Esempio n. 1
0
/**
* Main driver to handle the uploaded autotag
*
* Determines if a new style (supports automated installer) or
* an old style.
*
* @return   string              Formatted HTML containing the page body
*
*/
function processAutotagUpload()
{
    global $_CONF, $_PLUGINS, $_TABLES, $autotagData, $LANG32, $_DB_dbms, $_DB_table_prefix;
    $retval = '';
    $upgrade = false;
    $errors = '';
    if (count($_FILES) > 0 && $_FILES['autotagfile']['error'] != UPLOAD_ERR_NO_FILE) {
        require_once $_CONF['path_system'] . 'classes/upload.class.php';
        $upload = new upload();
        if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
            $upload->setLogFile($_CONF['path'] . 'logs/error.log');
            $upload->setDebug(true);
        }
        $upload->setMaxFileUploads(1);
        $upload->setMaxFileSize(4194304);
        $upload->setAllowedMimeTypes(array('application/x-gzip' => '.gz,.gzip,tgz', 'application/zip' => '.zip'));
        $upload->setFieldName('autotagfile');
        if (!$upload->setPath($_CONF['path_data'] . 'temp')) {
            return _at_errorBox($upload->printErrors(false));
            exit;
        }
        $filename = COM_sanitizeFilename($_FILES['autotagfile']['name'], true);
        $upload->setFileNames($filename);
        $upload->uploadFiles();
        if ($upload->areErrors()) {
            return _at_errorBox($upload->printErrors(false));
            exit;
        }
        $Finalfilename = $_CONF['path_data'] . 'temp/' . $filename;
    } else {
        return _at_errorBox($LANG32[46]);
    }
    // decompress into temp directory
    if (function_exists('set_time_limit')) {
        @set_time_limit(60);
    }
    if (!($tmp = _io_mktmpdir())) {
        return _at_errorBox($LANG32[47]);
    }
    if (!COM_decompress($Finalfilename, $_CONF['path_data'] . $tmp)) {
        _pi_deleteDir($_CONF['path_data'] . $tmp);
        return _at_errorBox($LANG32[48]);
    }
    @unlink($Finalfilename);
    // read XML data file, places in $autotagData;
    $autotagData = array();
    $rc = _at_parseXML($_CONF['path_data'] . $tmp);
    if ($rc == -1) {
        // no xml file found
        _pi_deleteDir($_CONF['path_data'] . $tmp);
        return _at_errorBox(sprintf($LANG32[49], $autotagData['glfusionversion']));
    }
    if (!isset($autotagData['id']) || !isset($autotagData['version'])) {
        _pi_deleteDir($_CONF['path_data'] . $tmp);
        return _at_errorBox(sprintf($LANG32[49], $autotagData['glfusionversion']));
    }
    // proper glfusion version
    if (!COM_checkVersion(GVERSION, $autotagData['glfusionversion'])) {
        _pi_deleteDir($_CONF['path_data'] . $tmp);
        return _at_errorBox(sprintf($LANG32[49], $autotagData['glfusionversion']));
    }
    if (!COM_checkVersion(phpversion(), $autotagData['phpversion'])) {
        $retval .= sprintf($LANG32[50], $autotagData['phpversion']);
        _pi_deleteDir($_CONF['path_data'] . $tmp);
        return _at_errorBox(sprintf($LANG32[50], $autotagData['phpversion']));
    }
    if ($errors != '') {
        _pi_deleteDir($_CONF['path_data'] . $tmp);
        return _at_errorBox($errors);
    }
    // check to see if an auto tag already exists...
    // removed so we can update existing auto tags
    /*
        $result = DB_query("SELECT * FROM {$_TABLES['autotags']} WHERE tag='".DB_escapeString($autotagData['id'])."'");
        if ( DB_numRows($result) > 0 ) {
            _pi_deleteDir($_CONF['path_data'].$tmp);
            return _at_errorBox(sprintf($LANG32[52],$autotagData['id']));
        }
    */
    $permError = 0;
    $permErrorList = '';
    if (function_exists('set_time_limit')) {
        @set_time_limit(30);
    }
    // test copy to proper directories
    $autotagData['id'] = preg_replace('/[^a-zA-Z0-9\\-_\\.]/', '', $autotagData['id']);
    list($rc, $failed) = _pi_test_copy($_CONF['path_data'] . $tmp . '/' . $autotagData['id'] . '/', $_CONF['path_system'] . 'autotags/');
    if ($rc > 0) {
        $permError = 1;
        foreach ($failed as $filename) {
            $permErrorList .= sprintf($LANG32[41], $filename);
        }
    }
    if ($permError != 0) {
        $errorMessage = '<h2>' . $LANG32[42] . '</h2>' . $LANG32[43] . $permErrorList . '<br />' . $LANG32[44];
        _pi_deleteDir($_CONF['path_data'] . $tmp);
        return _at_errorBox($errorMessage);
    }
    $T = new Template($_CONF['path_layout'] . 'admin/autotag');
    $T->set_file('form', 'autotag_upload_confirm.thtml');
    $T->set_var(array('form_action_url' => $_CONF['site_admin_url'] . '/autotag_upload.php', 'action' => 'processupload', 'pi_name' => $autotagData['id'], 'pi_version' => $autotagData['version'], 'pi_url' => $autotagData['url'], 'pi_gl_version' => $autotagData['glfusionversion'], 'pi_desc' => $autotagData['description'], 'pi_author' => $autotagData['author'], 'upgrade' => $upgrade, 'temp_dir' => $tmp));
    $retval .= $T->parse('output', 'form');
    return $retval;
}
Esempio n. 2
0
 public function testSetMaxFileUploads()
 {
     $this->assertTrue($this->up->setMaxFileUploads(10));
     $this->assertEquals(10, $this->up->getMaxFileUploadsPerForm());
 }
Esempio n. 3
0
function CLASSIFIEDS_saveImage($ad, $FILES, $clid)
{
    global $_CONF, $_CLASSIFIEDS_CONF, $_TABLES, $LANG24;
    $args =& $ad;
    // Handle Magic GPC Garbage:
    while (list($key, $value) = each($args)) {
        if (!is_array($value)) {
            $args[$key] = COM_stripslashes($value);
        } else {
            while (list($subkey, $subvalue) = each($value)) {
                $value[$subkey] = COM_stripslashes($subvalue);
            }
        }
    }
    // Delete any images if needed
    if (array_key_exists('delete', $args)) {
        $delete = count($args['delete']);
        for ($i = 1; $i <= $delete; $i++) {
            $pi_filename = DB_getItem($_TABLES['cl_pic'], 'pi_filename', 'pi_pid = ' . $clid . ' AND pi_img_num = ' . key($args['delete']));
            CLASSIFIEDS_deleteImage($pi_filename);
            DB_query("DELETE FROM {$_TABLES['cl_pic']} WHERE pi_pid = " . $clid . " AND pi_img_num = " . key($args['delete']));
            next($args['delete']);
        }
    }
    // OK, let's upload any pictures with the ad
    if (DB_count($_TABLES['cl_pic'], 'pi_pid', $clid) > 0) {
        $index_start = DB_getItem($_TABLES['cl_pic'], 'max(pi_img_num)', "pi_pid = '" . $clid . "'") + 1;
    } else {
        $index_start = 1;
    }
    if (count($FILES) > 0 and $_CLASSIFIEDS_CONF['max_images_per_ad'] > 0) {
        require_once $_CONF['path_system'] . 'classes/upload.class.php';
        $upload = new upload();
        //Debug with story debug function
        if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
            $upload->setLogFile($_CONF['path'] . 'logs/error.log');
            $upload->setDebug(true);
        }
        $upload->setMaxFileUploads($_CLASSIFIEDS_CONF['max_images_per_ad']);
        if (!empty($_CONF['image_lib'])) {
            if ($_CONF['image_lib'] == 'imagemagick') {
                // Using imagemagick
                $upload->setMogrifyPath($_CONF['path_to_mogrify']);
            } elseif ($_CONF['image_lib'] == 'netpbm') {
                // using netPBM
                $upload->setNetPBM($_CONF['path_to_netpbm']);
            } elseif ($_CONF['image_lib'] == 'gdlib') {
                // using the GD library
                $upload->setGDLib();
            }
            $upload->setAutomaticResize(true);
            $upload->keepOriginalImage(false);
            if (isset($_CONF['jpeg_quality'])) {
                $upload->setJpegQuality($_CONF['jpeg_quality']);
            }
        }
        $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
        if (!$upload->setPath($_CLASSIFIEDS_CONF['path_images'])) {
            $output = COM_siteHeader('menu', $LANG24[30]);
            $output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header'));
            $output .= $upload->printErrors(false);
            $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
            $output .= COM_siteFooter();
            echo $output;
            exit;
        }
        // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will
        // force any images bigger than the passed dimensions to be resized.
