    }
    if ($result->EOF) {
        pnSessionSetVar('errmsg', "Unknown module {$modname}");
        return false;
    }
    list($name, $directory, $state) = $result->fields;
    $result->Close();
    list($osdirectory, $ostype) = pnVarPrepForOS($directory, $type);
    $osfile = "modules/{$osdirectory}/pn{$ostype}api.php";
    if (!file_exists($osfile)) {
        // File does not exist
        return false;
    }
    // Load the file
    include $osfile;
    $loaded["{$modname}{$type}"] = 1;
    // Load the module language files
    $currentlang = pnUserGetLang();
    $defaultlang = pnConfigGetVar('language');
    if (empty($defaultlang)) {
        $defaultlang = 'eng';
    }
    list($oscurrentlang, $osdefaultlang) = pnVarPrepForOS($currentlang, $defaultlang);
    if (file_exists("modules/{$osdirectory}/pnlang/{$oscurrentlang}/{$ostype}api.php")) {
        include "modules/{$osdirectory}/pnlang/{$oscurrentlang}/{$ostype}api.php";
    } elseif (file_exists("modules/{$osdirectory}/pnlang/{$osdefaultlang}/{$ostype}api.php")) {
        include "modules/{$osdirectory}/pnlang/{$osdefaultlang}/{$ostype}api.php";
    }
    // Load datbase info
    pnModDBInfoLoad($modname, $directory);
    return true;
}
Esempio n. 8
0
function Lenses_adminapi_update_lens($args)
{
    // Permission check.
    if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_ADMIN)) {
        pnSessionSetVar('errormsg', _MODULENOAUTH);
        return false;
    }
    // Extract arguments.  In this case, $lens.
    extract($args);
    // Extract lens array.
    extract($lens_data);
    // Ensure valid values were passed in.
    if (empty($tid) || !is_numeric($tid) || empty($name) || !is_string($name)) {
        pnSessionSetVar('errormsg', _MODARGSERROR);
        return false;
    }
    // Check if lens exists.
    if (!pnModAPIFunc('Lenses', 'user', 'get', array('item_id' => $tid, 'item_type' => 'lens'))) {
        pnSessionSetVar('errormsg', _NOSUCHITEM);
        return false;
    }
    // Get a reference to the database object.
    $dbconn =& pnDBGetConn(true);
    // Get a reference to PostNuke's table info.
    $pntable =& pnDBGetTables();
    // Define table and column to work with.
    $lenses_table =& $pntable['lenses'];
    $lenses_field =& $pntable['lenses_column'];
    // NOTE: We need to take care of a few preliminaries
    //       before passing the data off to the database
    //       for storage.  Specifically:
    //       1) Get today's date        - $updated
    // Today's date.
    $updated = date('Y-m-d');
    // NOTE: There would typically be a list() of all variables here
    //       which would be prepped for db storage before being used
    //       in the $sql query below.  This is not the case when the
    //       new lens is being inserted as this effectively adds apx
    //       165 lines of code between here and the $sql query.  The
    //       data is instead cleaned, still via pnVarPrepForStore(),
    //       as it would have been done here in a list(); the only
    //       difference here is that the data is cleaned AS the $sql
    //       query string is created, instead of BEFOREHAND.
    // Create sql to insert lens.
    $sql = "UPDATE {$lenses_table}\n               SET {$lenses_field['name']}                  = '" . pnVarPrepForStore($name) . "',\n                   {$lenses_field['aliases']}               = '" . pnVarPrepForStore($aliases) . "',\n                   {$lenses_field['comp_id']}               = '" . pnVarPrepForStore($comp_id) . "',\n                   {$lenses_field['poly_id']}               = '" . pnVarPrepForStore($poly_id) . "',\n                   {$lenses_field['visitint']}              = '" . pnVarPrepForStore($visitint) . "',\n                   {$lenses_field['ew']}                    = '" . pnVarPrepForStore($ew) . "',\n                   {$lenses_field['ct']}                    = '" . pnVarPrepForStore($ct) . "',\n                   {$lenses_field['dk']}                    = '" . pnVarPrepForStore($dk) . "',\n                   {$lenses_field['oz']}                    = '" . pnVarPrepForStore($oz) . "',\n                   {$lenses_field['process_text']}          = '" . pnVarPrepForStore($process_text) . "',\n                   {$lenses_field['process_simple']}        = '" . pnVarPrepForStore($process_simple) . "',\n                   {$lenses_field['qty']}                   = '" . pnVarPrepForStore($qty) . "',\n                   {$lenses_field['replace_simple']}        = '" . pnVarPrepForStore($replace_simple) . "',\n                   {$lenses_field['replace_text']}          = '" . pnVarPrepForStore($replace_text) . "',\n                   {$lenses_field['wear']}                  = '" . pnVarPrepForStore($wear) . "',\n                   {$lenses_field['price']}                 = '" . pnVarPrepForStore($price) . "',\n                   {$lenses_field['markings']}              = '" . pnVarPrepForStore($markings) . "',\n                   {$lenses_field['fitting_guide']}         = '" . pnVarPrepForStore($fitting_guide) . "',\n                   {$lenses_field['website']}               = '" . pnVarPrepForStore($website) . "',\n                   {$lenses_field['image']}                 = '" . pnVarPrepForStore($image) . "',\n                   {$lenses_field['other_info']}            = '" . pnVarPrepForStore($other_info) . "',\n                   {$lenses_field['discontinued']}          = '" . pnVarPrepForStore($discontinued) . "',\n                   {$lenses_field['display']}               = '" . pnVarPrepForStore($display) . "',\n                   {$lenses_field['redirect']}              = '" . pnVarPrepForStore($redirect) . "',\n                   {$lenses_field['bc_simple']}             = '" . pnVarPrepForStore($bc_simple) . "',\n\t\t\t\t   {$lenses_field['bc_all']}            \t= '" . pnVarPrepForStore($bc_all) . "',\n                   {$lenses_field['max_plus']}              = '" . pnVarPrepForStore($max_plus) . "',\n                   {$lenses_field['max_minus']}             = '" . pnVarPrepForStore($max_minus) . "',\n                   {$lenses_field['max_diam']}              = '" . pnVarPrepForStore($max_diam) . "',\n                   {$lenses_field['min_diam']}              = '" . pnVarPrepForStore($min_diam) . "',\n                   {$lenses_field['diam_1']}                = '" . pnVarPrepForStore($diam_1) . "',\n                   {$lenses_field['base_curves_1']}         = '" . pnVarPrepForStore($base_curves_1) . "',\n                   {$lenses_field['powers_1']}              = '" . pnVarPrepForStore($powers_1) . "',\n                   {$lenses_field['diam_2']}                = '" . pnVarPrepForStore($diam_2) . "',\n                   {$lenses_field['base_curves_2']}         = '" . pnVarPrepForStore($base_curves_2) . "',\n                   {$lenses_field['powers_2']}              = '" . pnVarPrepForStore($powers_2) . "',\n                   {$lenses_field['diam_3']}                = '" . pnVarPrepForStore($diam_3) . "',\n                   {$lenses_field['base_curves_3']}         = '" . pnVarPrepForStore($base_curves_3) . "',\n                   {$lenses_field['powers_3']}              = '" . pnVarPrepForStore($powers_3) . "',\n\t\t\t\t   {$lenses_field['sph_notes']}            = '" . pnVarPrepForStore($sph_notes) . "',\n           \n                   {$lenses_field['toric']}                 = '" . pnVarPrepForStore($toric) . "',\n                   {$lenses_field['toric_type']}            = '" . pnVarPrepForStore($toric_type) . "',\n                   {$lenses_field['toric_type_simple']}     = '" . pnVarPrepForStore($toric_type_simple) . "',\n                   {$lenses_field['cyl_power']}             = '" . pnVarPrepForStore($cyl_power) . "',\n                   {$lenses_field['max_cyl_power']}         = '" . pnVarPrepForStore($max_cyl_power) . "',\n                   {$lenses_field['cyl_axis']}              = '" . pnVarPrepForStore($cyl_axis) . "',\n                   {$lenses_field['cyl_axis_steps']}        = '" . pnVarPrepForStore($cyl_axis_steps) . "',\n                   {$lenses_field['oblique']}               = '" . pnVarPrepForStore($oblique) . "',\n\t\t\t\t   {$lenses_field['cyl_notes']}               = '" . pnVarPrepForStore($cyl_notes) . "',\n                  \n                   {$lenses_field['bifocal']}               = '" . pnVarPrepForStore($bifocal) . "',\n                   {$lenses_field['bifocal_type']}          = '" . pnVarPrepForStore($bifocal_type) . "',\n                   {$lenses_field['add_text']}              = '" . pnVarPrepForStore($add_text) . "',\n                   {$lenses_field['max_add']}               = '" . pnVarPrepForStore($max_add) . "',\n                   {$lenses_field['cosmetic']}              = '" . pnVarPrepForStore($cosmetic) . "',\n                   {$lenses_field['enh_names']}             = '" . pnVarPrepForStore($enh_names) . "',\n                   {$lenses_field['enh_names_simple']}      = '" . pnVarPrepForStore($enh_names_simple) . "',\n                   {$lenses_field['opaque_names']}          = '" . pnVarPrepForStore($opaque_names) . "',\n                   {$lenses_field['opaque_names_simple']}   = '" . pnVarPrepForStore($opaque_names_simple) . "',\n                   {$lenses_field['updated']}               = '" . date('Y-m-d') . "'\n             WHERE {$lenses_field['tid']}                   = '" . (int) pnVarPrepForStore($tid) . "'\n             ";
    // Execute the SQL query.
