$p->set_var('actionurl', $actionurl); $p->set_var('rowid', $rowid); $p->set_var('project_id', $project_id); $p->set_var('taskuser', $_USER['uid']); if ($fromprojectlink) { $p->set_var('hiderequestlink', 'none'); } else { $p->set_var('project_link', '#" onClick="nfNewWindow(\'' . $_CONF['site_url'] . '/nexflow/getproject.php?id=' . $project_id . '\')"'); } if ($op == 'addcomment') { if (!get_magic_quotes_gpc()) { $comment = addslashes($_GET['comment']); } else { $comment = $_GET['comment']; } $comment = ppPrepareForDB($comment); $sql = "INSERT INTO {$_TABLES['nf_projectcomments']} (project_id, uid, timestamp, comment) "; $sql .= "VALUES ('{$project_id}','{$usermodeUID}',UNIX_TIMESTAMP(),'{$comment}')"; if ($CONF_NF['debug']) { COM_errorLog($sql); } DB_query($sql); } elseif ($op == 'delcomment' and $cid > 0) { $sql = "DELETE FROM {$_TABLES['nf_projectcomments']} WHERE id='{$cid}'"; DB_query($sql); } $sql = "SELECT * FROM {$_TABLES['nf_projects']} WHERE id='{$project_id}'"; $query = DB_QUERY($sql); $PD = DB_fetchArray($query); $p->set_var('description', $PD['description']); // Knowing the project id - retrieve the request form results
function menuSaveConfig() { global $_TABLES; $theme = ppPrepareForDB($_POST['theme']); $headermode = ppPrepareForDB($_POST['header_mode']); $blockmode = ppPrepareForDB($_POST['block_mode']); $style1 = ppPrepareForDB($_POST['style1']); $style2 = ppPrepareForDB($_POST['style2']); $style3 = ppPrepareForDB($_POST['style3']); $style4 = ppPrepareForDB($_POST['style4']); $headerbg = ppPrepareForDB($_POST['clr_headerbg']); $headerfg = ppPrepareForDB($_POST['clr_headerfg']); $blockbg = ppPrepareForDB($_POST['clr_blockbg']); $blockfg = ppPrepareForDB($_POST['clr_blockfg']); $onhover_headerbg = ppPrepareForDB($_POST['clr_onhover_headerbg']); $onhover_headerfg = ppPrepareForDB($_POST['clr_onhover_headerfg']); $onhover_blockbg = ppPrepareForDB($_POST['clr_onhover_blockbg']); $onhover_blockfg = ppPrepareForDB($_POST['clr_onhover_blockfg']); $headersubmenubg = ppPrepareForDB($_POST['clr_headersubmenubg']); $headersubmenufg = ppPrepareForDB($_POST['clr_headersubmenufg']); $blocksubmenubg = ppPrepareForDB($_POST['clr_blocksubmenubg']); $blocksubmenufg = ppPrepareForDB($_POST['clr_blocksubmenufg']); $onhover_headersubmenubg = ppPrepareForDB($_POST['clr_onhover_headersubmenubg']); $onhover_headersubmenufg = ppPrepareForDB($_POST['clr_onhover_headersubmenufg']); $onhover_blocksubmenubg = ppPrepareForDB($_POST['clr_onhover_blocksubmenubg']); $onhover_blocksubmenufg = ppPrepareForDB($_POST['clr_onhover_blocksubmenufg']); $header_properties = ppPrepareForDB($_POST['header_properties']); $block_properties = ppPrepareForDB($_POST['block_properties']); $targetfeatures = ppPrepareForDB($_POST['targetfeatures']); $multilang = COM_applyFilter($_POST['multilang'], true); $targetfeatures = 'targetfeatures=' . $targetfeatures; $sql = " UPDATE {$_TABLES['nexmenu_config']} SET header_style='{$headermode}', block_style='{$blockmode}', multilanguage={$multilang}, targetfeatures='{$targetfeatures}', "; $sql .= "blockmenu_style='{$style1}', blocksubmenu_style='{$style2}',headermenu_style='{$style3}', headersubmenu_style='{$style4}', "; $sql .= "headerbg='{$headerbg}', headerfg='{$headerfg}', blockbg='{$blockbg}',blockfg='{$blockfg}', "; $sql .