function links_save_category($cid, $old_cid, $pid, $category, $description, $tid, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_TABLES, $_USER, $LANG_LINKS, $LANG_LINKS_ADMIN, $_LI_CONF, $PLG_links_MESSAGE17; // Convert array values to numeric permission values if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } // clean 'em up $description = addslashes(COM_checkHTML(COM_checkWords($description), 'links.edit')); $category = addslashes(COM_checkHTML(COM_checkWords($category), 'links.edit')); $pid = addslashes(strip_tags($pid)); $cid = addslashes(strip_tags($cid)); $old_cid = addslashes(strip_tags($old_cid)); if (empty($category) || empty($description)) { return 7; } // Check cid to make sure not illegal if ($cid == addslashes($_LI_CONF['root']) || $cid == 'user') { return 11; } if (!empty($cid) && $cid != $old_cid) { // this is either a new category or an attempt to change the cid // - check that cid doesn't exist yet $ctrl = DB_getItem($_TABLES['linkcategories'], 'cid', "cid = '{$cid}'"); if (!empty($ctrl)) { if (isset($PLG_links_MESSAGE17)) { return 17; } else { return 11; } } } // Check that they didn't delete the cid. If so, get the hidden one if (empty($cid) && !empty($old_cid)) { $cid = $old_cid; } // Make sure they aren't making a parent category child of one of it's own // children. This would create orphans if ($cid == DB_getItem($_TABLES['linkcategories'], 'pid', "cid='{$pid}'")) { return 12; } $access = 0; if (DB_count($_TABLES['linkcategories'], 'cid', $old_cid) > 0) { // update existing item, but new cid so get access from database with old cid $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$old_cid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); // set flag $update = "existing"; } else { if (DB_count($_TABLES['linkcategories'], 'cid', $cid) > 0) { // update existing item, same cid, so get access from database with existing cid $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group, perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$cid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); // set flag $update = "same"; } else { // new item, so use passed values $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); // set flag $update = 'new'; } } if ($access < 3) { // no access rights: user should not be here COM_accessLog(sprintf($LANG_LINKS_ADMIN[60], $_USER['username'], $cid)); return 6; } else { // save item if ($update == 'existing') { // update an existing item but new cid $sql = "UPDATE {$_TABLES['linkcategories']}\n SET cid='{$cid}',\n pid='{$pid}',\n tid='{$tid}',category='{$category}',\n description='{$description}',\n modified=NOW(),\n owner_id='{$owner_id}',group_id='{$group_id}',\n perm_owner='{$perm_owner}',perm_group='{$perm_group}',\n perm_members='{$perm_members}',perm_anon='{$perm_anon}'\n WHERE cid = '{$old_cid}'"; $result = DB_query($sql); // Also need to update links for this category $sql = "UPDATE {$_TABLES['links']} SET cid='{$cid}' WHERE cid='{$old_cid}'"; $result = DB_query($sql); } else { if ($update == 'same') { // update an existing item $sql = "UPDATE {$_TABLES['linkcategories']}\n SET pid='{$pid}',\n tid='{$tid}',category='{$category}',\n description='{$description}',\n modified=NOW(),\n owner_id='{$owner_id}',group_id='{$group_id}',\n perm_owner='{$perm_owner}',perm_group='{$perm_group}',\n perm_members='{$perm_members}',perm_anon='{$perm_anon}'\n WHERE cid = '{$cid}'"; $result = DB_query($sql); } else { // insert a new item if (empty($cid)) { $cid = COM_makeSid(); } $sql = "INSERT INTO {$_TABLES['linkcategories']}\n (cid, pid, category, description, tid,\n created,modified,\n owner_id, group_id, perm_owner, perm_group,\n perm_members, perm_anon)\n VALUES\n ('{$cid}','{$pid}','{$category}',\n '{$description}','{$tid}',\n NOW(),NOW(),\n '{$owner_id}','{$group_id}','{$perm_owner}',\n '{$perm_group}','{$perm_members}','{$perm_anon}')"; $result = DB_query($sql); } } if ($update == 'existing' && $cid != $old_cid) { PLG_itemSaved($cid, 'links.category', $old_cid); } else { PLG_itemSaved($cid, 'links.category'); } } return 10; // success message }
/** * Submit static page. The page is updated if it exists, or a new one is created * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @param string &svc_msg OUTPUT parameter containing any service messages * @return int Response code as defined in lib-plugins.php */ function service_submit_staticpages($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_GROUPS, $_SP_CONF; $output = ''; if (!SEC_hasRights('staticpages.edit')) { $output = COM_siteHeader('menu', $LANG_STATIC['access_denied']); $output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied'], true); $output .= COM_siteFooter(); return PLG_RET_AUTH_FAILED; } if (defined('DEMO_MODE')) { $output = COM_siteHeader('menu'); $output .= COM_showMessageText('Option disabled in Demo Mode', 'Option disabled in Demo Mode', true); $output .= COM_siteFooter(); return PLG_REG_AUTH_FAILED; } $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit) { // This is EDIT mode, so there should be an sp_old_id if (empty($args['sp_old_id'])) { if (!empty($args['id'])) { $args['sp_old_id'] = $args['id']; } else { return PLG_RET_ERROR; } if (empty($args['sp_id'])) { $args['sp_id'] = $args['sp_old_id']; } } } else { if (empty($args['sp_id']) && !empty($args['id'])) { $args['sp_id'] = $args['id']; } } if (empty($args['sp_uid'])) { $args['sp_uid'] = $_USER['uid']; } if (empty($args['sp_title']) && !empty($args['title'])) { $args['sp_title'] = $args['title']; } if (empty($args['sp_content']) && !empty($args['content'])) { $args['sp_content'] = $args['content']; } if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) { $args['sp_tid'] = $args['category'][0]; } if (!isset($args['owner_id'])) { $args['owner_id'] = $_USER['uid']; } if (empty($args['group_id'])) { $args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']); } $args['sp_id'] = COM_sanitizeID($args['sp_id']); if (!$gl_edit) { if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) { if (function_exists('WS_makeId')) { $args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH); } else { $args['sp_id'] = COM_makeSid(); } } } // Apply filters to the parameters passed by the webservice if ($args['gl_svc']) { $par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode'); $par_num = array('sp_uid', 'sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode', 'sp_search', 'sp_status'); foreach ($par_str as $str) { if (isset($args[$str])) { $args[$str] = COM_applyBasicFilter($args[$str]); } else { $args[$str] = ''; } } foreach ($par_num as $num) { if (isset($args[$num])) { $args[$num] = COM_applyBasicFilter($args[$num], true); } else { $args[$num] = 0; } } } // START: Staticpages defaults if ($args['sp_status'] != 1) { $args['sp_status'] = 0; } if (empty($args['sp_format'])) { $args['sp_format'] = 'allblocks'; } if (empty($args['sp_tid'])) { $args['sp_tid'] = 'all'; } if ($args['sp_where'] < 0 || $args['sp_where'] > 4) { $args['sp_where'] = 0; } if ($args['sp_php'] < 0 || $args['sp_php'] > 2) { $args['sp_php'] = 0; } if ($args['commentcode'] < -1 || $args['commentcode'] > 1) { $args['commentcode'] = $_CONF['comment_code']; } if ($args['sp_search'] != 1) { $args['sp_search'] = 0; } if ($args['gl_svc']) { // Permissions if (!isset($args['perm_owner'])) { $args['perm_owner'] = $_SP_CONF['default_permissions'][0]; } else { $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true); } if (!isset($args['perm_group'])) { $args['perm_group'] = $_SP_CONF['default_permissions'][1]; } else { $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true); } if (!isset($args['perm_members'])) { $args['perm_members'] = $_SP_CONF['default_permissions'][2]; } else { $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true); } if (!isset($args['perm_anon'])) { $args['perm_anon'] = $_SP_CONF['default_permissions'][3]; } else { $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true); } if (!isset($args['sp_onmenu'])) { $args['sp_onmenu'] = ''; } else { if ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) { $svc_msg['error_desc'] = 'Menu label missing'; return PLG_RET_ERROR; } } if (empty($args['sp_content'])) { $svc_msg['error_desc'] = 