    $result = $dbconn->Execute($sql);
    // Check for any database errors.
    if ($dbconn->ErrorNo() != 0) {
        pnSessionSetVar('errormsg', _UPDATEFAILED . '<br />' . mysql_error());
        return false;
    }
    // Start a new output object.
    // This function isn't an output function, but needs an output
    // object started before the cache can be cleared.
    $pnRender =& new pnRender('Lenses');
    // Clear the cache.
    $pnRender->clear_cache();
    // Return success.
    return true;
}
Esempio n. 9
0
function modules_admin_regenerate()
{
    // Security check
    if (!pnSecConfirmAuthKey()) {
        pnSessionSetVar('errormsg', _BADAUTHKEY);
        pnRedirect(pnModURL('Modules', 'admin', 'list'));
        return true;
    }
    // Load in API
    pnModAPILoad('Modules', 'admin');
    // Regenerate modules
    if (pnModAPIFunc('Modules', 'admin', 'regenerate')) {
        // Success
        pnSessionSetVar('statusmsg', _MODREGENERATED);
    }
    pnRedirect(pnModURL('Modules', 'admin', 'list'));
    return true;
}
Esempio n. 10
0
/**
 * upgrade the template module from an old version
 * This function can be called multiple times
 */
function template_upgrade($oldversion)
{
    // Upgrade dependent on old version number
    switch ($oldversion) {
        case 0.5:
            // Version 0.5 didn't have a 'number' field, it was added
            // in version 1.0
            // Get datbase setup - note that both pnDBGetConn() and pnDBGetTables()
            // return arrays but we handle them differently.  For pnDBGetConn()
            // we currently just want the first item, which is the official
            // database handle.  For pnDBGetTables() we want to keep the entire
            // tables array together for easy reference later on
            // This code could be moved outside of the switch statement if
            // multiple upgrades need it
            list($dbconn) = pnDBGetConn();
            $pntable = pnDBGetTables();
            // It's good practice to name the table and column definitions you
            // are getting - $table and $column don't cut it in more complex
            // modules
            // This code could be moved outside of the switch statement if
            // multiple upgrades need it
            $templatetable = $pntable['template'];
            $templatecolumn =& $pntable['template_column'];
            // Add a column to the table - the formatting here is not
            // mandatory, but it does make the SQL statement relatively easy
            // to read.  Also, separating out the SQL statement from the
            // Execute() command allows for simpler debug operation if it is
            // ever needed
            $sql = "ALTER TABLE {$templatetable}\n                    ADD {$templatecolumn['number']} int(5) NOT NULL default 0";
            $dbconn->Execute($sql);
            // Check for an error with the database code, and if so set an
            // appropriate error message and return
            if ($dbconn->ErrorNo() != 0) {
                pnSessionSetVar('errormsg', _UPDATETABLEFAILED);
                return false;
            }
            // At the end of the successful completion of this function we
            // recurse the upgrade to handle any other upgrades that need
            // to be done.  This allows us to upgrade from any version to
            // the current version with ease
            return template_upgrade(1.0);
        case 1.0:
            // Code to upgrade from version 1.0 goes here
            break;
        case 2.0:
            // Code to upgrade from version 2.0 goes here
            break;
    }
    // Update successful
    return true;
}
Esempio n. 11
0
/** Initialise session. 
 * @return      bool 
 */
function pnSessionInit()
{
    global $HTTP_SERVER_VARS;
    // Fetch database aliases
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    // First thing we do is ensure that there is no attempted pollution
    // of the session namespace
    foreach ($GLOBALS as $k => $v) {
        if (preg_match('/^PNSV/', $k)) {
            return false;
        }
    }
    // Kick it
    session_start();
    // Have to re-write the cache control header to remove no-save, this
    // allows downloading of files to disk for application handlers
    // adam_baum - no-cache was stopping modules (andromeda) from caching the playlists, et al.
    // any strange behaviour encountered, revert to commented out code.
    //Header('Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0');
    Header('Cache-Control: cache');
    // Get session id
    $sessid = session_id();
    // Get (actual) client IP addr
    $ipaddr = $HTTP_SERVER_VARS['REMOTE_ADDR'];
    if (empty($ipaddr)) {
        $ipaddr = getenv('REMOTE_ADDR');
    }
    if (!empty($HTTP_SERVER_VARS['HTTP_CLIENT_IP'])) {
        $ipaddr = $HTTP_SERVER_VARS['HTTP_CLIENT_IP'];
    }
    $tmpipaddr = getenv('HTTP_CLIENT_IP');
    if (!empty($tmpipaddr)) {
        $ipaddr = $tmpipaddr;
    }
    if (!empty($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])) {
        $ipaddr = preg_replace('/,.*/', '', $HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']);
    }
    $tmpipaddr = getenv('HTTP_X_FORWARDED_FOR');
    if (!empty($tmpipaddr)) {
        $ipaddr = preg_replace('/,.*/', '', $tmpipaddr);
    }
    // END IP addr retrieval
    // Table columns used to store session data in database
    $sessioninfocolumn =& $pntable['session_info_column'];
    $sessioninfotable = $pntable['session_info'];
    // Find out if session already exists
    $query = "SELECT {$sessioninfocolumn['ipaddr']}\n              FROM {$sessioninfotable}\n              WHERE {$sessioninfocolumn['sessid']} = '" . pnVarPrepForStore($sessid) . "'";
    $result = $dbconn->Execute($query);
    if ($dbconn->ErrorNo() != 0) {
        return false;
    }
    // Die on any error except "no results"
    // Session already exists, we define it as current
    if (!$result->EOF) {
        $result->Close();
        pnSessionCurrent($sessid);
    } else {
        pnSessionNew($sessid, $ipaddr);
        // Generate a random number, used for
        // some authentication
        srand((double) microtime() * 1000000);
        pnSessionSetVar('rand', rand());
    }
    return true;
}
Esempio n. 12
0
function httpreferer()
{
    /***
     * Here we set up some variables for the rest of the script.
     * if you want to see whats going on, set $DEBUG to 1
     * I use $httphost here because i dont want to deal with the need to have
     * to see if $nuke_url is set correctly and whatnot. if you prefer to use
     * $nuke_url isntead of HTTP_HOST, just uncomment the appropriate lines.
     */
    $DEBUG = 0;
    $httpreferer = pnServerGetVar('HTTP_REFERER');
    $httphost = pnServerGetVar('HTTP_HOST');
    $dbconn =& pnDBGetConn(true);
    $pntable =& pnDBGetTables();
    if ($DEBUG == 1) {
        echo 'HTTP_HOST = ' . pnVarPrepForDisplay($httphost) . '<br /> HTTP_REFERER = ' . pnVarPrepForDisplay($httpreferer) . '<br />';
    }
    /***
     * This is the first thing we need to check. what this does is see if
     * HTTP_HOST is anywhere in HTTP_REFERER. This is so we dont log hits coming
     * from our own domain.
