/** * Saves the site social memberships * * @return none * */ function SI_save_site() { global $_CONF, $_TABLES; $retval = ''; $uid = -1; // use -1 for site items $cfg =& config::get_instance(); // run through the POST vars to see which ones are set. $social_services = SOC_followMeProfile($uid); foreach ($social_services as $service) { $service_input = $service['service'] . '_username'; if (isset($_POST['$service_input'])) { $_POST[$service_input] = strip_tags($_POST[$service_input]); } } foreach ($social_services as $service) { $service_input = $service['service'] . '_username'; $_POST[$service_input] = DB_escapeString($_POST[$service_input]); if ($_POST[$service_input] != '') { $sql = "REPLACE INTO {$_TABLES['social_follow_user']} (ssid,uid,ss_username) "; $sql .= " VALUES (" . (int) $service['service_id'] . "," . $uid . ",'" . $_POST[$service_input] . "');"; DB_query($sql, 1); } else { $sql = "DELETE FROM {$_TABLES['social_follow_user']} WHERE ssid = " . (int) $service['service_id'] . " AND uid=" . (int) $uid; DB_query($sql, 1); } } if (isset($_POST['extra'])) { $extra = $_POST['extra']; $cfg->set('social_site_extra', $extra, 'social_internal'); } CACHE_remove_instance('social_site'); return $retval; }
/** * Config Option has changed. (use plugin api) * * @return void */ function plugin_configchange_article($group, $changes = array()) { global $_TABLES, $_CONF; // If trim length changes then need to redo all related url's for articles if ($group == 'Core' && in_array('whats_related_trim', $changes)) { $sql = "SELECT sid, introtext, bodytext FROM {$_TABLES['stories']}"; $result = DB_query($sql); $nrows = DB_numRows($result); if ($nrows > 0) { for ($x = 0; $x < $nrows; $x++) { $A = DB_fetchArray($result); // Should maybe retrieve through story service but just grab from database and apply any autotags // This is all the related story column should really need $fulltext = PLG_replaceTags($A['introtext']) . ' ' . PLG_replaceTags($A['bodytext']); $related = DB_escapeString(implode("\n", STORY_extractLinks($fulltext, $_CONF['whats_related_trim']))); if (!empty($related)) { DB_query("UPDATE {$_TABLES['stories']} SET related = '{$related}' WHERE sid = '{$A['sid']}'"); } } } // For if any articles are being cached } elseif ($group == 'Core' && (in_array('site_name', $changes) || in_array('contributedbyline', $changes) || in_array('allow_user_photo', $changes) || in_array('article_image_align', $changes) || in_array('related_topics', $changes) || in_array('related_topics_max', $changes) || in_array('allow_page_breaks', $changes) || in_array('page_break_comments', $changes) || in_array('url_rewrite', $changes) || in_array('url_routing', $changes) || in_array('hideviewscount', $changes) || in_array('hideemailicon', $changes) || in_array('loginrequired', $changes) || in_array('emailstoryloginrequired', $changes) || in_array('hideprintericon', $changes))) { // If any Article options changed then delete all article cache $cacheInstance = 'article__'; CACHE_remove_instance($cacheInstance); } }
/** * Recursivly deletes all elements and child elements * */ function MB_deleteChildElements($id, $menu_id) { global $_CONF, $_TABLES, $_USER; $sql = "SELECT * FROM {$_TABLES['menu_elements']} WHERE pid=" . (int) $id . " AND menu_id=" . (int) $menu_id; $aResult = DB_query($sql); $rowCount = DB_numRows($aResult); for ($z = 0; $z < $rowCount; $z++) { $row = DB_fetchArray($aResult); MB_deleteChildElements($row['id'], $menu_id); } $sql = "DELETE FROM " . $_TABLES['menu_elements'] . " WHERE id=" . (int) $id; DB_query($sql); CACHE_remove_instance('menu'); }
function saveAlbum() { global $_TABLES, $MG_albums; $this->album_disk_usage = (int) $this->album_disk_usage; $this->last_update = (int) $this->last_update; $this->views = (int) $this->views; $this->enable_keywords = (int) $this->enable_keywords; $this->title = DB_escapeString($this->title); $this->description = DB_escapeString($this->description); $sqlFieldList = 'album_id,album_title,album_desc,album_parent,album_order,skin,hidden,album_cover,album_cover_filename,media_count,album_disk_usage,last_update,album_views,display_album_desc,enable_album_views,image_skin,album_skin,display_skin,enable_comments,exif_display,enable_rating,playback_type,tn_attached,enable_slideshow,enable_random,enable_shutterfly,enable_views,enable_keywords,enable_sort,enable_rss,enable_postcard,albums_first,allow_download,full_display,tn_size,max_image_height,max_image_width,max_filesize,display_image_size,display_rows,display_columns,valid_formats,filename_title,shopping_cart,wm_auto,wm_id,opacity,wm_location,album_sort_order,member_uploads,moderate,email_mod,featured,cbposition,cbpage,owner_id,group_id,mod_group_id,perm_owner,perm_group,perm_members,perm_anon,podcast,mp3ribbon,tnheight,tnwidth,usealternate,rsschildren'; $sqlDataValues = "{$this->id},'{$this->title}','{$this->description}',{$this->parent},{$this->order},'{$this->skin}',{$this->hidden},'{$this->cover}','{$this->cover_filename}',{$this->media_count},{$this->album_disk_usage},{$this->last_update},{$this->views},{$this->display_album_desc},{$this->enable_album_views},'{$this->image_skin}','{$this->album_skin}','{$this->display_skin}',{$this->enable_comments},{$this->exif_display},{$this->enable_rating},{$this->playback_type},{$this->tn_attached},{$this->enable_slideshow},{$this->enable_random},{$this->enable_shutterfly},{$this->enable_views},{$this->enable_keywords},{$this->enable_sort},{$this->enable_rss},{$this->enable_postcard},{$this->albums_first},{$this->allow_download},{$this->full},{$this->tn_size},{$this->max_image_height},{$this->max_image_width},{$this->max_filesize},{$this->display_image_size},{$this->display_rows},{$this->display_columns},{$this->valid_formats},{$this->filename_title},{$this->shopping_cart},{$this->wm_auto},{$this->wm_id},{$this->wm_opacity},{$this->wm_location},{$this->album_sort_order},{$this->member_uploads},{$this->moderate},{$this->email_mod},{$this->featured},{$this->cbposition},'{$this->cbpage}',{$this->owner_id},{$this->group_id},{$this->mod_group_id},{$this->perm_owner},{$this->perm_group},{$this->perm_members},{$this->perm_anon},{$this->podcast},{$this->mp3ribbon},{$this->tnHeight},{$this->tnWidth},{$this->useAlternate},{$this->rssChildren}"; DB_save($_TABLES['mg_albums'], $sqlFieldList, $sqlDataValues); CACHE_remove_instance('whatsnew'); }
function approve() { global $_TABLES, $_TABLES, $_CONF, $myts, $eh, $filemgmt_FileStore, $filemgmt_SnapStore, $filemgmt_Emailoption, $filemgmtFilePermissions; $lid = (int) COM_applyFilter($_POST['lid'], true); $title = $_POST['title']; $cid = intval($_POST['cid']); if (empty($cid)) { $cid = 0; } $homepage = $_POST['homepage']; $version = $_POST['version']; $size = isset($_POST['size']) ? COM_applyFilter($_POST['size'], true) : 0; $description = $_POST['description']; if ($_POST['url'] || $_POST['url'] != '') { $name = $myts->makeTboxData4Save($_POST['url']); $url = rawurlencode($name); } if ($_POST['logourl'] || $_POST['logourl'] != '') { $shotname = $myts->makeTboxData4Save($_POST['logourl']); $logourl = $myts->makeTboxData4Save(rawurlencode($_POST['logourl'])); } else { $logourl = ''; $shotname = ''; } $result = DB_query("SELECT COUNT(*) FROM {$_TABLES['filemgmt_filedetail']} WHERE url='{$url}' and status=1"); list($numrows) = DB_fetchArray($result); // Comment out this check if you want to allow duplicate filelistings for same file in the repository // Check for duplicate files of the same filename (actual filename in repository) if ($numrows > 0) { $eh->show("1108"); } $title = $myts->makeTboxData4Save($title); $homepage = $myts->makeTboxData4Save($homepage); $version = $myts->makeTboxData4Save($_POST['version']); $size = $myts->makeTboxData4Save($size); $description = $myts->makeTareaData4Save($description); $commentoption = (int) COM_applyFilter($_POST["commentoption"], true); // Move file from tmp directory under the document filestore to the main file directory // Now to extract the temporary names for both the file and optional thumbnail. I've used th platform field which I'm not using now for anything. $tmpnames = explode(";", DB_getItem($_TABLES['filemgmt_filedetail'], 'platform', "lid='{$lid}'")); $tmpfilename = $tmpnames[0]; if (isset($tmpnames[1])) { $tmpshotname = $tmpnames[1]; } else { $tmpshotname = ''; } $tmp = $filemgmt_FileStore . "tmp/" . $tmpfilename; if (file_exists($tmp) && !is_dir($tmp)) { // if this temporary file was really uploaded? $newfile = $filemgmt_FileStore . $name; COM_errorLOG("File move from " . $tmp . " to " . $newfile); $rename = @rename($tmp, $newfile); COM_errorLOG("Results of rename is: " . $rename); $chown = @chmod($newfile, $filemgmtFilePermissions); if (!file_exists($newfile)) { COM_errorLOG("Filemgmt upload approve error: New file does not exist after move of tmp file: '" . $newfile . "'"); $AddNewFile = false; // Set false again - in case it was set true above for actual file $eh->show("1101"); } else { $AddNewFile = true; } } else { COM_errorLOG("Filemgmt upload approve error: Temporary file does not exist: '" . $tmp . "'"); $eh->show("1101"); } if ($tmpshotname != "") { $tmp = $filemgmt_SnapStore . "tmp/" . $tmpshotname; if (file_exists($tmp) && !is_dir($tmp)) { // if this temporary Thumbnail was really uploaded? $newfile = $filemgmt_SnapStore . $shotname; $rename = @rename($tmp, $newfile); $chown = @chmod($newfile, $filemgmtFilePermissions); if (!file_exists($newfile)) { COM_errorLOG("Filemgmt upload approve error: New file does not exist after move of tmp file: '" . $newfile . "'"); $AddNewFile = false; // Set false again - in case it was set true above for actual file $eh->show("1101"); } } else { COM_errorLOG("Filemgmt upload approve error: Temporary file does not exist: '" . $tmp . "'"); $eh->show("1101"); } } if ($AddNewFile) { DB_query("UPDATE {$_TABLES['filemgmt_filedetail']} SET cid='{$cid}', title='{$title}', url='{$url}', homepage='{$homepage}', version='{$version}', logourl='{$logourl}', status=1, date=" . time() . ", comments={$commentoption} where lid='{$lid}'"); DB_query("UPDATE {$_TABLES['filemgmt_filedesc']} SET description='{$description}' where lid='{$lid}'"); PLG_itemSaved($lid, 'filemgmt'); CACHE_remove_instance('whatsnew'); // Send a email to submitter notifying them that file was approved if ($filemgmt_Emailoption) { $result = DB_query("SELECT username, email FROM {$_TABLES['users']} a, {$_TABLES['filemgmt_filedetail']} b WHERE a.uid=b.submitter and b.lid='{$lid}'"); list($submitter_name, $emailaddress) = DB_fetchArray($result); $mailtext = sprintf(_MD_HELLO, $submitter_name); $mailtext .= ",\n\n" . _MD_WEAPPROVED . " " . $title . " \n" . _MD_THANKSSUBMIT . "\n\n"; $mailtext .= "{$_CONF["site_name"]}\n"; $mailtext .= "{$_CONF['site_url']}\n"; //COM_errorLOG("email: ".$emailaddress.", text: ".$mailtext); $to = array(); $to = COM_formatEmailAddress($submitter_name, $emailaddress); COM_mail($to, _MD_APPROVED, $mailtext); } } CACHE_remove_instance('whatsnew'); redirect_header("{$_CONF['site_admin_url']}/plugins/filemgmt/index.php?op=listNewDownloads", 2, _MD_NEWDLADDED); exit; }
/** * Delete a user * * @param int $uid id of user to delete * @return string HTML redirect * */ function USER_delete($uid) { global $_CONF; if (!USER_deleteAccount($uid)) { return COM_refresh($_CONF['site_admin_url'] . '/user.php'); } CACHE_remove_instance('mbmenu'); COM_setMessage(22); return COM_refresh($_CONF['site_admin_url'] . '/user.php'); }
