/**
* Performs basic setup and then calls __init
*
* Note that all data received via $_POST have magic quotes removed.
*/
function installbase()
{
stringHandler::removeMagicQuotes($_POST);
Smarty::Smarty();
$this->_steps = array('prescan', 'install', 'postscan', 'upgrade');
$this->assign('version', LOQ_CUR_VERSION);
$this->template_dir = LOQ_INSTALLER . '/templates';
$this->setCompileDir();
$this->loadconfiguration();
$this->__init();
}
function save_configuration(&$mc)
{
$curr['CAPTCHA_ENABLE'] = isset($_POST['enable_captcha']) ? 'true' : 'false';
$curr['CAPTCHA_WIDTH'] = isset($_POST['captcha_width']) ? intval($_POST['captcha_width']) : 200;
$curr['CAPTCHA_HEIGHT'] = isset($_POST['captcha_height']) ? intval($_POST['captcha_height']) : 50;
$curr['CAPTCHA_CHARACTERS'] = isset($_POST['captcha_characters']) ? intval($_POST['captcha_characters']) : 5;
$curr['CAPTCHA_LINES'] = isset($_POST['captcha_lines']) ? intval($_POST['captcha_lines']) : 70;
$curr['CAPTCHA_ENABLE_SHADOWS'] = isset($_POST['captcha_enable_shadows']) ? 'true' : 'false';
$curr['CAPTCHA_OWNER_TEXT'] = isset($_POST['captcha_owner_text']) ? 'true' : 'false';
$curr['CAPTCHA_CHARACTER_SET'] = isset($_POST['captcha_character_set']) ? stringHandler::clean($_POST['captcha_character_set']) : '';
$curr['CAPTCHA_CASE_INSENSITIVE'] = isset($_POST['captcha_case_insensitive']) ? 'true' : 'false';
$curr['CAPTCHA_BACKGROUND'] = isset($_POST['captcha_background']) ? $_POST['captcha_background'] : '';
$curr['CAPTCHA_MIN_FONT'] = isset($_POST['captcha_min_font']) ? intval($_POST['captcha_min_font']) : 16;
$curr['CAPTCHA_MAX_FONT'] = isset($_POST['captcha_max_font']) ? intval($_POST['captcha_max_font']) : 25;
$curr['CAPTCHA_USE_COLOR'] = isset($_POST['captcha_use_color']) ? 'true' : 'false';
$curr['CAPTCHA_GRAPHIC_TYPE'] = isset($_POST['captcha_graphic_type']) ? $_POST['captcha_graphic_type'] : 'jpg';
$mc->saveConfiguration($curr);
}
/**
* Authenticate the user
*
* @param string $user Username
* @param string $pass Password
* @param bool $setcookie If true, set a cookie
*/
function userauth($user, $pass, $setcookie = FALSE)
{
$query = "SELECT `id` FROM `" . T_AUTHORS . "` WHERE `nickname`='" . stringHandler::removeMagicQuotes($user) . "' AND `password`='" . stringHandler::removeMagicQuotes(passwordManager::toSHA1($pass)) . "'";
$rs = $this->_adb->GetRow($query);
if ($rs) {
$_SESSION['user_id'] = $rs[0];
return true;
} else {
return false;
}
}
/**
* Returns a string cleaned of script tags
*
* @access public
* @param mixed $var Can be a string or an array of strings
* @return string
*/
function removeJs($var)
{
if (isset($var)) {
if (!is_array($var)) {
$search = "/<script[^>]*?>.*?<\\/script\\s*>/i";
$replace = '';
$clean = preg_replace($search, $replace, $var);
} else {
$clean = array_map(array('stringHandler', 'removeJs'), $var);
}
}
return stringHandler::trimWhitespace($clean);
}
*
* @version $Revision$
*/
if (!defined('IN_LOQUACITY')) {
include_once './config.php';
}
if ($_SERVER['REQUEST_METHOD'] === 'POST' && $_SERVER['CONTENT_TYPE'] === 'application/x-www-form-urlencoded') {
$post = null;
$comment = null;
if (defined('CLEANURLS')) {
$url = explode('/', $_SERVER['REQUEST_URI']);
$num = count($url);
if ($url[$num - 3] === 'trackback') {
//a comment id is included
$post = stringHandler::removeMagicQuotes($url[$num - 2]);
$comment = stringHandler::removeMagicQuotes($url[$num - 1]);
} else {
$post = stringHandler::removeMagicQuotes($url[$num - 1]);
}
} else {
$url = array();