     */
    if (!ereg("{$httphost}", $httpreferer)) {
        /***
         * If $httpreferer is not set, set $httpreferer to value "bookmark"
         * This is to show how many people have this bookmarked or type in the
         * URL into the browser. also so we dont have empty referers.
         */
        if ($httpreferer == '') {
            $httpreferer = 'bookmark';
        }
        $httpreferer = trim($httpreferer);
        $writeref = true;
        $refex = pnConfigGetVar('httprefexcluded');
        if (!empty($refex)) {
            $refexclusion = explode(' ', $refex);
            $count = count($refexclusion);
            $eregicondition = "((";
            for ($i = 0; $i < $count; $i++) {
                if ($i != $count - 1) {
                    $eregicondition .= $refexclusion[$i] . ")|(";
                } else {
                    $eregicondition .= $refexclusion[$i] . "))";
                }
            }
            if (eregi($eregicondition, $httpreferer)) {
                $writeref = false;
            }
        }
        if ($writeref == true) {
            // grab a reference to our table column defs for easier reading below
            $column =& $pntable['referer_column'];
            /***
             * Lets select from the table where we have $httpreferer (whether it be
             * a valid referer or 'bookmark'. if we return 1 row, that means someones
             * used this referer before and update the set appropriatly.
             *
             * If we dont have any rows (it returns 0), we have a new entry in the
             * table, update accordingly.
             *
             * After we figure out what SQL statement we are using, lets perform the
             * query and we're done !
             */
            $check_sql = "SELECT count({$column['rid']}) as c\n                      FROM {$pntable['referer']}\n                      WHERE {$column['url']} = '" . pnVarPrepForStore($httpreferer) . "'";
            $result =& $dbconn->Execute($check_sql);
            if ($dbconn->ErrorNo() != 0) {
                pnSessionSetVar('errormsg', 'Error: ' . $dbconn->ErrorNo() . ': ' . $dbconn->ErrorMsg());
                return false;
            }
            $row = $result->fields;
            $count = $row[0];
            if ($count == 1) {
                $update_sql = "UPDATE {$pntable['referer']}\n                           SET {$column['frequency']} = {$column['frequency']} + 1\n                           WHERE {$column['url']} = '" . pnVarPrepForStore($httpreferer) . "'";
            } else {
                /***
                 * "auto-increment" isn't portable so we have to use the standard
                 * interface for grabbing sequence numbers.  The underlying
                 * implementation handles the correct method for the RDBMS we are
                 * using.
                 */
                $rid = $dbconn->GenId($pntable['referer'], true);
                $update_sql = "INSERT INTO {$pntable['referer']}\n                             ({$column['rid']},\n                              {$column['url']},\n                              {$column['frequency']})\n                           VALUES\n                             (" . pnVarPrepForStore($rid) . ",\n                              '" . pnVarPrepForStore($httpreferer) . "',\n                              1)";
            }
            $result =& $dbconn->Execute($update_sql);
            if ($dbconn->ErrorNo() != 0) {
                pnSessionSetVar('errormsg', 'Error: ' . $dbconn->ErrorNo() . ': ' . $dbconn->ErrorMsg());
                return false;
            }
            if ($DEBUG == 1) {
                echo "<br />" . $check_sql . "<br />" . $update_sql . "<br />";
            }
        }
    }
}
Esempio n. 13
0
function pollCollector($pollID, $voteID, $forwarder)
{
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    // Check that the user hasn't voted for this poll already
    if (pnSessionGetVar("poll_voted{$pollID}")) {
        $warn = "You already voted today!";
    } else {
        pnSessionSetVar("poll_voted{$pollID}", 1);
        $column =& $pntable['poll_data_column'];
        $dbconn->Execute("UPDATE {$pntable['poll_data']} SET {$column['optioncount']}={$column['optioncount']}+1 WHERE ({$column['pollid']}=" . (int) pnVarPrepForStore($pollID) . ") AND ({$column['voteid']}=" . (int) pnVarPrepForStore($voteID) . ")");
        $column =& $pntable['poll_desc_column'];
        $dbconn->Execute("UPDATE {$pntable['poll_desc']} SET {$column['voters']}={$column['voters']}+1 WHERE {$column['pollid']}=" . (int) pnVarPrepForStore($pollID) . "");
    }
    pnRedirect($forwarder);
}
Esempio n. 14
0
function Lenses_delete()
{
    // Get a reference to the database connection and PN tables.
    $dbconn =& pnDBGetConn(true);
    $pntable =& pnDBGetTables();
    // Create a new data object.
    $dict =& NewDataDictionary($dbconn);
    // The SQL to delete all module tables is setup inside $schema.
    // Notable is that table names are passed directly by reference
    // instead of pre-assigning the references to an intermediary
    // variable.  Setting up the tables as $schema allows for a loop
    // to delete all tables with only a single block of table-deletion
    // and error-checking code.
    $schema[] = $dict->DropTableSQL(&$pntable['lenses']);
    $schema[] = $dict->DropTableSQL(&$pntable['lenses_companies']);
    $schema[] = $dict->DropTableSQL(&$pntable['lenses_polymers']);
    // Loop through $schema array.
    foreach ($schema as $sqlarray) {
        // Run SQL query and check for database error.
        if ($dict->ExecuteSQLArray($sqlarray) != 2) {
            // Set an error message.
            pnSessionSetVar('errormsg', _LENSES_DROP_TABLE_FAILURE);
            // Report failure.
            return false;
        }
    }
    // Delete any lingering module variables.
    pnModDelVar('Lenses');
    // Module deletion successful.  Report success.
    return true;
}
Esempio n. 15
0
function dplink_admin_updateconfig()
{
    // Get parameters from whatever input we need.
    $_loc = pnVarCleanFromInput('url');
    $_window = pnVarCleanFromInput('use_window');
    $_wrap = pnVarCleanFromInput('use_postwrap');
    // Confirm authorisation code.
    if (!pnSecConfirmAuthKey()) {
        pnSessionSetVar('errormsg', _BADAUTHKEY);
        pnRedirect(pnModURL('dplink', 'admin', ''));
        return true;
    }
    // Update module variables.
    pnModSetVar('dplink', 'url', $_loc);
    pnModSetVar('dplink', 'use_window', $_window);
    pnModSetVar('dplink', 'use_postwrap', $_wrap);
    // This function generated no output, and so now it is complete we redirect
    // the user to an appropriate page for them to carry on their work
    pnRedirect('admin.php');
    // Return
    return true;
}
Esempio n. 16
0
/**
 * Checks if user controlled block state
 *
 * Checks if the user has a state set for a current block
 * Sets the default state for that block if not present
 *
 * @access private
 */
function pnCheckUserBlock($row)
{
    if (!isset($row['bid'])) {
        $row['bid'] = '';
    }
    if (pnUserLoggedIn()) {
        $uid = pnUserGetVar('uid');
        $dbconn =& pnDBGetConn(true);
        $pntable =& pnDBGetTables();
        $column =& $pntable['userblocks_column'];
        $sql = "SELECT {$column['active']}\n\t\t      FROM {$pntable['userblocks']}\n\t\t      WHERE {$column['bid']} = '" . pnVarPrepForStore($row['bid']) . "'\n\t\t\t  AND {$column['uid']} = '" . pnVarPrepForStore($uid) . "'";
        $result =& $dbconn->Execute($sql);
        if ($dbconn->ErrorNo() != 0) {
            pnSessionSetVar('errormsg', 'Error: ' . $dbconn->ErrorNo() . ': ' . $dbconn->ErrorMsg());
            return true;
        }
        if ($result->EOF) {
            $uid = pnVarPrepForStore($uid);
            $row['bid'] = pnVarPrepForStore($row['bid']);
            $sql = "INSERT INTO {$pntable['userblocks']}\n\t\t\t        \t\t   ({$column['uid']},\n\t\t\t\t\t \t\t\t{$column['bid']},\n\t\t\t\t\t \t\t\t{$column['active']})\n\t\t\t\t\tVALUES (" . pnVarPrepForStore($uid) . ",\n\t\t\t\t\t        '{$row['bid']}',\n\t\t\t\t\t\t\t" . pnVarPrepForStore($row['defaultstate']) . ")";
            $result =& $dbconn->Execute($sql);
            if ($dbconn->ErrorNo() != 0) {
                pnSessionSetVar('errormsg', 'Error: ' . $dbconn->ErrorNo() . ': ' . $dbconn->ErrorMsg());
                return true;
            }
            return true;
        } else {
            list($active) = $result->fields;
            return $active;
        }
    } else {
        return false;
    }
}
Esempio n. 17
0
function Lenses_userapi_search_report($args)
{
    $time = pnVarCleanFromInput('time');
    // Permission check.
    if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_OVERVIEW)) {
        return $items_array;
    }
    extract($args);
    $items_array = array();
    // Get a reference to the database object.