'No content'; return PLG_RET_ERROR; } if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') { $args['sp_inblock'] = 'on'; } if (empty($args['sp_centerblock'])) { $args['sp_centerblock'] = ''; } } // END: Staticpages defaults $sp_id = $args['sp_id']; $sp_status = $args['sp_status']; $sp_uid = $args['sp_uid']; $sp_title = $args['sp_title']; $sp_content = $args['sp_content']; $sp_hits = $args['sp_hits']; $sp_format = $args['sp_format']; $sp_onmenu = $args['sp_onmenu']; $sp_label = ''; if (!empty($args['sp_label'])) { $sp_label = $args['sp_label']; } $commentcode = $args['commentcode']; $owner_id = $args['owner_id']; $group_id = $args['group_id']; $perm_owner = $args['perm_owner']; $perm_group = $args['perm_group']; $perm_members = $args['perm_members']; $perm_anon = $args['perm_anon']; $sp_php = $args['sp_php']; $sp_nf = ''; if (!empty($args['sp_nf'])) { $sp_nf = $args['sp_nf']; } $sp_old_id = $args['sp_old_id']; $sp_centerblock = $args['sp_centerblock']; $sp_help = ''; if (!empty($args['sp_help'])) { $sp_help = $args['sp_help']; } $sp_tid = $args['sp_tid']; $sp_where = $args['sp_where']; $sp_inblock = $args['sp_inblock']; $postmode = $args['postmode']; $sp_search = $args['sp_search']; if ($gl_edit && !empty($args['gl_etag'])) { // First load the original staticpage to check if it has been modified $o = array(); $s = array(); $r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s); if ($r == PLG_RET_OK) { if ($args['gl_etag'] != $o['updated']) { $svc_msg['error_desc'] = 'A more recent version of the staticpage is available'; return PLG_RET_PRECONDITION_FAILED; } } else { $svc_msg['error_desc'] = 'The requested staticpage no longer exists'; return PLG_RET_ERROR; } } // Check for unique page ID $duplicate_id = false; $delete_old_page = false; if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) { if ($sp_id != $sp_old_id) { $duplicate_id = true; } } elseif (!empty($sp_old_id)) { if ($sp_id != $sp_old_id) { $delete_old_page = true; } } if ($duplicate_id) { $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']); $output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2); if (!$args['gl_svc']) { $output .= PAGE_edit($sp_id); } $output .= COM_siteFooter(); $svc_msg['error_desc'] = 'Duplicate ID'; return PLG_RET_ERROR; } elseif (!empty($sp_title) && !empty($sp_content)) { if (empty($sp_hits)) { $sp_hits = 0; } if ($sp_onmenu == 'on') { $sp_onmenu = 1; } else { $sp_onmenu = 0; } if ($sp_nf == 'on') { $sp_nf = 1; } else { $sp_nf = 0; } if ($sp_centerblock == 'on') { $sp_centerblock = 1; } else { $sp_centerblock = 0; } if ($sp_inblock == 'on') { $sp_inblock = 1; } else { $sp_inblock = 0; } // Clean up the text if ($_SP_CONF['censor'] == 1) { $sp_content = COM_checkWords($sp_content); $sp_title = COM_checkWords($sp_title); } if ($_SP_CONF['filter_html'] == 1) { $sp_content = COM_checkHTML($sp_content, 'staticpages.edit'); } $sp_title = strip_tags($sp_title); $sp_label = strip_tags($sp_label); $sp_content = DB_escapeString($sp_content); $sp_title = DB_escapeString($sp_title); $sp_label = DB_escapeString($sp_label); // If user does not have php edit perms, then set php flag to 0. if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) { $sp_php = 0; } // make sure there's only one "entire page" static page per topic if ($sp_centerblock == 1 && $sp_where == 0) { $sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE sp_centerblock = 1 AND sp_where = 0 AND sp_tid = '" . DB_escapeString($sp_tid) . "'"; // multi-language configuration - allow one entire page // centerblock for all or none per language if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) { $ids = explode('_', $sp_id); if (count($ids) > 1) { $lang_id = array_pop($ids); $sql .= " AND sp_id LIKE '%\\_" . DB_escapeString($lang_id) . "'"; } } DB_query($sql); } $formats = array('allblocks', 'blankpage', 'leftblocks', 'rightblocks', 'noblocks'); if (!in_array($sp_format, $formats)) { $sp_format = 'allblocks'; } if (!$args['gl_svc']) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } DB_save($_TABLES['staticpage'], 'sp_id,sp_status,sp_uid,sp_title,sp_content,sp_date,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode,sp_search', "'{$sp_id}',{$sp_status}, {$sp_uid},'{$sp_title}','{$sp_content}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}',{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}',{$sp_search}"); if ($delete_old_page && !empty($sp_old_id)) { DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id); DB_change($_TABLES['comments'], 'sid', DB_escapeString($sp_id), array('sid', 'type'), array(DB_escapeString($sp_old_id), 'staticpages')); PLG_itemDeleted($sp_old_id, 'staticpages'); } PLG_itemSaved($sp_id, 'staticpages'); $url = COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $sp_id); $output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages'); $svc_msg['id'] = $sp_id; return PLG_RET_OK; } else { $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']); $output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2); if (!$args['gl_svc']) { $output .= PAGE_edit($sp_id); } $output .= COM_siteFooter(); return PLG_RET_ERROR; } }
/** * Shows poll editor * * Diplays the poll editor form * * @param string $pid ID of poll to edit * @return string HTML for poll editor form * */ function editpoll($pid = '') { global $_CONF, $_PO_CONF, $_GROUPS, $_TABLES, $_USER, $LANG25, $LANG_ACCESS, $LANG_ADMIN, $MESSAGE, $LANG_POLLS; $retval = ''; if (!empty($pid)) { $topic = DB_query("SELECT * FROM {$_TABLES['polltopics']} WHERE pid='{$pid}'"); $T = DB_fetchArray($topic); // Get permissions for poll $access = SEC_hasAccess($T['owner_id'], $T['group_id'], $T['perm_owner'], $T['perm_group'], $T['perm_members'], $T['perm_anon']); if ($access == 0 or $access == 2) { // User doesn't have access...bail $retval .= COM_startBlock($LANG25[21], '', COM_getBlockTemplate('_msg_block', 'header')); $retval .= $LANG25[22]; $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}."); return $retval; } } // writing the menu on top require_once $_CONF['path_system'] . 'lib-admin.php'; $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/plugins/polls/index.php', 'text' => $LANG_ADMIN['list_all']), array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home'])); $token = SEC_createToken(); $retval .= COM_startBlock($LANG25[5], '', COM_getBlockTemplate('_admin_block', 'header')); $retval .= ADMIN_createMenu($menu_arr, $LANG_POLLS['editinstructions'], plugin_geticon_polls()); $retval .= SEC_getTokenExpiryNotice($token); $poll_templates = new Template($_CONF['path'] . 'plugins/polls/templates/admin/'); $poll_templates->set_file(array('editor' => 'polleditor.thtml', 'question' => 'pollquestions.thtml', 'answer' => 'pollansweroption.thtml')); $poll_templates->set_var('xhtml', XHTML); $poll_templates->set_var('site_url', $_CONF['site_url']); $poll_templates->set_var('site_admin_url', $_CONF['site_admin_url']); $poll_templates->set_var('layout_url', $_CONF['layout_url']); if (!empty($pid) and $access == 3 and !empty($T['owner_id'])) { $delbutton = '<input type="submit" value="' . $LANG_ADMIN['delete'] . '" name="mode"%s' . XHTML . '>'; $jsconfirm = ' onclick="return confirm(\'' . $MESSAGE[76] . '\');"'; $poll_templates->set_var('delete_option', sprintf($delbutton, $jsconfirm)); $poll_templates->set_var('delete_option_no_confirmation', sprintf($delbutton, '')); } else { $T['pid'] = COM_makeSid(); $T['topic'] = ''; $T['meta_description'] = ''; $T['meta_keywords'] = ''; $T['voters'] = 0; $T['display'] = 1; $T['is_open'] = 1; $T['hideresults'] = 0; $T['owner_id'] = $_USER['uid']; if (isset($_GROUPS['Polls Admin'])) { $T['group_id'] = $_GROUPS['Polls Admin']; } else { $T['group_id'] = SEC_getFeatureGroup('polls.edit'); } SEC_setDefaultPermissions($T, $_PO_CONF['default_permissions']); $T['statuscode'] = 0; $T['commentcode'] = $_CONF['comment_code']; $access = 3; } $poll_templates->set_var('lang_pollid', $LANG25[6]); $poll_templates->set_var('poll_id', $T['pid']); $poll_templates->set_var('lang_donotusespaces', $LANG25[7]); $poll_templates->set_var('lang_topic', $LANG25[9]); $poll_templates->set_var('poll_topic', htmlspecialchars($T['topic'])); $poll_templates->set_var('lang_mode', $LANG25[1]); $poll_templates->set_var('lang_metadescription', $LANG_ADMIN['meta_description']); $poll_templates->set_var('lang_metakeywords', $LANG_ADMIN['meta_keywords']); if (!empty($T['meta_description'])) { $poll_templates->set_var('meta_description', $T['meta_description']); } if (!empty($T['meta_keywords'])) { $poll_templates->set_var('meta_keywords', $T['meta_keywords']); } $poll_templates->set_var('status_options', COM_optionList($_TABLES['statuscodes'], 'code,name', $T['statuscode'])); $poll_templates->set_var('comment_options', COM_optionList($_TABLES['commentcodes'], 'code,name', $T['commentcode'])); $poll_templates->set_var('lang_appearsonhomepage', $LANG25[8]); $poll_templates->set_var('lang_openforvoting', $LANG25[33]); $poll_templates->set_var('lang_hideresults', $LANG25[37]); $poll_templates->set_var('poll_hideresults_explain', $LANG25[38]); $poll_templates->set_var('poll_topic_info', $LANG25[39]); if ($T['display'] == 1) { $poll_templates->set_var('poll_display', 'checked="checked"'); } if ($T['is_open'] == 1) { $poll_templates->set_var('poll_open', 'checked="checked"'); } if ($T['hideresults'] == 1) { $poll_templates->set_var('poll_hideresults', 'checked="checked"'); } // user access info $poll_templates->set_var('lang_accessrights', $LANG_ACCESS['accessrights']); $poll_templates->set_var('lang_owner', $LANG_ACCESS['owner']); $ownername = COM_getDisplayName($T['owner_id']); $poll_templates->set_var('owner_username', DB_getItem($_TABLES['users'], 'username', "uid = {$T['owner_id']}")); $poll_templates->set_var('owner_name', $ownername); $poll_templates->set_var('owner', $ownername); $poll_templates->set_var('owner_id', $T['owner_id']); $poll_templates->set_var('lang_group', $LANG_ACCESS['group']); $poll_templates->set_var('group_dropdown', SEC_getGroupDropdown($T['group_id'], $access)); $poll_templates->set_var('lang_permissions', $LANG_ACCESS['permissions']); $poll_templates->set_var('lang_permissionskey', $LANG_ACCESS['permissionskey']); $poll_templates->set_var('lang_perm_key', $LANG_ACCESS['permissionskey']); $poll_templates->set_var('permissions_editor', SEC_getPermissionsHTML($T['perm_owner'], $T['perm_group'], $T['perm_members'], $T['perm_anon'])); $poll_templates->set_var('lang_permissions_msg', $LANG_ACCESS['permmsg']); $poll_templates->set_var('lang_answersvotes', $LANG25[10]); $poll_templates->set_var('lang_save', $LANG_ADMIN['save']); $poll_templates->set_var('lang_cancel', $LANG_ADMIN['cancel']); // repeat for several questions $question_sql = "SELECT question,qid " . "FROM {$_TABLES['pollquestions']} WHERE pid='{$pid}' ORDER BY qid;"; $questions = DB_query($question_sql); include $_CONF['path_system'] . 'classes/navbar.class.php'; $navbar = new navbar(); for ($j = 0; $j < $_PO_CONF['maxquestions']; $j++) { $display_id = $j + 1; if ($j > 0) { $poll_templates->set_var('style', 'style="display:none;"'); } else { $poll_templates->set_var('style', ''); } $navbar->add_menuitem($LANG25[31] . " {$display_id}", "showhidePollsEditorDiv(\"{$j}\",{$j},{$_PO_CONF['maxquestions']});return false;", true); $Q = DB_fetchArray($questions); $poll_templates->set_var('question_text', $Q['question']); $poll_templates->set_var('question_id', $j); $poll_templates->set_var('lang_question', $LANG25[31] . " {$display_id}"); $poll_templates->set_var('lang_saveaddnew', $LANG25[32]); // answers $answer_sql = "SELECT answer,aid,votes,remark " . "FROM {$_TABLES['pollanswers']} WHERE qid='{$j}' AND pid='{$pid}' ORDER BY aid"; $answers = DB_query($answer_sql); for ($i = 0; $i < $_PO_CONF['maxanswers']; $i++) { if (isset($answers)) { $A = DB_fetchArray($answers); $poll_templates->set_var('answer_text', htmlspecialchars($A['answer'])); $poll_templates->set_var('answer_votes', $A['votes']); $poll_templates->set_var('remark_text', $A['remark']); } else { $poll_templates->set_var('answer_text', ''); $poll_templates->set_var('answer_votes', ''); $poll_templates->set_var('remark_text', ''); } $poll_templates->parse('answer_option', 'answer', true); } $poll_templates->parse('question_list', 'question', true); $poll_templates->clear_var('answer_option'); } $navbar->set_selected($LANG25[31] . " 1"); $poll_templates->set_var('navbar', $navbar->generate()); $poll_templates->set_var('gltoken_name', CSRF_TOKEN); $poll_templates->set_var('gltoken', $token); $poll_templates->parse('output', 'editor'); $retval .= $poll_templates->finish($poll_templates->get_var('output')); $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')); return $retval; }
/** * Submit static page. The page is updated if it exists, or a new one is created * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @param string &svc_msg OUTPUT parameter containing any service messages * @return int Response code as defined in lib-plugins.php */ function service_submit_staticpages($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_GROUPS, $_SP_CONF; if (!$_CONF['disable_webservices']) { require_once $_CONF['path_system'] . 'lib-webservices.php'; } $output = ''; if (!SEC_hasRights('staticpages.edit')) { $output = COM_siteHeader('menu', $LANG_STATIC['access_denied']); $output .= COM_startBlock($LANG_STATIC['access_denied'], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $LANG_STATIC['access_denied_msg']; $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= COM_siteFooter(); return PLG_RET_AUTH_FAILED; } $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit) { // This is EDIT mode, so there should be an sp_old_id if (empty($args['sp_old_id'])) { if (!empty($args['id'])) { $args['sp_old_id'] = $args['id']; } else { return PLG_RET_ERROR; } if (empty($args['sp_id'])) { $args['sp_id'] = $args['sp_old_id']; } } } else { if (empty($args['sp_id']) && !empty($args['id'])) { $args['sp_id'] = $args['id']; } } if (empty($args['sp_title']) && !empty($args['title'])) { $args['sp_title'] = $args['title']; } if (empty($args['sp_content']) && !empty($args['content'])) { $args['sp_content'] = $args['content']; } if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) { $args['sp_tid'] = $args['category'][0]; } if (!isset($args['owner_id'])) { $args['owner_id'] = $_USER['uid']; } if (empty($args['group_id'])) { $args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']); } $args['sp_id'] = COM_sanitizeID($args['sp_id']); if (!$gl_edit) { if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) { $slug = ''; if (isset($args['slug'])) { $slug = $args['slug']; } if (function_exists('WS_makeId')) { $args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH); } else { $args['sp_id'] = COM_makeSid(); } } } // Apply filters to the parameters passed by the webservice if ($args['gl_svc']) { $par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode'); $par_num = array('sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode'); foreach ($par_str as $str) { if (isset($args[$str])) { $args[$str] = COM_applyBasicFilter($args[$str]); } else { $args[$str] = ''; } } foreach ($par_num as $num) { if (isset($args[$num])) { $args[$num] = COM_applyBasicFilter($args[$num], true); } else { $args[$num] = 0; } } } // START: Staticpages defaults if (empty($args['sp_format'])) { $args['sp_format'] = 'allblocks'; } if (empty($args['sp_tid'])) { $args['sp_tid'] = 'all'; } if ($args['sp_where'] < 0 || $args['sp_where'] > 3) { $args['sp_where'] = 0; } if ($args['sp_php'] < 0 || $args['sp_php'] > 2) { $args['sp_php'] = 0; } if ($args['commentcode'] < -1 || $args['commentcode'] > 1) { $args['commentcode'] = $_CONF['comment_code']; } if ($args['gl_svc']) { // Permissions if (!isset($args['perm_owner'])) { $args['perm_owner'] = $_SP_CONF['default_permissions'][0]; } else { $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true); } if (!isset($args['perm_group'])) { $args['perm_group'] = $_SP_CONF['default_permissions'][1]; } else { $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true); } if (!isset($args['perm_members'])) { $args['perm_members'] = $_SP_CONF['default_permissions'][2]; } else { $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true); } if (!isset($args['perm_anon'])) { $args['perm_anon'] = $_SP_CONF['default_permissions'][3]; } else { $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true); } if (!isset($args['sp_onmenu'])) { $args['sp_onmenu'] = ''; } elseif ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) { $svc_msg['error_desc'] = 'Menu label missing'; return PLG_RET_ERROR; } if (empty($args['sp_content'])) { $svc_msg['error_desc'] = 'No content'; return PLG_RET_ERROR; } if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') { $args['sp_inblock'] = 'on'; } if (empty($args['sp_centerblock'])) { $args['sp_centerblock'] = ''; } if (empty($args['draft_flag']) && $_SP_CONF['draft_flag'] == '1') { $args['draft_flag'] = 'on'; } if (empty($args['template_flag'])) { $args['template_flag'] = ''; } if (empty($args['template_id'])) { $args['template_id'] = ''; } } // END: Staticpages defaults $sp_id = $args['sp_id']; $sp_title = $args['sp_title']; $sp_page_title = $args['sp_page_title']; $sp_content = $args['sp_content']; $sp_hits = $args['sp_hits']; $sp_format = $args['sp_format']; $sp_onmenu = $args['sp_onmenu']; $sp_label = ''; if (!empty($args['sp_label'])) { $sp_label = $args['sp_label']; } $meta_description = $args['meta_description']; $meta_keywords = $args['meta_keywords']; $commentcode = $args['commentcode']; $owner_id = $args['owner_id']; $group_id = $args['group_id']; $perm_owner = $args['perm_owner']; $perm_group = $args['perm_group']; $perm_members = $args['perm_members']; $perm_anon = $args['perm_anon']; $sp_php = $args['sp_php']; $sp_nf = ''; if (!empty($args['sp_nf'])) { $sp_nf = $args['sp_nf']; } $sp_old_id = $args['sp_old_id']; $sp_centerblock = $args['sp_centerblock']; $draft_flag = $args['draft_flag']; $template_flag = $args['template_flag']; $template_id = $args['template_id']; $sp_help = ''; if (!empty($args['sp_help'])) { $sp_help = $args['sp_help']; } $sp_tid = $args['sp_tid']; $sp_where = $args['sp_where']; $sp_inblock = $args['sp_inblock']; $postmode = $args['postmode']; if ($gl_edit && !empty($args['gl_etag'])) { // First load the original staticpage to check if it has been modified $o = array(); $s = array(); $r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s); if ($r == PLG_RET_OK) { if ($args['gl_etag'] != $o['updated']) { $svc_msg['error_desc'] = 'A more recent version of the staticpage is available'; return PLG_RET_PRECONDITION_FAILED; } } else { $svc_msg['error_desc'] = 'The requested staticpage no longer exists'; return PLG_RET_ERROR; } } // Check for unique page ID $duplicate_id = false; $delete_old_page = false; if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) { if ($sp_id != $sp_old_id) { $duplicate_id = true; } } elseif (!empty($sp_old_id)) { if ($sp_id != $sp_old_id) { $delete_old_page = true; } } if ($duplicate_id) { $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']); $output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2); if (!$args['gl_svc']) { $output .= staticpageeditor($sp_id); } $output .= COM_siteFooter(); $svc_msg['error_desc'] = 'Duplicate ID'; return PLG_RET_ERROR; } elseif (!empty($sp_title) && !empty($sp_content)) { if (empty($sp_hits)) { $sp_hits = 0; } if ($sp_onmenu == 'on') { $sp_onmenu = 1; } else { $sp_onmenu = 0; } if ($sp_nf == 'on') { $sp_nf = 1; } else { $sp_nf = 0; } if ($sp_centerblock == 'on') { $sp_centerblock = 1; } else { $sp_centerblock = 0; } if ($sp_inblock == 'on') { $sp_inblock = 1; } else { $sp_inblock = 0; } if ($draft_flag == 'on') { $draft_flag = 1; } else { $draft_flag = 0; } if ($template_flag == 'on') { $template_flag = 1; } else { $template_flag = 0; } // Remove any autotags the user doesn't have permission to use $sp_content = PLG_replaceTags($sp_content, '', true); // Clean up the text if ($_SP_CONF['censor'] == 1) { $sp_content = COM_checkWords($sp_content); $sp_title = COM_checkWords($sp_title); } if ($_SP_CONF['filter_html'] == 1) { $sp_content = COM_checkHTML($sp_content, 'staticpages.edit'); } $sp_title = strip_tags($sp_title); $sp_page_title = strip_tags($sp_page_title); $sp_label = strip_tags($sp_label); $meta_description = strip_tags($meta_description); $meta_keywords = strip_tags($meta_keywords); $sp_content = addslashes($sp_content); $sp_title = addslashes($sp_title); $sp_page_title = addslashes($sp_page_title); $sp_label = addslashes($sp_label); $meta_description = addslashes($meta_description); $meta_keywords = addslashes($meta_keywords); // If user does not have php edit perms, then set php flag to 0. if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) { $sp_php = 0; } // If marked as a template then set id to nothing and other default settings if ($template_flag == 1) { $template_id = ''; $sp_onmenu = 0; $sp_label = ""; $sp_centerblock = 0; $sp_php = 0; $sp_inblock = 0; $sp_nf = 0; $sp_hits = 0; $meta_description = ""; $meta_keywords = ""; } else { // See if it was a template before, if so and option changed, remove use from other pages if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_old_id}'") == 1) { $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_old_id}'"; $result = DB_query($sql); } if ($template_id != '') { // If using a template, make sure php disabled $sp_php = 0; // Double check template id exists and is still a template $perms = SP_getPerms(); if (!empty($perms)) { $perms = ' AND ' . $perms; } if (DB_getItem($_TABLES['staticpage'], 'COUNT(sp_id)', "sp_id = '{$template_id}' AND template_flag = 1 AND (draft_flag = 0)" . $perms) == 0) { $template_id = ''; } } } // make sure there's only one "entire page" static page per topic if ($sp_centerblock == 1 && $sp_where == 0) { $sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE (sp_centerblock = 1) AND (sp_where = 0) AND (sp_tid = '{$sp_tid}') AND (draft_flag = 0)"; // if we're in a multi-language setup, we need to allow one "entire // page" centerblock for 'all' or 'none' per language if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) { $ids = explode('_', $sp_id); if (count($ids) > 1) { $lang_id = array_pop($ids); $sql .= " AND sp_id LIKE '%\\_{$lang_id}'"; } } DB_query($sql); } $formats = array('allblocks', 'blankpage', 'leftblocks', 'noblocks'); if (!in_array($sp_format, $formats)) { $sp_format = 'allblocks'; } if (!$args['gl_svc']) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } // Retrieve created date $datecreated = DB_getItem($_TABLES['staticpage'], 'created', "sp_id = '{$sp_id}'"); if ($datecreated == '') { $datecreated = date('Y-m-d H:i:s'); } DB_save($_TABLES['staticpage'], 'sp_id,sp_title,sp_page_title, sp_content,created,modified,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode', "'{$sp_id}','{$sp_title}','{$sp_page_title}','{$sp_content}','{$datecreated}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}','{$meta_description}','{$meta_keywords}',{$template_flag},'{$template_id}',{$draft_flag},{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}'"); if ($delete_old_page && !empty($sp_old_id)) { // If a template and the id changed, update any staticpages that use it if ($template_flag == 1) { $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '{$sp_id}' WHERE template_id = '{$sp_old_id}'"; $result = DB_query($sql); } DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id); } if (empty($sp_old_id) || $sp_id == $sp_old_id) { if (!$template_flag) { PLG_itemSaved($sp_id, 'staticpages'); } else { // If template then have to notify of all pages that use this template that a change to the page happened $sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'"; $result = DB_query($sql); while ($A = DB_fetchArray($result)) { PLG_itemSaved($A['sp_id'], 'staticpages'); } } } else { DB_change($_TABLES['comments'], 'sid', addslashes($sp_id), array('sid', 'type'), array(addslashes($sp_old_id), 'staticpages')); if (!$template_flag) { PLG_itemSaved($sp_id, 'staticpages', $sp_old_id); } else { // If template then have to notify of all pages that use this template that a change to the page happened $sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'"; $result = DB_query($sql); while ($A = DB_fetchArray($result)) { PLG_itemSaved($A['sp_id'], 'staticpages'); } } } $url = COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . $sp_id); $output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages', 19); $svc_msg['id'] = $sp_id; return PLG_RET_OK; } else { $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']); $output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2); if (!$args['gl_svc']) { $output .= staticpageeditor($sp_id); } $output .= COM_siteFooter(); return PLG_RET_ERROR; } }