        // If mogrify is not set, any images larger than these dimensions
        // will get validation errors
        $upload->setMaxDimensions($_CLASSIFIEDS_CONF['max_image_width'], $_CLASSIFIEDS_CONF['max_image_height']);
        $upload->setMaxFileSize($_CLASSIFIEDS_CONF['max_image_size']);
        // size in bytes, 1048576 = 1MB
        // Set file permissions on file after it gets uploaded (number is in octal)
        $upload->setPerms('0644');
        $filenames = array();
        $end_index = $index_start + $upload->numFiles() - 1;
        for ($z = $index_start; $z <= $end_index; $z++) {
            $curfile = current($FILES);
            if (!empty($curfile['name'])) {
                $pos = strrpos($curfile['name'], '.') + 1;
                $fextension = substr($curfile['name'], $pos);
                $filenames[] = $clid . '_' . $z . '.' . $fextension;
            }
            next($FILES);
        }
        $upload->setFileNames($filenames);
        reset($FILES);
        $upload->uploadFiles();
        if ($upload->areErrors()) {
            $retval = COM_siteHeader('menu', $LANG24[30]);
            $retval .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header'));
            $retval .= $upload->printErrors(false);
            $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
            $retval .= COM_siteFooter();
            echo $retval;
            exit;
        }
        reset($filenames);
        for ($z = $index_start; $z <= $end_index; $z++) {
            DB_query("INSERT INTO {$_TABLES['cl_pic']} (pi_pid, pi_img_num, pi_filename) VALUES ('" . $clid . "', {$z}, '" . current($filenames) . "')");
            next($filenames);
        }
    }
    return true;
}
Esempio n. 4
0
function MAPS_importCSV($FILES = '', $map_id, $separator = ';', $fields, $valid = false, $filename = '')
{
    global $_CONF, $_TABLES, $LANG24, $LANG_MAPS_1, $_USER;
    if ($map_id == '') {
        return MAPS_message('Map ID is missing');
    }
    if (!in_array($separator, array(',', 'tab', ';'))) {
        echo COM_refresh($_CONF['site_admin_url'] . '/plugins/maps/import_export.php');
        exit;
    }
    if ($valid == false) {
        // OK, let's upload csv file
        require_once $_CONF['path_system'] . 'classes/upload.class.php';
        $upload = new upload();
        //Debug with story debug function
        if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
            $upload->setLogFile($_CONF['path'] . 'logs/error.log');
            $upload->setDebug(true);
        }
        $upload->setMaxFileUploads(1);
        $upload->setAllowedMimeTypes(array('text/csv' => '.csv', 'text/comma-separated-values' => '.csv', 'application/vnd.ms-excel' => '.csv'));
        if (!$upload->setPath($_CONF['path_data'])) {
            $output = COM_siteHeader('menu', $LANG24[30]);
            $output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header'));
            $output .= $upload->printErrors(false);
            $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
            $output .= COM_siteFooter();
            echo $output;
            exit;
        }
        // Set file permissions on file after it gets uploaded (number is in octal)
        $upload->setPerms('0644');
        $curfile = current($FILES);
        if (!empty($curfile['name'])) {
            $pos = strrpos($curfile['name'], '.') + 1;
            $fextension = substr($curfile['name'], $pos);
            $filename = 'import_markers_' . COM_makesid() . '.' . $fextension;
        }
        if ($filename == '') {
            return MAPS_message('Houston, we have a problem.');
        }
        $upload->setFileNames($filename);
        reset($FILES);
        $upload->uploadFiles();
        if ($upload->areErrors()) {
            $msg = $upload->printErrors(false);
            return MAPS_message($msg, $LANG24[30]);
        }
        $retval = '<p>' . $LANG_MAPS_1['markers_to_add'] . ' ' . DB_getItem($_TABLES['maps_maps'], 'name', "mid={$map_id}") . '</p><ul>';
    } else {
        $retval = '<p>' . $LANG_MAPS_1['markers_added'] . ' ' . DB_getItem($_TABLES['maps_maps'], 'name', "mid={$map_id}") . '</p><ul>';
    }
    //open file and record markers
    $row = 1;
    $marker = array();
    $valid_fields = MAPS_getFieldsImportExport();
    if (($handle = fopen($_CONF['path_data'] . $filename, "r")) !== FALSE) {
        if ($separator == 'tab') {
            $separator = "\t";
        }
        $iteration = 0;
        while (($field_read = fgetcsv($handle, 0, $separator)) !== FALSE) {
            $iteration++;
            for ($i = 27; $i > -1; $i = $i - 1) {
                if ($fields[$i] == $valid_fields[$i]) {
                    $marker[$i] = $field_read[$i];
                } else {
                    if (!isset($marker[$i])) {
                        $marker[$i] = '';
                    }
                    while ($position = current($valid_fields)) {
                        if ($position == $fields[$i]) {
                            $key = key($valid_fields);
                            $marker[$key] = $field_read[$i];
                        }
                        next($valid_fields);
                    }
                    reset($valid_fields);
                }
            }
            if ($marker[3] == '') {
                ksort($marker);
                $retval = '<table style="margin:20px;" border="1">';
                foreach ($marker as $key => $val) {
                    $retval .= "<tr><td><font size=2>" . $key . "</td><td><font size=2>" . $val . "</td></tr>";
                }
                $retval .= "</table>";
                return MAPS_message($LANG_MAPS_1['name_missing'] . ' | Line: ' . $iteration . $retval);
            }
            if ($marker[0] == '' && $marker[1] == '') {
                return MAPS_message($LANG_MAPS_1['need_address']);
            }
            if ($valid == false) {
                $retval .= '<li>#' . $iteration . ' Name: ' . $marker[3] . '<br' . XHTML . '>Address: ' . $marker[0] . '<br' . XHTML . '>Lat: ' . $marker[1] . ' | Lng: ' . $marker[2] . '<br' . XHTML . '>Description: ' . $marker[4] . '<br' . XHTML . '>mk_default: ' . $marker[5] . ' | mk_pcolor: ' . $marker[6] . ' | mk_scolor: ' . $marker[7] . ' | mk_label: ' . $marker[8] . ' | mk_label_color: ' . $marker[9] . '<br' . XHTML . '>street: ' . $marker[10] . '<br' . XHTML . '>code: ' . $marker[11] . ' | city: ' . $marker[12] . '<br' . XHTML . '>state: ' . $marker[13] . ' | country: ' . $marker[14] . '<br' . XHTML . '>tel: ' . $marker[15] . ' | fax: ' . $marker[16] . '<br' . XHTML . '>web: ' . $marker[17] . '<br' . XHTML . '>item_1: ' . $marker[18] . ' | item_2: ' . $marker[19] . ' | item_3: ' . $marker[20] . ' | item_4: ' . $marker[21] . ' | item_5: ' . $marker[22] . ' | item_6: ' . $marker[23] . ' | item_7: ' . $marker[24] . ' | item_8: ' . $marker[25] . ' | item_9: ' . $marker[26] . ' | item_10: |' . $marker[27] . '<br' . XHTML . '>Map id: ' . $map_id . ' | ' . 'Owner id: ' . $_USER['uid'] . '<br' . XHTML . '>&nbsp;';
            } else {
                ksort($marker);
                $markers = '';
                foreach ($marker as $key => $value) {
                    if ($key != 0) {
                        $markers .= ",";
                    }
                    // prepare strings for insertion
                    switch ($key) {
                        case '0':
                            //address
                            $val[0] = $value;
                            $type = array(0 => 'text');
                            MAPS_filterVars($type, $val);
                            //MAPS_convert_to ( $val[0], $_CONF['default_charset'] );
                            $address = $val[0];
                            break;
                        case '1':
                            //lat
                            if ($value == '') {
                                $lat = $lng = '';
                                $coords = MAPS_getCoords($address, $lat, $lng);
                                $value = $lat;
                            }
                            break;
                        case '2':
                            //lng
                            if ($value == '') {
                                $value = $lng;
                            }
                            break;
                        default:
                            $val[0] = $value;
                            $type = array(0 => 'text');
                            MAPS_filterVars($type, $val);
                            //MAPS_convert_to ( $val[0], $_CONF['default_charset'] );
                            $value = $val[0];
                            break;
                    }
                    $markers .= " '" . $value . "'";