    $dbconn =& pnDBGetConn(true);
    // Get a reference to PostNuke's table info.
    $pntable =& pnDBGetTables();
    $table =& $pntable['lenses_stats'];
    $field =& $pntable['lenses_stats_column'];
    $lens_table =& $pntable['lenses'];
    $lens_field =& $pntable['lenses_column'];
    $sql = "SELECT {$field['id']}, {$lens_field['name']},  {$field['this_month']}, {$field['last_month']}, {$field['total']}\n                \t\tFROM {$table}, {$lens_table}\n\t\t\t\t\t\tWHERE {$field['id']} = {$lens_field['tid']} \n            \t\t\tORDER BY {$field[$time]} DESC LIMIT 0,40";
    //print ($sql);
    // Execute the SQL query.
    $result = $dbconn->Execute($sql);
    // Check for any database errors.
    if ($dbconn->ErrorNo() != 0) {
        pnSessionSetVar('errormsg', _GETFAILED);
        return false;
    }
    // A switch to extract the data from a given result set.
    for (; !$result->EOF; $result->MoveNext()) {
        list($id, $name, $total, $last_month, $this_month) = $result->fields;
        $items_array[] = array('id' => $id, 'name' => $name, 'total' => $total, 'last_month' => $last_month, 'this_month' => $this_month);
    }
    $result->Close();
    //print_r($items_array);
    return $items_array;
}
Esempio n. 18
0
function Lenses_userapi_getall($args)
{
    $items_array = array();
    // Permission check.
    if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_OVERVIEW)) {
        return $items_array;
    }
    extract($args);
    // Ensure valid values were passed in.
    if (empty($item_type) || !is_string($item_type)) {
        echo 'HERERE<br />';
        pnSessionSetVar('errormsg', _MODARGSERROR);
        return false;
    }
    // Get a reference to the database object.
    $dbconn =& pnDBGetConn(true);
    // Get a reference to PostNuke's table info.
    $pntable =& pnDBGetTables();
    // A switch to choose the proper table.
    switch ($item_type) {
        case 'lenses':
            $table =& $pntable['lenses'];
            $field =& $pntable['lenses_column'];
            break;
        case 'companies':
            $table =& $pntable['lenses_companies'];
            $field =& $pntable['lenses_companies_column'];
            break;
        case 'polymers':
            $table =& $pntable['lenses_polymers'];
            $field =& $pntable['lenses_polymers_column'];
            break;
        default:
            break;
    }
    // SQL string to select the proper sphere.
    $sql = "SELECT *\n                FROM {$table}\n               WHERE {$field['tid']} > '0'\n            ORDER BY {$field['tid']}";
    // Execute the SQL query.
    $result = $dbconn->Execute($sql);
    // Check for any database errors.
    if ($dbconn->ErrorNo() != 0) {
        pnSessionSetVar('errormsg', _GETFAILED);
        return false;
    }
    // A switch to extract the data from a given result set.
    switch ($item_type) {
        case 'lenses':
            for (; !$result->EOF; $result->MoveNext()) {
                list($tid, $name, $aliases, $comp_id, $poly_id, $visitint, $ew, $ct, $dk, $oz, $qty, $price, $wear, $markings, $process_simple, $process_text, $replace_simple, $replace_text, $website, $fitting_guide, $image, $discontinued, $display, $redirect, $keywords, $other_info, $bc_flat, $bc_med, $bc_steep, $max_plus, $max_minus, $max_diam, $min_diam, $diam_1, $powers_1, $base_curves_1, $diam_2, $powers_2, $base_curves_2, $diam_3, $powers_3, $base_curves_3, $sphere_alt, $bifocal, $bifocal_type, $add_text, $max_add, $toric, $toric_type, $toric_type_simple, $cyl_power, $max_cyl_power, $cyl_axis, $cyl_axis_steps, $oblique, $cyl_alt, $cosmetic, $enh_names, $opaque_names, $e_aqua, $e_amber, $e_blue, $e_brown, $e_gray, $e_green, $e_hazel, $e_honey, $e_violet, $e_sports, $e_novelty, $o_aqua, $o_amber, $o_blue, $o_brown, $o_gray, $o_green, $o_hazel, $o_honey, $o_violet, $o_sports, $o_novelty, $color_images, $updated) = $result->fields;
                $items_array[$tid] = array('tid' => $tid, 'name' => $name, 'aliases' => $aliases, 'comp_id' => $comp_id, 'poly_id' => $poly_id, 'visitint' => $visitint, 'ew' => $ew, 'ct' => $ct, 'dk' => $dk, 'oz' => $oz, 'qty' => $qty, 'price' => $price, 'wear' => $wear, 'markings' => $markings, 'process_simple' => $process_simple, 'process_text' => $process_text, 'replace_simple' => $replace_simple, 'replace_text' => $replace_text, 'website' => $website, 'fitting_guide' => $fitting_guide, 'image' => $image, 'discontinued' => $discontinued, 'display' => $display, 'redirect' => $redirect, 'keywords' => $keywords, 'other_info' => $other_info, 'bc_flat' => $bc_flat, 'bc_med' => $bc_med, 'bc_steep' => $bc_steep, 'max_plus' => $max_plus, 'max_minus' => $max_minus, 'max_diam' => $max_diam, 'min_diam' => $min_diam, 'diam_1' => $diam_1, 'powers_1' => $powers_1, 'base_curves_1' => $base_curves_1, 'diam_2' => $diam_2, 'powers_2' => $powers_2, 'base_curves_2' => $base_curves_2, 'diam_3' => $diam_3, 'powers_3' => $powers_3, 'base_curves_3' => $base_curves_3, 'sphere_alt' => $sphere_alt, 'bifocal' => $bifocal, 'bifocal_type' => $bifocal_type, 'bifocal_type_simple' => $bifocal_type_simple, 'add_text' => $add_text, 'max_add' => $max_add, 'toric' => $toric, 'toric_type' => $toric_type, 'toric_type_simple' => $toric_type_simple, 'cyl_power' => $cyl_power, 'max_cyl_power' => $max_cyl_power, 'cyl_axis' => $cyl_axis, 'cyl_axis_steps' => $cyl_axis_steps, 'oblique' => $oblique, 'cyl_alt' => $cyl_alt, 'cosmetic' => $cosmetic, 'enh_names' => $enh_names, 'opaque_names' => $opaque_names, 'e_aqua' => $e_aqua, 'e_amber' => $e_amber, 'e_blue' => $e_blue, 'e_brown' => $e_brown, 'e_gray' => $e_gray, 'e_green' => $e_green, 'e_hazel' => $e_hazel, 'e_honey' => $e_honey, 'e_violet' => $e_violet, 'e_sports' => $e_sports, 'e_novelty' => $e_novelty, 'o_aqua' => $o_aqua, 'o_amber' => $o_amber, 'o_blue' => $o_blue, 'o_brown' => $o_brown, 'o_gray' => $o_gray, 'o_green' => $o_green, 'o_hazel' => $o_hazel, 'o_honey' => $o_honey, 'o_violet' => $o_violet, 'o_sports' => $o_sports, 'o_novelty' => $o_novelty, 'color_images' => $color_images, 'updated' => $updated);
            }
            break;
        case 'companies':
            for (; !$result->EOF; $result->MoveNext()) {
                list($tid, $name, $address, $city, $state, $zip, $phone, $email, $url, $desc) = $result->fields;
                $items_array[$tid] = array('tid' => $tid, 'name' => $name, 'address' => $address, 'city' => $city, 'state' => $state, 'zip' => $zip, 'phone' => $phone, 'email' => $email, 'url' => $url, 'desc' => $desc);
            }
            break;
        case 'polymers':
            for (; !$result->EOF; $result->MoveNext()) {
                list($tid, $fda_grp, $h2o, $name, $desc) = $result->fields;
                $items_array[$tid] = array('tid' => $tid, 'fda_grp' => $fda_grp, 'h2o' => $h2o, 'name' => $name, 'desc' => $desc);
            }
            break;
        default:
            break;
    }
    $result->Close();
    return $items_array;
}
Esempio n. 19
0
function Lenses_adminapi_update_polymer($args)
{
    // Permission check.