= "onhover_headerbg='{$onhover_headerbg}', onhover_headerfg='{$onhover_headerfg}', "; $sql .= "onhover_blockbg='{$onhover_blockbg}',onhover_blockfg='{$onhover_blockfg}', "; $sql .= "headersubmenubg='{$headersubmenubg}', headersubmenufg='{$headersubmenufg}', "; $sql .= "blocksubmenubg='{$blocksubmenubg}',blocksubmenufg='{$blocksubmenufg}', "; $sql .= "onhover_headersubmenubg='{$onhover_headersubmenubg}', onhover_headersubmenufg='{$onhover_headersubmenufg}', "; $sql .= "onhover_blocksubmenubg='{$onhover_blocksubmenubg}',onhover_blocksubmenufg='{$onhover_blocksubmenufg}', "; $sql .= "headermenu_properties='{$header_properties}',blockmenu_properties='{$block_properties}' "; $sql .= "WHERE theme='{$theme}'"; DB_query($sql); $err = ''; // Re-Write the menu css stylesheet $err = menu_updateStyleSheet($theme); if ($mode == 'Milonic') { $err = menu_updateBlockHeader(); } return $err; }
function nf_updateMiscDataField($fieldid, $taskid, $projectid, $data) { global $_CONF, $_TABLES, $CONF_NF; $fielddata = ppPrepareForDB($data); if (!empty($fielddata)) { if (DB_count($_TABLES['nf_projectdataresults'], array('field_id', 'project_id', 'task_id'), array($fieldid, $projectid, $taskid))) { $sql = "UPDATE {$_TABLES['nf_projectdataresults']} SET textdata = '{$fielddata}' "; $sql .= "WHERE field_id={$fieldid} AND project_id={$projectid} AND task_id={$taskid}"; } else { $sql = "INSERT INTO {$_TABLES['nf_projectdataresults']} (field_id,project_id,task_id,textdata) "; $sql .= "VALUES ({$fieldid},{$projectid},{$taskid},'{$fielddata}') "; } DB_query($sql); } }
function ppCleanField(&$field) { if (gettype($field) == "string") { $field = ppPrepareForDB($field); } }
function gf_check4files($id, $tempfile = false) { global $_FILES, $_CONF, $_TABLES, $_USER, $CONF_FORUM, $LANG_GF00; global $_FM_TABLES, $CONF_FORUM, $filemgmt_FileStore; $filelinks = ''; $uploadfile = $_FILES['file_forum']; $cid = COM_applyFilter($_POST['filemgmtcat'], true); $use_filestore = false; if ($uploadfile['name'] != '') { if ($_POST['chk_usefilemgmt'] == 1 and $cid > 0) { $filename = $uploadfile['name']; $pos = strrpos($uploadfile['name'], '.') + 1; $ext = strtolower(substr($uploadfile['name'], $pos)); $use_filestore = true; } else { $uploadfilename = ppRandomFilename(); $pos = strrpos($uploadfile['name'], '.') + 1; $ext = strtolower(substr($uploadfile['name'], $pos)); $filename = "{$uploadfilename}.{$ext}"; //COM_errorlog("Forum file upload: Original file: {$uploadfile['name']} and new filename: $filename"); } if ($use_filestore) { if ($CONF_FORUM['FM_PLUGIN'] == 'filemgmt') { $filestore_path = $filemgmt_FileStore; } elseif ($CONF_FORUM['FM_PLUGIN'] == 'nexfile') { $filestore_path = $_CONF['path_html'] . 'nexfile/data/' . $cid . '/'; } else { $filestore_path = $CONF_FORUM['uploadpath']; } } else { $filestore_path = $CONF_FORUM['uploadpath']; } if (gf_uploadfile($filename, $uploadfile, $CONF_FORUM['allowablefiletypes'], $filestore_path)) { if (array_key_exists($uploadfile['type'], $CONF_FORUM['inlineimageypes']) and function_exists(MG_resizeImage)) { if ($_POST['chk_usefilemgmt'] == 1) { $srcImage = "{$filemgmt_FileStore}{$filename}"; $destImage = "{$CONF_FORUM['uploadpath']}/tn/{$filename}"; } else { $srcImage = "{$CONF_FORUM['uploadpath']}/{$filename}"; $destImage = "{$CONF_FORUM['uploadpath']}/tn/{$uploadfilename}.