                }
                //pause 1/10 second to avoid
                $nano = time_nanosleep(0, 100000);
                if ($nano === true) {
                    $mkid = date('YmdHis') . $iteration;
                }
                $created = $modified = date("Ymd");
                $sql = "INSERT INTO {$_TABLES['maps_markers']} (\n\t\t\t\t  mkid,\n\t\t\t\t  mid,\n\t\t\t\t  owner_id,\n\t\t\t\t  created, modified,\n\t\t\t\t  address, lat, lng, name, description,  mk_default, mk_pcolor, mk_scolor, mk_label, mk_label_color,\n\t\t\t\t  street, code, city, state, country, tel, fax, web, item_1, item_2, item_3, item_4, item_5, item_6,\n\t\t\t\t  item_7, item_8, item_9, item_10) VALUES (\n\t\t\t\t  {$mkid},\n\t\t\t\t  {$map_id},\n\t\t\t\t  {$_USER['uid']},\n\t\t\t\t  {$created}, {$modified},\n\t\t\t\t  {$markers})";
                $mkid_exists = DB_getItem($_TABLES['maps_markers'], 'mkid', "mkid={$mkid}");
                DB_query("SET character_set_results = 'utf8', character_set_client = 'utf8', character_set_connection = 'utf8', character_set_database = 'utf8', character_set_server = 'utf8'");
                if ($mkid_exists == '' and $mkid != '') {
                    DB_query($sql, 0);
                } else {
                    COM_errorLog('MAPS - Duplicate mkid during import from ' . $filename);
                }
                $mkid = '';
                $retval .= '<li>' . stripslashes($marker[3]) . ' | ' . stripslashes($marker[0]);
            }
        }
        fclose($handle);
    }
    $retval .= '</ul>';
    if ($valid == false) {
        $validation = '<p><form name="import" action="' . $_CONF['site_url'] . '/admin/plugins/maps/import_export.php?mode=valid" method="POST">';
        $validation .= '<input type="hidden" name="filename" value="' . $filename . '">';
        $validation .= '<input type="hidden" name="mid" value="' . $map_id . '">';
        $validation .= '<input type="hidden" name="separator_in" value="' . $separator . '">';
        $validation .= '<input type="submit" name="submit" value="' . $LANG_MAPS_1['yes'] . '"> ';
        foreach ($fields as $value) {
            $validation .= '<input type="hidden" name="import_export[]" value="' . $value . '">';
        }
        $validation .= '<input type="submit" name="submit" value="' . $LANG_MAPS_1['no'] . '">';
        $validation .= '</form></p>';
        return MAPS_message($retval) . $validation;
    } else {
        return $retval;
    }
}
Esempio n. 5
0
/**
 * Submit a new or updated story. The story is updated if it exists, or a new one is created
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @return  int		    Response code as defined in lib-plugins.php
 */
function service_submit_story($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS;
    if (!SEC_hasRights('story.edit')) {
        $output .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
        return PLG_RET_AUTH_FAILED;
    }
    require_once $_CONF['path_system'] . 'lib-comment.php';
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit) {
        /* This is EDIT mode, so there should be an old sid */
        if (empty($args['old_sid'])) {
            if (!empty($args['id'])) {
                $args['old_sid'] = $args['id'];
            } else {
                return PLG_RET_ERROR;
            }
            if (empty($args['sid'])) {
                $args['sid'] = $args['old_sid'];
            }
        }
    } else {
        if (empty($args['sid']) && !empty($args['id'])) {
            $args['sid'] = $args['id'];
        }
    }
    /* Store the first CATEGORY as the Topic ID */
    if (!empty($args['category'][0])) {
        $args['tid'] = $args['category'][0];
    }
    $content = '';
    if (!empty($args['content'])) {
        $content = $args['content'];
    } else {
        if (!empty($args['summary'])) {
            $content = $args['summary'];
        }
    }
    if (!empty($content)) {
        $parts = explode('[page_break]', $content);
        if (count($parts) == 1) {
            $args['introtext'] = $content;
            $args['bodytext'] = '';
        } else {
            $args['introtext'] = array_shift($parts);
            $args['bodytext'] = implode('[page_break]', $parts);
        }
    }
    /* Apply filters to the parameters passed by the webservice */
    if ($args['gl_svc']) {
        if (isset($args['mode'])) {
            $args['mode'] = COM_applyBasicFilter($args['mode']);
        }
        if (isset($args['editopt'])) {
            $args['editopt'] = COM_applyBasicFilter($args['editopt']);
        }
    }
    /* - START: Set all the defaults - */
    if (empty($args['tid'])) {
        // see if we have a default topic
        $topic = DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND'));
        if (!empty($topic)) {
            $args['tid'] = $topic;
        } else {
            // otherwise, just use the first one
            $o = array();
            $s = array();
            if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) {
                $args['tid'] = $o[0];
            } else {
                $svc_msg['error_desc'] = 'No topics available';
                return PLG_RET_ERROR;
            }
        }
    }
    if (empty($args['owner_id'])) {
        $args['owner_id'] = $_USER['uid'];
    }
    if (empty($args['group_id'])) {
        $args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']);
    }
    if (empty($args['postmode'])) {
        $args['postmode'] = $_CONF['postmode'];
        if (!empty($args['content_type'])) {
            if ($args['content_type'] == 'text') {
                $args['postmode'] = 'text';
            } else {
                if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') {
                    $args['postmode'] = 'html';
                }
            }
        }
    }
    if ($args['gl_svc']) {
        /* Permissions */
        if (!isset($args['perm_owner'])) {
            $args['perm_owner'] = $_CONF['default_permissions_story'][0];
        } else {
            $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
        }
        if (!isset($args['perm_group'])) {
            $args['perm_group'] = $_CONF['default_permissions_story'][1];
        } else {
            $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
        }
        if (!isset($args['perm_members'])) {
            $args['perm_members'] = $_CONF['default_permissions_story'][2];
        } else {
            $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
        }
        if (!isset($args['perm_anon'])) {
            $args['perm_anon'] = $_CONF['default_permissions_story'][3];
        } else {
            $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
        }
        if (!isset($args['draft_flag'])) {
            $args['draft_flag'] = $_CONF['draft_flag'];
        }
        if (empty($args['frontpage'])) {
            $args['frontpage'] = $_CONF['frontpage'];
        }
        if (empty($args['show_topic_icon'])) {
            $args['show_topic_icon'] = $_CONF['show_topic_icon'];
        }
    }
    /* - END: Set all the defaults - */
    // TEST CODE
    /* foreach ($args as $k => $v) {
           if (!is_array($v)) {
               echo "$k => $v\r\n";
           } else {
               echo "$k => $v\r\n";
               foreach ($v as $k1 => $v1) {
                   echo "        $k1 => $v1\r\n";
               }
           }
       }*/
    // exit ();
    // END TEST CODE
    if (!isset($args['sid'])) {
        $args['sid'] = '';
    }
    $args['sid'] = COM_sanitizeID($args['sid']);
    if (!$gl_edit) {
        if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) {
            $args['sid'] = WS_makeId($args['slug'], STORY_MAX_ID_LENGTH);
        }
    }
    $story = new Story();
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit && !empty($args['gl_etag'])) {
        /* First load the original story to check if it has been modified */
        $result = $story->loadFromDatabase($args['sid']);
        if ($result == STORY_LOADED_OK) {
            if ($args['gl_etag'] != date('c', $story->_date)) {
                $svc_msg['error_desc'] = 'A more recent version of the story is available';
                return PLG_RET_PRECONDITION_FAILED;
            }
        } else {
            $svc_msg['error_desc'] = 'Error loading story';
            return PLG_RET_ERROR;
        }
    }
    /* This function is also doing the security checks */
    $result = $story->loadFromArgsArray($args);
    $sid = $story->getSid();
    switch ($result) {
        case STORY_DUPLICATE_SID:
            $output .= COM_siteHeader('menu', $LANG24[5]);
            $output .= COM_errorLog($LANG24[24], 2);
            if (!$args['gl_svc']) {