    if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_ADMIN)) {
        pnSessionSetVar('errormsg', _MODULENOAUTH);
        return false;
    }
    // Extract arguments.  In this case, $polymer.
    extract($args);
    // Extract polymer array.
    extract($polymer);
    // Ensure valid values were passed in.
    if (empty($poly_tid) || !is_numeric($poly_tid) || empty($fda_grp) || !is_numeric($fda_grp) || empty($h2o) || !is_string($h2o) || empty($poly_name) || !is_string($poly_name) || empty($poly_desc) || !is_string($poly_desc)) {
        pnSessionSetVar('errormsg', _MODARGSERROR);
        return false;
    }
    // NOTE: No check for alt field as it can be empty.
    // Check if polymer exists.
    if (!pnModAPIFunc('Lenses', 'user', 'get', array('item_id' => $poly_tid, 'item_type' => 'polymer'))) {
        pnSessionSetVar('errormsg', _NOSUCHITEM);
        return false;
    }
    // Get a reference to the database object.
    $dbconn =& pnDBGetConn(true);
    // Get a reference to PostNuke's table info.
    $pntable =& pnDBGetTables();
    // Define table and column to work with.
    $polymers_table =& $pntable['lenses_polymers'];
    $polymers_field =& $pntable['lenses_polymers_column'];
    // Prep data for storage in database.
    list($poly_tid, $fda_grp, $h2o, $name, $poly_desc) = pnVarPrepForStore($poly_tid, $fda_grp, $h2o, $name, $poly_desc);
    // Create SQL string to update the polymer record.
    $sql = "UPDATE {$polymers_table}\n                SET {$polymers_field['fda_grp']} \t\t= '{$fda_grp}',\n                    {$polymers_field['h2o']}     \t\t= '{$h2o}',\n                    {$polymers_field['poly_name']}  \t= '{$poly_name}',\n                    {$polymers_field['poly_desc']}    \t= '{$poly_desc}'\n              WHERE {$polymers_field['poly_tid']}     \t= '{$poly_tid}'";
    // Execute the SQL query.
    $result = $dbconn->Execute($sql);
    // Check for any database errors.
    if ($dbconn->ErrorNo() != 0) {
        pnSessionSetVar('errormsg', _UPDATEFAILED);
        return false;
    }
    // Start a new output object.
    // This function isn't an output function, but needs an output
    // object started before the cache can be cleared.
    $pnRender =& new pnRender('Lenses');
    // Clear the cache.
    $pnRender->clear_cache();
    // Return success.
    return true;
}
Esempio n. 20
0
/**
 * get a specific item
 * @param $args['tid'] id of example item to get
 * @returns array
 * @return item array, or false on failure
 */
function template_userapi_get($args)
{
    // Get arguments from argument array - all arguments to this function
    // should be obtained from the $args array, getting them from other places
    // such as the environment is not allowed, as that makes assumptions that
    // will not hold in future versions of PostNuke
    extract($args);
    // Argument check - make sure that all required arguments are present, if
    // not then set an appropriate error message and return
    if (!isset($tid)) {
        pnSessionSetVar('errormsg', _MODARGSERROR);
        return false;
    }
    // Get datbase setup - note that both pnDBGetConn() and pnDBGetTables()
    // return arrays but we handle them differently.  For pnDBGetConn() we
    // currently just want the first item, which is the official database
    // handle.  For pnDBGetTables() we want to keep the entire tables array
    // together for easy reference later on
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    // It's good practice to name the table and column definitions you are
    // getting - $table and $column don't cut it in more complex modules
    $templatetable = $pntable['template'];
    $templatecolumn =& $pntable['template_column'];
    // Get item - the formatting here is not mandatory, but it does make the
    // SQL statement relatively easy to read.  Also, separating out the sql
    // statement from the Execute() command allows for simpler debug operation
    // if it is ever needed
    $sql = "SELECT {$templatecolumn['name']},\n                   {$templatecolumn['number']}\n            FROM {$templatetable}\n            WHERE {$templatecolumn['tid']} = '" . pnVarPrepForStore($tid) . "'";
    $result = $dbconn->Execute($sql);
    // Check for an error with the database code, and if so set an appropriate
    // error message and return
    if ($dbconn->ErrorNo() != 0) {
        return false;
    }
    // Check for no rows found, and if so return
    if ($result->EOF) {
        return false;
    }
    // Obtain the item information from the result set
    list($name, $number) = $result->fields;
    // All successful database queries produce a result set, and that result
    // set should be closed when it has been finished with
    $result->Close();
    // Security check - important to do this as early on as possible to avoid
    // potential security holes or just too much wasted processing.  Although
    // this one is a bit late in the function it is as early as we can do it as
    // this is the first time we have the relevant information
    if (!pnSecAuthAction(0, 'Template::', "{$name}::{$tid}", ACCESS_READ)) {
        return false;
    }
    // Create the item array
    $item = array('tid' => $tid, 'name' => $name, 'number' => $number);
    // Return the item array
    return $item;
}
Esempio n. 21
0
/**
 * update a template item
 * @param $args['tid'] the ID of the item
 * @param $args['name'] the new name of the item
 * @param $args['number'] the new number of the item
 */
function template_adminapi_update($args)
{
    // Get arguments from argument array - all arguments to this function
    // should be obtained from the $args array, getting them from other
    // places such as the environment is not allowed, as that makes
    // assumptions that will not hold in future versions of PostNuke
    extract($args);
    // Argument check - make sure that all required arguments are present,
    // if not then set an appropriate error message and return
    if (!isset($tid) || !isset($name) || !isset($number)) {
        pnSessionSetVar('errormsg', _MODARGSERROR);
        return false;
    }
    // Load API.  Note that this is loading the user API in addition to
    // the administration API, that is because the user API contains
    // the function to obtain item information which is the first thing
    // that we need to do.  If the API fails to load an appropriate error
    // message is posted and the function returns
    if (!pnModAPILoad('Template', 'user')) {
        $output->Text(_LOADFAILED);
        return $output->GetOutput();
    }
    // The user API function is called.  This takes the item ID which
    // we obtained from the input and gets us the information on the
    // appropriate item.  If the item does not exist we post an appropriate
    // message and return
    $item = pnModAPIFunc('Template', 'user', 'get', array('tid' => $tid));
    if ($item == false) {
        $output->Text(_TEMPLATENOSUCHITEM);
        return $output->GetOutput();
    }
    // Security check - important to do this as early on as possible to
    // avoid potential security holes or just too much wasted processing.