{$ext}"; } $ret = MG_resizeImage($srcImage, $destImage, $CONF_FORUM['inlineimage_height'], $CONF_FORUM['inlineimage_width']); } // Store both the created filename and the real file source filename $realfilename = $filename; $filename = "{$filename}:{$uploadfile['name']}"; if ($tempfile) { $temp = 1; } else { $temp = 0; } if ($use_filestore) { // Check and see if nexfile or the filemgmt plugin is being used if ($CONF_FORUM['FM_PLUGIN'] == 'nexfile') { DB_query("INSERT INTO {$_TABLES['fm_files']} (cid,fname,title,version,ftype,size,submitter,status,date)\r\n VALUES ('{$cid}','{$realfilename}','{$realfilename}','1','file','{$uploadfile['size']}','{$_USER['uid']}','1',UNIX_TIMESTAMP())"); $fid = DB_insertId(); DB_query("INSERT INTO {$_TABLES['fm_detail']} (fid,description,platform,hits,rating,votes,comments)\r\n VALUES ('{$fid}','','','0','0','0','0')"); DB_query("INSERT INTO {$_TABLES['fm_versions']} (fid,fname,ftype,version,size,notes,date,uid,status)\r\n VALUES ('{$fid}','{$realfilename}','file','1','{$uploadfile['size']}','',UNIX_TIMESTAMP(),'{$_USER['uid']}','1')"); DB_query("INSERT INTO {$_TABLES['gf_attachments']} (topic_id,repository_id,filename,tempfile)\r\n VALUES ('{$id}',{$fid},'{$filename}',{$temp})"); } elseif ($CONF_FORUM['FM_PLUGIN'] == 'filemgmt') { $sql = "INSERT INTO {$_FM_TABLES['filemgmt_filedetail']} (cid, title, url, size, submitter, status,date ) "; $sql .= "VALUES ('{$cid}', '{$realfilename}', '{$realfilename}', '{$uploadfile['size']}', '{$_USER['uid']}', 1, UNIX_TIMESTAMP())"; DB_query($sql); $newid = DB_insertID(); DB_query("INSERT INTO {$_TABLES['gf_attachments']} (topic_id,repository_id,filename,tempfile)\r\n VALUES ('{$id}',{$newid},'{$filename}',{$temp})"); $description = ppPrepareForDB($_POST['filemgmt_desc']); DB_query("INSERT INTO {$_FM_TABLES['filemgmt_filedesc']} (lid, description) VALUES ({$newid}, '{$description}')"); } } else { DB_query("INSERT INTO {$_TABLES['gf_attachments']} (topic_id,filename,tempfile)\r\n VALUES ('{$id}','{$filename}',{$temp})"); } } else { COM_errorlog("upload error:" . $GLOBALS['gf_errmsg']); $errmsg = $GLOBALS['gf_errmsg']; } } if (!$tempfile and $_POST['uniqueid'] > 0 and DB_COUNT($_TABLES['gf_topic'], 'id', $id)) { DB_query("UPDATE {$_TABLES['gf_attachments']} SET topic_id={$id}, tempfile=0 WHERE topic_id={$_POST['uniqueid']}"); } return $filelinks; }
function nf_approveEditForm_posthandler($processid, $taskid, $userid, $projectid) { global $_CONF, $_TABLES, $_DB_table_prefix; $nfclass = new nexflow($processid); if ($projectid == '' or $projectid == 0) { $projectid = $nfclass->get_processVariable('PID'); } $actionopt = COM_applyFilter($_POST['actionopt']); $taskid = COM_applyFilter($_POST['taskid']); $formid = COM_applyFilter($_POST['formid']); $processid = COM_applyFilter($_POST['processid']); if ($projectid > 0) { $prj_formid = DB_getItem($_TABLES['nf_projectforms'], 'id', "project_id='{$projectid}' AND form_id='{$formid}'"); } $status = DB_getItem($_TABLES['nf_projectforms'], 'status', "id='{$prj_formid}'"); if (DB_count($_TABLES['nf_project_approvals'], array('uid', 'form_id', 'process_id'), array($userid, $prj_formid, $processid)) == 0) { DB_query("INSERT INTO {$_TABLES['nf_project_approvals']} (process_id,form_id,uid) VALUES ('{$processid}','{$prj_formid}','{$userid}')"); } if ($actionopt == 'accept') { DB_query("UPDATE {$_TABLES['nf_project_approvals']} SET status='3', date_updated=UNIX_TIMESTAMP() WHERE uid='{$userid}' AND form_id='{$prj_formid}'"); } elseif ($actionopt == 'reject') { DB_query("UPDATE {$_TABLES['nf_project_approvals']} SET status='6', date_updated=UNIX_TIMESTAMP() WHERE uid='{$userid}' AND form_id='{$prj_formid}'"); } if (trim($_POST['notes']) != '') { $notes = ppPrepareForDB($_POST['notes']); if (DB_count($_TABLES['nf_projectcomments'], array('project_id', 'task_id'), array($projectid, $taskid)) == 0) { $sql = "INSERT INTO {$_TABLES['nf_projectcomments']} (project_id, task_id, uid, timestamp, comment) "; $sql .= "VALUES ('{$projectid}','{$taskid}','{$userid}',UNIX_TIMESTAMP(),'{$notes}')"; } else { $sql = "UPDATE {$_TABLES['nf_projectcomments']} SET comment='{$notes}', timestamp=UNIX_TIMESTAMP() "; $sql .= "WHERE project_id='{$projectid}' AND task_id='{$taskid}' "; } DB_query($sql); } $formtype = DB_getItem($_TABLES['nf_projectforms'], 'formtype', "id='{$prj_formid}'"); if ($_POST['taskaction'] == 'Complete Task') { if ($processid > 0 and $taskid > 0) { $nfclass = new nexflow($processid, $userid); if ($actionopt == 'accept') { $statusmsg = "{$formtype} approved"; nf_updateStatusLog($projectid, $prj_formid, $statusmsg); $status = DB_getItem($_TABLES['nf_projectforms'], 'status', "id='{$prj_formid}'"); $nfclass = new nexflow($processid, $userid); // Set Process Variable to true which may be checked in the workflow $nfclass->set_ProcessVariable('Review_Approval', 0); $nfclass->complete_task($taskid); // If the form has not yet been rejected by another member then mark it accepted if ($status != 6) { DB_query("UPDATE {$_TABLES['nf_projectforms']} SET status='3' WHERE id='{$prj_formid}'"); } } elseif ($actionopt == 'reject') { DB_query("UPDATE {$_TABLES['nf_projectforms']} SET status='6' WHERE id='{$prj_formid}'"); $statusmsg = "{$formtype} Rejected"; nf_updateStatusLog($projectid, $prj_formid, $statusmsg); // Set Process Variable to false which may be checked in the workflow $nfclass->set_ProcessVariable('Review_Approval', 1); $nfclass->cancel_task($taskid); } else { return "Need to check 'Reject' or 'Accept' to complete the task"; } } } }
function updatePage($mode, $type) { global $_CONF, $_TABLES, $_FILES, $_POST, $CONF_SE, $LANG_SE_ERR; global $_DB_name, $catid, $pageid; include_once $_CONF['path_system'] . 'classes/upload.class.php'; $name = substr(htmlentities($_POST['name']), 0, 32); $pid = ppPrepareForDB($_POST['category']); $old_sid = ppPrepareForDB($_POST['old_sid']); $sid = ppPrepareForDB($_POST['sid'], true, 40); $pageorder = COM_applyFilter($_POST['pageorder'], true); if ($type == 'link') { $menutype = 3; } else { $menutype = COM_applyFilter($_POST['menu_type'], true); } $blkformat = ppPrepareForDB($_POST['blk_format']); $heading = substr(htmlentities($_POST['heading']), 0, 255); $grp_access = ppPrepareForDB($_POST['grp_access']); $imgdelete = $_POST['imgdelete']; $chkscale = $_POST['chkscale']; $submenutype = COM_applyFilter($_POST['rad_submenu'], true); $blockmenutype = COM_applyFilter($_POST['rad_blockmenu'], true); $is_menu_newpage = $_POST['chknewwindow'] == 1 ? 