                $output .= storyeditor($sid);
            }
            $output .= COM_siteFooter();
            return PLG_RET_ERROR;
        case STORY_EXISTING_NO_EDIT_PERMISSION:
            $output .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
            COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
            return PLG_RET_PERMISSION_DENIED;
        case STORY_NO_ACCESS_PARAMS:
            $output .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
            COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
            return PLG_RET_PERMISSION_DENIED;
        case STORY_EMPTY_REQUIRED_FIELDS:
            $output .= COM_siteHeader('menu');
            $output .= COM_errorLog($LANG24[31], 2);
            if (!$args['gl_svc']) {
                $output .= storyeditor($sid);
            }
            $output .= COM_siteFooter();
            return PLG_RET_ERROR;
        default:
            break;
    }
    /* Image upload is not supported by the web-service at present */
    if (!$args['gl_svc']) {
        // Delete any images if needed
        if (array_key_exists('delete', $args)) {
            $delete = count($args['delete']);
            for ($i = 1; $i <= $delete; $i++) {
                $ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete']));
                STORY_deleteImage($ai_filename);
                DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete']));
                next($args['delete']);
            }
        }
        // OK, let's upload any pictures with the article
        if (DB_count($_TABLES['article_images'], 'ai_sid', $sid) > 0) {
            $index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '{$sid}'") + 1;
        } else {
            $index_start = 1;
        }
        if (count($_FILES) > 0 and $_CONF['maximagesperarticle'] > 0) {
            require_once $_CONF['path_system'] . 'classes/upload.class.php';
            $upload = new upload();
            if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
                $upload->setLogFile($_CONF['path'] . 'logs/error.log');
                $upload->setDebug(true);
            }
            $upload->setMaxFileUploads($_CONF['maximagesperarticle']);
            if (!empty($_CONF['image_lib'])) {
                if ($_CONF['image_lib'] == 'imagemagick') {
                    // Using imagemagick
                    $upload->setMogrifyPath($_CONF['path_to_mogrify']);
                } elseif ($_CONF['image_lib'] == 'netpbm') {
                    // using netPBM
                    $upload->setNetPBM($_CONF['path_to_netpbm']);
                } elseif ($_CONF['image_lib'] == 'gdlib') {
                    // using the GD library
                    $upload->setGDLib();
                }
                $upload->setAutomaticResize(true);
                if ($_CONF['keep_unscaled_image'] == 1) {
                    $upload->keepOriginalImage(true);
                } else {
                    $upload->keepOriginalImage(false);
                }
                if (isset($_CONF['jpeg_quality'])) {
                    $upload->setJpegQuality($_CONF['jpeg_quality']);
                }
            }
            $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
            if (!$upload->setPath($_CONF['path_images'] . 'articles')) {
                $output = COM_siteHeader('menu', $LANG24[30]);
                $output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header'));
                $output .= $upload->printErrors(false);
                $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
                $output .= COM_siteFooter();
                echo $output;
                exit;
            }
            // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will
            // force any images bigger than the passed dimensions to be resized.
            // If mogrify is not set, any images larger than these dimensions
            // will get validation errors
            $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
            $upload->setMaxFileSize($_CONF['max_image_size']);
            // size in bytes, 1048576 = 1MB
            // Set file permissions on file after it gets uploaded (number is in octal)
            $upload->setPerms('0644');
            $filenames = array();
            $end_index = $index_start + $upload->numFiles() - 1;
            for ($z = $index_start; $z <= $end_index; $z++) {
                $curfile = current($_FILES);
                if (!empty($curfile['name'])) {
                    $pos = strrpos($curfile['name'], '.') + 1;
                    $fextension = substr($curfile['name'], $pos);
                    $filenames[] = $sid . '_' . $z . '.' . $fextension;
                }
                next($_FILES);
            }
            $upload->setFileNames($filenames);
            reset($_FILES);
            $upload->uploadFiles();
            if ($upload->areErrors()) {
                $retval = COM_siteHeader('menu', $LANG24[30]);
                $retval .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header'));
                $retval .= $upload->printErrors(false);
                $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
                $retval .= COM_siteFooter();
                echo $retval;
                exit;
            }
            reset($filenames);
            for ($z = $index_start; $z <= $end_index; $z++) {
                DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('{$sid}', {$z}, '" . current($filenames) . "')");
                next($filenames);
            }
        }
        if ($_CONF['maximagesperarticle'] > 0) {
            $errors = $story->insertImages();
            if (count($errors) > 0) {
                $output = COM_siteHeader('menu', $LANG24[54]);
                $output .= COM_startBlock($LANG24[54], '', COM_getBlockTemplate('_msg_block', 'header'));
                $output .= $LANG24[55] . '<p>';
                for ($i = 1; $i <= count($errors); $i++) {
                    $output .= current($errors) . '<br' . XHTML . '>';
                    next($errors);
                }
                $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
                $output .= storyeditor($sid);
                $output .= COM_siteFooter();
                echo $output;
                exit;
            }
        }
    }
    $result = $story->saveToDatabase();
    if ($result == STORY_SAVED) {
        // see if any plugins want to act on that story
        if (!empty($args['old_sid']) && $args['old_sid'] != $sid) {
            PLG_itemSaved($sid, 'article', $args['old_sid']);
        } else {
            PLG_itemSaved($sid, 'article');
        }
        // update feed(s) and Older Stories block
        COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid);
        COM_olderStuff();
        CMT_updateCommentcodes();
        if ($story->type == 'submission') {
            $output = COM_refresh($_CONF['site_admin_url'] . '/moderation.php?msg=9');
        } else {
            $output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9);
        }
        /* @TODO Set the object id here */
        $svc_msg['id'] = $sid;
        return PLG_RET_OK;
    }
}
Esempio n. 6
0
// | See the GNU General Public License for more details.                    |
// |                                                                         |
// | You should have received a copy of the GNU General Public License       |
// | along with this program; if not, write to the Free Software Foundation, |
// | Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.         |
// |                                                                         |
// +-------------------------------------------------------------------------+
//
include_once $_CONF['path_system'] . 'classes/upload.class.php';
if (!file_exists($questionDir)) {
    mkdir($questionDir);
    chmod($questionDir, 0755);
}
$upload = new upload();
$upload->setContinueOnError(true);
$upload->setMaxFileUploads('1');
$upload->setLogFile("{$clubLogfile}");
$upload->setLogging(false);
$upload->setAllowedMimeTypes($_CONFQUIZ['allowableImageTypes']);
if (!$upload->setPath($questionDir)) {
    print 'File Upload Errors:<BR>' . $upload->printErrors();
    exit;
}
$upload->setMaxDimensions($_CONFQUIZ['max_upload_width'], $_CONFQUIZ['max_upload_height']);
$upload->setMaxFileSize($_CONFQUIZ['max_upload_size']);
// Set file permissions on file after it gets uploaded (number is in octet)
$upload->setPerms('0774');
$filenames = array();
$realfilenames = array();
$uploadtypes = array();
$uploadfilepos = array();
Esempio n. 7
0
/**
* Main driver to handle the uploaded plugin
*
* Determines if a new style (supports automated installer) or
* an old style.