    // However, in this case we had to wait until we could obtain the item
    // name to complete the instance information so this is the first
    // chance we get to do the check
    // Note that at this stage we have two sets of item information, the
    // pre-modification and the post-modification.  We need to check against
    // both of these to ensure that whoever is doing the modification has
    // suitable permissions to edit the item otherwise people can potentially
    // edit areas to which they do not have suitable access
    if (!pnSecAuthAction(0, 'Template::Item', "{$item['name']}::{$tid}", ACCESS_EDIT)) {
        pnSessionSetVar('errormsg', _TEMPLATENOAUTH);
        return false;
    }
    if (!pnSecAuthAction(0, 'Template::Item', "{$name}::{$tid}", ACCESS_EDIT)) {
        pnSessionSetVar('errormsg', _TEMPLATENOAUTH);
        return false;
    }
    // Get datbase setup - note that both pnDBGetConn() and pnDBGetTables()
    // return arrays but we handle them differently.  For pnDBGetConn()
    // we currently just want the first item, which is the official
    // database handle.  For pnDBGetTables() we want to keep the entire
    // tables array together for easy reference later on
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    // It's good practice to name the table and column definitions you
    // are getting - $table and $column don't cut it in more complex
    // modules
    $templatetable = $pntable['template'];
    $templatecolumn =& $pntable['template_column'];
    // Update the item - the formatting here is not mandatory, but it does
    // make the SQL statement relatively easy to read.  Also, separating
    // out the sql statement from the Execute() command allows for simpler
    // debug operation if it is ever needed
    $sql = "UPDATE {$templatetable}\n            SET {$templatecolumn['name']} = '" . pnVarPrepForStore($name) . "',\n                {$templatecolumn['number']} = '" . pnVarPrepForStore($number) . "'\n            WHERE {$templatecolumn['tid']} = '" . pnVarPrepForStore($tid) . "'";
    $dbconn->Execute($sql);
    // Check for an error with the database code, and if so set an
    // appropriate error message and return
    if ($dbconn->ErrorNo() != 0) {
        pnSessionSetVar('errormsg', _DELETEFAILED);
        return false;
    }
    // Let the calling process know that we have finished successfully
    return true;
}
Esempio n. 22
0
function Lenses_admin_update_polymer($args)
{
    // Clean input from the form.
    $polymer = pnVarCleanFromInput('polymer');
    // Extract any extra arguments.
    extract($args);
    // Confirm $authid hidden field from form template.
    if (!pnSecConfirmAuthKey()) {
        pnSessionSetVar('errormsg', pnVarPrepHTMLDisplay(_BADAUTHKEY));
        return pnRedirect(pnModURL('Lenses', 'admin', 'main'));
    }
    // Attempt to update polymer.
    if (pnModAPIFunc('Lenses', 'admin', 'update_polymer', array('polymer' => $polymer))) {
        pnSessionSetVar('statusmsg', pnVarPrepHTMLDisplay(_UPDATESUCCEDED));
    }
    // No output.  Redirect user.
    return pnRedirect(pnModURL('Lenses', 'admin', 'viewall_polymers'));
}
Esempio n. 23
0
function Lenses_adminapi_update_company($args)
{
    // Permission check.
    if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_ADMIN)) {
        pnSessionSetVar('errormsg', _MODULENOAUTH);
        return false;
    }
    // Extract arguments.  In this case, $company.
    extract($args);
    // Extract company array.
    extract($company);
    // Ensure valid values were passed in.
    if (empty($comp_tid) || !is_numeric($comp_tid) || empty($comp_name) || !is_string($comp_name)) {
        pnSessionSetVar('errormsg', _MODARGSERROR);
        return false;
    }
    // NOTE: No check for other fields as they are not required.
    // Check if company exists.
    if (!pnModAPIFunc('Lenses', 'user', 'get', array('item_id' => $comp_tid, 'item_type' => 'company'))) {
        pnSessionSetVar('errormsg', _NOSUCHITEM);
        return false;
    }
    // Get a reference to the database object.
    $dbconn =& pnDBGetConn(true);
    // Get a reference to PostNuke's table info.
    $pntable =& pnDBGetTables();
    // Define table and column to work with.
    $companies_table =& $pntable['lenses_companies'];
    $companies_field =& $pntable['lenses_companies_column'];
    // Prep data for storage in database.
    list($comp_tid, $comp_name, $logo, $phone, $address, $city, $state, $zip, $url, $email, $comp_desc) = pnVarPrepForStore($comp_tid, $comp_name, $logo, $phone, $address, $city, $state, $zip, $url, $email, $comp_desc);
    // Create SQL string to update the company record.
    $sql = "UPDATE {$companies_table}\n                SET {$companies_field['comp_name']}     = '{$comp_name}',\n\t\t\t\t\t{$companies_field['logo']}     \t    = '{$logo}',\n                    {$companies_field['phone']}     \t= '{$phone}',\n                    {$companies_field['address']}  \t\t= '{$address}',\n                    {$companies_field['city']}      \t= '{$city}',\n                    {$companies_field['state']}     \t= '{$state}',\n                    {$companies_field['zip']}       \t= '{$zip}',\n                    {$companies_field['url']}       \t= '{$url}',\n                    {$companies_field['email']}     \t= '{$email}',\n                    {$companies_field['comp_desc']}     = '{$comp_desc}'\n              WHERE {$companies_field['comp_tid']}      = '{$comp_tid}'";
    //echo($sql);
    // Execute the SQL query.
    $result = $dbconn->Execute($sql);
    // Check for any database errors.
    if ($dbconn->ErrorNo() != 0) {
        pnSessionSetVar('errormsg', _UPDATEFAILED);
        return false;
    }
    // Start a new output object.
    // This function isn't an output function, but needs an output
    // object started before the cache can be cleared.
    $pnRender =& new pnRender('Lenses');
    // Clear the cache.
    $pnRender->clear_cache();
    // Return success.
    return true;
}
Esempio n. 24
0
/**
 * upgrade a module
 */
function modules_adminapi_upgrade($args)
{
    // 20021216 fixed the fix : larsneo (thx to cmgrote and jojodee)
    // Get arguments from argument array
    extract($args);
    // Argument check
    if (!isset($mid) || !is_numeric($mid)) {
        pnSessionSetVar('errormsg', _MODARGSERROR);
        return false;
    }
    // Get module information
    $modinfo = pnModGetInfo($mid);
    if (empty($modinfo)) {
        pnSessionSetVar('errormsg', _MODNOSUCHMOD);
        return false;
    }
    // Get module database info
    pnModDBInfoLoad($modinfo['name'], $modinfo['directory']);
    // Module upgrade function
    $osdir = pnVarPrepForOS($modinfo['directory']);
    @(include "modules/{$osdir}/pninit.php");
    $func = $modinfo['name'] . '_upgrade';
    if (function_exists($func)) {
        if ($func($modinfo['version']) != true) {
            return false;
        }
    }
    // Update state of module
    if (!modules_adminapi_setstate(array('mid' => $mid, 'state' => _PNMODULE_STATE_INACTIVE))) {
        return false;
    }
    // BEGIN bugfix (561802) - cmgrote
    // Get the new version information...
    $modversion['version'] = '0';
    @(include "modules/{$modinfo['directory']}/Version.php");
    @(include "modules/{$modinfo['directory']}/pnversion.php");
    $version = $modversion['version'];
    // Note the changes in the database...