parse_str(substr($_SERVER['REQUEST_URI'], strpos($_SERVER['REQUEST_URI'], '?') + 1), $url);
$post = stringHandler::removeMagicQuotes($url['tbpost']);
if (isset($url['cid'])) {
$comment = stringHandler::removeMagicQuotes($url['cid']);
}
}
include_once 'includes/trackbackhandler.class.php';
$th = new trackbackhandler($loq->_adb, $post);
$th->receiveTrackback($_SERVER['REMOTE_ADDR'], $_POST, $comment);
}
// include needed files
include_once SMARTY_DIR . 'Smarty.class.php';
include_once LOQ_APP_ROOT . '3rdparty/adodb/adodb.inc.php';
include_once LOQ_APP_ROOT . 'includes/stringhandler.class.php';
include_once LOQ_APP_ROOT . 'includes/confighandler.class.php';
include_once LOQ_APP_ROOT . 'includes/posthandler.class.php';
include_once LOQ_APP_ROOT . 'includes/commenthandler.class.php';
include_once LOQ_APP_ROOT . 'includes/sectionhandler.class.php';
include_once LOQ_APP_ROOT . 'includes/Loquacity.class.php';
include_once LOQ_APP_ROOT . 'includes/templates.php';
//Remove magic quotes
foreach ($_POST as $key => $val) {
$_POST[$key] = stringHandler::removeMagicQuotes($val);
}
foreach ($_GET as $key => $val) {
$_GET[$key] = stringHandler::removeMagicQuotes($val);
}
unset($key);
unset($val);
$loq = new Loquacity();
if (defined(C_CAPTCHA_ENABLE) && C_CAPTCHA_ENABLE == 'true') {
include_once LOQ_APP_ROOT . '3rdparty/captcha/php-captcha.inc.php';
}
/* $mtime = explode(" ",microtime());
$loq->begintime = $mtime[1] + $mtime[0]; */
/* $loq->template_dir = LOQ_APP_ROOT.'templates/'.C_TEMPLATE;
$loq->compile_dir = LOQ_APP_ROOT.'generated/templates/'; */
if (defined('IN_BBLOG_ADMIN')) {
$loq->compile_id = 'admin';
$loq->template_dir = LOQ_APP_ROOT . 'includes/admin_templates';
} else {
/**
* Performs various transformations on text. Hyperlinks have
* the redirector added and are wrapped in A tags (if not already wrapped).
* Special characters are transformed into HTML entities.
*
* @param string $comment Comment text
* @return string
*/
function processCommentText($comment)
{
//Policy: only a, b, i, strong, code, acrynom, blockquote, abbr are allowed
$comment = stringHandler::removeTags($comment, '<a><b><i><strong><code><acronym><blockquote><abbr>');
/*if(stringHandler::containsLinks($comment)){
$comment = stringHandler::transformLinks($comment);
}*/
//Policy: translate HTML special characters to their HTML entities
$comment = $this->encodeHTML($comment);
//Policy: line breaks converted automatically
return nl2br($comment);
}
/**
* Prepare trackback data for storage in the database
*
* @param int $commentid If supplied, the id of the comment being replied to
* @return array
*/
function prepFieldsForDB($commentid = null)
{
$replyto = is_null($commentid) ? $commentid : 0;
/*
* According to the spec, only URL is required, all else is optional
*/
$vars['posterwebsite'] = $this->_tbdata['url'];
/**
* Policy:
* In the interests of spam-blocking, the only hypertext we allow is the
* URL of the poster. This is the only deviance from comment handling. This means no URL transformation is performed
*/
$vars['title'] = isset($this->_tbdata['title']) ? stringHandler::clean($this->_tbdata['title']) : '';
$vars['commenttext'] = isset($this->_tbdata['excerpt']) ? stringHandler::clean($this->_tbdata['excerpt']) : '';
$vars['postername'] = isset($this->_tbdata['blog_name']) ? stringHandler::clean($this->_tbdata['blog_name']) : '';
$vars['posttime'] = strtotime(gmdate("M d Y H:i:s"));
$vars['ip'] = $this->_ip;
$vars['postid'] = $this->_post;
if ($replyto > 0) {
$vars['parentid'] = $replyto;
}
/*
* Added check for moderation.