/** * Create a new ID, preferrably from a provided 'Slug:' header * * For more information on the 'Slug:' header, see RFC 5023, section 9.7 * * @param string $slug Content of the 'Slug:' header * @param int $max_length max. length of the created ID * @return string new ID * @link http://tools.ietf.org/html/rfc5023#section-9.7 * */ function WS_makeId($slug = '', $max_length = 40) { $sid = COM_makeSid(); if (strpos($slug, '%') !== false) { // we'll end up removing most of the %-encoded characters anyway ... $slug = ''; } $slug = trim($slug); if (!empty($slug)) { // make it more ID-like $slug = str_replace(' ', '-', $slug); $slug = strtolower($slug); $id = COM_sanitizeID($slug . '-' . $sid); if (strlen($id) > $max_length) { // 'slug-sid' would make for nicer IDs but if we have to shorten // them, they're probably not unique any more. So swap order. $id = $sid . '-' . $slug; } } else { $id = $sid; } return substr(COM_sanitizeID($id), 0, $max_length); }
/** * Submit a new or updated story. The story is updated if it exists, or a new one is created * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @return int Response code as defined in lib-plugins.php */ function service_submit_story($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS; if (!SEC_hasRights('story.edit')) { $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30])); return PLG_RET_AUTH_FAILED; } require_once $_CONF['path_system'] . 'lib-comment.php'; if (!$_CONF['disable_webservices']) { require_once $_CONF['path_system'] . 'lib-webservices.php'; } $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit) { /* This is EDIT mode, so there should be an old sid */ if (empty($args['old_sid'])) { if (!empty($args['id'])) { $args['old_sid'] = $args['id']; } else { return PLG_RET_ERROR; } if (empty($args['sid'])) { $args['sid'] = $args['old_sid']; } } } else { if (empty($args['sid']) && !empty($args['id'])) { $args['sid'] = $args['id']; } } // Store the first CATEGORY as the Topic ID if (!empty($args['category'][0])) { $args['tid'] = $args['category'][0]; } $content = ''; if (!empty($args['content'])) { $content = $args['content']; } else { if (!empty($args['summary'])) { $content = $args['summary']; } } if (!empty($content)) { $parts = explode('[page_break]', $content); if (count($parts) == 1) { $args['introtext'] = $content; $args['bodytext'] = ''; } else { $args['introtext'] = array_shift($parts); $args['bodytext'] = implode('[page_break]', $parts); } } // Apply filters to the parameters passed by the webservice if ($args['gl_svc']) { if (isset($args['mode'])) { $args['mode'] = COM_applyBasicFilter($args['mode']); } if (isset($args['editopt'])) { $args['editopt'] = COM_applyBasicFilter($args['editopt']); } } // - START: Set all the defaults - /* if (empty($args['tid'])) { // see if we have a default topic $topic = DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND')); if (!empty($topic)) { $args['tid'] = $topic; } else { // otherwise, just use the first one $o = array(); $s = array(); if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) { $args['tid'] = $o[0]; } else { $svc_msg['error_desc'] = 'No topics available'; return PLG_RET_ERROR; } } } */ /* This is a solution for above but the above has issues if (!TOPIC_checkTopicSelectionControl()) { $svc_msg['error_desc'] = 'No topics selected or available'; return PLG_RET_ERROR; } */ if (empty($args['owner_id'])) { $args['owner_id'] = $_USER['uid']; } if (empty($args['group_id'])) { $args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']); } if (empty($args['postmode'])) { $args['postmode'] = $_CONF['postmode']; if (!empty($args['content_type'])) { if ($args['content_type'] == 'text') { $args['postmode'] = 'text'; } else { if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') { $args['postmode'] = 'html'; } } } } if ($args['gl_svc']) { // Permissions if (!isset($args['perm_owner'])) { $args['perm_owner'] = $_CONF['default_permissions_story'][0]; } else { $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true); } if (!isset($args['perm_group'])) { $args['perm_group'] = $_CONF['default_permissions_story'][1]; } else { $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true); } if (!isset($args['perm_members'])) { $args['perm_members'] = $_CONF['default_permissions_story'][2]; } else { $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true); } if (!isset($args['perm_anon'])) { $args['perm_anon'] = $_CONF['default_permissions_story'][3]; } else { $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true); } if (!isset($args['draft_flag'])) { $args['draft_flag'] = $_CONF['draft_flag']; } if (empty($args['frontpage'])) { $args['frontpage'] = $_CONF['frontpage']; } if (empty($args['show_topic_icon'])) { $args['show_topic_icon'] = $_CONF['show_topic_icon']; } } // - END: Set all the defaults - // TEST CODE /* foreach ($args as $k => $v) { if (!is_array($v)) { echo "$k => $v\r\n"; } else { echo "$k => $v\r\n"; foreach ($v as $k1 => $v1) { echo " $k1 => $v1\r\n"; } } }*/ // exit (); // END TEST CODE if (!isset($args['sid'])) { $args['sid'] = ''; } $args['sid'] = COM_sanitizeID($args['sid']); if (!$gl_edit) { if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) { $slug = ''; if (isset($args['slug'])) { $slug = $args['slug']; } if (function_exists('WS_makeId')) { $args['sid'] = WS_makeId($slug, STORY_MAX_ID_LENGTH); } else { $args['sid'] = COM_makeSid(); } } } $story = new Story(); $gl_edit = false; if (isset($args['gl_edit'])) { $gl_edit = $args['gl_edit']; } if ($gl_edit && !empty($args['gl_etag'])) { // First load the original story to check if it has been modified $result = $story->loadFromDatabase($args['sid']); if ($result == STORY_LOADED_OK) { if ($args['gl_etag'] != date('c', $story->_date)) { $svc_msg['error_desc'] = 'A more recent version of the story is available'; return PLG_RET_PRECONDITION_FAILED; } } else { $svc_msg['error_desc'] = 'Error loading story'; return PLG_RET_ERROR; } } // This function is also doing the security checks $result = $story->loadFromArgsArray($args); $sid = $story->getSid(); // Check if topics selected if not prompt required field if ($result == STORY_LOADED_OK) { if (!TOPIC_checkTopicSelectionControl()) { $result = STORY_EMPTY_REQUIRED_FIELDS; } } switch ($result) { case STORY_DUPLICATE_SID: $output .= COM_errorLog($LANG24[24], 2); if (!$args['gl_svc']) { $output .= storyeditor($sid); } $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[5])); return PLG_RET_ERROR; break; case STORY_EXISTING_NO_EDIT_PERMISSION: $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}."); return PLG_RET_PERMISSION_DENIED; break; case STORY_NO_ACCESS_PARAMS: $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}."); return PLG_RET_PERMISSION_DENIED; break; case STORY_EMPTY_REQUIRED_FIELDS: $output .= COM_errorLog($LANG24[31], 2); if (!$args['gl_svc']) { $output .= storyeditor($sid); } $output = COM_createHTMLDocument($output); return PLG_RET_ERROR; break; default: break; } /* Image upload is not supported by the web-service at present */ if (!$args['gl_svc']) { // Delete any images if needed if (array_key_exists('delete', $args)) { $delete = count($args['delete']); for ($i = 1; $i <= $delete; $i++) { $ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete'])); STORY_deleteImage($ai_filename); DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete'])); next($args['delete']); } } // OK, let's upload any pictures with the article if (DB_count($_TABLES['article_images'], 'ai_sid', $sid) > 0) { $index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '{$sid}'") + 1; } else { $index_start = 1; } if (count($_FILES) > 0 && $_CONF['maximagesperarticle'] > 0) { require_once $_CONF['path_system'] . 'classes/upload.class.php'; $upload = new Upload(); if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) { $upload->setLogFile($_CONF['path'] . 