1 : 0; $is_draft = $_POST['chkdraft'] == 1 ? 1 : 0; $show_breadcrumbs = $_POST['chkbreadcrumbs'] == 1 ? 1 : 0; $owner_id = ppPrepareForDB($_POST['owner_id']); $group_id = ppPrepareForDB($_POST['group_id']); $perm_owner = $_POST['perm_owner']; $perm_group = $_POST['perm_group']; $perm_members = $_POST['perm_members']; $perm_anon = $_POST['perm_anon']; $pagetitle = substr(htmlentities($_POST['pagetitle']), 0, 255); $metadesc = ppPrepareForDB($_POST['metadesc']); $metakeywords = ppPrepareForDB($_POST['metakeywords']); // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); // Allow full HTML in the introtext field if (!get_magic_quotes_gpc()) { $content = addslashes($_POST['sitecontent']); $help = addslashes($_POST['help']); } else { $content = $_POST['sitecontent']; $help = $_POST['help']; } if ($sid != '') { $sid = COM_sanitizeID($sid); } if ($sid != '' and DB_count($_TABLES['nexcontent_pages'], 'sid', $sid) > 0) { if ($sid != $old_sid) { $duplicate_sid = true; if ($old_sid == '') { $sid = "{$sid}_{$pid}"; $dupmsg = ' - Duplicate Page ID'; } else { $sid = $old_sid; $dupmsg = ' - Duplicate Page ID, Page ID not changed.'; } } } else { $duplicate_sid = false; } if ($mode == 'add') { $gid = uniqid($_DB_name, FALSE); $category = COM_applyFilter($category, true); if ($type == 'category') { // Create a new record - set the category value to 0 DB_query("INSERT INTO {$_TABLES['nexcontent_pages']} (pid,gid,type) values ({$category},'{$gid}','category')"); $pageid = DB_insertID(); $GLOBALS['statusmsg'] = 'New Category Added'; $query = DB_query("SELECT max(pageorder) FROM {$_TABLES['nexcontent_pages']} WHERE type='category'"); list($maxorder) = DB_fetchArray($query); $order = $maxorder + 10; DB_query("UPDATE {$_TABLES['nexcontent_pages']} SET pageorder='{$order}' WHERE id='{$pageid}'"); } else { // Create a new record - need to get the record id for the category DB_query("INSERT INTO {$_TABLES['nexcontent_pages']} (pid,gid,type) values ('{$category}','{$gid}','{$type}')"); $pageid = DB_insertID(); $GLOBALS['statusmsg'] = 'New Page Added'; $query = DB_query("SELECT max(pageorder) FROM {$_TABLES['nexcontent_pages']} WHERE pid='category'"); list($maxorder) = DB_fetchArray($query); $order = $maxorder + 10; DB_query("UPDATE {$_TABLES['nexcontent_pages']} SET pageorder='{$order}' WHERE id='{$pageid}'"); } } else { if ($type == 'category') { $GLOBALS['statusmsg'] = "{$name} Updated"; } else { $GLOBALS['statusmsg'] = "{$name} Updated"; } if ($duplicate_sid) { $GLOBALS['statusmsg'] .= $dupmsg; } } DB_query("UPDATE {$_TABLES['nexcontent_pages']} SET name='{$name}', blockformat='{$blkformat}', pid='{$pid}', sid='{$sid}', heading='{$heading}',content='{$content}', menutype='{$menutype}', is_menu_newpage='{$is_menu_newpage}', show_submenu='{$submenutype}', show_blockmenu='{$blockmenutype}', show_breadcrumbs='{$show_breadcrumbs}', is_draft='{$is_draft}', owner_id='{$owner_id}', group_id='{$group_id}', perm_owner='{$perm_owner}', perm_group='{$perm_group}', perm_members='{$perm_members}', perm_anon='{$perm_anon}' , pagetitle='{$pagetitle}', meta_description='{$metadesc}', meta_keywords='{$metakeywords}' WHERE id='{$pageid}'"); DB_query("UPDATE {$_TABLES['nexcontent']} SET help='{$help}'"); //update the