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $modulestable = $pntable['modules'];
    $modulescolumn =& $pntable['modules_column'];
    $sql = "UPDATE {$modulestable}\n\t\t\tSET {$modulescolumn['version']} = '" . pnVarPrepForStore($modversion['version']) . "',\n\t\t\t\t{$modulescolumn['admin_capable']} = '" . pnVarPrepForStore($modversion['admin']) . "',\n\t\t\t\t{$modulescolumn['description']} = '" . pnVarPrepForStore($modversion['description']) . "'\n\t\t\tWHERE {$modulescolumn['id']} = " . pnVarPrepForStore($mid);
    $dbconn->Execute($sql);
    // END bugfix (561802) - cmgrote
    // Message
    pnSessionSetVar('errormsg', _MODULESAPIUPGRADED);
    // Success
    return true;
}
Esempio n. 25
0
/**
 * Load language files for the current language
 * 
 * @return void
 */
function pnLangLoad()
{
    // See if a language update is required for ml-enviroments
    $newlang = pnVarCleanFromInput('newlang');
    if (!empty($newlang) && pnConfigGetVar('multilingual') == 1) {
        $langlist = languagelist();
        if (file_exists('language/' . pnVarPrepForOS($newlang) . '/global.php') && isset($langlist[$newlang])) {
            // newlang is valid and exists
            $lang = $newlang;
            pnSessionSetVar('lang', $newlang);
        } else {
            // newlang is either not valid or doesn't exist - restore default values
            $lang = pnConfigGetVar('language');
            pnSessionSetVar('lang', $lang);
        }
    } else {
        $detectlang = pnConfigGetVar('language_detect');
        $defaultlang = pnConfigGetVar('language');
        switch ($detectlang) {
            case 1:
                // Detect Browser Language
                $cnvlanguage = cnvlanguagelist();
                $currentlang = '';
                $langs = split('[,;]', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
                foreach ($langs as $lang) {
                    if (isset($cnvlanguage[$lang]) && file_exists('language/' . pnVarPrepForOS($cnvlanguage[$lang]) . '/global.php')) {
                        $currentlang = $cnvlanguage[$lang];
                        break;
                    }
                }
                if ($currentlang == '') {
                    $currentlang = $defaultlang;
                }
                break;
            default:
                $currentlang = $defaultlang;
        }
        $lang = pnSessionGetVar('lang');
    }
    // Load global language defines
    // these are deprecated and will be moved to the relevant modules
    // with .8x
    if (isset($lang) && file_exists('language/' . pnVarPrepForOS($lang) . '/global.php')) {
        $currentlang = $lang;
    } else {
        $currentlang = pnConfigGetVar('language');
        pnSessionSetVar('lang', $currentlang);
    }
    $oscurrentlang = pnVarPrepForOS($currentlang);
    if (file_exists('language/' . $oscurrentlang . '/global.php')) {
        include 'language/' . $oscurrentlang . '/global.php';
    }
    // load the languge language file
    if (file_exists('language/languages.php')) {
        include 'language/languages.php';
    }
    // load the core language file
    if (file_exists('language/' . $oscurrentlang . '/core.php')) {
        include 'language/' . $oscurrentlang . '/core.php';
    }
    // set the correct locale
    // note: windows has different requires for the setlocale funciton to other OS's
    // See: http://uk.php.net/setlocale
    if (stristr(getenv('OS'), 'windows')) {
        // for windows we either use the _LOCALEWIN define or the existing language code
        if (defined('_LOCALEWIN')) {
            setlocale(LC_ALL, _LOCALEWIN);
        } else {
            setlocale(LC_ALL, $currentlang);
        }
    } else {
        // for other OS's we use the _LOCALE define
        setlocale(LC_ALL, _LOCALE);
    }
}
Esempio n. 26
0
function Lenses_user_display($args)
{
    //Permission check.
    if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_READ)) {
        return pnVarPrepHTMLDisplay(_MODULENOAUTH);
    }
    // Clean $tid from input.
    $tid = pnVarCleanFromInput('tid');
    extract($args);
    // Ensure valid values were passed in.
    if (empty($tid) || !is_numeric($tid)) {
        //echo 'TID: $tid<br />';
        pnSessionSetVar('errormsg', _MODARGSERROR);
        return false;
    }
    // Start a new output object.
    $pnRender =& new pnRender('Lenses');
    // Call API function to get all lens data.
    $lens_data = pnModAPIFunc('Lenses', 'user', 'get', array('item_type' => 'lens', 'item_id' => $tid));
    //the image field will be a comma-separated string.  Explode it.  The first element will be placed into the "image1" field and the rest will be kept in the images field
    $lens_data[images] = explode(",", $lens_data[image]);
    //record lens ID as a session variable so it can be used to provide an option to compare recently searched lenses
    $saved_lens_array = array();
    $saved_lens_array = pnSessionGetVar('saved_lens_array');
    $saved_lens_array[$lens_data[name]] = $tid;
    pnSessionSetVar('saved_lens_array', array_unique($saved_lens_array));
    //count how many recently searched lenses are now saved as a session variable.
    $saved_lens_count = count($saved_lens_array);
    //create text for company popups:
    $lens_data['comp_info'] = pnModFunc('Lenses', 'user', 'company_popup', array('comp_id' => $lens_data['comp_id']));
    //create popup text for FDA groups:
    $fda_desc = pnModAPIFunc('Lenses', 'user', 'fda_descriptions');
    $lens_data['fda_grp_desc'] = $fda_desc[$lens_data['fda_grp']];
    //if possible, create dk/t value
    if ($lens_data['dk'] > 0 && $lens_data['ct'] > 0) {
        $lens_data['dkt'] = $lens_data['dk'] / $lens_data['ct'] / 10;
    }
    // Let any hooks know that we are displaying an item.  As this is a display
    // hook we're passing a URL as the extra info, which is the URL that any
    // hooks will show after they have finished their own work.  It is normal
    // for that URL to bring the user back to this function
    $pnRender->assign('hooks', pnModCallHooks('item', 'display', $tid, pnModURL('Lenses', 'user', 'display', array('tid' => $tid))));
    //if user is allowed to edit, allow them to go to the edit page for the lens they're veiwing
    if (pnSecAuthAction(0, 'Lenses::', '::', ACCESS_EDIT)) {
        $pnRender->assign('edit_lens', true);
    }
    //only enable those with comment access (users) to see wholesale prices
    if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_COMMENT)) {
        $lens_data['price'] = "";
    }
    // Assign $lenses to template.
    $pnRender->assign('lens_data', $lens_data);
    $pnRender->assign('saved_lens_count', $saved_lens_count);
    // return templated output.
    return $pnRender->fetch('lenses_user_display.htm');
}
Esempio n. 27
0
/**
 * Initialise session
 */
function pnSessionInit()
{
    global $HTTP_SERVER_VARS;
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    // First thing we do is ensure that there is no attempted pollution
    // of the session namespace
    //--pennfirm
    /*    foreach($GLOBALS as $k=>$v) {
            if (preg_match('/^PNSV/', $k)) {
                return false;
            }
        }
    */
    // Kick it
    if (!session_id) {
        session_start();
    }
    // Have to re-write the cache control header to remove no-save, this
    // allows downloading of files to disk for application handlers
    // adam_baum - no-cache was stopping modules (andromeda) from caching the playlists, et al.
    // any strange behaviour encountered, revert to commented out code.
    //Header('Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0');
    Header('Cache-Control: cache');
    $sessid = session_id();
    // Get (actual) client IP addr
    $ipaddr = $HTTP_SERVER_VARS['REMOTE_ADDR'];
    if (empty($ipaddr)) {
        $ipaddr = getenv('REMOTE_ADDR');
    }
    if (!empty($HTTP_SERVER_VARS['HTTP_CLIENT_IP'])) {
        $ipaddr = $HTTP_SERVER_VARS['HTTP_CLIENT_IP'];
    }
    $tmpipaddr = getenv('HTTP_CLIENT_IP');
    if (!empty($tmpipaddr)) {
        $ipaddr = $tmpipaddr;
    }
    if (!empty($HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR'])) {
        $ipaddr = preg_replace('/,.*/', '', $HTTP_SERVER_VARS['HTTP_X_FORWARDED_FOR']);
    }
    $tmpipaddr = getenv('HTTP_X_FORWARDED_FOR');
    if (!empty($tmpipaddr)) {
        $ipaddr = preg_replace('/,.*/', '', $tmpipaddr);
    }
    $sessioninfocolumn =& $pntable['session_info_column'];
    $sessioninfotable = $pntable['session_info'];
    $query = "SELECT {$sessioninfocolumn['ipaddr']}\n              FROM {$sessioninfotable}\n              WHERE {$sessioninfocolumn['sessid']} = '" . pnVarPrepForStore($sessid) . "'";
    $result = $dbconn->Execute($query);
    if ($dbconn->ErrorNo() != 0) {
        return false;
    }
    if (!$result->EOF) {
        // jgm - this has been commented out so that the nice AOL people
        //       can view PN pages, will examine full implications of this
        //       later
        //        list($dbipaddr) = $result->fields;
        $result->Close();
        //        if ($ipaddr == $dbipaddr) {
        pnSessionCurrent($sessid);
        //        } else {
        //          // Mismatch - destroy the session
        //          session_destroy();
        //          pnRedirect('index.php');
        //          return false;
        //        }
    } else {
        pnSessionNew($sessid, $ipaddr);
        // Generate a random number, used for
        // some authentication
        srand((double) microtime() * 1000000);
        pnSessionSetVar('rand', rand());
    }
    return true;
}
Esempio n. 28
0
/**
 * Delete module.