*
* @return   string              Formatted HTML containing the page body
*
*/
function processPluginUpload()
{
    global $_CONF, $_PLUGINS, $_PLUGIN_INFO, $_TABLES, $pluginData, $LANG_ADMIN, $LANG32, $_DB_dbms, $_DB_table_prefix, $_IMAGE_TYPE;
    $retval = '';
    $upgrade = false;
    if (count($_FILES) > 0 && $_FILES['pluginfile']['error'] != UPLOAD_ERR_NO_FILE) {
        require_once $_CONF['path_system'] . 'classes/upload.class.php';
        $upload = new upload();
        if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
            $upload->setLogFile($_CONF['path'] . 'logs/error.log');
            $upload->setDebug(true);
        }
        $upload->setMaxFileUploads(1);
        $upload->setMaxFileSize(25165824);
        $upload->setAllowedMimeTypes(array('application/x-gzip' => '.gz,.gzip,tgz', 'application/zip' => '.zip', 'application/x-tar' => '.tar,.tar.gz,.gz', 'application/x-gzip-compressed' => '.tar.gz,.tgz,.gz'));
        $upload->setFieldName('pluginfile');
        if (!$upload->setPath($_CONF['path_data'] . 'temp')) {
            return _pi_errorBox($upload->printErrors(false));
            exit;
        }
        $filename = $_FILES['pluginfile']['name'];
        $upload->setFileNames($filename);
        $upload->uploadFiles();
        if ($upload->areErrors()) {
            return _pi_errorBox($upload->printErrors(false));
            exit;
        }
        $Finalfilename = $_CONF['path_data'] . 'temp/' . $filename;
    } else {
        return _pi_errorBox($LANG32[46]);
    }
    // decompress into temp directory
    if (function_exists('set_time_limit')) {
        @set_time_limit(60);
    }
    if (!($tmp = _io_mktmpdir())) {
        return _pi_errorBox($LANG32[47]);
    }
    if (!COM_decompress($Finalfilename, $_CONF['path_data'] . $tmp)) {
        _pi_deleteDir($_CONF['path_data'] . $tmp);
        return _pi_errorBox($LANG32[48]);
    }
    @unlink($Finalfilename);
    // read XML data file, places in $pluginData;
    $pluginData = array();
    $rc = _pi_parseXML($_CONF['path_data'] . $tmp);
    if ($rc == -1) {
        // no xml file found
        return processOldPlugin($tmp);
    }
    if (!isset($pluginData['id']) || !isset($pluginData['version'])) {
        return processOldPlugin($tmp);
    }
    // proper glfusion version
    if (!COM_checkVersion(GVERSION, $pluginData['glfusionversion'])) {
        _pi_deleteDir($_CONF['path_data'] . $tmp);
        return _pi_errorBox(sprintf($LANG32[49], $pluginData['glfusionversion']));
    }
    if (!COM_checkVersion(phpversion(), $pluginData['phpversion'])) {
        $retval .= sprintf($LANG32[50], $pluginData['phpversion']);
        _pi_deleteDir($_CONF['path_data'] . $tmp);
        return _pi_errorBox(sprintf($LANG32[50], $pluginData['phpversion']));
    }
    // check prerequisites
    $errors = '';
    if (isset($pluginData['requires']) && is_array($pluginData['requires'])) {
        foreach ($pluginData['requires'] as $reqPlugin) {
            list($reqPlugin, $required_ver) = explode(',', $reqPlugin);
            if (!isset($_PLUGIN_INFO[$reqPlugin])) {
                // required plugin not installed
                $errors .= sprintf($LANG32[51], $pluginData['id'], $reqPlugin, $reqPlugin);
            } elseif (!empty($required_ver)) {
                $installed_ver = $_PLUGIN_INFO[$reqPlugin];
                if (!COM_checkVersion($installed_ver, $required_ver)) {
                    // required plugin installed, but wrong version
                    $errors .= sprintf($LANG32[90], $required_ver, $reqPlugin, $installed_ver, $reqPlugin);
                }
            }
        }
    }
    if ($errors != '') {
        _pi_deleteDir($_CONF['path_data'] . $tmp);
        return _pi_errorBox($errors);
    }
    // check if plugin already exists
    // if it does, check that this is an upgrade
    // if not, error
    // else validate we really want to upgrade
    $result = DB_query("SELECT * FROM {$_TABLES['plugins']} WHERE pi_name='" . DB_escapeString($pluginData['id']) . "'");
    if (DB_numRows($result) > 0) {
        $P = DB_fetchArray($result);
        if ($P['pi_version'] == $pluginData['version']) {
            _pi_deleteDir($_CONF['path_data'] . $tmp);
            return _pi_errorBox(sprintf($LANG32[52], $pluginData['id']));
        }
        // if we are here, it must be an upgrade or disabled plugin....
        $rc = COM_checkVersion($pluginData['version'], $P['pi_version']);
        if ($rc < 1) {
            _pi_deleteDir($_CONF['path_data'] . $tmp);
            return _pi_errorBox(sprintf($LANG32[53], $pluginData['id'], $pluginData['version'], $P['pi_version']));
        }
        if ($P['pi_enabled'] != 1) {
            _pi_deleteDir($_CONF['path_data'] . $tmp);
            return _pi_errorBox($LANG32[72]);
        }
        $upgrade = true;
    }
    $permError = 0;
    $permErrorList = '';
    if (function_exists('set_time_limit')) {
        @set_time_limit(30);
    }
    // test copy to proper directories
    list($rc, $failed) = _pi_test_copy($_CONF['path_data'] . $tmp . '/' . $pluginData['id'] . '/', $_CONF['path'] . 'plugins/' . $pluginData['id']);
    if ($rc > 0) {
        $permError = 1;
        foreach ($failed as $filename) {
            $permErrorList .= sprintf($LANG32[41], $filename);
        }
    }
    list($rc, $failed) = _pi_test_copy($_CONF['path_data'] . $tmp . '/' . $pluginData['id'] . '/admin/', $_CONF['path_html'] . 'admin/plugins/' . $pluginData['id']);
    if ($rc > 0) {
        $permError = 1;
        foreach ($failed as $filename) {
            $permErrorList .= sprintf($LANG32[41], $filename);
        }
    }
    list($rc, $failed) = _pi_test_copy($_CONF['path_data'] . $tmp . '/' . $pluginData['id'] . '/public_html/', $_CONF['path_html'] . $pluginData['id']);
    if ($rc > 0) {
        $permError = 1;
        foreach ($failed as $filename) {
            $permErrorList .= sprintf($LANG32[41], $filename);
        }
    }
    if ($permError != 0) {
        $errorMessage = '<h2>' . $LANG32[42] . '</h2>' . $LANG32[43] . $permErrorList . '<br />' . $LANG32[44];
        _pi_deleteDir($_CONF['path_data'] . $tmp);
        return _pi_errorBox($errorMessage);
    }
    USES_lib_admin();
    $menu_arr = array(array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
    $T = new Template($_CONF['path_layout'] . 'admin/plugins');
    $T->set_file('form', 'plugin_upload_confirm.thtml');
    $T->set_var('admin_menu', ADMIN_createMenu($menu_arr, $pluginData['id'] . ' ' . $LANG32[62], $_CONF['layout_url'] . '/images/icons/plugins.' . $_IMAGE_TYPE));
    $T->set_var(array('form_action_url' => $_CONF['site_admin_url'] . '/plugin_upload.php', 'action' => 'processupload', 'pi_name' => $pluginData['id'], 'pi_version' => $pluginData['version'], 'pi_url' => $pluginData['url'], 'pi_gl_version' => $pluginData['glfusionversion'], 'pi_desc' => $pluginData['description'], 'pi_author' => $pluginData['author'], 'plugin_old_version' => $P['pi_version'], 'upgrade' => $upgrade, 'temp_dir' => $tmp));
    $retval .= $T->parse('output', 'form');
    return $retval;
}
Esempio n. 8
0
function PAYPAL_saveCatImage($category, $files, $cat_id)
{
    global $_CONF, $_PAY_CONF, $_TABLES, $LANG24;
    $args = $category;
    // Handle Magic GPC Garbage:
    while (list($key, $value) = each($args)) {
        if (!is_array($value)) {
            $args[$key] = COM_stripslashes($value);
        } else {