function MG_saveEnroll() { global $_CONF, $_MG_CONF, $_MG_USERPREFS, $_TABLES, $_USER, $LANG_MG03; if ($_MG_CONF['member_albums'] != 1) { echo COM_refresh($_MG_CONF['site_url'] . '/index.php'); exit; } if (!isset($_MG_CONF['member_quota'])) { $_MG_CONF['member_quota'] = 0; } $sql = "SELECT album_id FROM {$_TABLES['mg_albums']} WHERE owner_id=" . (int) $_USER['uid'] . " AND album_parent=" . $_MG_CONF['member_album_root']; $result = DB_query($sql); $nRows = DB_numRows($result); if ($nRows > 0) { $display = MG_siteHeader(); $display .= COM_showMessageText($LANG_MG03['existing_member_album'], '', true); $display .= MG_siteFooter(); echo $display; exit; } $uid = (int) $_USER['uid']; $aid = plugin_user_create_mediagallery($uid, 1); $result = DB_query("UPDATE {$_TABLES['mg_userprefs']} SET member_gallery=1,quota=" . $_MG_CONF['member_quota'] . " WHERE uid=" . $uid, 1); $affected = DB_affectedRows($result); if (DB_error()) { $sql = "INSERT INTO {$_TABLES['mg_userprefs']} (uid, active, display_rows, display_columns, mp3_player, playback_mode, tn_size, quota, member_gallery) VALUES (" . $uid . ",1,0,0,-1,-1,-1," . $_MG_CONF['member_quota'] . ",1)"; DB_query($sql, 1); } CACHE_remove_instance('menu'); echo COM_refresh($_MG_CONF['site_url'] . '/album.php?aid=' . $aid); exit; }
/** * Delete a topic * * @param string $tid Topic ID * @return string HTML redirect * */ function TOPIC_delete($tid) { global $_CONF, $_TABLES, $_USER; $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid ='{$tid}'"); $A = DB_fetchArray($result); if (SEC_inGroup('Topic Admin')) { $access = 3; } else { $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } if ($access < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete topic {$tid}."); return COM_refresh($_CONF['site_admin_url'] . '/topic.php'); } // don't delete topic blocks - assign them to 'all' and disable them DB_query("UPDATE {$_TABLES['blocks']} SET tid = 'all', is_enabled = 0 WHERE tid = '{$tid}'"); // same with feeds DB_query("UPDATE {$_TABLES['syndication']} SET topic = '::all', is_enabled = 0 WHERE topic = '{$tid}'"); // remove any alternate topics DB_query("UPDATE {$_TABLES['stories']} SET alternate_tid = NULL WHERE alternate_tid = '{$tid}'"); // delete comments, trackbacks, images associated with stories in this topic $result = DB_query("SELECT sid FROM {$_TABLES['stories']} WHERE tid = '{$tid}'"); $numStories = DB_numRows($result); for ($i = 0; $i < $numStories; $i++) { $A = DB_fetchArray($result); STORY_deleteImages($A['sid']); DB_query("DELETE FROM {$_TABLES['comments']} WHERE sid = '{$A['sid']}' AND type = 'article'"); DB_query("DELETE FROM {$_TABLES['trackback']} WHERE sid = '{$A['sid']}' AND type = 'article'"); } // delete these DB_delete($_TABLES['stories'], 'tid', $tid); DB_delete($_TABLES['storysubmission'], 'tid', $tid); DB_delete($_TABLES['topics'], 'tid', $tid); TOPIC_reorderTopics(); // update feed(s) and Older Stories block COM_rdfUpToDateCheck('article'); COM_olderStuff(); CACHE_remove_instance('stmenu'); COM_setMessage(14); return COM_refresh($_CONF['site_admin_url'] . '/topic.php'); }
/** * To be called (eventually) whenever Geeklog removes an item from the database. * Plugins can define their own 'itemdeleted' function to be notified whenever * an item is deleted. * * @param string $id ID of the item * @param string $type type of the item, e.g. 'article' * @return void * @since Geeklog 1.6.0 * */ function plugin_itemdeleted_template($id, $type) { // See if uses what's new block then delete cache of whatsnew // This will not catch everything though like trackbacks, comments, and // plugins that do not use itemsaved but let's delete the cache when we can // Also delete cache for topics block and topic_tree when topic or article is updated or deleted // Also delete article cache on article save and delete $article = false; $block = false; $whatsnew = false; $olderstories = false; $topicsblock = false; $topic_tree = false; if ($type == 'article' or $type == 'story') { $article = true; $whatsnew = true; $olderstories = true; $topicsblock = true; } elseif ($type == 'topic') { $topicsblock = true; $topic_tree = true; // These items use topics and may display info about topics $article = true; $block = true; } else { // hack to see if plugin supports what's new $fn_head = 'plugin_whatsnewsupported_' . $type; if (function_exists($fn_head)) { if (is_array($fn_head())) { // if array then supported $whatsnew = true; } } } if ($article) { $cacheInstance = 'article__' . $id; // remove all article instances CACHE_remove_instance($cacheInstance); } if ($block) { $cacheInstance = 'block__' . $id; // remove all block instances CACHE_remove_instance($cacheInstance); } if ($whatsnew) { $cacheInstance = 'whatsnew__'; // remove all whatsnew instances CACHE_remove_instance($cacheInstance); } if ($olderstories) { $cacheInstance = 'olderarticles__'; // remove all olderarticles instances CACHE_remove_instance($cacheInstance); } if ($topicsblock) { $cacheInstance = 'topicsblock__'; CACHE_remove_instance($cacheInstance); } if ($topic_tree) { $cacheInstance = 'topic_tree__'; CACHE_remove_instance($cacheInstance); } }
function _MG_getFile($filename, $file, $albums, $caption = '', $description = '', $upload = 1, $purgefiles = 0, $filetype, $atttn, $thumbnail, $keywords = '', $category = 0, $dnc = 0, $replace = 0, $userid) { global $MG_albums, $_CONF, $_MG_CONF, $_USER, $_TABLES, $LANG_MG00, $LANG_MG01, $LANG_MG02, $new_media_id; $artist = ''; $musicAlbum = ''; $genre = ''; $video_attached_thumbnail = 0; $successfulWatermark = 0; $dnc = 1; $errors = 0; $errMsg = ''; clearstatcache(); if (!file_exists($filename)) { $errMsg = $LANG_MG02['upload_not_found']; return array(false, $errMsg); } clearstatcache(); if (!is_readable($filename)) { $errMsg = $LANG_MG02['upload_not_readable']; return array(false, $errMsg); } // make sure we have the proper permissions to upload to this album.... if (!isset($MG_albums[$albums]->id)) { $errMsg = $LANG_MG02['album_nonexist']; // "Album does not exist, unable to process uploads"; return array(false, $errMsg); } sleep(1); // We do this to make sure we don't get dupe sid's /* * The following section of code will generate a unique name for a temporary * file and copy the uploaded file to the Media Gallery temp directory. * We do this to prevent any SAFE MODE issues when we later open the * file to determine the mime type. */ if (empty($_USER['username']) || $_USER['username'] == '') { $_USER['username'] = '******'; } $tmpPath = $_MG_CONF['tmp_path'] . '/' . $_USER['username'] . COM_makesid() . '.tmp'; if ($upload) { $rc = @move_uploaded_file($filename, $tmpPath); } else { $rc = @copy($filename, $tmpPath); $importSource = $filename; } if ($rc != 1) { $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); @unlink($tmpPath); return array(false, $errMsg); } $filename = $tmpPath; if ($replace > 0) { $new_media_id = $replace; } else { $new_media_id = COM_makesid(); } $media_time = time(); $media_upload_time = time(); $media_user_id = $userid; $mimeInfo = IMG_getMediaMetaData($filename); $mimeExt = strtolower(substr(strrchr($file, "."), 1)); $mimeInfo['type'] = $mimeExt; if (!isset($mimeInfo['mime_type']) || $mimeInfo['mime_type'] == '') { $mimeInfo['mime_type'] = $filetype; } $gotTN = 0; if (isset($mimeInfo['id3v2']['APIC'][0]['mime']) && $mimeInfo['id3v2']['APIC'][0]['mime'] == 'image/jpeg') { $mp3AttachdedThumbnail = $mimeInfo['id3v2']['APIC'][0]['data']; $gotTN = 1; } if ($mimeExt == '' || $mimeInfo['mime_type'] == 'application/octet-stream' || $mimeInfo['mime_type'] == '') { // assume format based on file upload info... switch ($filetype) { case 'audio/mpeg': $mimeInfo['type'] = 'mp3'; $mimeInfo['mime_type'] = 'audio/mpeg'; $mimeExt = 'mp3'; break; case 'image/tga': $mimeInfo['type'] = 'tga'; $mimeInfo['mime_type'] = 'image/tga'; $mimeExt = 'tga'; break; case 'image/psd': $mimeInfo['type'] = 'psd'; $mimeInfo['mime_type'] = 'image/psd'; $mimeExt = 'psd'; break; case 'image/gif': $mimeInfo['type'] = 'gif'; $mimeInfo['mime_type'] = 'image/gif'; $mimeExt = 'gif'; break; case 'image/jpeg': case 'image/jpg': $mimeInfo['type'] = 'jpg'; $mimeInfo['mime_type'] = 'image/jpeg'; $mimeExt = 'jpg'; break; case 'image/png': $mimeInfo['type'] = 'png'; $mimeInfo['mime_type'] = 'image/png'; $mimeExt = 'png'; break; case 'image/bmp': $mimeInfo['type'] = 'bmp'; $mimeInfo['mime_type'] = 'image/bmp'; $mimeExt = 'bmp'; break; case 'application/x-shockwave-flash': $mimeInfo['type'] = 'swf'; $mimeInfo['mime_type'] = 'application/x-shockwave-flash'; $mimeExt = 'swf'; break; case 'application/zip': $mimeInfo['type'] = 'zip'; $mimeInfo['mime_type'] = 'application/zip'; $mimeExt = 'zip'; break; case 'audio/mpeg': $mimeInfo['type'] = 'mp3'; $mimeInfo['mime_type'] = 'audio/mpeg'; $mimeExt = 'mp3'; break; case 'video/quicktime': $mimeInfo['type'] = 'mov'; $mimeInfo['mime_type'] = 'video/quicktime'; $mimeExt = 'mov'; break; case 'video/x-m4v': $mimeInfo['type'] = 'mov'; $mimeInfo['mime_type'] = 'video/x-m4v'; $mimeExt = 'mov'; break; case 'video/x-flv': $mimeInfo['type'] = 'flv'; $mimeInfo['mime_type'] = 'video/x-flv'; $mimeExt = 'flv'; break; case 'audio/x-ms-wma': $mimeInfo['type'] = 'wma'; $mimeInfo['mime_type'] = 'audio/x-ms-wma'; $mimeExt = 'wma'; break; default: $file_extension = strtolower(substr(strrchr($file, "."), 1)); switch ($file_extension) { case 'flv': $mimeInfo['type'] = 'flv'; $mimeInfo['mime_type'] = 'video/x-flv'; $mimeExt = 'flv'; break; case 'wma': $mimeInfo['type'] = 'wma'; $mimeInfo['mime_type'] = 'audio/x-ms-wma'; $mimeExt = 'wma'; break; default: $mimeInfo['type'] = 'file'; if ($filetype != '') { $mimeInfo['mime_type'] = $filetype; } else { $mimeInfo['mime_type'] = 'application/octet-stream'; } $mimeExt = $file_extension; break; } } } switch ($mimeInfo['mime_type']) { case 'audio/mpeg': $format_type = MG_MP3; break; case 'image/gif': $format_type = MG_GIF; break; case 'image/jpeg': case 'image/jpg': $format_type = MG_JPG; break; case 'image/png': $format_type = MG_PNG; break; case 'image/bmp': $format_type = MG_BMP; break; case 'application/x-shockwave-flash': $format_type = MG_SWF; break; case 'application/zip': $format_type = MG_ZIP; break; case 'video/mpeg': case 'video/x-motion-jpeg': case 'video/quicktime': case 'video/mpeg': case 'video/x-mpeg': case 'video/x-mpeq2a': case 'video/x-qtc': case 'video/x-m4v': $format_type = MG_MOV; break; case 'video/x-flv': $format_type = MG_FLV; break; case 'image/tiff': $format_type = MG_TIF; break; case 'image/x-targa': case 'image/tga': $format_type = MG_TGA; break; case 'image/psd': $format_type = MG_PSD; break; case 'application/ogg': $format_type = MG_OGG; break; case 'audio/x-ms-wma': case 'audio/x-ms-wax': case 'audio/x-ms-wmv': case 'video/x-ms-asf': case 'video/x-ms-asf-plugin': case 'video/avi': case 'video/msvideo': case 'video/x-msvideo': case 'video/avs-video': case 'video/x-ms-wmv': case 'video/x-ms-wvx': case 'video/x-ms-wm': case 'application/x-troff-msvideo': case 'application/x-ms-wmz': case 'application/x-ms-wmd': $format_type = MG_ASF; break; case 'application/pdf': $format_type = MG_OTHER; break; default: $format_type = MG_OTHER; break; } $mimeType = $mimeInfo['mime_type']; if ($filetype == 'video/x-m4v') { $mimeType = 'video/x-m4v'; $mimeInfo['mime_type'] = 'video/x-m4v'; } if (!