page order if ($pageorder != '' and $pageid != '') { DB_query("UPDATE {$_TABLES['nexcontent_pages']} SET pageorder={$pageorder} WHERE id={$pageid};"); $porder = DB_query("SELECT id FROM {$_TABLES['nexcontent_pages']} WHERE pid={$pid} ORDER BY pageorder ASC;"); $i = 0; while ($ORDER = DB_fetchArray($porder)) { $i += 10; DB_query("UPDATE {$_TABLES['nexcontent_pages']} SET pageorder={$i} WHERE id={$ORDER['id']};"); } } $pageImageDir = $CONF_SE['uploadpath'] . "/{$pageid}/"; // Check and see if directories exist if (!file_exists($pageImageDir)) { $mkdir = @mkdir($pageImageDir); $chmod = @chmod($pageImageDir, $CONF_SE['imagedir_perms']); } // Delete any images if needed for ($i = 0; $i < count($imgdelete); $i++) { $curimage = DB_getitem($_TABLES['nexcontent_images'], "imagefile", "page_id='{$pageid}' AND imagenum='{$imgdelete[$i]}'"); $fullimage = $pageImageDir . $curimage; if (!is_dir($fullimage) and file_exists($fullimage)) { if (!unlink($fullimage)) { echo COM_errorLog("Unable to delete image {$fullimage}. Please check file permissions"); $GLOBALS['statusmsg'] = "Unable to delete image {$fullimage}. Please check file permissions"; } } $pos = strrpos($curimage, '.'); $origimage = strtolower(substr($curimage, 0, $pos)); $ext = strtolower(substr($curimage, $pos)); $origimage .= "_original{$ext}"; $fullimage = $pageImageDir . $origimage; if (!is_dir($fullimage) and file_exists($fullimage)) { if (!unlink($fullimage)) { echo COM_errorLog("Unable to delete image {$fullimage}. Please check file permissions"); $GLOBALS['statusmsg'] = "Unable to delete image {$fullimage}. Please check file permissions"; } } $curthumbnail = $pageImageDir . 'tn' . $curimage; if (!is_dir($curthumbnail) and file_exists($curthumbnail)) { if (!unlink($curthumbnail)) { echo COM_errorLog("Unable to delete thumbnail for {$curthumbnail}. Please check file permissions"); $GLOBALS['statusmsg'] = "Unable to delete thumbnail for {$curthumbnail}. Please check file permissions"; } } DB_query("DELETE FROM {$_TABLES['nexcontent_images']} WHERE page_id='{$pageid}' and imagenum='{$imgdelete[$i]}'"); next($imgdelete); } $upload = new upload(); $upload->setLogging(false); $upload->setDebug(false); $upload->setLogFile($_CONF['path_log'] . 'error.log'); $upload->setMaxFileUploads($CONF_SE['max_num_images']); if ($_CONF['image_lib'] == 'imagemagick') { $upload->setMogrifyPath($_CONF['path_to_mogrify']); } else { $upload->setGDLib(); } $upload->setAllowedMimeTypes($CONF_SE['allowableImageTypes']); $upload->setMaxDimensions($CONF_SE['max_upload_width'], $CONF_SE['max_upload_height']); $upload->setMaxFileSize($CONF_SE['max_uploadfile_size']); $upload->setAutomaticResize(true); $upload->keepOriginalImage(true); $upload->setPerms($CONF_SE['image_perms']); if (!$upload->setPath($pageImageDir)) { $GLOBALS['statusmsg'] = $LANG_SE_ERR['upload1'] . ': ' . $upload->printErrors(false); } // OK, let's upload any pictures with this page if (DB_count($_TABLES['nexcontent_images'], 'page_id', $pageid) > 0) { $index_start = DB_getItem($_TABLES['nexcontent_images'], 'max(imagenum)', "page_id = '{$pageid}'") + 1; } else { $index_start = 1; } $index_start = 1; $uniquename = time(); $filenames = array(); $imagenum = array(); for ($z = 1; $z <= $CONF_SE['max_num_images']; $z++) { $curfile = current($_FILES); if (!empty($curfile['name'])) { $filenames[] = $uniquename . $z . '.jpg'; $imagenum[] = substr(key($_FILES), 9, 1); } next($_FILES); } $upload->setFileNames($filenames); reset($_FILES); $upload->setDebug(false); $upload->uploadFiles(); if ($upload->areErrors()) { $GLOBALS['statusmsg'] = $LANG_SE_ERR['upload1'] . ': ' . $upload->printErrors(false); return false; } reset($filenames); reset($imagenum); if (DB_count($_TABLES['nexcontent_pages'], "id", $pageid) > 0) { foreach ($filenames as $pageImage) { $index = current($imagenum); if (file_exists($pageImageDir . $pageImage)) { $src = $pageImageDir . $pageImage; $dest = $pageImageDir . 'tn' . $pageImage; makethumbnail($pageImage, $src, $dest); $iquery = DB_query("SELECT imagefile from {$_TABLES['nexcontent_images']} WHERE page_id='{$pageid}' AND imagenum='{$index}'"); if (DB_numRows($iquery) == 0) { DB_query("INSERT INTO {$_TABLES['nexcontent_images']} (page_id,imagenum,imagefile) values ('{$pageid}', '{$index}','{$pageImage}')"); } elseif (DB_numRows($iquery) == 1) { DB_query("UPDATE {$_TABLES['nexcontent_images']} SET imagefile='{$pageImage}' WHERE page_id='{$pageid}' and imagenum='{$index}'"); } } next($imagenum); } } else { $GLOBALS['statusmsg'] = 'Error saving category'; } // Update the image autoscale option for any images $query = DB_query("SELECT id,imagenum from {$_TABLES['nexcontent_images']} WHERE page_id='{$pageid}'"); while (list($imageid, $imagenum) = DB_fetchArray($query)) { if ($chkscale[$imagenum] == '1') { DB_query("UPDATE {$_TABLES['nexcontent_images']} SET autoscale = '1' WHERE id='{$imageid}' AND imagenum='{$imagenum}'"); } else { DB_query("UPDATE {$_TABLES['nexcontent_images']} SET autoscale = '0' WHERE id='{$imageid}' AND imagenum='{$imagenum}'"); } } }
function updateFormRecord($mode) { global $_CONF, $_POST, $_TABLES, $id, $_DB_name; $name = ppPrepareForDB($_POST['name']); $shortname = ppPrepareForDB($_POST['shortname']); $comments = ppPrepareForDB($_POST['comments']); $location = ppPrepareForDB($_POST['location']); $template = ppPrepareForDB($_POST['template']); $post_method = ppPrepareForDB($_POST['post_method']); $post_option = ppPrepareForDB($_POST['post_option']); $before_formid = ppPrepareForDB($_POST['before_formid']); $after_formid = ppPrepareForDB($_POST['after_formid']); $intro_text = ppPrepareForDB($_POST['intro_text'], false); $post_text = ppPrepareForDB($_POST['post_text'], false); $return_url = ppPrepareForDB($_POST['return_url']); $status = COM_applyFilter($_POST['status'], true); $show_as_tab = ppPrepareForDB($_POST['show_as_tab']); $tab_label = ppPrepareForDB($_POST['tab_label']); $perms_view = COM_applyFilter($_POST['perms_view'], true); $perms_access = COM_applyFilter($_POST['perms_access'], true); $perms_edit = COM_applyFilter($_POST['perms_edit'], true); $fsetid = COM_applyFilter($_POST['fsetid'], true); $field1 = COM_applyFilter($_POST['field1'], true); $field2 = COM_applyFilter($_POST['field2'], true); $fieldset_label = COM_applyFilter($_POST['fieldset_label']); $show_mandatory_note = COM_applyFilter($_POST['show_mandatory_note'], true); $show_as_tab = COM_applyFilter($show_as_tab, true); if (!get_magic_quotes_gpc()) { $on_submit = addslashes(htmlspecialchars($_POST['on_submit'])); } else { $on_submit = htmlspecialchars($_POST['on_submit']); } $date = time(); if ($mode == 'add') { $gid = uniqid($_DB_name, FALSE); $fields = 'gid,name,shortname,date,template,post_method,post_option,fieldsets,'; $fields .