            while (list($subkey, $subvalue) = each($value)) {
                $value[$subkey] = COM_stripslashes($subvalue);
            }
        }
    }
    // OK, let's upload any pictures with the product
    require_once $_CONF['path_system'] . 'classes/upload.class.php';
    $upload = new upload();
    //Debug with story debug function
    if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
        $upload->setLogFile($_CONF['path'] . 'logs/error.log');
        $upload->setDebug(true);
    }
    $upload->setMaxFileUploads(1);
    if (!empty($_CONF['image_lib'])) {
        if ($_CONF['image_lib'] == 'imagemagick') {
            // Using imagemagick
            $upload->setMogrifyPath($_CONF['path_to_mogrify']);
        } elseif ($_CONF['image_lib'] == 'netpbm') {
            // using netPBM
            $upload->setNetPBM($_CONF['path_to_netpbm']);
        } elseif ($_CONF['image_lib'] == 'gdlib') {
            // using the GD library
            $upload->setGDLib();
        }
        $upload->setAutomaticResize(true);
        $upload->keepOriginalImage(false);
        if (isset($_CONF['jpeg_quality'])) {
            $upload->setJpegQuality($_CONF['jpeg_quality']);
        }
    }
    $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
    if (!$upload->setPath($_PAY_CONF['path_cat_images'])) {
        $output = COM_siteHeader('menu', $LANG24[30]);
        $output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header'));
        $output .= $upload->printErrors(false);
        $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
        $output .= COM_siteFooter();
        echo $output;
        exit;
    }
    // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will
    // force any images bigger than the passed dimensions to be resized.
    // If mogrify is not set, any images larger than these dimensions
    // will get validation errors
    $upload->setMaxDimensions($_PAY_CONF['max_image_width'], $_PAY_CONF['max_image_height']);
    $upload->setMaxFileSize($_PAY_CONF['max_image_size']);
    // size in bytes, 1048576 = 1MB
    // Set file permissions on file after it gets uploaded (number is in octal)
    $upload->setPerms('0644');
    $curfile = current($files);
    if (!empty($curfile['name'])) {
        $pos = strrpos($curfile['name'], '.') + 1;
        $fextension = substr($curfile['name'], $pos);
        $filenames = 'cat_' . $cat_id . '.' . $fextension;
    }
    if ($filenames != '') {
        $upload->setFileNames($filenames);
        reset($files);
        $upload->uploadFiles();
        if ($upload->areErrors()) {
            $retval = COM_siteHeader('menu', $LANG24[30]);
            $retval .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header'));
            $retval .= $upload->printErrors(false);
            $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
            $retval .= COM_siteFooter();
            echo $retval;
            exit;
        }
        DB_query("UPDATE {$_TABLES['paypal_categories']} SET image = '" . $filenames . "' WHERE cat_id=" . $cat_id);
    }
    return true;
}
Esempio n. 9
0
function updatePage($mode, $type)
{
    global $_CONF, $_TABLES, $_FILES, $_POST, $CONF_SE, $LANG_SE_ERR;
    global $_DB_name, $catid, $pageid;
    include_once $_CONF['path_system'] . 'classes/upload.class.php';
    $name = substr(htmlentities($_POST['name']), 0, 32);
    $pid = ppPrepareForDB($_POST['category']);
    $old_sid = ppPrepareForDB($_POST['old_sid']);
    $sid = ppPrepareForDB($_POST['sid'], true, 40);
    $pageorder = COM_applyFilter($_POST['pageorder'], true);
    if ($type == 'link') {
        $menutype = 3;
    } else {
        $menutype = COM_applyFilter($_POST['menu_type'], true);
    }
    $blkformat = ppPrepareForDB($_POST['blk_format']);
    $heading = substr(htmlentities($_POST['heading']), 0, 255);
    $grp_access = ppPrepareForDB($_POST['grp_access']);
    $imgdelete = $_POST['imgdelete'];
    $chkscale = $_POST['chkscale'];
    $submenutype = COM_applyFilter($_POST['rad_submenu'], true);
    $blockmenutype = COM_applyFilter($_POST['rad_blockmenu'], true);
    $is_menu_newpage = $_POST['chknewwindow'] == 1 ? 1 : 0;
    $is_draft = $_POST['chkdraft'] == 1 ? 1 : 0;
    $show_breadcrumbs = $_POST['chkbreadcrumbs'] == 1 ? 1 : 0;
    $owner_id = ppPrepareForDB($_POST['owner_id']);
    $group_id = ppPrepareForDB($_POST['group_id']);
    $perm_owner = $_POST['perm_owner'];
    $perm_group = $_POST['perm_group'];
    $perm_members = $_POST['perm_members'];
    $perm_anon = $_POST['perm_anon'];
    $pagetitle = substr(htmlentities($_POST['pagetitle']), 0, 255);
    $metadesc = ppPrepareForDB($_POST['metadesc']);
    $metakeywords = ppPrepareForDB($_POST['metakeywords']);
    // Convert array values to numeric permission values
    list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    // Allow full HTML in the introtext field
    if (!get_magic_quotes_gpc()) {
        $content = addslashes($_POST['sitecontent']);
        $help = addslashes($_POST['help']);
    } else {
        $content = $_POST['sitecontent'];
        $help = $_POST['help'];
    }
    if ($sid != '') {
        $sid = COM_sanitizeID($sid);
    }
    if ($sid != '' and DB_count($_TABLES['nexcontent_pages'], 'sid', $sid) > 0) {
        if ($sid != $old_sid) {
            $duplicate_sid = true;
            if ($old_sid == '') {
                $sid = "{$sid}_{$pid}";
                $dupmsg = ' - Duplicate Page ID';
            } else {
                $sid = $old_sid;
                $dupmsg = ' - Duplicate Page ID, Page ID not changed.';
            }
        }
    } else {
        $duplicate_sid = false;
    }
    if ($mode == 'add') {
        $gid = uniqid($_DB_name, FALSE);
        $category = COM_applyFilter($category, true);
        if ($type == 'category') {
            // Create a new record - set the category value to 0
            DB_query("INSERT INTO {$_TABLES['nexcontent_pages']} (pid,gid,type) values ({$category},'{$gid}','category')");
            $pageid = DB_insertID();
            $GLOBALS['statusmsg'] = 'New Category Added';
            $query = DB_query("SELECT max(pageorder) FROM {$_TABLES['nexcontent_pages']} WHERE type='category'");
            list($maxorder) = DB_fetchArray($query);
            $order = $maxorder + 10;
            DB_query("UPDATE {$_TABLES['nexcontent_pages']} SET pageorder='{$order}' WHERE id='{$pageid}'");
        } else {
            // Create a new record - need to get the record id for the category
            DB_query("INSERT INTO {$_TABLES['nexcontent_pages']} (pid,gid,type) values ('{$category}','{$gid}','{$type}')");
            $pageid = DB_insertID();
            $GLOBALS['statusmsg'] = 'New Page Added';
            $query = DB_query("SELECT max(pageorder) FROM {$_TABLES['nexcontent_pages']} WHERE pid='category'");
            list($maxorder) = DB_fetchArray($query);
            $order = $maxorder + 10;
            DB_query("UPDATE {$_TABLES['nexcontent_pages']} SET pageorder='{$order}' WHERE id='{$pageid}'");
        }
    } else {
        if ($type == 'category') {
            $GLOBALS['statusmsg'] = "{$name} Updated";
        } else {
            $GLOBALS['statusmsg'] = "{$name} Updated";
        }
        if ($duplicate_sid) {
            $GLOBALS['statusmsg'] .= $dupmsg;
        }
    }