($MG_albums[$albums]->valid_formats & $format_type)) { return array(false, $LANG_MG02['format_not_allowed']); } if ($replace > 0) { $sql = "SELECT * FROM {$_TABLES['mg_media']} WHERE media_id='" . DB_escapeString($replace) . "'"; $result = DB_query($sql); $row = DB_fetchArray($result); $media_filename = $row['media_filename']; } else { if ($_MG_CONF['preserve_filename'] == 1) { $loopCounter = 0; $digitCounter = 1; $file_name = stripslashes($file); $file_name = MG_replace_accents($file_name); $file_name = preg_replace("#[ ]#", "_", $file_name); // change spaces to underscore $file_name = preg_replace('#[^\\.\\-,\\w]#', '_', $file_name); //only parenthesis, underscore, letters, numbers, comma, hyphen, period - others to underscore $file_name = preg_replace('#(_)+#', '_', $file_name); //eliminate duplicate underscore $pos = strrpos($file_name, '.'); if ($pos === false) { $basefilename = $file_name; } else { $basefilename = strtolower(substr($file_name, 0, $pos)); } do { clearstatcache(); $media_filename = substr(md5(uniqid(rand())), 0, $digitCounter) . '_' . $basefilename; $loopCounter++; if ($loopCounter > 16) { $digitCounter++; $loopCounter = 0; } } while (MG_file_exists($media_filename)); } else { do { clearstatcache(); $media_filename = md5(uniqid(rand())); } while (MG_file_exists($media_filename)); } } // replace a few mime extentions here... // $mimeExtLower = strtolower($mimeExt); if ($mimeExtLower == 'php') { $mimeExt = 'phps'; } else { if ($mimeExtLower == 'pl') { $mimeExt = 'txt'; } else { if ($mimeExtLower == 'cgi') { $mimeExt = 'txt'; } else { if ($mimeExtLower == 'py') { $mimeExt = 'txt'; } else { if ($mimeExtLower == 'sh') { $mimeExt = 'txt'; } else { if ($mimeExtLower == 'rb') { $mimeExt = 'txt'; } } } } } } $disp_media_filename = $media_filename . '.' . $mimeExt; switch ($mimeType) { case 'image/psd': case 'image/x-targa': case 'image/tga': case 'image/photoshop': case 'image/x-photoshop': case 'image/psd': case 'application/photoshop': case 'application/psd': case 'image/tiff': case 'image/gif': case 'image/jpeg': case 'image/jpg': case 'image/png': case 'image/bmp': if ($mimeType == 'image/psd' || $mimeType == 'image/x-targa' || $mimeType == 'image/tga' || $mimeType == 'image/photoshop' || $mimeType == 'image/x-photoshop' || $mimeType == 'image/psd' || $mimeType == 'application/photoshop' || $mimeType == 'application/psd' || $mimeType == 'image/tiff') { $media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt; $media_disp = $_MG_CONF['path_mediaobjects'] . 'disp/' . $media_filename[0] . '/' . $media_filename . ".jpg"; $media_tn = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/' . $media_filename . ".jpg"; } else { $media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt; $media_disp = $_MG_CONF['path_mediaobjects'] . 'disp/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt; $media_tn = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt; } $mimeType = $mimeInfo['mime_type']; // process image file $media_time = getOriginationTimestamp($filename); if ($media_time == null || $media_time < 0) { $media_time = time(); } $rc = @copy($filename, $media_orig); if ($rc != 1) { $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); } else { if ($purgefiles) { @unlink($importSource); } @chmod($media_orig, 0644); list($rc, $msg) = MG_convertImage($media_orig, $media_tn, $media_disp, $mimeExt, $mimeType, $albums, $media_filename, $dnc); if ($rc == false) { $errors++; $errMsg .= $msg; // sprintf($LANG_MG02['convert_error'],$filename); } else { $mediaType = 0; if ($_MG_CONF['discard_original'] == 1 && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg' || $mimeType == 'image/png' || $mimeType == 'image/bmp' || $mimeType == 'image/gif')) { if ($_MG_CONF['jhead_enabled'] && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg')) { $rc = MG_execWrapper('"' . $_MG_CONF['jhead_path'] . "/jhead" . '"' . " -te " . $media_orig . " " . $media_disp); } @unlink($media_orig); } if ($MG_albums[$albums]->wm_auto) { if ($_MG_CONF['discard_original'] == 1) { $rc = MG_watermark($media_disp, $albums, 1); if ($rc == TRUE) { $successfulWatermark = 1; } } else { $rc1 = MG_watermark($media_orig, $albums, 1); $rc2 = MG_watermark($media_disp, $albums, 0); if ($rc1 == TRUE && $rc2 == TRUE) { $successfulWatermark = 1; } } } if ($dnc != 1) { if ($mimeType != 'image/tga' && $mimeType != 'image/x-targa' && $mimeType != 'image/tiff') { if ($mimeType != 'image/photoshop' && $mimeType != 'image/x-photoshop' && $mimeType != 'image/psd' && $mimeType != 'application/photoshop' && $mimeType != 'application/psd') { $mimeExt = 'jpg'; $mimeType = 'image/jpeg'; } } } } } break; case 'video/quicktime': case 'video/mpeg': case 'video/x-flv': case 'video/x-ms-asf': case 'video/x-ms-asf-plugin': case 'video/avi': case 'video/msvideo': case 'video/x-msvideo': case 'video/avs-video': case 'video/x-ms-wmv': case 'video/x-ms-wvx': case 'video/x-ms-wm': case 'application/x-troff-msvideo': case 'application/x-shockwave-flash': case 'video/mp4': case 'video/x-m4v': $mimeType = $mimeInfo['mime_type']; if ($filetype == 'video/mp4') { $mimeExt = 'mp4'; } // process video format $media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . '.' . $mimeExt; $rc = @copy($filename, $media_orig); if ($rc != 1) { $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); } else { if ($purgefiles) { @unlink($importSource); } @chmod($media_orig, 0644); $mediaType = 1; } $video_attached_thumbnail = MG_videoThumbnail($albums, $media_orig, $media_filename); break; case 'application/ogg': case 'audio/mpeg': case 'audio/x-ms-wma': case 'audio/x-ms-wax': case 'audio/x-ms-wmv': $mimeType = $mimeInfo['mime_type']; // process audio format $media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . '.' . $mimeExt; $rc = @copy($filename, $media_orig); if (isset($mimeInfo['tags']['id3v1']['title'][0])) { if ($caption == '') { $caption = $mimeInfo['tags']['id3v1']['title'][0]; } } if (isset($mimeInfo['tags']['id3v1']['artist'][0])) { $artist = DB_escapeString($mimeInfo['tags']['id3v1']['artist'][0]); } if (isset($mimeInfo['tags']['id3v2']['genre'][0])) { $genre = DB_escapeString($mimeInfo['tags']['id3v2']['genre'][0]); } if (isset($mimeInfo['tags']['id3v1']['album'][0])) { $musicAlbum = DB_escapeString($mimeInfo['tags']['id3v1']['album'][0]); } if ($rc != 1) { $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); } else { if ($purgefiles) { @unlink($importSource); } $mediaType = 2; } break; case 'zip': case 'application/zip': if ($_MG_CONF['zip_enabled']) { $errMsg .= MG_processZip($filename, $albums, $purgefiles, $media_filename); break; } // NO BREAK HERE, fall through if enable zip isn't allowed // NO BREAK HERE, fall through if enable zip isn't allowed default: $media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt; $mimeType = $mimeInfo['mime_type']; $rc = @copy($filename, $media_orig); if ($rc != 1) { $errors++; $errMsg .= sprintf($LANG_MG02['move_error'], $filename); } else { if ($purgefiles) { @unlink($importSource); } $mediaType = 4; } $mediaType = 4; break; } // update quota $quota = $MG_albums[$albums]->album_disk_usage; if ($_MG_CONF['discard_original'] == 1) { $quota += @filesize($_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . '.' . $mimeExt); $quota += @filesize($_MG_CONF['path_mediaobjects'] . 'disp/' . $media_filename[0] . '/' . $media_filename . '.jpg'); } else { $quota += @filesize($_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . '.' . $mimeExt); } DB_query("UPDATE {$_TABLES['mg_albums']} SET album_disk_usage=" . $quota . " WHERE album_id=" . $albums); if ($errors) { @unlink($tmpPath); return array(false, $errMsg); } if (($mimeType != 'application/zip' || $_MG_CONF['zip_enabled'] == 0) && $errors == 0) { // Now we need to process an uploaded thumbnail if ($gotTN == 1) { $mp3TNFilename = $_MG_CONF['tmp_path'] . '/mp3tn' . time() . '.jpg'; $fn = fopen($mp3TNFilename, "w"); fwrite($fn, $mp3AttachdedThumbnail); fclose($fn); $saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename; MG_attachThumbnail($albums, $mp3TNFilename, $saveThumbnailName); @unlink($mp3TNFilename); $atttn = 1; } else { if ($atttn == 1) { $saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename; MG_attachThumbnail($albums, $thumbnail, $saveThumbnailName); } } if ($video_attached_thumbnail) { $atttn = 1; } if ($MG_albums[$albums]->enable_html != 1) { // if ($_MG_CONF['htmlallowed'] != 1 ) { $media_desc = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description))))); $media_caption = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption))))); $media_keywords = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords))))); } else { $media_desc = DB_escapeString(COM_checkHTML(COM_killJS($description))); $media_caption = DB_escapeString(COM_checkHTML(COM_killJS($caption))); $media_keywords = DB_escapeString(COM_checkHTML(COM_killJS($keywords))); } // Check and see if moderation is on. If yes, place in mediasubmission if ($MG_albums[$albums]->moderate == 1 && !$MG_albums[0]->owner_id) { $tableMedia = $_TABLES['mg_mediaqueue']; $tableMediaAlbum = $_TABLES['mg_media_album_queue']; $queue = 1; } else { $tableMedia = $_TABLES['mg_media']; $tableMediaAlbum = $_TABLES['mg_media_albums']; $queue = 0; } $original_filename = DB_escapeString($file); if ($MG_albums[$albums]->filename_title) { if ($media_caption == '') { $pos = strrpos($original_filename, '.'); if ($pos === false) { $media_caption = $original_filename; } else { $media_caption = substr($original_filename, 0, $pos); } } } $resolution_x = 0; $resolution_y = 0; // try to find a resolution if video... if ($mediaType == 1) { switch ($mimeType) { case 'application/x-shockwave-flash': case 'video/quicktime': case 'video/mpeg': case 'video/x-m4v': if (isset($mimeInfo['video']['resolution_x']) && isset($mimeInfo['video']['resolution_x'])) { $resolution_x = $mimeInfo['video']['resolution_x']; $resolution_y = $mimeInfo['video']['resolution_y']; } else { $resolution_x = -1; $resolution_y = -1; } break; case 'video/x-flv': if ($mimeInfo['video']['resolution_x'] < 1 || $mimeInfo['video']['resolution_y'] < 1) { if (isset($mimeInfo['meta']['onMetaData']['width']) && isset($mimeInfo['meta']['onMetaData']['height'])) { $resolution_x = $mimeInfo['meta']['onMetaData']['width']; $resolution_y = $mimeInfo['meta']['onMetaData']['height']; } else { $resolution_x = -1; $resolution_y = -1; } } else { $resolution_x = $mimeInfo['video']['resolution_x']; $resolution_y = $mimeInfo['video']['resolution_y']; } break; case 'video/x-ms-asf': case 'video/x-ms-asf-plugin': case 'video/avi': case 'video/msvideo': case 'video/x-msvideo': case 'video/avs-video': case 'video/x-ms-wmv': case 'video/x-ms-wvx': case 'video/x-ms-wm': case 'application/x-troff-msvideo': if (isset($mimeInfo['video']['streams']['2']['resolution_x']) && isset($mimeInfo['video']['streams']['2']['resolution_y'])) { $resolution_x = $mimeInfo['video']['streams']['2']['resolution_x']; $resolution_y = $mimeInfo['video']['streams']['2']['resolution_y']; } else { $resolution_x = -1; $resolution_y = -1; } break; } } if ($replace > 0) { $sql = "UPDATE " . $tableMedia . " SET\n\t \t\t\t\t\tmedia_filename='" . DB_escapeString($media_filename) . "',\n\t \t\t\t\t\tmedia_original_filename='{$original_filename}',\n\t \t\t\t\t\tmedia_mime_ext='" . DB_escapeString($mimeExt) . "',\n\t \t\t\t\t\tmime_type='" . DB_escapeString($mimeType) . "',\n\t \t\t\t\t\tmedia_time='" . DB_escapeString($media_time) . "',\n\t \t\t\t\t\tmedia_user_id='" . DB_escapeString($media_user_id) . "',\n\t \t\t\t\t\tmedia_type='" . DB_escapeString($mediaType) . "',\n\t \t\t\t\t\tmedia_upload_time='" . DB_escapeString($media_upload_time) . "',\n\t \t\t\t\t\tmedia_watermarked='" . DB_escapeString($successfulWatermark) . "',\n\t \t\t\t\t\tmedia_resolution_x='" . DB_escapeString($resolution_x) . "',\n\t \t\t\t\t\tmedia_resolution_y='" . DB_escapeString($resolution_y) . "'\n\t \t\t\t\t\tWHERE media_id='" . DB_escapeString($replace) . "'"; DB_query($sql); } else { $sql = "INSERT INTO " . $tableMedia . " (media_id,media_filename,media_original_filename,media_mime_ext,media_exif,mime_type,media_title,media_desc,media_keywords,media_time,media_views,media_comments,media_votes,media_rating,media_tn_attached,media_tn_image,include_ss,media_user_id,media_user_ip,media_approval,media_type,media_upload_time,media_category,media_watermarked,v100,maint,media_resolution_x,media_resolution_y,remote_media,remote_url,artist,album,genre)\n\t VALUES ('{$new_media_id}','{$media_filename}','{$original_filename}','{$mimeExt}','1','{$mimeType}','{$media_caption}','{$media_desc}','{$media_keywords}','{$media_time}','0','0','0','0.00','{$atttn}','','1','{$media_user_id}','','0','{$mediaType}','{$media_upload_time}','{$category}','{$successfulWatermark}','0','0',{$resolution_x},{$resolution_y},0,'','{$artist}','{$musicAlbum}','{$genre}');"; DB_query($sql); $x = 0; $sql = "SELECT MAX(media_order) + 10 AS media_seq FROM " . $_TABLES['mg_media_albums'] . " WHERE album_id = " . $albums; $result = DB_query($sql); $row = DB_fetchArray($result); $media_seq = $row['media_seq']; if ($media_seq < 10) { $media_seq = 10; } $sql = "INSERT INTO " . $tableMediaAlbum . " (media_id, album_id, media_order) VALUES ('{$new_media_id}', {$albums}, {$media_seq} )"; DB_query($sql); if ($mediaType == 1 && $resolution_x > 0 && $resolution_y > 0 && $_MG_CONF['use_default_resolution'] == 0) { DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','width', '{$resolution_x}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','height', '{$resolution_y}'"); } // update the media count for the album, only if no moderation... if ($queue == 0) { $MG_albums[$albums]->media_count++; DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET media_count=" . $MG_albums[$albums]->media_count . ",last_update=" . $media_upload_time . " WHERE album_id='" . $MG_albums[$albums]->id . "'"); if ($_MG_CONF['update_parent_lastupdated'] == 1) { $currentAID = $MG_albums[$albums]->parent; while ($MG_albums[$currentAID]->id != 0) { DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET last_update=" . $media_upload_time . " WHERE album_id='" . $MG_albums[$currentAID]->id . "'"); $currentAID = $MG_albums[$currentAID]->parent; } } if ($MG_albums[$albums]->cover == -1 && ($mediaType == 0 || $atttn == 1)) { if ($atttn == 1) { $covername = 'tn_' . $media_filename; } else { $covername = $media_filename; } DB_query("UPDATE {$_TABLES['mg_albums']} SET album_cover_filename='" . $covername . "'" . " WHERE album_id='" . $MG_albums[$albums]->id . "'"); } } $x++; } } if ($queue) { $errMsg .= $LANG_MG01['successful_upload_queue']; // ' successfully placed in Moderation queue'; } else { $errMsg .= $LANG_MG01['successful_upload']; // ' successfully uploaded to album'; } if ($queue == 0) { require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; MG_buildFullRSS(); MG_buildAlbumRSS($albums); CACHE_remove_instance('whatsnew'); } @unlink($tmpPath); return array(true, $errMsg); }
/** * Delete a trackback comment * Note: Permission checks have to be done by the caller. * * @param int $cid ID of the trackback comment * @return void */ function TRB_deleteTrackbackComment($cid) { global $_TABLES; $cid = DB_escapeString($cid); DB_delete($_TABLES['trackback'], 'cid', $cid); CACHE_remove_instance('whatsnew'); }
function MB_changeActiveStatusMenu($menu_arr) { global $_CONF, $_TABLES; // disable all menus $sql = "UPDATE {$_TABLES['menu']} SET menu_active = '0'"; DB_query($sql); if (isset($menu_arr)) { foreach ($menu_arr as $menu => $side) { $menu = COM_applyFilter($menu, true); // the enable those in the array $sql = "UPDATE {$_TABLES['menu']} SET menu_active = '1' WHERE id=" . (int) $menu; DB_query($sql); } } CACHE_remove_instance('menu'); return; }
function FF_saveTopic($forumData, $postData, $action) { global $_CONF, $_TABLES, $_FF_CONF, $_USER, $LANG03, $LANG_GF01, $LANG_GF02; $retval = ''; $uploadErrors = ''; $msg = ''; $errorMessages = ''; $email = ''; $forumfiles = array(); $okToSave = true; $dt = new Date('now', $_USER['tzid']); $date = $dt->toUnix(); $REMOTE_ADDR = $_SERVER['REMOTE_ADDR']; if (COM_isAnonUser()) { $uid = 1; } else { $uid = $_USER['uid']; } // verify postmode is allowed if (strtolower($postData['postmode']) == 'html') { if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) { $postData['postmode'] = 'html'; } else { $postData['postmode'] = 'text'; } } // is forum readonly? if ($forumData['is_readonly'] == 1) { // Check if this user has moderation rights now to allow a post to a locked topic if (!forum_modPermission($forumData['forum'], $uid, 'mod_edit')) { _ff_accessError(); } } if ($action == 'saveedit') { // does the forum match the forum id of the posted data? if ($forumData['forum'] != 0 && $forumData['forum'] != $postData['forum']) { _ff_accessError(); } $editid = COM_applyFilter($postData['editid'], true); $forum = COM_applyFilter($postData['forum'], true); $editAllowed = false; if (forum_modPermission($forumData['forum'], $_USER['uid'], 'mod_edit')) { $editAllowed = true; } else { if ($_FF_CONF['allowed_editwindow'] > 0) { $t1 = DB_getItem($_TABLES['ff_topic'], 'date', "id=" . (int) $postData['id']); $t2 = $_FF_CONF['allowed_editwindow']; $time = time(); if (time() - $t2 < $t1) { $editAllowed = true; } } else { $editAllowed = true; } } if ($postData['editpid'] < 1 && trim($postData['subject']) == '') { $retval .= FF_BlockMessage('', $LANG_GF02['msg18'], false); $okToSave = false; } elseif (!$editAllowed) { $link = $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . (int) $postData['$id']; $retval .= _ff_alertMessage('', $LANG_GF02['msg189'], sprintf($LANG_GF02['msg187'], $link)); $okToSave = false; } } else { if (!COM_isAnonUser() && $_FF_CONF['use_sfs']) { $email = isset($_USER['email']) ? $_USER['email'] : ''; } } if (isset($postData['name']) && $postData['name'] != '') { $name = _ff_preparefordb(@htmlspecialchars(strip_tags(trim(COM_checkWords(USER_sanitizeName($postData['name'])))), ENT_QUOTES, COM_getEncodingt()), 'text'); $name = urldecode($name); } else { $okToSave = false; $errorMessages .= $LANG_GF02['invalid_name'] . '<br />'; } // speed limit check if (!SEC_hasRights('forum.edit')) { COM_clearSpeedlimit($_FF_CONF['post_speedlimit'], 'forum'); $last = COM_checkSpeedlimit('forum'); if ($last > 0) { $errorMessages .= sprintf($LANG_GF01['SPEEDLIMIT'], $last, $_FF_CONF['post_speedlimit']) . '<br/>'; $okToSave = false; } } // standard edit checks if (strlen(trim($postData['name'])) < $_FF_CONF['min_username_length'] || strlen(trim($postData['subject'])) < $_FF_CONF['min_subject_length'] || strlen(trim($postData['comment'])) < $_FF_CONF['min_comment_length']) { $errorMessages .= $LANG_GF02['msg18'] . '<br/>'; $okToSave = false; } // CAPTCHA check if (function_exists('plugin_itemPreSave_captcha') && $okToSave == true) { if (!isset($postData['captcha'])) { $postData['captcha'] = ''; } $msg = plugin_itemPreSave_captcha('forum', $postData['captcha']); if ($msg != '') { $errorMessages .= $msg . '<br/>'; $okToSave = false; } } // spamx check if ($_FF_CONF['use_spamx_filter'] == 1 && $okToSave == true) { // Check for SPAM $spamcheck = '<h1>' . $postData['subject'] . '</h1><p>' . $postData['comment'] . '</p>'; $result = PLG_checkforSpam($spamcheck, $_CONF['spamx']); // Now check the result and redirect to index.php if spam action was taken if ($result > 0) { // then tell them to get lost ... $errorMessages .= $LANG_GF02['spam_detected']; $okToSave = false; } } if ($_FF_CONF['use_sfs'] == 1 && COM_isAnonUser() && function_exists('plugin_itemPreSave_spamx')) { $spamCheckData = array('username' => $postData['name'], 'email' => $email, 'ip' => $REMOTE_ADDR); $msg = plugin_itemPreSave_spamx('forum', $spamCheckData); if ($msg) { $errorMessages .= $msg; $okToSave = false; } } if ($okToSave == false) { $retval .= _ff_alertMessage($errorMessages, $LANG_GF01['ERROR'], ' '); return array(false, $retval); } if ($okToSave == true) { if (!isset($postData['postmode_switch'])) { $postData['postmode_switch'] = 0; } $postmode = _ff_chkpostmode($postData['postmode'], $postData['postmode_switch']); // validate postmode if ($postmode == 'html' || $postmode == 'HTML') { if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) { $postmode = 'html'; } else { $postmode = 'text'; } } $subject = _ff_preparefordb(strip_tags($postData['subject']), 'text'); $comment = _ff_preparefordb($postData['comment'], $postmode); $mood = isset($postData['mood']) ? COM_applyFilter($postData['mood']) : ''; $id = COM_applyFilter($postData['id'], true); $forum = COM_applyFilter($postData['forum'], true); $notify = isset($postData['notify']) ? COM_applyFilter($postData['notify']) : ''; $status = 0; if (isset($postData['disable_bbcode']) && $postData['disable_bbcode'] == 1) { $status += DISABLE_BBCODE; } if (isset($postData['disable_smilies']) && $postData['disable_smilies'] == 1) { $status += DISABLE_SMILIES; } if (isset($postData['disable_urlparse']) && $postData['disable_urlparse'] == 1) { $status += DISABLE_URLPARSE; } // If user has moderator edit rights only $locked = 0; $sticky = 0; if (isset($postData['modedit']) && $postData['modedit'] == 1) { if (isset($postData['locked_switch']) && $postData['locked_switch'] == 1) { $locked = 1; } if (isset($postData['sticky_switch']) && $postData['sticky_switch'] == 1) { $sticky = 1; } } if ($action == 'savetopic') { $fields = "forum,name,email,date,lastupdated,subject,comment,postmode,ip,mood,uid,pid,sticky,locked,status"; $sql = "INSERT INTO {$_TABLES['ff_topic']} ({$fields}) "; $sql .= "VALUES (" . (int) $forum . "," . "'" . DB_escapeString($name) . "'," . "'" . DB_escapeString($email) . "'," . "'" . DB_escapeString($date) . "'," . "'" . DB_escapeString($date) . "'," . "'" . $subject . "'," . "'" . $comment . "'," . "'" . DB_escapeString($postmode) . "'," . "'" . DB_escapeString($REMOTE_ADDR) . "'," . "'" . DB_escapeString($mood) . "'," . (int) $uid . "," . "0," . (int) $sticky . "," . (int) $locked . "," . (int) $status . ")"; DB_query($sql); // Find the id of the last inserted topic list($lastid) = DB_fetchArray(DB_query("SELECT max(id) FROM {$_TABLES['ff_topic']} ")); $savedPostID = $lastid; $topicPID = $lastid; /* Check for any uploaded files - during add of new topic */ $uploadErrors = _ff_check4files($lastid); // Check and see if there are no [file] bbcode tags in content and reset the show_inline value // This is needed in case user had used the file bbcode tag and then removed it $imagerecs = ''; $imagerecs = implode(',', $forumfiles); $sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $lastid . " "; if ($imagerecs != '') { $sql .= "AND id NOT IN ({$imagerecs})"; } DB_query($sql); // Update forums record DB_query("UPDATE {$_TABLES['ff_forums']} SET post_count=post_count+1, topic_count=topic_count+1, last_post_rec=" . (int) $lastid . " WHERE forum_id=" . (int) $forum); if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $lastid)) { DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $lastid); } DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0"); } else { if ($action == 'savereply') { $fields = "name,email,date,subject,comment,postmode,ip,mood,uid,pid,forum,status"; $sql = "INSERT INTO {$_TABLES['ff_topic']} ({$fields}) "; $sql .