= 'before_formid,after_formid,show_as_tab,tab_label,intro_text,after_post_text,'; $fields .= 'on_submit,return_url,perms_view,perms_access,perms_edit,status,comments,show_mandatory_note'; $sql = "INSERT INTO {$_TABLES['nxform_definitions']} ({$fields}) VALUES ("; $sql .= "'{$gid}','{$name}','{$shortname}','{$date}','{$template}','{$post_method}','{$fieldset}','{$post_option}',"; $sql .= "'{$before_formid}','{$after_formid}','{$show_as_tab}','{$tab_label}','{$intro_text}','{$post_text}',"; $sql .= "'{$on_submit}','{$return_url}','{$perms_view}','{$perms_access}','{$perms_edit}',"; $sql .= "'{$status}','{$comments}','{$show_mandatory_note}')"; DB_query($sql); $formid = $id = DB_insertID(); $GLOBALS['statusmsg'] = 'Record Added'; } elseif (DB_count($_TABLES['nxform_definitions'], "id", $id) == 1) { $oname = DB_getItem($_TABLES['nxform_definitions'], 'name', "id='{$id}'"); DB_query("UPDATE {$_TABLES['nxform_definitions']} SET\r\n name='{$name}', shortname='{$shortname}',date='{$date}', post_method='{$post_method}', post_option='{$post_option}',\r\n before_formid='{$before_formid}',after_formid='{$after_formid}',show_as_tab='{$show_as_tab}',\r\n tab_label='{$tab_label}',template='{$template}', intro_text='{$intro_text}',\r\n after_post_text='{$post_text}', on_submit='{$on_submit}', return_url='{$return_url}',\r\n perms_view='{$perms_view}', perms_access='{$perms_access}', perms_edit='{$perms_edit}',\r\n status='{$status}', comments='{$comments}',show_mandatory_note='{$show_mandatory_note}'\r\n WHERE id='{$id}'"); if ($field1 != 0 and $field2 != 0) { // Check if user wanted to update an existing fieldset definition if ($fsetid > 0) { // Retrieve original fieldset record and replace definition in array $fieldsets = DB_getItem($_TABLES['nxform_definitions'], 'fieldsets', "id='{$id}'"); if ($fieldsets != '') { $afieldsets = unserialize($fieldsets); // Retrieve array of fieldsets $afieldsets[$fsetid] = array('begin' => "{$field1}", 'end' => "{$field2}", 'label' => "{$fieldset_label}"); } } else { // User wants to add a new defintion // Retrieve original fieldset record and replace definition in array $fieldsets = DB_getItem($_TABLES['nxform_definitions'], 'fieldsets', "id='{$id}'"); if ($fieldsets != '') { $afieldsets = unserialize($fieldsets); // Retrieve array of fieldsets if (count($afieldsets) == 0) { $afieldsets[1] = array('begin' => "{$field1}", 'end' => "{$field2}", 'label' => "{$fieldset_label}"); } else { $afieldsets[] = array('begin' => "{$field1}", 'end' => "{$field2}", 'label' => "{$fieldset_label}"); } } else { // No definition yet exists - create array $afieldset = array(); $afieldsets[1] = array('begin' => "{$field1}", 'end' => "{$field2}", 'label' => "{$fieldset_label}"); } } $fieldset = serialize($afieldsets); DB_query("UPDATE {$_TABLES['nxform_definitions']} SET fieldsets='{$fieldset}' WHERE id='{$id}'"); } $GLOBALS['statusmsg'] = 'Record Updated'; } else { COM_errorLog("nexform Plugin: Admin Error updating Form Record {$id}"); $GLOBALS['statusmsg'] = 'Error adding or updating Record'; } }