    DB_query("UPDATE {$_TABLES['nexcontent_pages']} SET name='{$name}', blockformat='{$blkformat}', pid='{$pid}', sid='{$sid}', heading='{$heading}',content='{$content}', menutype='{$menutype}', is_menu_newpage='{$is_menu_newpage}', show_submenu='{$submenutype}', show_blockmenu='{$blockmenutype}', show_breadcrumbs='{$show_breadcrumbs}', is_draft='{$is_draft}', owner_id='{$owner_id}', group_id='{$group_id}', perm_owner='{$perm_owner}', perm_group='{$perm_group}', perm_members='{$perm_members}', perm_anon='{$perm_anon}' , pagetitle='{$pagetitle}', meta_description='{$metadesc}', meta_keywords='{$metakeywords}' WHERE id='{$pageid}'");
    DB_query("UPDATE {$_TABLES['nexcontent']} SET help='{$help}'");
    //update the page order
    if ($pageorder != '' and $pageid != '') {
        DB_query("UPDATE {$_TABLES['nexcontent_pages']} SET pageorder={$pageorder} WHERE id={$pageid};");
        $porder = DB_query("SELECT id FROM {$_TABLES['nexcontent_pages']} WHERE pid={$pid} ORDER BY pageorder ASC;");
        $i = 0;
        while ($ORDER = DB_fetchArray($porder)) {
            $i += 10;
            DB_query("UPDATE {$_TABLES['nexcontent_pages']} SET pageorder={$i} WHERE id={$ORDER['id']};");
        }
    }
    $pageImageDir = $CONF_SE['uploadpath'] . "/{$pageid}/";
    // Check and see if directories exist
    if (!file_exists($pageImageDir)) {
        $mkdir = @mkdir($pageImageDir);
        $chmod = @chmod($pageImageDir, $CONF_SE['imagedir_perms']);
    }
    // Delete any images if needed
    for ($i = 0; $i < count($imgdelete); $i++) {
        $curimage = DB_getitem($_TABLES['nexcontent_images'], "imagefile", "page_id='{$pageid}' AND imagenum='{$imgdelete[$i]}'");
        $fullimage = $pageImageDir . $curimage;
        if (!is_dir($fullimage) and file_exists($fullimage)) {
            if (!unlink($fullimage)) {
                echo COM_errorLog("Unable to delete image {$fullimage}. Please check file permissions");
                $GLOBALS['statusmsg'] = "Unable to delete image {$fullimage}. Please check file permissions";
            }
        }
        $pos = strrpos($curimage, '.');
        $origimage = strtolower(substr($curimage, 0, $pos));
        $ext = strtolower(substr($curimage, $pos));
        $origimage .= "_original{$ext}";
        $fullimage = $pageImageDir . $origimage;
        if (!is_dir($fullimage) and file_exists($fullimage)) {
            if (!unlink($fullimage)) {
                echo COM_errorLog("Unable to delete image {$fullimage}. Please check file permissions");
                $GLOBALS['statusmsg'] = "Unable to delete image {$fullimage}. Please check file permissions";
            }
        }
        $curthumbnail = $pageImageDir . 'tn' . $curimage;
        if (!is_dir($curthumbnail) and file_exists($curthumbnail)) {
            if (!unlink($curthumbnail)) {
                echo COM_errorLog("Unable to delete thumbnail for {$curthumbnail}. Please check file permissions");
                $GLOBALS['statusmsg'] = "Unable to delete thumbnail for {$curthumbnail}. Please check file permissions";
            }
        }
        DB_query("DELETE FROM {$_TABLES['nexcontent_images']} WHERE page_id='{$pageid}' and imagenum='{$imgdelete[$i]}'");
        next($imgdelete);
    }
    $upload = new upload();
    $upload->setLogging(false);
    $upload->setDebug(false);
    $upload->setLogFile($_CONF['path_log'] . 'error.log');
    $upload->setMaxFileUploads($CONF_SE['max_num_images']);
    if ($_CONF['image_lib'] == 'imagemagick') {
        $upload->setMogrifyPath($_CONF['path_to_mogrify']);
    } else {
        $upload->setGDLib();
    }
    $upload->setAllowedMimeTypes($CONF_SE['allowableImageTypes']);
    $upload->setMaxDimensions($CONF_SE['max_upload_width'], $CONF_SE['max_upload_height']);
    $upload->setMaxFileSize($CONF_SE['max_uploadfile_size']);
    $upload->setAutomaticResize(true);
    $upload->keepOriginalImage(true);
    $upload->setPerms($CONF_SE['image_perms']);
    if (!$upload->setPath($pageImageDir)) {
        $GLOBALS['statusmsg'] = $LANG_SE_ERR['upload1'] . ':&nbsp;' . $upload->printErrors(false);
    }
    // OK, let's upload any pictures with this page
    if (DB_count($_TABLES['nexcontent_images'], 'page_id', $pageid) > 0) {
        $index_start = DB_getItem($_TABLES['nexcontent_images'], 'max(imagenum)', "page_id = '{$pageid}'") + 1;
    } else {
        $index_start = 1;
    }
    $index_start = 1;
    $uniquename = time();
    $filenames = array();
    $imagenum = array();
    for ($z = 1; $z <= $CONF_SE['max_num_images']; $z++) {
        $curfile = current($_FILES);
        if (!empty($curfile['name'])) {
            $filenames[] = $uniquename . $z . '.jpg';
            $imagenum[] = substr(key($_FILES), 9, 1);
        }
        next($_FILES);
    }
    $upload->setFileNames($filenames);
    reset($_FILES);
    $upload->setDebug(false);
    $upload->uploadFiles();
    if ($upload->areErrors()) {
        $GLOBALS['statusmsg'] = $LANG_SE_ERR['upload1'] . ':&nbsp;' . $upload->printErrors(false);
        return false;
    }
    reset($filenames);
    reset($imagenum);
    if (DB_count($_TABLES['nexcontent_pages'], "id", $pageid) > 0) {
        foreach ($filenames as $pageImage) {
            $index = current($imagenum);
            if (file_exists($pageImageDir . $pageImage)) {
                $src = $pageImageDir . $pageImage;
                $dest = $pageImageDir . 'tn' . $pageImage;
                makethumbnail($pageImage, $src, $dest);
                $iquery = DB_query("SELECT imagefile from {$_TABLES['nexcontent_images']} WHERE page_id='{$pageid}' AND imagenum='{$index}'");
                if (DB_numRows($iquery) == 0) {
                    DB_query("INSERT INTO {$_TABLES['nexcontent_images']} (page_id,imagenum,imagefile) values ('{$pageid}', '{$index}','{$pageImage}')");
                } elseif (DB_numRows($iquery) == 1) {
                    DB_query("UPDATE {$_TABLES['nexcontent_images']} SET imagefile='{$pageImage}' WHERE page_id='{$pageid}' and imagenum='{$index}'");
                }
            }
            next($imagenum);
        }
    } else {
        $GLOBALS['statusmsg'] = 'Error saving category';
    }
    // Update the image autoscale option for any images
    $query = DB_query("SELECT id,imagenum from {$_TABLES['nexcontent_images']} WHERE page_id='{$pageid}'");
    while (list($imageid, $imagenum) = DB_fetchArray($query)) {
        if ($chkscale[$imagenum] == '1') {
            DB_query("UPDATE {$_TABLES['nexcontent_images']} SET autoscale = '1' WHERE id='{$imageid}' AND imagenum='{$imagenum}'");
        } else {
            DB_query("UPDATE {$_TABLES['nexcontent_images']} SET autoscale = '0' WHERE id='{$imageid}' AND imagenum='{$imagenum}'");
        }
    }
}
Esempio n. 10
0
/**
* This function record in the hello queue the message to send to the specified group or to csv list
*
* @param    array   $vars   Same as $_POST, holds all the email info
* @return   string          HTML with success or error message
*
*/
function send_messages($vars)
{
    global $_CONF, $_TABLES, $LANG31, $LANG_HELLO01;
    require_once $_CONF['path_system'] . 'lib-user.php';
    $retval = '';
    if (empty($vars['fra']) or empty($vars['fraepost']) or empty($vars['subject']) or empty($vars['content'])) {
        $retval .= COM_startBlock($LANG31[1], '', COM_getBlockTemplate('_msg_block', 'header'));
        $retval .= $LANG31[26];
        $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
        $retval .= $display .= display_mailform($vars);
        return $retval;
    }
    // Urgent message!