* Follow the same rules as for comments
*/
$vars['commenttext'] = stringHandler::clean($vars['commenttext']);
$vars['onhold'] = $this->needsModeration($vars['commenttext']) ? 1 : 0;
$vars['type'] = 'trackback';
return $vars;
}
function admin_plugin_links_run(&$loq)
{
if (isset($_GET['linkdo'])) {
$linkdo = $_GET['linkdo'];
} elseif (isset($_POST['linkdo'])) {
$linkdo = $_POST['linkdo'];
} else {
$linkdo = '';
}
$linkdo = strtolower($linkdo);
switch ($linkdo) {
case "new":
$link_name = $_POST['nicename'];
$link_url = $_POST['url'];
$link_cat = intval($_POST['category']);
if (strlen($link_name) > 0 && strlen($link_url) > 0 && $link_cat > 0) {
$maxposition = $loq->_adb->GetOne("select MAX(position) from `" . T_LINKS . "`");
$position = $maxposition + 10;
$stmt = $loq->_adb->Prepare('INSERT INTO `' . T_LINKS . '` VALUES(null, ?, ?, ?, ?)');
$loq->_adb->Execute($stmt, array($link_name, $link_url, $link_cat, $postition));
}
break;
case "delete":
// delete link
$loq->_adb->Execute("delete from " . T_LINKS . " where linkid=" . $_POST['linkid']);
break;
case "save":
// update an existing link
$loq->_adb->Execute("update " . T_LINKS . "\n set nicename='" . stringHandler::removeMagicQuotes($_POST['nicename']) . "',\n url='" . stringHandler::removeMagicQuotes($_POST['url']) . "',\n category='" . stringHandler::removeMagicQuotes($_POST['category']) . "'\n where linkid=" . $_POST['linkid']);
break;
case "up":
$loq->_adb->Execute("update " . T_LINKS . " set position=position-15 where linkid=" . $_POST['linkid']);
reorder_links();
break;
case "down":
$loq->_adb->Execute("update " . T_LINKS . " set position=position+15 where linkid=" . $_POST['linkid']);
reorder_links();
break;
default:
// show form
break;
}
if (isset($_GET['catdo'])) {
$catdo = $_GET['catdo'];
} elseif (isset($_POST['catdo'])) {
$catdo = $_POST['catdo'];
} else {
$catdo = '';
}
$catod = strtolower($catdo);
switch ($catdo) {
case "new":
// add new category
$cat_name = $_POST['name'];
if (strlen($cat_name) > 0) {
$stmt = $loq->_adb->Prepare('INSERT INTO `' . T_CATEGORIES . '` VALUES(null, ?)');
$loq->_adb->Execute($stmt, array($cat_name));
}
break;
case "delete":
// delete category
// have to remove all references to the category in the links
$loq->_adb->Execute("update " . T_LINKS . "\n set linkid=0 where linkid=" . $_POST['categoryid']);
// delete the category
$loq->_adb->Execute("delete from " . T_CATEGORIES . " where categoryid=" . $_POST['categoryid']);
break;
case "save":
// update an existing category
$loq->_adb->Execute("update " . T_CATEGORIES . "\n set name='" . $_POST['name'] . "'\n where categoryid=" . $_POST['categoryid']);
break;
default:
// show form
break;
}
$rs = $loq->_adb->Execute("select * from " . T_CATEGORIES);
if ($rs !== false && !$rs->EOF) {
$loq->assign('ecategories', $rs->GetRows(-1));
}
$rs = $loq->_adb->GetAll("select * from " . T_LINKS . " order by position");
if (is_array($rs)) {
$loq->assign('elinks', $rs);
}
}
}
$loq->get_modifiers();
$optionformrows = array();
$options = get_options();
if (isset($_POST['submit']) && $_POST['submit'] == 'Save Options') {
// saving options..
$updatevars = array();
foreach ($options as $option) {
if (!isset($_POST[$option['name']])) {
break;
}
switch ($option['type']) {
case "text":
case "email":
case "url":
$updatevars[] = array("name" => $option['name'], "value" => stringHandler::clean($_POST[$option['name']]));
break;
case "password":
if ($_POST[$option['name']] != '') {
$updatevars[] = array("name" => $option['name'], "value" => md5($_POST[$option['name']]));
}
break;
case "templateselect":
// make sure we're not being poked.
if (ereg('^[[:alnum:]]+$', $_POST[$option['name']])) {
$updatevars[] = array("name" => $option['name'], "value" => strtolower($_POST[$option['name']]));
}
break;
case "statusselect":
if ($_POST[$option['name']] == 'live') {
$updatevars[] = array("name" => $option['name'], "value" => 'live');