'logs/error.log'); $upload->setDebug(true); } $upload->setMaxFileUploads($_CONF['maximagesperarticle']); if (!empty($_CONF['image_lib'])) { if ($_CONF['image_lib'] == 'imagemagick') { // Using imagemagick $upload->setMogrifyPath($_CONF['path_to_mogrify']); } elseif ($_CONF['image_lib'] == 'netpbm') { // using netPBM $upload->setNetPBM($_CONF['path_to_netpbm']); } elseif ($_CONF['image_lib'] == 'gdlib') { // using the GD library $upload->setGDLib(); } $upload->setAutomaticResize(true); if ($_CONF['keep_unscaled_image'] == 1) { $upload->keepOriginalImage(true); } else { $upload->keepOriginalImage(false); } if (isset($_CONF['jpeg_quality'])) { $upload->setJpegQuality($_CONF['jpeg_quality']); } } $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png')); if (!$upload->setPath($_CONF['path_images'] . 'articles')) { $output = COM_showMessageText($upload->printErrors(false), $LANG24[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30])); echo $output; exit; } // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will // force any images bigger than the passed dimensions to be resized. // If mogrify is not set, any images larger than these dimensions // will get validation errors $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']); $upload->setMaxFileSize($_CONF['max_image_size']); // size in bytes, 1048576 = 1MB // Set file permissions on file after it gets uploaded (number is in octal) $upload->setPerms('0644'); $filenames = array(); $end_index = $index_start + $upload->numFiles() - 1; for ($z = $index_start; $z <= $end_index; $z++) { $curfile = current($_FILES); if (!empty($curfile['name'])) { $pos = strrpos($curfile['name'], '.') + 1; $fextension = substr($curfile['name'], $pos); $filenames[] = $sid . '_' . $z . '.' . $fextension; } next($_FILES); } $upload->setFileNames($filenames); reset($_FILES); $upload->uploadFiles(); if ($upload->areErrors()) { $retval = COM_showMessageText($upload->printErrors(false), $LANG24[30]); $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30])); echo $retval; exit; } reset($filenames); for ($z = $index_start; $z <= $end_index; $z++) { DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('{$sid}', {$z}, '" . current($filenames) . "')"); next($filenames); } } if ($_CONF['maximagesperarticle'] > 0) { $errors = $story->checkAttachedImages(); if (count($errors) > 0) { $output .= COM_startBlock($LANG24[54], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $LANG24[55] . LB . '<ul>' . LB; foreach ($errors as $err) { $output .= '<li>' . $err . '</li>' . LB; } $output .= '</ul>' . LB; $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= storyeditor($sid); $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[54])); echo $output; exit; } } } $result = $story->saveToDatabase(); if ($result == STORY_SAVED) { // see if any plugins want to act on that story if (!empty($args['old_sid']) && $args['old_sid'] != $sid) { PLG_itemSaved($sid, 'article', $args['old_sid']); } else { PLG_itemSaved($sid, 'article'); } // update feed(s) COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid); COM_rdfUpToDateCheck('comment'); STORY_updateLastArticlePublished(); CMT_updateCommentcodes(); if ($story->type == 'submission') { $output = COM_refresh($_CONF['site_admin_url'] . '/moderation.php?msg=9'); } else { $output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9); } /* @TODO Set the object id here */ $svc_msg['id'] = $sid; return PLG_RET_OK; } }
/** * Saves link to the database * * @param string $lid ID for link * @param string $old_lid old ID for link * @param string $cid cid of category link belongs to * @param string $categorydd Category links belong to * @param string $url URL of link to save * @param string $description Description of link * @param string $title Title of link * @param int $hits Number of hits for link * @param int $owner_id ID of owner * @param int $group_id ID of group link belongs to * @param int $perm_owner Permissions the owner has * @param int $perm_group Permissions the group has * @param int $perm_members Permissions members have * @param int $perm_anon Permissions anonymous users have * @return string HTML redirect or error message * @global array core config vars * @global array core group data * @global array core table data * @global array core user data * @global array core msg data * @global array links plugin lang admin vars * */ function savelink($lid, $old_lid, $cid, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF; $retval = ''; // Convert array values to numeric permission values if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } // Remove any autotags the user doesn't have permission to use $description = PLG_replaceTags($description, '', true); // clean 'em up $description = DB_escapeString(COM_checkHTML(COM_checkWords($description), 'links.edit')); $title = DB_escapeString(strip_tags(COM_checkWords($title))); $cid = DB_escapeString($cid); if (empty($owner_id)) { // this is new link from admin, set default values $owner_id = $_USER['uid']; if (isset($_GROUPS['Links Admin'])) { $group_id = $_GROUPS['Links Admin']; } else { $group_id = SEC_getFeatureGroup('links.edit'); } $perm_owner = 3; $perm_group = 2; $perm_members = 2; $perm_anon = 2; } $lid = COM_sanitizeID($lid); $old_lid = COM_sanitizeID($old_lid); if (empty($lid)) { if (empty($old_lid)) { $lid = COM_makeSid(); } else { $lid = $old_lid; } } // check for link id change if (!empty($old_lid) && $lid != $old_lid) { // check if new lid is already in use if (DB_count($_TABLES['links'], 'lid', $lid) > 0) { // TBD: abort, display editor with all content intact again $lid = $old_lid; // for now ... } } $access = 0; $old_lid = DB_escapeString($old_lid); if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]); $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30])); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}."); COM_output($display); exit; } elseif (!empty($title) && !empty($description) && !empty($url)) { if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) { $cid = DB_escapeString($categorydd); } else { if ($categorydd != $LANG_LINKS_ADMIN[7]) { echo COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php'); } } DB_delete($_TABLES['linksubmission'], 'lid', $old_lid); DB_delete($_TABLES['links'], 'lid', $old_lid); DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$lid}','{$cid}','{$url}','{$description}','{$title}',NOW(),'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"); if (empty($old_lid) || $old_lid == $lid) { PLG_itemSaved($lid, 'links'); } else { PLG_itemSaved($lid, 'links', $old_lid); } // Get category for rdf check $category = DB_getItem($_TABLES['linkcategories'], "category", "cid='{$cid}'"); COM_rdfUpToDateCheck('links', $category, $lid); return PLG_afterSaveSwitch($_LI_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/links/portal.php?what=link&item={$lid}"), 'links', 2); } else { // missing fields $retval .= COM_errorLog($LANG_LINKS_ADMIN[10], 2); if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) { $retval .= editlink('edit', $old_lid); } else { $retval .= editlink('edit', ''); } $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LINKS_ADMIN[1])); return $retval; } }
/** * Save the current order to the database */ public function Save() { global $_TABLES, $_PP_CONF; if ($this->isNew) { // Shouldn't have an empty order ID, but double-check if ($this->order_id == '') { $this->order_id = COM_makeSid(); } if ($this->billto_name == '') { $this->billto_name = COM_getDisplayName($this->uid); } $_SESSION[PP_CART_VAR]['order_id'] = $this->order_id; $sql1 = "INSERT INTO {$_TABLES['paypal.orders']} SET \r\n order_id='{$this->order_id}', \r\n order_date = '{$this->order_date}', \r\n uid = '" . (int) $this->uid . "', "; $sql2 = ''; $log_msg = 'Order Created'; } else { $sql1 = "UPDATE {$_TABLES['paypal.orders']} SET "; $sql2 = " WHERE order_id = '{$this->order_id}'"; $log_msg = 'Order Updated'; } $fields = array("status = '{$this->status}'", "pmt_txn_id = '" . DB_escapeString($this->pmt_txn_id) . "'", "pmt_method = '" . DB_escapeString($this->pmt_method) . "'", "phone = '" . DB_escapeString($this->phone) . "'", "tax = '{$this->tax}'", "shipping = '{$this->shipping}'", "handling = '{$this->handling}'", "instructions = '" . DB_escapeString($this->instructions) . "'", "buyer_email = '" . DB_escapeString($this->buyer_email) . "'"); foreach ($this->_addr_fields as $fld) { $fields[] = $fld . "='" . DB_escapeString($this->{$fld}) . "'"; } $sql = $sql1 . implode(', ', $fields) . $sql2; //echo $sql;die; DB_query($sql); if (!DB_error()) { $this->Log($log_msg); } $this->isNew = false; return $this->order_id; }