    if (isset($vars['priority'])) {
        $priority = 1;
    } else {
        $priority = 0;
    }
    if (!empty($vars['to_group'])) {
        $groupList = implode(',', USER_getChildGroups($vars['to_group']));
        //Group name
        $group_name = DB_query("SELECT grp_name FROM {$_TABLES['groups']} WHERE grp_id =" . $vars['to_group'] . " ");
        $group_name = DB_fetchArray($group_name);
        $email_group = $group_name[0];
        if (isset($vars['overstyr'])) {
            $sql = "SELECT DISTINCT username,fullname,email FROM {$_TABLES['users']},{$_TABLES['group_assignments']} WHERE uid > 1";
            $sql .= " AND {$_TABLES['users']}.status = 3 AND ((email is not null) and (email != ''))";
            $sql .= " AND {$_TABLES['users']}.uid = ug_uid AND ug_main_grp_id IN ({$groupList})";
        } else {
            $sql = "SELECT DISTINCT username,fullname,email,emailfromadmin FROM {$_TABLES['users']},{$_TABLES['userprefs']},{$_TABLES['group_assignments']} WHERE {$_TABLES['users']}.uid > 1";
            $sql .= " AND {$_TABLES['users']}.status = 3 AND ((email is not null) and (email != ''))";
            $sql .= " AND {$_TABLES['users']}.uid = {$_TABLES['userprefs']}.uid AND emailfromadmin = 1";
            $sql .= " AND ug_uid = {$_TABLES['users']}.uid AND ug_main_grp_id IN ({$groupList})";
        }
        $result = DB_query($sql);
        $nrows = DB_numRows($result);
        $quantity = $nrows;
    } else {
        // OK, let's upload csv file
        require_once $_CONF['path_system'] . 'classes/upload.class.php';
        $upload = new upload();
        //Debug with story debug function
        if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
            $upload->setLogFile($_CONF['path'] . 'logs/error.log');
            $upload->setDebug(true);
        }
        $upload->setMaxFileUploads(1);
        $upload->setAllowedMimeTypes(array('text/csv' => '.csv', 'text/comma-separated-values' => '.csv', 'application/vnd.ms-excel' => '.csv', 'application/x-csv' => '.csv'));
        if (!$upload->setPath($_CONF['path_data'])) {
            $output = COM_siteHeader('menu', $LANG24[30]);
            $output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header'));
            $output .= $upload->printErrors(false);
            $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
            $output .= COM_siteFooter();
            echo $output;
            exit;
        }
        // Set file permissions on file after it gets uploaded (number is in octal)
        $upload->setPerms('0644');
        $curfile = current($_FILES);
        if (!empty($curfile['name'])) {
            $pos = strrpos($curfile['name'], '.') + 1;
            $fextension = substr($curfile['name'], $pos);
            $filename = 'import_hello_' . COM_makesid() . '.' . $fextension;
        }
        if ($filename == '') {
            $output = COM_siteHeader('menu', $LANG24[30]);
            $output .= COM_startBlock($LANG24[30], '', COM_getBlockTemplate('_msg_block', 'header'));
            $output .= 'Upload error: csv file name is empty. Please try again...';
            $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
            $output .= COM_siteFooter();
            echo $output;
            exit;
        }
        $upload->setFileNames($filename);
        reset($_FILES);
        $upload->uploadFiles();
        if ($upload->areErrors()) {
            $msg = $upload->printErrors(false);
            return $LANG24[30];
        }
        //email group
        $email_group = $LANG_HELLO01['csv_file'];
        $destinataires = array();
        $separator = $vars['separator'];
        if (!in_array($separator, array(',', 'tab', ';'))) {
            $separator = ',';
        }
        if ($separator == 'tab') {
            $separator = "\t";
        }
        if (($handle = fopen($_CONF['path_data'] . $filename, "r")) !== FALSE) {
            $quantity = 0;
            while (($data = fgetcsv($handle, 0, $separator)) !== FALSE) {
                //todo check if email is valid
                if ($data[0] != '' and COM_isEmail($data[0])) {
                    $quantity++;
                    $destinataires[] = $data[0];
                }
            }
            fclose($handle);
        }
    }
    $retval .= COM_startBlock($LANG31[1]);
    // register hello
    $creation = date('YmdHi', time());
    $subject = addslashes($vars['subject']);
    $content = addslashes($vars['content']);
    $from = COM_formatEmailAddress($vars['fra'], $vars['fraepost']);
    $sql_ajout_hello = "INSERT INTO {$_TABLES['hello']} (subject, creation, email_group, quantity, content) VALUES ('{$subject}', '{$creation}', '{$email_group}', '{$quantity}','{$content}')";
    DB_query($sql_ajout_hello);
    $new_hello_id = DB_insertId();
    // Loop through and send the messages in the DB!
    $successes = 0;
    $failures = 0;
    if (!empty($vars['to_group'])) {
        for ($i = 0; $i < $quantity; $i++) {
            $A = DB_fetchArray($result);
            $destinataire = $A['email'];
            $expediteur = $from;
            $date = date('YmdHi', time());
            $sql_ajout_hello = "INSERT INTO {$_TABLES['hello_queue']} (expediteur, destinataire, date, hello_id, subject, content, priority) VALUES ('{$expediteur}', '{$destinataire}', '{$date}', '{$new_hello_id}', '{$subject}', '{$content}', '{$priority}')";
            if ($destinataire != '') {
                if (DB_query($sql_ajout_hello)) {
                    $successes = $successes + 1;
                } else {
                    $failures = $failures + 1;
                }
            } else {
                $failures = $failures + 1;
            }
        }
    } else {
        //csv file
        for ($i = 0; $i < $quantity; $i++) {
            $destinataire = $destinataires[$i];
            $expediteur = $from;
            $date = date('YmdHi', time());
            $sql_ajout_hello = "INSERT INTO {$_TABLES['hello_queue']} (expediteur, destinataire, date, hello_id, subject, content, priority) VALUES ('{$expediteur}', '{$destinataire}', '{$date}', '{$new_hello_id}', '{$subject}', '{$content}', '{$priority}')";
            if (DB_query($sql_ajout_hello)) {
                $successes = $successes + 1;
            } else {
                $failures = $failures + 1;
            }
        }
    }
    if ($successes >= 0) {
        $retval .= $i . ' ' . $LANG_HELLO01['email_schedule'] . '<br />' . $vars['priority'];
    }
    if ($failures > 0) {
        $retval .= 'Oups... There was ' . $failures . ' failure(s)';
    }
    if (empty($vars['to_group'])) {
        //list emails from csv
        reset($destinataires);
        $retval .= COM_makeList($destinataires);
    }
    $retval .= COM_endBlock();
    return $retval;
}