= "VALUES (" . "'" . DB_escapeString($name) . "'," . "'" . DB_escapeString($email) . "'," . "'" . DB_escapeString($date) . "'," . "'{$subject}'," . "'{$comment}'," . "'" . DB_escapeString($postmode) . "'," . "'" . DB_escapeString($REMOTE_ADDR) . "'," . "'" . DB_escapeString($mood) . "'," . (int) $uid . "," . (int) $id . "," . (int) $forum . "," . (int) $status . ")"; DB_query($sql); // Find the id of the last inserted topic list($lastid) = DB_fetchArray(DB_query("SELECT max(id) FROM {$_TABLES['ff_topic']} ")); $savedPostID = $lastid; $topicPID = $id; /* Check for any uploaded files - during adding reply post */ $uploadErrors = _ff_check4files($lastid); // Check and see if there are no [file] bbcode tags in content and reset the show_inline value // This is needed in case user had used the file bbcode tag and then removed it $imagerecs = ''; $imagerecs = implode(',', $forumfiles); $sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $lastid; if ($imagerecs != '') { $sql .= " AND id NOT IN ({$imagerecs})"; } DB_query($sql); DB_query("UPDATE {$_TABLES['ff_topic']} SET replies=replies+1, lastupdated='" . DB_escapeString($date) . "',last_reply_rec=" . (int) $lastid . " WHERE id=" . (int) $id); DB_query("UPDATE {$_TABLES['ff_forums']} SET post_count=post_count+1, last_post_rec=" . (int) $lastid . " WHERE forum_id=" . (int) $forum); if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $lastid)) { DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $id); } DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0"); } elseif ($action == 'saveedit') { $sql = "UPDATE {$_TABLES['ff_topic']} SET " . "subject='{$subject}'," . "comment='{$comment}'," . "postmode='" . DB_escapeString($postmode) . "'," . "mood='" . DB_escapeString($mood) . "'," . "sticky=" . (int) $sticky . "," . "locked=" . (int) $locked . "," . "status=" . (int) $status . " " . "WHERE (id=" . (int) $editid . ")"; DB_query($sql); /* Check for any uploaded files - during save of edit */ $uploadErrors = _ff_check4files($editid); // Check and see if there are no [file] bbcode tags in content and reset the show_inline value // This is needed in case user had used the file bbcode tag and then removed it $imagerecs = ''; $imagerecs = implode(',', $forumfiles); $sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $editid . " "; if ($imagerecs != '') { $sql .= "AND id NOT IN ({$imagerecs})"; } DB_query($sql); $topicPID = DB_getITEM($_TABLES['ff_topic'], "pid", "id=" . (int) $editid); if ($topicPID == 0) { $topicPID = $editid; } $savedPostID = $editid; if ($postData['silentedit'] != 1) { DB_query("UPDATE {$_TABLES['ff_topic']} SET lastupdated='" . DB_escapeString($date) . "' WHERE id=" . (int) $topicPID); //Remove any lastviewed records in the log so that the new updated topic indicator will appear DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0"); } if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $editid)) { DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $topicPID); } $topicparent = $topicPID; } } COM_updateSpeedLimit('forum'); PLG_itemSaved($savedPostID, 'forum'); CACHE_remove_instance('forumcb'); if (!COM_isAnonUser()) { //NOTIFY - Checkbox variable in form set to "on" when checked and they don't already have subscribed to forum or topic $nid = -$topicPID; $currentForumNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id=0 AND uid=" . (int) $uid); $currentTopicNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id='" . DB_escapeString($topicPID) . "' AND uid=" . (int) $uid); $currentTopicUnNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id='" . DB_escapeString($nid) . "' AND uid=" . (int) $uid); $forum_name = DB_getItem($_TABLES['ff_forums'], 'forum_name', 'forum_id=' . (int) $forum); $topic_name = $subject; if ($notify == 'on' and ($currentForumNotifyRecID < 1 and $currentTopicNotifyRecID < 1)) { $sql = "INSERT INTO {$_TABLES['subscriptions']} (type,category,category_desc,id,id_desc,uid,date_added) "; $sql .= "VALUES ('forum','" . DB_escapeString($forum) . "','" . DB_escapeString($forum_name) . "','" . DB_escapeString($topicPID) . "','" . $subject . "'," . (int) $uid . ",now() )"; DB_query($sql); } elseif ($notify == 'on' and $currentTopicUnNotifyRecID > 1) { // Had un-subcribed to topic and now wants to subscribe DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE sub_id=" . (int) $currentTopicUnNotifyRecID); } elseif ($notify == '' and $currentTopicNotifyRecID > 1) { // Subscribed to topic - but does not want to be notified anymore DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($topicPID) . "'"); } elseif ($notify == '' and $currentForumNotifyRecID > 1) { // Subscribed to forum - but does not want to be notified about this topic DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($topicPID) . "'"); DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($nid) . "'"); DB_query("INSERT INTO {$_TABLES['subscriptions']} (type,category,category_desc,id,id_desc,uid,date_added) VALUES ('forum','" . DB_escapeString($forum) . "','" . DB_escapeString($forum_name) . "','" . DB_escapeString($nid) . "','" . $subject . "'," . (int) $uid . ",now() )"); } } if ($action != 'saveedit') { _ff_chknotifications($forum, $savedPostID, $uid); } $link = $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . $topicPID . '&topic=' . $savedPostID . '#' . $savedPostID; if ($uploadErrors != '') { $autorefresh = false; } else { $autorefresh = true; } $retval .= FF_statusMessage($uploadErrors . $LANG_GF02['msg19'], $link, $LANG_GF02['msg19'], false, '', $autorefresh); } else { $retval .= _ff_alertMessage($LANG_GF02['msg18']); } return array(true, $retval); }
/** * Saves the story in it's final state to the database. * * Handles all the SID magic etc. * @return Integer status result from a constant list. */ function saveToDatabase() { global $_TABLES, $_CONF; if (DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1") == $this->_tid) { $this->_featured = 0; $this->_frontpage = 0; $this->_statuscode = STORY_ARCHIVE_ON_EXPIRE; } if ($this->_featured != 1) { $this->_featured = 0; } if ($this->_statuscode == '') { $this->_statuscode = 0; } if ($this->_owner_id == '') { $this->_owner_id = 1; } /* if a featured, non-draft, that goes live straight away, unfeature * other stories in same topic: */ if ($this->_featured == '1') { // there can only be one non-draft featured story if ($this->_draft_flag == 0 and $this->_date <= time()) { if ($this->_frontpage == 1) { // un-feature any featured frontpage story DB_query("UPDATE {$_TABLES['stories']} SET featured = 0 WHERE featured = 1 AND draft_flag = 0 AND frontpage = 1 AND date <= NOW()"); } // un-feature any featured story in the same topic DB_query("UPDATE {$_TABLES['stories']} SET featured = 0 WHERE featured = 1 AND draft_flag = 0 AND tid = '{$this->_tid}' AND date <= NOW()"); } } $oldArticleExists = false; $currentSidExists = false; /* Fix up old sid => new sid stuff */ if ($this->_sid != $this->_originalSid) { /* The sid has changed. Load from request will have * ensured that if the new sid exists an error has * been thrown, but we need to know if the old sid * actually existed (as opposed to being a generated * sid that was then thrown away) to reduce the sheer * number of SQL queries we do. */ $checksid = DB_escapeString($this->_originalSid); $newsid = DB_escapeString($this->_sid); $sql = "SELECT 1 FROM {$_TABLES['stories']} WHERE sid='{$checksid}'"; $result = DB_query($sql); if ($result && DB_numRows($result) > 0) { $oldArticleExists = true; } if ($oldArticleExists) { /* Move Comments */ $sql = "UPDATE {$_TABLES['comments']} SET sid='{$newsid}' WHERE type='article' AND sid='{$checksid}'"; DB_query($sql); /* Move Images */ $sql = "UPDATE {$_TABLES['article_images']} SET ai_sid = '{$newsid}' WHERE ai_sid = '{$checksid}'"; DB_query($sql); /* Move trackbacks */ $sql = "UPDATE {$_TABLES['trackback']} SET sid='{$newsid}' WHERE sid='{$checksid}' AND type='article'"; DB_query($sql); /* Move ratings */ $sql = "UPDATE {$_TABLES['rating']} SET item_id='{$newsid}' WHERE item_id='{$checksid}' AND type='article'"; DB_query($sql); $sql = "UPDATE {$_TABLES['rating_votes']} SET item_id='{$newsid}' WHERE item_id='{$checksid}' AND type='article'"; DB_query($sql); CACHE_remove_instance('story_' . $this->_originalSid); } } /* Acquire Comment Count */ $sql = "SELECT count(1) FROM {$_TABLES['comments']} WHERE type='article' AND sid='" . DB_escapeString($this->_sid) . "'"; $result = DB_query($sql); if ($result && DB_numRows($result) == 1) { $array = DB_fetchArray($result); $this->_comments = $array[0]; } else { $this->_comments = 0; } /* Acquire Rating / Votes */ list($rating_id, $rating, $votes) = RATING_getRating('article', $this->_sid); $this->_rating = $rating; $this->_votes = $votes; //@TODO - remove this call on save // Get the related URLs $this->_related = implode("\n", STORY_extractLinks("{$this->_introtext} {$this->_bodytext}")); $sql = 'REPLACE INTO ' . $_TABLES['stories'] . ' ('; $values = ' VALUES ('; $fields = ''; reset($this->_dbFields); /* This uses the database field array to generate a SQL Statement. This * means that when adding new fields to save and load, all we need to do * is add the field name to the array, and the code will magically cope. */ while (list($fieldname, $save) = each($this->_dbFields)) { if ($save === 1) { $varname = '_' . $fieldname; $sql .= $fieldname . ', '; if ($fieldname == 'date' || $fieldname == 'expire' || $fieldname == 'comment_expire') { // let the DB server do this conversion if (!empty($this->{$varname})) { $values .= 'FROM_UNIXTIME(' . $this->{$varname} . '), '; } else { $values .= "'0000-00-00 00:00:00', "; } } else { $values .= '\'' . DB_escapeString($this->{$varname}) . '\', '; } } } $sql = substr($sql, 0, strlen($sql) - 2); $values = substr($values, 0, strlen($values) - 2); $sql .= ') ' . $values . ')'; DB_query($sql); CACHE_remove_instance('story_' . $this->_sid); /* Clean up the old story */ if ($oldArticleExists && !empty($checksid)) { $sql = "DELETE FROM {$_TABLES['stories']} WHERE sid='{$checksid}'"; DB_query($sql); CACHE_remove_instance('story_' . $this->_originalSid); } if ($this->type == 'submission') { if (!empty($checksid)) { DB_delete($_TABLES['storysubmission'], 'sid', $checksid); } else { DB_delete($_TABLES['storysubmission'], 'sid', DB_escapeString($this->_sid)); } } CACHE_remove_instance('whatsnew'); CACHE_remove_instance('stmenu'); return STORY_SAVED; }
/** * This function is called when a user's information * (profile or preferences) has changed. * * @param int $uid user id * @return void * */ function plugin_user_changed_topic($uid) { global $_CONF; // Wipe out user's session variable for last_topic_update (if it exists) since their // security may have changed and the topic tree should be updated again $cacheInstance = 'topic_tree__' . CACHE_security_hash(); CACHE_remove_instance($cacheInstance); }
/** * Handles a comment delete * * @copyright Vincent Furia 2005 * @author Vincent Furia <vinny01 AT users DOT sourceforge DOT net> * @return string HTML (possibly a refresh) */ function handleDelete() { global $_CONF, $_TABLES, $_USER, $_PLUGINS; $retval = ''; $cid = 0; $type = COM_applyFilter($_REQUEST['type']); $sid = COM_sanitizeID(COM_applyFilter($_REQUEST['sid'])); if (isset($_REQUEST['cid'])) { $cid = COM_applyFilter($_REQUEST['cid'], true); } if ($type != 'article') { if (!in_array($type, $_PLUGINS)) { $type = ''; } } if (!($retval = PLG_commentDelete($type, $cid, $sid))) { CACHE_remove_instance('whatsnew'); echo COM_refresh($_CONF['site_url'] . '/index.php'); exit; } return $retval; }