/** * Provide a form to edit a new or existing ad. * @param array $A Array of ad data for edit form * @param string $mode Edit mode * @param boolean $admin True for administrator edit, false for normal * @return string HTML for ad edit form */ function adEdit($A, $mode = 'edit', $admin = false) { global $_TABLES, $LANG_ADVT, $_CONF, $_CONF_ADVT, $LANG_ADMIN, $_USER, $LANG_ACCESS, $_GROUPS, $LANG12, $LANG24, $MESSAGE, $LANG_postmodes; USES_classifieds_class_adtype(); // Determine if this user is an admin. Deprecates the $admin parameter. $admin = SEC_hasRights($_CONF_ADVT['pi_name'] . '.admin') ? 1 : 0; // only valid users allowed if (COM_isAnonUser() || $_CONF_ADVT['usercanedit'] == 0 && !$admin) { return CLASSIFIEDS_errorMsg($LANG_ADVT['no_permission'], 'alert', $LANG_ADVT['access_denied']); } // We know that we need to have categories, so make sure some exist // before even trying to display the form. The category dropdown is // created later since it needs the existing cat_id, if any. if (DB_count($_TABLES['ad_category']) < 1) { return CLASSIFIEDS_errorMsg($LANG_ADVT['no_categories'], 'info'); } $time = time(); // used to compare now with expiration date if ($admin) { $T = new Template(CLASSIFIEDS_PI_PATH . '/templates/admin'); $T->set_file('adedit', "adminedit.thtml"); $action_url = CLASSIFIEDS_ADMIN_URL . '/index.php'; } else { $T = new Template(CLASSIFIEDS_PI_PATH . '/templates'); $T->set_file('adedit', "submitform.thtml"); $action_url = CLASSIFIEDS_URL . '/index.php'; } // Set up the wysiwyg editor, if available switch (PLG_getEditorType()) { case 'ckeditor': $T->set_var('show_htmleditor', true); PLG_requestEditor('classifieds', 'classifieds_entry', 'ckeditor_classifieds.thtml'); PLG_templateSetVars('classifieds_entry', $T); break; case 'tinymce': $T->set_var('show_htmleditor', true); PLG_requestEditor('classifieds', 'classifieds_entry', 'tinymce_classifieds.thtml'); PLG_templateSetVars('classifieds_entry', $T); break; default: // don't support others right now $T->set_var('show_htmleditor', false); break; } switch ($mode) { case 'editsubmission': case 'moderate': $savemode = 'savesubmission'; $delete_img = 'delsubimg'; $delete_ad = 'deletesubmission'; $type = 'moderate'; $saveoption = $LANG_ADMIN['moderate']; $cancel_url = $_CONF['site_admin_url'] . '/moderation.php'; break; case 'edit': $savemode = 'savesubmission'; $delete_img = 'delsubimg'; $delete_ad = 'deletesubmission'; $saveoption = $LANG_ADMIN['save']; $type = 'submission'; $cancel_url = $action_url; break; case 'update_ad': default: $savemode = 'update_ad'; $delete_img = 'delete_img'; $delete_ad = 'delete_ad'; $saveoption = $LANG_ADMIN['save']; $type = ''; $cancel_url = $action_url; break; } // Admins (only) use this form for submissions as well as edits, // so we need to expect an empty array. if (empty($A['ad_id'])) { if (!$admin) { return CLASSIFIEDS_errorMsg($LANG_ADVT['no_permission'], 'alert', $LANG_ADVT['access_denied']); } $A['ad_id'] = COM_makeSid(); $A['subject'] = ''; $A['descript'] = ''; $A['price'] = ''; $A['url'] = ''; $A['exp_date'] = ''; $A['add_date'] = time(); $A['ad_type'] = 0; $A['perm_owner'] = $_CONF_ADVT['default_permissions'][0]; $A['perm_group'] = $_CONF_ADVT['default_permissions'][1]; $A['perm_members'] = $_CONF_ADVT['default_permissions'][2]; $A['perm_anon'] = $_CONF_ADVT['default_permissions'][3]; $A['uid'] = $_USER['uid']; if (isset($_REQUEST['cat'])) { $A['cat_id'] = intval($_REQUEST['cat']); } else { $A['cat_id'] = 0; } $catsql = "SELECT cat_id,perm_anon,keywords\n FROM {$_TABLES['ad_category']} "; if ($A['cat_id'] > 0) { $catsql .= "WHERE cat_id = {$A['cat_id']} "; } else { $catsql .= "ORDER BY cat_name ASC "; } $catsql .= "LIMIT 1"; $r = DB_query($catsql, 1); if ($r && DB_numRows($r) > 0) { $row = DB_fetchArray($r, false); $A['cat_id'] = $row['cat_id']; $A['keywords'] = trim($row['keywords']); } else { $A['cat_id'] = 0; $A['keywords'] = ''; } $A['owner_id'] = $_USER['uid']; // Set ad owner to current user for new ads $A['group_id'] = isset($_GROUPS['classifieds Admin']) ? $_GROUPS['classifieds Admin'] : SEC_getFeatureGroup('classifieds.edit'); $A['exp_sent'] = 0; // set expiration & duration info for a new ad $T->set_var('expiration_date', $LANG_ADVT['runfor']); // "run for: X days" $comments_enabled = $_CONF_ADVT['commentsupport'] == 1 ? 0 : 1; $T->set_var("sel_{$comments_enabled}", 'selected'); if ($_CONF_ADVT['purchase_enabled']) { USES_classifieds_class_userinfo(); $User = new adUserInfo(); $T->set_var('days', min($_CONF_ADVT['default_duration'], $User->getMaxDays())); } else { $T->set_var('days', $_CONF_ADVT['default_duration']); } $photocount = 0; // No photos yet with a new ad } else { // This is an existing ad with values already in $A $T->set_var('expiration_date', $LANG_ADVT['expiration']); $T->set_var('days', '0'); // Disable the perm_anon checkbox if it's disabled by the category. if (!$admin && DB_getItem($_TABLES['ad_category'], 'perm_anon', "cat_id='{$A['cat_id']}'") == '0') { $T->set_var('vis_disabled', 'disabled'); } // get the photo information $sql = "SELECT photo_id, filename \n FROM {$_TABLES['ad_photo']} \n WHERE ad_id='{$A['ad_id']}'"; $photo = DB_query($sql, 1); // save the count of photos for later use if ($photo) { $photocount = DB_numRows($photo); } else { $photocount = 0; } $comments_enabled = (int) $A['comments_enabled']; $T->set_var("sel_{$comments_enabled}", 'selected'); } // Get the max image size in MB and set the message $img_max = $_CONF['max_image_size'] / 1048576; // Show in MB // Sanitize entries from the database $A['subject'] = htmlspecialchars($A['subject']); $A['descript'] = htmlspecialchars($A['descript']); $A['keywords'] = htmlspecialchars($A['keywords']); $A['price'] = htmlspecialchars($A['price']); $A['url'] = htmlspecialchars($A['url']); $A['ad_type'] = (int) $A['ad_type']; // set expiration & duration based on existing info if ($A['exp_date'] == '') { $T->set_var('row_exp_date', ''); } else { if ($A['exp_date'] < $time) { $T->set_var('already_expired', $LANG_ADVT['already_expired']); } else { $T->set_var('row_exp_date', date("d M Y", $A['exp_date'])); } } $T->set_var(array('post_options' => $post_options, 'change_editormode' => 'onchange="change_editmode(this);"', 'glfusionStyleBasePath' => $_CONF['site_url'] . '/fckeditor', 'gltoken_name' => CSRF_TOKEN, 'gltoken' => SEC_createToken(), 'has_delbtn' => 'true', 'txt_photo' => "{$LANG_ADVT['photo']}<br />" . sprintf($LANG_ADVT['image_max'], $img_max), 'type' => $type, 'action_url' => $action_url, 'max_file_size' => $_CONF['max_image_size'], 'row_cat_id' => $A['cat_id'], 'row_ad_id' => $A['ad_id'], 'row_subject' => $A['subject'], 'row_descript' => $A['descript'], 'row_price' => $A['price'], 'row_url' => $A['url'], 'keywords' => $A['keywords'], 'exp_date' => $A['exp_date'], 'add_date' => $A['add_date'], 'ad_type_selection' => AdType::makeSelection($A['ad_type']), 'sel_list_catid' => CLASSIFIEDS_buildCatSelection($A['cat_id']), 'saveoption' => $saveoption, 'cancel_url' => $cancel_url)); // set expiration & duration based on existing info if ($A['exp_date'] == '') { $T->set_var('row_exp_date', ''); } else { if ($A['exp_date'] < $time) { $T->set_var('already_expired', $LANG_ADVT['already_expired']); } else { $T->set_var('row_exp_date', date("d M Y", $A['exp_date'])); } } // Set up permission editor on the admin template if needed. // Otherwise, set hidden values with existing permissions if ($admin) { // Set up owner selection $T->set_var(array('ownerselect' => CLASSIFIEDS_userDropdown($A['owner_id']), 'permissions_editor' => SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']), 'group_dropdown' => SEC_getGroupDropdown($A['group_id'], 3))); } else { $ownername = COM_getDisplayName($A['owner_id']); $T->set_var(array('owner_id' => $A['owner_id'], 