 * 
 * @return true on successful module deletion, else false.
 */
function Meds_delete()
{
    // Get database connection and tables references.
    $dbconn =& pnDBGetConn(true);
    $pntable =& pnDBGetTables();
    // Create a new data object.
    $dict =& NewDataDictionary($dbconn);
    // The SQL to delete all module tables is setup inside $schema.
    // Notable is that table names are passed directly by reference
    // instead of pre-assigning the references to an intermediary
    // variable.  Setting up the tables under $schema allows for a loop
    // to delete all tables with only a single block of table-deletion
    // and error-checking code.
    $schema[] = $dict->DropTableSQL(&$pntable['rx_meds']);
    $schema[] = $dict->DropTableSQL(&$pntable['rx_preserve']);
    $schema[] = $dict->DropTableSQL(&$pntable['rx_company']);
    $schema[] = $dict->DropTableSQL(&$pntable['rx_chem']);
    $schema[] = $dict->DropTableSQL(&$pntable['rx_moa']);
    // Loop through $schema array, executing each and
    // checking for errors along the way.  Fails on error.
    foreach ($schema as $sqlarray) {
        if ($dict->ExecuteSQLArray($sqlarray) != 2) {
            pnSessionSetVar('errormsg', _MEDS_INI_DROP_TABLE_FAILURE);
            return false;
        }
    }
    // Delete any lingering module variables.
    pnModDelVar('Meds');
    // Module deleted.
    return true;
}
Esempio n. 29
0
/**
 * get the user's theme
 * <br />
 * This function will return the current theme for the user.
 * Order of theme priority:
 *  - page-specific
 *  - category
 *  - user
 *  - system
 *
 * @public
 * @return string the name of the user's theme
 **/
function pnUserGetTheme()
{
    static $theme;
    if (isset($theme)) {
        return $theme;
    }
    // Page-specific theme
    $pagetheme = pnVarCleanFromInput('theme');
    if (!empty($pagetheme)) {
        $themeinfo = pnThemeInfo($pagetheme);
        if ($themeinfo && $themeinfo['active']) {
            $theme = $pagetheme;
            return $pagetheme;
        }
    }
    // set a new theme for the user
    $pagetheme = pnVarCleanFromInput('newtheme');
    if (!empty($pagetheme) && !pnConfigGetVar('theme_change')) {
        $themeinfo = pnThemeInfo($pagetheme);
        if ($themeinfo && $themeinfo['active']) {
            if (pnUserLoggedIn()) {
                $uid = pnUserGetVar('uid');
                $dbconn =& pnDBGetConn(true);
                $pntable =& pnDBGetTables();
                $column =& $pntable['users_column'];
                $sql = "UPDATE {$pntable['users']}\n                        SET {$column['theme']}='" . pnVarPrepForStore($pagetheme) . "'\n                        WHERE {$column['uid']}='" . pnVarPrepForStore($uid) . "'";
                $dbconn->Execute($sql);
            } else {
                pnSessionSetVar('theme', $pagetheme);
            }
            $theme = $pagetheme;
            return $pagetheme;
        }
    }
    // eugenio themeover 20020413
    // override the theme per category or story
    // precedence is story over category override
    list($sid, $file) = pnVarCleanFromInput('sid', 'file');
    if (pnModGetName() == 'News' && (!empty($sid) || strtolower($file) == 'article')) {
        $modinfo = pnModGetInfo(pnModGetIDFromName('News'));
        include_once 'modules/' . $modinfo['directory'] . '/funcs.php';
        $pntable =& pnDBGetTables();
        $results = getArticles("{$pntable['stories_column']['sid']}='" . (int) pnVarPrepForStore($sid) . "'", "", "");
        if (is_array($results) && count($results) > 0) {
            $info = genArticleInfo($results[0]);
            $themeinfo = pnThemeInfo($info['catthemeoverride']);
            if ($themeinfo && $themeinfo['active']) {
                $theme = $info['catthemeoverride'];
                return $theme;
            }
            $themeinfo = pnThemeInfo($info['themeoverride']);
            if ($themeinfo && $themeinfo['active']) {
                $theme = $info['themeoverride'];
                return $theme;
            }
        }
    }
    // User theme
    if (!pnConfigGetVar('theme_change')) {
        if (pnUserLoggedIn()) {
            $usertheme = pnUserGetVar('theme');
        } else {
            $usertheme = pnSessionGetVar('theme');
        }
        $themeinfo = pnThemeInfo($usertheme);
        if ($themeinfo && $themeinfo['active']) {
            $theme = $usertheme;
            return $usertheme;
        }
    }
    // default site theme
    $defaulttheme = pnConfigGetVar('Default_Theme');
    $themeinfo = pnThemeInfo($defaulttheme);
    if ($themeinfo && $themeinfo['active']) {
        $theme = $defaulttheme;
        return $theme;
    }
    return false;
}
Esempio n. 30
0
/**
 * Update the configuration
 *
 * This is a standard function to update the configuration parameters of the
 * module given the information passed back by the modification form
 * Modify configuration
 *
 * @author       Jim McDonald
 * @param        bold           print items in bold
 * @param        itemsperpage   number of items per page
 */
function Example_admin_updateconfig()
{
    // Security check - important to do this as early as possible to avoid
    // potential security holes or just too much wasted processing
    if (!pnSecAuthAction(0, 'Example::', '::', ACCESS_ADMIN)) {
        return pnVarPrepHTMLDisplay(_MODULENOAUTH);
    }
    // Get parameters from whatever input we need.  All arguments to this
    // function should be obtained from pnVarCleanFromInput(), getting them
    // from other places such as the environment is not allowed, as that makes
    // assumptions that will not hold in future versions of PostNuke
    list($bold, $itemsperpage) = pnVarCleanFromInput('bold', 'itemsperpage');
    // Confirm authorisation code.  This checks that the form had a valid
    // authorisation code attached to it.  If it did not then the function will
    // proceed no further as it is possible that this is an attempt at sending
    // in false data to the system
    if (!pnSecConfirmAuthKey()) {
        pnSessionSetVar('errormsg', pnVarPrepHTMLDisplay(_BADAUTHKEY));
        return pnRedirect(pnModURL('Example', 'admin', 'view'));
    }
    // Update module variables.  Note that depending on the HTML structure used
    // to obtain the information from the user it is possible that the values
    // might be empty, so it is important to check them all and assign them
    // default values if required.
    // ** Please note pnVarCleanFromInput will always return a set variable, even
    // it's empty so isset() checking is not appropriate.
    if (empty($bold)) {
        $bold = false;
    }
    pnModSetVar('Example', 'bold', (bool) $bold);
    if (empty($itemsperpage)) {
        $itemsperpage = 10;
    }
    // make sure $itemsperpage is a positive integer
    if (!is_integer($itemsperpage) || $itemsperpage < 1) {
        pnSessionSetVar('errormsg', pnVarPrepForDisplay(_EXAMPLEITEMSPERPAGE));
        $itemsperpage = (int) $itemsperpage;
        if ($itemsperpage < 1) {
            $itemsperpage = 25;
        }
    }
    pnModSetVar('Example', 'itemsperpage', $itemsperpage);
    // The configuration has been changed, so we clear all caches for
    // this module.
    $pnRender =& new pnRender('Example');
    // Please note that by using clear_cache without any parameter,
    // we clear all cached pages for this module.
    $pnRender->clear_cache();
    // the module configuration has been updated successfuly
    pnSessionSetVar('statusmsg', _CONFIGUPDATED);
    // Let any other modules know that the modules configuration has been updated
    pnModCallHooks('module', 'updateconfig', 'Example', array('module' => 'Example'));
    // This function generated no output, and so now it is complete we redirect
    // the user to an appropriate page for them to carry on their work
    return pnRedirect(pnModURL('Example', 'admin', 'view'));
}