function MG_saveMemberDefaults() { global $_CONF, $_MG_CONF, $_TABLES, $_USER, $_POST; $member_albums = isset($_POST['member_albums']) ? COM_applyFilter($_POST['member_albums'], true) : 0; $member_quota = COM_applyFilter($_POST['member_quota'], true) * 1048576; $auto_create = isset($_POST['auto_create']) ? COM_applyFilter($_POST['auto_create'], true) : 0; $allow_create = isset($_POST['allow_create']) ? COM_applyFilter($_POST['allow_create'], true) : 0; $member_use_fullname = isset($_POST['member_use_fullname']) ? COM_applyFilter($_POST['member_use_fullname'], true) : 0; $feature_member_album = isset($_POST['feature_member_album']) ? COM_applyFilter($_POST['feature_member_album'], true) : 0; $allow_remote = isset($_POST['allow_remote']) ? COM_applyFilter($_POST['allow_remote'], true) : 0; $member_root = isset($_POST['member_root']) ? COM_applyFilter($_POST['member_root'], true) : 0; $member_archive = isset($_POST['member_archive']) ? COM_applyFilter($_POST['member_archive'], true) : 0; $enable_random = isset($_POST['enable_random']) ? COM_applyFilter($_POST['enable_random'], true) : 0; $max_image_width = COM_applyFilter($_POST['max_image_width'], true); $max_image_height = COM_applyFilter($_POST['max_image_height'], true); $max_filesize = COM_applyFilter($_POST['max_filesize'], true) * 1024; $uploads = isset($_POST['uploads']) ? COM_applyFilter($_POST['uploads'], true) : 0; $moderate = isset($_POST['moderate']) ? COM_applyFilter($_POST['moderate'], true) : 0; $mod_id = COM_applyFilter($_POST['mod_id'], true); $email_mod = isset($_POST['email_mod']) ? COM_applyFilter($_POST['email_mod'], true) : 0; $tperm_owner = isset($_POST['perm_owner']) ? $_POST['perm_owner'] : 0; $tperm_group = isset($_POST['perm_group']) ? $_POST['perm_group'] : 0; $tperm_members = isset($_POST['perm_members']) ? $_POST['perm_members'] : 0; $tperm_anon = isset($_POST['perm_anon']) ? $_POST['perm_anon'] : 0; list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($tperm_owner, $tperm_group, $tperm_members, $tperm_anon); // valid media formats.... $format_jpg = isset($_POST['format_jpg']) ? COM_applyFilter($_POST['format_jpg'], true) : 0; $format_png = isset($_POST['format_png']) ? COM_applyFilter($_POST['format_png'], true) : 0; $format_tif = isset($_POST['format_tif']) ? COM_applyFilter($_POST['format_tif'], true) : 0; $format_gif = isset($_POST['format_gif']) ? COM_applyFilter($_POST['format_gif'], true) : 0; $format_bmp = isset($_POST['format_bmp']) ? COM_applyFilter($_POST['format_bmp'], true) : 0; $format_tga = isset($_POST['format_tga']) ? COM_applyFilter($_POST['format_tga'], true) : 0; $format_psd = isset($_POST['format_psd']) ? COM_applyFilter($_POST['format_psd'], true) : 0; $format_mp3 = isset($_POST['format_mp3']) ? COM_applyFilter($_POST['format_mp3'], true) : 0; $format_ogg = isset($_POST['format_ogg']) ? COM_applyFilter($_POST['format_ogg'], true) : 0; $format_asf = isset($_POST['format_asf']) ? COM_applyFilter($_POST['format_asf'], true) : 0; $format_swf = isset($_POST['format_swf']) ? COM_applyFilter($_POST['format_swf'], true) : 0; $format_mov = isset($_POST['format_mov']) ? COM_applyFilter($_POST['format_mov'], true) : 0; $format_mp4 = isset($_POST['format_mp4']) ? COM_applyFilter($_POST['format_mp4'], true) : 0; $format_mpg = isset($_POST['format_mpg']) ? COM_applyFilter($_POST['format_mpg'], true) : 0; $format_zip = isset($_POST['format_zip']) ? COM_applyFilter($_POST['format_zip'], true) : 0; $format_other = isset($_POST['format_other']) ? COM_applyFilter($_POST['format_other'], true) : 0; $format_flv = isset($_POST['format_flv']) ? COM_applyFilter($_POST['format_flv'], true) : 0; $format_rflv = isset($_POST['format_rflv']) ? COM_applyFilter($_POST['format_rflv'], true) : 0; $format_emb = isset($_POST['format_emb']) ? COM_applyFilter($_POST['format_emb'], true) : 0; $member_valid_formats = $format_jpg + $format_png + $format_tif + $format_gif + $format_bmp + $format_tga + $format_psd + $format_mp3 + $format_ogg + $format_asf + $format_swf + $format_mov + $format_mp4 + $format_mpg + $format_zip + $format_other + $format_flv + $format_rflv + $format_emb; // put any error checking / validation here DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_albums','{$member_albums}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_use_fullname','{$member_use_fullname}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'feature_member_album','{$feature_member_album}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'allow_remote','{$allow_remote}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_quota','{$member_quota}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_auto_create','{$auto_create}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_create_new','{$allow_create}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_album_root','{$member_root}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_album_archive','{$member_archive}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_enable_random','{$enable_random}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_max_width','{$max_image_width}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_max_height','{$max_image_height}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_max_filesize','{$max_filesize}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_uploads','{$uploads}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_moderate','{$moderate}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_mod_group_id','{$mod_id}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_email_mod','{$email_mod}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_perm_owner','{$perm_owner}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_perm_group','{$perm_group}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_perm_members','{$perm_members}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_perm_anon','{$perm_anon}'"); DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_valid_formats','{$member_valid_formats}'"); CACHE_remove_instance('stmenu'); echo COM_refresh($_MG_CONF['admin_url'] . 'index.php?msg=12'); exit; }
/** * Moves comment from submission table to comments table * * @param int cid comment id * @copyright Jared Wenerd 2008 * @author Jared Wenerd, wenerd87 AT gmail DOT com * @param string $cid comment id * @return string of story id */ function CMT_approveModeration($cid) { global $_CONF, $_TABLES; $result = DB_query("SELECT type, sid, date, title, comment, uid, name, pid, ipaddress FROM {$_TABLES['commentsubmissions']} WHERE cid = '{$cid}'"); $A = DB_fetchArray($result); if ($A['pid'] > 0) { // get indent+1 of parent $indent = DB_getItem($_TABLES['comments'], 'indent+1', "cid = '{$A['pid']}'"); if (empty($indent)) { $indent = 0; } } else { $indent = 0; } $A['title'] = DB_escapeString($A['title']); $A['comment'] = DB_escapeString($A['comment']); if (isset($A['name'])) { // insert data $A['name'] = DB_escapeString($A['name']); DB_save($_TABLES['comments'], 'type,sid,date,title,comment,uid,name,pid,ipaddress,indent', "'{$A['type']}','{$A['sid']}','{$A['date']}','{$A['title']}','{$A['comment']}','{$A['uid']}'," . "'{$A['name']}','{$A['pid']}','{$A['ipaddress']}',{$indent}"); } else { // insert data, null automatically goes into name column DB_save($_TABLES['comments'], 'type,sid,date,title,comment,uid,pid,ipaddress,indent', "'{$A['type']}','{$A['sid']}','{$A['date']}','{$A['title']}','{$A['comment']}','{$A['uid']}'," . "'{$A['pid']}','{$A['ipaddress']}',{$indent}"); } $newcid = DB_insertId('', 'comments_cid_seq'); DB_delete($_TABLES['commentsubmissions'], 'cid', $cid); DB_change($_TABLES['commentnotifications'], 'cid', $newcid, 'mid', $cid); // notify of new published comment if ($_CONF['allow_reply_notifications'] == 1 && $A['pid'] > 0) { // $sql = "SELECT cid, uid, deletehash FROM {$_TABLES['commentnotifications']} WHERE cid = $pid"; // Used in Geeklog 2.0.0 and before. Notification sent only if someone directly replies to the comment (not a reply of a reply) $sql = "SELECT cn.cid, cn.uid, cn.deletehash " . "FROM {$_TABLES['comments']} AS c, {$_TABLES['comments']} AS c2, " . "{$_TABLES['commentnotifications']} AS cn " . "WHERE c2.cid = cn.cid AND (c.lft >= c2.lft AND c.lft <= c2.rht) " . "AND c.cid = {$A['pid']} GROUP BY cn.uid"; $result = DB_query($sql); $B = DB_fetchArray($result); if ($B !== false) { CMT_sendReplyNotification($B); } } // Update Comment Feeds COM_rdfUpToDateCheck('comment'); // Delete What's New block cache so it can get updated again if ($_CONF['whatsnew_cache_time'] > 0 and !$_CONF['hidenewcomments']) { $cacheInstance = 'whatsnew__'; // remove all whatsnew instances CACHE_remove_instance($cacheInstance); } return $A['sid']; }
/** * Delete a block * * @param string $bid id of block to delete * @return string HTML redirect or error message * */ function deleteBlock($bid) { global $_CONF, $_TABLES, $_USER; $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid ='{$bid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); if ($access < 3 || TOPIC_hasMultiTopicAccess('block', $bid) < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete block {$bid}."); return COM_refresh($_CONF['site_admin_url'] . '/block.php'); } TOPIC_deleteTopicAssignments('block', $bid); DB_delete($_TABLES['blocks'], 'bid', $bid); $cacheInstance = 'block__' . $bid . '__'; // remove any of this blocks instances if exists CACHE_remove_instance($cacheInstance); return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=12'); }
/** * Delete a feed. * * @param int $fid feed id * @return string HTML redirect * */ function FEED_delete($fid) { global $_CONF, $_TABLES; if ($fid > 0) { $feedfile = DB_getItem($_TABLES['syndication'], 'filename', "fid = {$fid}"); if (!empty($feedfile)) { @unlink(SYND_getFeedPath($feedfile)); } DB_delete($_TABLES['syndication'], 'fid', $fid); CACHE_remove_instance('story'); COM_setMessage(59); return COM_refresh($_CONF['site_admin_url'] . '/syndication.php'); } return COM_refresh($_CONF['site_admin_url'] . '/syndication.php'); }
function MG_saveMediaEdit($album_id, $media_id, $actionURL) { global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03, $_POST, $_FILES; $back = COM_applyFilter($_POST['rpath']); if ($back != '') { $sLength = strlen($_CONF['site_url']); if (substr($back, 0, $sLength) != $_CONF['site_url']) { $back = $_CONF['site_url']; } $actionURL = $back; } $queue = COM_applyFilter($_POST['queue'], true); if (isset($_POST['replacefile'])) { $replacefile = COM_applyFilter($_POST['replacefile']); } else { $replacefile = 0; } if ($replacefile == 1) { require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php'; $repfilename = $_FILES['repfilename']; $filename = $repfilename['name']; $file = $repfilename['tmp_name']; list($rc, $msg) = MG_getFile($file, $filename, $album_id, '', '', 1, 0, '', 0, '', '', 0, 0, $media_id); COM_errorLog($msg); } // see if we had an attached thumbnail before... $thumb = $_FILES['attthumb']; $thumbnail = $thumb['tmp_name']; $att = isset($_POST['attachtn']) ? COM_applyFilter($_POST['attachtn'], true) : 0; if ($att == 1) { $attachtn = 1; } else { $attachtn = 0; } if ($queue) { $old_attached_tn = DB_getItem($_TABLES['mg_mediaqueue'], 'media_tn_attached', 'media_id="' . DB_escapeString($media_id) . '"'); } else { $old_attached_tn = DB_getItem($_TABLES['mg_media'], 'media_tn_attached', 'media_id="' . DB_escapeString($media_id) . '"'); } if ($old_attached_tn == 0 && $att == 1 && $thumbnail == '') { $attachtn = 0; } if ($old_attached_tn == 1 && $attachtn == 0) { $remove_old_tn = 1; } else { $remove_old_tn = 0; } if ($queue) { $remote_media = DB_getItem($_TABLES['mg_mediaqueue'], 'remote_media', 'media_id="' . DB_escapeString($media_id) . '"'); } else { $remote_media = DB_getItem($_TABLES['mg_media'], 'remote_media', 'media_id="' . DB_escapeString($media_id) . '"'); } if ($remote_media) { $remote_url = isset($_POST['remoteurl']) ? DB_escapeString($_POST['remoteurl']) : ''; } else { $remote_url = ''; } if ($_MG_CONF['htmlallowed']) { $media_title = COM_checkWords($_POST['media_title']); $media_desc = COM_checkWords($_POST['media_desc']); } else { $media_title = htmlspecialchars(strip_tags(COM_checkWords($_POST['media_title']))); $media_desc = htmlspecialchars(strip_tags(COM_checkWords($_POST['media_desc']))); } $media_time_month = COM_applyFilter($_POST['media_month']); $media_time_day = COM_applyFilter($_POST['media_day']); $media_time_year = COM_applyFilter($_POST['media_year']); $media_time_hour = COM_applyFilter($_POST['media_hour']); $media_time_minute = COM_applyFilter($_POST['media_minute']); $original_filename = COM_applyFilter($_POST['original_filename']); if ($replacefile == 1) { $original_filename = $filename; } $cat_id = COM_applyFilter($_POST['cat_id'], true); $media_keywords = $_POST['media_keywords']; $media_keywords_safe = substr($media_keywords, 0, 254); $media_keywords = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords($media_keywords_safe)))); $artist = isset($_POST['artist']) ? DB_escapeString(COM_applyFilter($_POST['artist'])) : ''; $musicalbum = isset($_POST['musicalbum']) ? DB_escapeString(COM_applyFilter($_POST['musicalbum'])) : ''; $genre = isset($_POST['genre']) ? DB_escapeString(COM_applyFilter($_POST['genre'])) : ''; $dtObject = new Date('now', $_USER['tzid']); $dtObject->setDateTimestamp($media_time_year, $media_time_month, $media_time_day, $media_time_hour, $media_time_minute, 0); $media_time = $dtObject->toUnix(); if (isset($_POST['owner_name'])) { $owner_id = COM_applyFilter($_POST['owner_name'], true); $owner_sql = ',media_user_id=' . $owner_id . ' '; } else { $owner_sql = ''; } $sql = "UPDATE " . ($queue ? $_TABLES['mg_mediaqueue'] : $_TABLES['mg_media']) . "\n SET media_title='" . DB_escapeString($media_title) . "',\n media_desc='" . DB_escapeString($media_desc) . "',\n media_original_filename='" . DB_escapeString($original_filename) . "',\n media_time=" . $media_time . ",\n media_tn_attached=" . $attachtn . ",\n media_category=" . intval($cat_id) . ",\n media_keywords='" . $media_keywords . "',\n artist='" . $artist . "',\n album='" . $musicalbum . "',\n genre='" . $genre . "',\n remote_url='" . $remote_url . "' " . $owner_sql . "WHERE media_id='" . DB_escapeString($media_id) . "'"; DB_query($sql); if (DB_error() != 0) { echo COM_errorLog("Media Gallery: ERROR Updating image in media database"); } PLG_itemSaved($media_id, 'mediagallery'); $media_id_db = DB_escapeString($media_id); // process playback options if any... if (isset($_POST['autostart'])) { // asf $playback_option['autostart'] = intval(COM_applyFilter($_POST['autostart'], true)); $playback_option['enablecontextmenu'] = intval(COM_applyFilter($_POST['enablecontextmenu'], true)); $playback_option['stretchtofit'] = isset($_POST['stretchtofit']) ? intval(COM_applyFilter($_POST['stretchtofit'], true)) : 0; $playback_option['showstatusbar'] = COM_applyFilter($_POST['showstatusbar'], true); $playback_option['uimode'] = COM_applyFilter($_POST['uimode']); $playback_option['height'] = isset($_POST['height']) ? COM_applyFilter($_POST['height'], true) : 0; $playback_option['width'] = isset($_POST['width']) ? COM_applyFilter($_POST['width'], true) : 0; $playback_option['bgcolor'] = isset($_POST['bgcolor']) ? COM_applyFilter($_POST['bgcolor']) : 0; $playback_option['playcount'] = isset($_POST['playcount']) ? COM_applyFilter($_POST['playcount'], true) : 0; $playback_option['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0; if ($playback_option['playcount'] < 1) { $playback_option['playcount'] = 1; } DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','autostart',{$playback_option['autostart']}"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','enablecontextmenu',{$playback_option['enablecontextmenu']}"); if ($playback_option['stretchtofit'] != '') { DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','stretchtofit',{$playback_option['stretchtofit']}"); } DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','showstatusbar',{$playback_option['showstatusbar']}"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','uimode', '{$playback_option['uimode']}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','height',{$playback_option['height']}"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','width',{$playback_option['width']}"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','bgcolor','{$playback_option['bgcolor']}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','playcount','{$playback_option['playcount']}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','loop','{$playback_option['loop']}'"); } if (isset($_POST['play'])) { //swf $playback_option['play'] = COM_applyFilter($_POST['play'], true); $playback_option['menu'] = isset($_POST['menu']) ? COM_applyFilter($_POST['menu'], true) : ''; $playback_option['quality'] = isset($_POST['quality']) ? DB_escapeString(COM_applyFilter($_POST['quality'])) : ''; $playback_option['flashvars'] = isset($_POST['flashvars']) ? DB_escapeString(COM_applyFilter($_POST['flashvars'])) : ''; $playback_option['height'] = COM_applyFilter($_POST['height'], true); $playback_option['width'] = COM_applyFilter($_POST['width'], true); $playback_option['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0; $playback_option['scale'] = isset($_POST['scale']) ? DB_escapeString(COM_applyFilter($_POST['scale'])) : ''; $playback_option['wmode'] = isset($_POST['wmode']) ? DB_escapeString(COM_applyFilter($_POST['wmode'])) : ''; $playback_option['allowscriptaccess'] = isset($_POST['allowscriptaccess']) ? DB_escapeString(COM_applyFilter($_POST['allowscriptaccess'])) : ''; $playback_option['bgcolor'] = isset($_POST['bgcolor']) ? DB_escapeString(COM_applyFilter($_POST['bgcolor'])) : ''; $playback_option['swf_version'] = isset($_POST['swf_version']) ? COM_applyFilter($_POST['swf_version'], true) : 9; DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','play', {$playback_option['play']}"); if ($playback_option['menu'] != '') { DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','menu', {$playback_option['menu']}"); } DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','quality', '{$playback_option['quality']}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','height', {$playback_option['height']}"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','width', {$playback_option['width']}"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','flashvars', '{$playback_option['flashvars']}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','scale', '{$playback_option['scale']}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','wmode', '{$playback_option['wmode']}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','loop', '{$playback_option['loop']}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','allowscriptaccess','{$playback_option['allowscriptaccess']}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','bgcolor', '{$playback_option['bgcolor']}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id}','swf_version', '{$playback_option['swf_version']}'"); } if (isset($_POST['autoplay'])) { //quicktime $playback_option['autoplay'] = COM_applyFilter($_POST['autoplay'], true); $playback_option['autoref'] = COM_applyFilter($_POST['autoref'], true); $playback_option['controller'] = COM_applyFilter($_POST['controller'], true); $playback_option['kioskmode'] = COM_applyFilter($_POST['kioskmode'], true); $playback_option['scale'] = DB_escapeString(COM_applyFilter($_POST['scale'])); $playback_option['height'] = COM_applyFilter($_POST['height'], true); $playback_option['width'] = COM_applyFilter($_POST['width'], true); $playback_option['bgcolor'] = COM_applyFilter($_POST['bgcolor']); $playback_option['loop'] = COM_applyFilter($_POST['loop'], true); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','autoref',{$playback_option['autoref']}"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','autoplay',{$playback_option['autoplay']}"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','controller',{$playback_option['controller']}"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','kioskmode',{$playback_option['kioskmode']}"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','scale','{$playback_option['scale']}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','height',{$playback_option['height']}"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','width',{$playback_option['width']}"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','bgcolor','{$playback_option['bgcolor']}'"); DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','loop','{$playback_option['loop']}'"); } if ($attachtn == 1 && $thumbnail != '') { require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php'; $media_filename = DB_getItem($_TABLES['mg_media'], 'media_filename', 'media_id="' . $media_id . '"'); $thumbFilename = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename; MG_attachThumbnail($album_id, $thumbnail, $thumbFilename); } if ($remove_old_tn == 1) { $media_filename = DB_getItem($_TABLES['mg_media'], 'media_filename', 'media_id="' . $media_id . '"'); foreach ($_MG_CONF['validExtensions'] as $ext) { if (file_exists($_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename . $ext)) { @unlink($_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename . $ext); break; } } } if ($queue) { echo COM_refresh($_MG_CONF['site_url'] . '/admin.php?album_id=' . $album_id . '&mode=moderate'); } else { require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; MG_buildAlbumRSS($album_id); CACHE_remove_instance('whatsnew'); echo COM_refresh($actionURL); } exit; }
/** * deletes specified album and moves contents if target_id not 0 * * @param int album_id album_id to delete * @param int target_id album id of where to move the delted albums contents * @return string HTML * */ function MG_deleteAlbum($album_id, $target_id, $actionURL = '') { global $MG_albums, $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01; if ($actionURL == '') { $actionURL = $_CONF['site_admin_url'] . '/plugins/mediagallery/index.php'; } // need to check perms here... if ($MG_albums[$album_id]->access != 3) { COM_errorLog("MediaGallery: Someone has tried to illegally delete an album in Media Gallery. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1); return MG_genericError($LANG_MG00['access_denied_msg']); } if ($target_id == 0) { // Delete all images -- need to recurse through all sub-albums... MG_deleteChildAlbums($album_id); } else { // move the stuff to another album... // add a check to make sure we have edit rights to the target album... $sql = "SELECT * FROM {$_TABLES['mg_albums']} WHERE album_id=" . $target_id; $result = DB_query($sql); $nRows = DB_numRows($result); if ($nRows > 0) { $row = DB_fetchArray($result); $access = SEC_hasAccess($row['owner_id'], $row['group_id'], $row['perm_owner'], $row['perm_group'], $row['perm_members'], $row['perm_anon']); if ($access == 3 || SEC_hasRights('mediagallery.admin')) { $sql = "UPDATE " . $_TABLES['mg_media_albums'] . " SET album_id = " . $target_id . " WHERE album_id = " . $album_id; DB_query($sql); $sql = "UPDATE " . $_TABLES['mg_albums'] . " SET album_parent = " . $target_id . " WHERE album_parent=" . $album_id; DB_query($sql); $sql = "DELETE FROM " . $_TABLES['mg_albums'] . " WHERE album_id = " . $album_id; DB_query($sql); // now we need to update the last_update, media_count and thumbnail image for this album.... $dbCount = DB_count($_TABLES['mg_media_albums'], 'album_id', $target_id); DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET media_count=" . $dbCount . " WHERE album_id=" . $target_id); // now pull last_update and new thumbnail if ($MG_albums[$target_id]->album_cover == -1) { $result = DB_query("SELECT media_filename FROM {$_TABLES['mg_media']} AS m LEFT JOIN {$_TABLES['mg_media_albums']} AS ma ON m.media_id=ma.media_id WHERE ma.album_id=" . $target_id . " AND m.media_type=0 ORDER BY m.media_upload_time DESC LIMIT 1"); $nRows = DB_numRows($result); if ($nRows > 0) { $row = DB_fetchArray($result); $filename = $row['media_filename']; $sql = "UPDATE " . $_TABLES['mg_albums'] . " SET album_cover = '-1', album_cover_filename='" . $filename . "' WHERE album_id = " . $target_id; DB_query($sql); } else { $sql = "UPDATE " . $_TABLES['mg_albums'] . " SET album_cover = '-1', album_cover_filename='' WHERE album_id = " . $target_id; DB_query($sql); } } } else { COM_errorLog("MediaGallery: User attempting to move to a album that user does not have privelges too!"); return MG_genericError($LANG_MG00['access_denied_msg']); } } else { COM_errorLog("MediaGallery: Deleting Album - ERROR - Target albums does not exist"); return MG_genericError($LANG_MG00['access_denied_msg']); } } // check and see if we need to reset the member_gallery flag... if ($_MG_CONF['member_albums'] == 1 && $MG_albums[$album_id]->parent == $_MG_CONF['member_album_root']) { $result = DB_query("SELECT * FROM {$_TABLES['mg_albums']} WHERE owner_id=" . $MG_albums[$album_id]->owner_id . " AND album_parent=" . $MG_albums[$album_id]->parent); $numRows = DB_numRows($result); if ($numRows == 0) { DB_query("UPDATE {$_TABLES['mg_userprefs']} SET member_gallery=0 WHERE uid=" . $MG_albums[$album_id]->owner_id, 1); } } require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php'; MG_buildFullRSS(); if ($target_id != 0) { MG_buildAlbumRSS($target_id); } CACHE_remove_instance('whatsnew'); echo COM_refresh($actionURL); exit; }
/** * Saves a Static Page to the database * * @param sp_id string ID of static page * @param sp_uid string ID of user that created page * @param sp_title string title of page * @param sp_content string page content * @param sp_hits int Number of page views * @param sp_format string HTML or plain text * @param sp_onmenu string Flag to place entry on menu * @param sp_label string Menu Entry * @param commentcode int Comment Code * @param owner_id int Permission bits * @param group_id int * @param perm_owner int * @param perm_members int * @param perm_anon int * @param sp_php int Flag to indicate PHP usage * @param sp_nf string Flag to indicate type of not found message * @param sp_old_id string original ID of this static page * @param sp_centerblock string Flag to indicate display as a center block * @param sp_help string Help URL that displays in the block * @param sp_tid string topid id (for center block) * @param sp_where int position of center block * @param sp_inblock string Flag: wrap page in a block (or not) * */ function PAGE_submit($sp_id, $sp_status, $sp_uid, $sp_title, $sp_content, $sp_hits, $sp_format, $sp_onmenu, $sp_label, $commentcode, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $sp_php, $sp_nf, $sp_old_id, $sp_centerblock, $sp_help, $sp_tid, $sp_where, $sp_inblock, $postmode, $sp_search) { global $_CONF, $_TABLES, $LANG12, $LANG_STATIC, $_SP_CONF; $retval = ''; $args = array('sp_id' => $sp_id, 'sp_status' => $sp_status, 'sp_uid' => $sp_uid, 'sp_title' => $sp_title, 'sp_content' => $sp_content, 'sp_hits' => $sp_hits, 'sp_format' => $sp_format, 'sp_onmenu' => $sp_onmenu, 'sp_label' => $sp_label, 'commentcode' => $commentcode, 'owner_id' => $owner_id, 'group_id' => $group_id, 'perm_owner' => $perm_owner, 'perm_group' => $perm_group, 'perm_members' => $perm_members, 'perm_anon' => $perm_anon, 'sp_php' => $sp_php, 'sp_nf' => $sp_nf, 'sp_old_id' => $sp_old_id, 'sp_centerblock' => $sp_centerblock, 'sp_help' => $sp_help, 'sp_tid' => $sp_tid, 'sp_where' => $sp_where, 'sp_inblock' => $sp_inblock, 'postmode' => $postmode, 'sp_search' => $sp_search); PLG_invokeService('staticpages', 'submit', $args, $retval, $svc_msg); CACHE_remove_instance('stmenu'); return $retval; }
/** * Delete a link * * @param string $lid id of link to delete * @param string $type 'submission' when attempting to delete a submission * @return string HTML redirect * */ function LINK_delete($lid, $type = '') { global $_CONF, $_TABLES, $_USER; if (empty($type)) { // delete regular link $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid ='{$lid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); if ($access < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete link {$lid}."); return COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php'); } DB_delete($_TABLES['links'], 'lid', $lid); PLG_itemDeleted($lid, 'links'); CACHE_remove_instance('whatsnew'); return COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php?msg=3'); } elseif ($type == 'submission') { if (plugin_ismoderator_links()) { DB_delete($_TABLES['linksubmission'], 'lid', $lid); return COM_refresh($_CONF['site_admin_url'] . '/moderation.php'); } else { COM_accessLog("User {$_USER['username']} tried to illegally delete link submission {$lid}."); } } else { COM_errorLog("User {$_USER['username']} tried to illegally delete link {$lid} of type {$type}."); } return COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php'); }
switch ($action) { case 'media': require_once $_CONF['path'] . 'plugins/mediagallery/include/batch.php'; $retval .= MG_batchDeleteMedia($album_id, $_MG_CONF['site_url'] . '/album.php?aid=' . $album_id); CACHE_remove_instance('whatsnew'); break; case 'album': require_once $_CONF['path'] . 'plugins/mediagallery/include/batch.php'; $retval .= MG_deleteAlbumConfirm($album_id, $_MG_CONF['site_url'] . '/admin.php'); break; case 'confalbum': if (isset($_POST['target'])) { require_once $_CONF['path'] . 'plugins/mediagallery/include/batch.php'; $target_id = COM_applyFilter($_POST['target'], true); $retval .= MG_deleteAlbum($album_id, $target_id, $_MG_CONF['site_url'] . '/index.php'); CACHE_remove_instance('whatsnew'); } else { $retval .= MG_errorHandler($LANG_MG02['no_target_album']); } break; case 'watermark': require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php'; require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-watermark.php'; $retval .= MG_watermarkDelete(); break; } } else { $retval .= MG_invalidRequest(); } $display = MG_siteHeader(); $display .= $retval;
/** * Delete an existing static page * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @param string &svc_msg OUTPUT parameter containing any service messages * @return int Response code as defined in lib-plugins.php */ function service_delete_staticpages($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC; $output = COM_refresh($_CONF['site_admin_url'] . '/plugins/staticpages/index.php?msg=20'); if (empty($args['sp_id']) && !empty($args['id'])) { $args['sp_id'] = $args['id']; } // Apply filters to the parameters passed by the webservice if ($args['gl_svc']) { $args['sp_id'] = COM_applyBasicFilter($args['sp_id']); $args['mode'] = COM_applyBasicFilter($args['mode']); } $sp_id = $args['sp_id']; if (!SEC_hasRights('staticpages.delete')) { $output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied']); $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG_STATIC['access_denied'])); if ($_USER['uid'] > 1) { return PLG_RET_PERMISSION_DENIED; } else { return PLG_RET_AUTH_FAILED; } } // If a staticpage template, remove any use of the file if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_id}'") == 1) { $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_id}'"; $result = DB_query($sql); } DB_delete($_TABLES['staticpage'], 'sp_id', $sp_id); DB_delete($_TABLES['comments'], array('sid', 'type'), array($sp_id, 'staticpages')); TOPIC_deleteTopicAssignments('staticpages', $sp_id); PLG_itemDeleted($sp_id, 'staticpages'); // Clear Cache $cacheInstance = 'staticpage__' . $sp_id . '__'; CACHE_remove_instance($cacheInstance); return PLG_RET_OK; }
function SFS_delUsers() { global $_USER, $_CONF, $_TABLES, $LANG_SFS, $LANG28; $msg = ''; if (isset($_POST['actionitem']) and is_array($_POST['actionitem'])) { foreach ($_POST['actionitem'] as $actionitem) { $uid = COM_applyFilter($actionitem); if ($uid != 2 && $uid != $_USER['uid']) { if (defined('DVLP_VERSION')) { print "We would delete userid " . $uid . " here<br />"; } else { if (!USER_deleteAccount($uid)) { $msg .= "<strong>{$LANG28[2]} {$delitem} {$LANG28[70]}</strong><br/>\n"; } } } } } CACHE_remove_instance('mbmenu'); return $LANG_SFS['confirmation_del'] . '<br />' . $msg; }
function fncchangeDraft($id) { $pi_name = "userbox"; global $_TABLES; global $_USER; $id = COM_applyFilter($id, true); $uuid = $_USER['uid']; $sql = "UPDATE {$_TABLES['USERBOX_base']} set "; if (DB_getItem($_TABLES['USERBOX_base'], "draft_flag", "id={$id}")) { $sql .= " draft_flag = '0'"; } else { $sql .= " draft_flag = '1'"; } $sql .= ",uuid='{$uuid}' WHERE id={$id}"; DB_query($sql); $cacheInstance = 'userbox__' . $id . '__'; CACHE_remove_instance($cacheInstance); return; }
/** * Re-order all topics in steps of 10 * * @return void */ function reorderTopics() { global $_TABLES, $_TOPICS; $order = 0; $A = getTopicChildTreeArray(); foreach ($A as $B) { $order += 10; if ($B['sortnum'] != $order) { DB_query("UPDATE {$_TABLES['topics']} SET sortnum = '{$order}' WHERE tid = '{$B['tid']}'"); } } // Delete topic cache info since topics have changed $cacheInstance = 'topicsblock__'; CACHE_remove_instance($cacheInstance); $cacheInstance = 'topic_tree__'; CACHE_remove_instance($cacheInstance); // Update Topics Array to reflect any changes since not sure what is called after $_TOPICS = TOPIC_buildTree(TOPIC_ROOT, true); }
/** * article: delete a comment * * @param int $cid Comment to be deleted * @param string $id Item id to which $cid belongs * @return mixed false for failure, HTML string (redirect?) for success */ function plugin_deletecomment_article($cid, $id) { global $_CONF, $_TABLES, $_USER; $retval = ''; $has_editPermissions = SEC_hasRights('story.edit'); $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon " . "FROM {$_TABLES['stories']} WHERE sid = '" . DB_escapeString($id) . "'"); $A = DB_fetchArray($result); if ($has_editPermissions && SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']) == 3) { CMT_deleteComment($cid, $id, 'article'); $comments = DB_count($_TABLES['comments'], 'sid', DB_escapeString($id)); DB_change($_TABLES['stories'], 'comments', $comments, 'sid', DB_escapeString($id)); CACHE_remove_instance('whatsnew'); $retval .= COM_refresh(COM_buildUrl($_CONF['site_url'] . "/article.php?story={$id}") . '#comments'); } else { COM_errorLog("User {$_USER['username']} " . "did not have permissions to delete comment {$cid} from {$id}"); $retval .= COM_refresh($_CONF['site_url'] . '/index.php'); } return $retval; }