'ownername' => $ownername, 'perm_owner' => $A['perm_owner'], 'perm_group' => $A['perm_group'], 'perm_members' => $A['perm_members'], 'perm_anon' => $A['perm_anon'], 'group_id' => $A['group_id'])); if ($A['perm_anon'] == 2) { $T->set_var('perm_anon_chk', 'checked'); } } // Set up the photo fields. Use $photocount defined above. // If there are photos, read the $photo result. Otherwise, // or if this is a new ad, just clear the photo area $T->set_block('adedit', 'PhotoRow', 'PRow'); $i = 0; if ($photocount > 0) { while ($prow = DB_fetchArray($photo, false)) { $i++; $T->set_var(array('img_url' => LGLIB_ImageUrl(CLASSIFIEDS_IMGPATH . '/' . $prow['filename'], $_CONF_ADVT['img_max_width'], $_CONF_ADVT['img_max_height']), 'thumb_url' => LGLIB_ImageUrl(CLASSIFIEDS_IMGPATH . '/' . $prow['filename'], $_CONF_ADVT['thumb_max_size'], $_CONF_ADVT['thumb_max_size']), 'seq_no' => $i, 'ad_id' => $A['ad_id'], 'del_img_url' => $action_url . "?mode={$delete_img}&mid={$prow['photo_id']}" . "&id={$A['ad_id']}")); $T->parse('PRow', 'PhotoRow', true); } } else { $T->parse('PRow', ''); } // add upload fields for unused images $T->set_block('adedit', 'UploadFld', 'UFLD'); for ($j = $i; $j < $_CONF_ADVT['imagecount']; $j++) { $T->parse('UFLD', 'UploadFld', true); } $T->parse('output', 'adedit'); return $T->finish($T->get_var('output')); }
/** * Loads the basic details of an article into the internal * variables, cleaning them up nicely. * @access Private * @param $array Array of POST/GET data (by ref). * @return Nothing. */ function _loadBasics(&$array) { /* For the really, really basic stuff, we can very easily load them * based on an array that defines how to COM_applyFilter them. */ foreach ($this->_postFields as $key => $value) { $vartype = $value[0]; $varname = $value[1]; // If we have a value if (array_key_exists($key, $array)) { // And it's alphanumeric or numeric, filter it and use it. if ($vartype == STORY_AL_ALPHANUM || $vartype == STORY_AL_NUMERIC) { $this->{$varname} = COM_applyFilter($array[$key], $vartype); } elseif ($vartype == STORY_AL_ANYTHING) { $this->{$varname} = $array[$key]; } elseif ($array[$key] === 'on' || $array[$key] === 1) { // If it's a checkbox that is on $this->{$varname} = 1; } else { // Otherwise, it must be a checkbox that is off: $this->{$varname} = 0; } } elseif ($vartype == STORY_AL_NUMERIC || $vartype == STORY_AL_CHECKBOX) { // If we don't have a value, and have a numeric or text box, default to 0 $this->{$varname} = 0; } } // SID's are a special case: $sid = COM_sanitizeID($array['sid']); if (isset($array['old_sid'])) { $oldsid = COM_sanitizeID($array['old_sid'], false); } else { $oldsid = ''; } if (empty($sid)) { $sid = $oldsid; } if (empty($sid)) { $sid = COM_makeSid(); } $this->_sid = $sid; $this->_originalSid = $oldsid; /* Need to deal with the postdate and expiry date stuff */ $publish_ampm = ''; if (isset($array['publish_ampm'])) { $publish_ampm = COM_applyFilter($array['publish_ampm']); } $publish_hour = 0; if (isset($array['publish_hour'])) { $publish_hour = COM_applyFilter($array['publish_hour'], true); } $publish_minute = 0; if (isset($array['publish_minute'])) { $publish_minute = COM_applyFilter($array['publish_minute'], true); } $publish_second = 0; if (isset($array['publish_second'])) { $publish_second = COM_applyFilter($array['publish_second'], true); } if ($publish_ampm == 'pm') { if ($publish_hour < 12) { $publish_hour = $publish_hour + 12; } } if ($publish_ampm == 'am' and $publish_hour == 12) { $publish_hour = '00'; } $publish_year = 0; if (isset($array['publish_year'])) { $publish_year = COM_applyFilter($array['publish_year'], true); } $publish_month = 0; if (isset($array['publish_month'])) { $publish_month = COM_applyFilter($array['publish_month'], true); } $publish_day = 0; if (isset($array['publish_day'])) { $publish_day = COM_applyFilter($array['publish_day'], true); } $this->_date = strtotime("{$publish_month}/{$publish_day}/{$publish_year} {$publish_hour}:{$publish_minute}:{$publish_second}"); $archiveflag = 0; if (isset($array['archiveflag'])) { $archiveflag = COM_applyFilter($array['archiveflag'], true); } /* Override status code if no archive flag is set: */ if ($archiveflag != 1) { $this->_statuscode = 0; } if (array_key_exists('expire_ampm', $array)) { $expire_ampm = COM_applyFilter($array['expire_ampm']); $expire_hour = COM_applyFilter($array['expire_hour'], true); $expire_minute = COM_applyFilter($array['expire_minute'], true); $expire_second = COM_applyFilter($array['expire_second'], true); $expire_year = COM_applyFilter($array['expire_year'], true); $expire_month = COM_applyFilter($array['expire_month'], true); $expire_day = COM_applyFilter($array['expire_day'], true); if ($expire_ampm == 'pm') { if ($expire_hour < 12) { $expire_hour = $expire_hour + 12; } } if ($expire_ampm == 'am' and $expire_hour == 12) { $expire_hour = '00'; } $expiredate = strtotime("{$expire_month}/{$expire_day}/{$expire_year} {$expire_hour}:{$expire_minute}:{$expire_second}"); } else { $expiredate = time(); } $this->_expire = $expiredate; // comment expire time if (isset($array['cmt_close_flag'])) { $cmt_close_ampm = COM_applyFilter($array['cmt_close_ampm']); $cmt_close_hour = COM_applyFilter($array['cmt_close_hour'], true); $cmt_close_minute = COM_applyFilter($array['cmt_close_minute'], true); $cmt_close_second = COM_applyFilter($array['cmt_close_second'], true); $cmt_close_year = COM_applyFilter($array['cmt_close_year'], true); $cmt_close_month = COM_applyFilter($array['cmt_close_month'], true); $cmt_close_day = COM_applyFilter($array['cmt_close_day'], true); if ($cmt_close_ampm == 'pm') { if ($cmt_close_hour < 12) { $cmt_close_hour = $cmt_close_hour + 12; } } if ($cmt_close_ampm == 'am' and $cmt_close_hour == 12) { $cmt_close_hour = '00'; } $cmt_close_date = strtotime("{$cmt_close_month}/{$cmt_close_day}/{$cmt_close_year} {$cmt_close_hour}:{$cmt_close_minute}:{$cmt_close_second}"); $this->_comment_expire = $cmt_close_date; } else { $this->_comment_expire = 0; } /* Then grab the permissions */ // Convert array values to numeric permission values if (is_array($array['perm_owner']) || is_array($array['perm_group']) || is_array($array['perm_members']) || is_array($array['perm_anon'])) { list($this->_perm_owner, $this->_perm_group, $this->_perm_members, $this->_perm_anon) = SEC_getPermissionValues($array['perm_owner'], $array['perm_group'], $array['perm_members'], $array['perm_anon']); } else { $this->_perm_owner = $array['perm_owner']; $this->_perm_group = $array['perm_group']; $this->_perm_members = $array['perm_members']; $this->_perm_anon = $array['perm_anon']; } }
/** * Perform the upgrade starting at the current version. * * @since version 0.4.0 * @return integer Error code, 0 for success */ function PAYPAL_do_upgrade() { global $_TABLES, $_CONF, $_PP_CONF, $_PP_DEFAULTS, $PP_UPGRADE, $_PLUGIN_INFO; if (isset($_PLUGIN_INFO[$_PP_CONF['pi_name']])) { $current_ver = $_PLUGIN_INFO[$_PP_CONF['pi_name']]; } else { return false; } // Get the config instance, several upgrades might need it $c = config::get_instance(); if (!COM_checkVersion($current_ver, '0.2')) { // upgrade to 0.2.2 $current_ver = '0.2.2'; if (!PAYPAL_do_upgrade_sql($current_ver)) { return false; } if (!PAYPAL_do_set_version($current_ver)) { return false; } } if (!COM_checkVersion($current_ver, '0.4.0')) { // upgrade to 0.4.0 $current_ver = '0.4.0'; if (!PAYPAL_do_upgrade_sql($current_ver)) { return false; } if (!plugin_initconfig_paypal()) { return false; } // Migrate existing categories to the new category table $r = DB_query("SELECT DISTINCT category\n FROM {$_TABLES['paypal.products']}\n WHERE category <> '' and category IS NOT NULL"); if (DB_error()) { COM_errorLog("Could not retrieve old categories", 1); return false; } if (DB_numRows($r) > 0) { while ($A = DB_fetchArray($r, false)) { DB_query("INSERT INTO {$_TABLES['paypal.categories']}\n (cat_name)\n VALUES ('{$A['category']}')"); if (DB_error()) { COM_errorLog("Could not add new category {$A['category']}", 1); return false; } $cats[$A['category']] = DB_insertID(); } // Now populate the cross-reference table $r = DB_query("SELECT id, category\n FROM {$_TABLES['paypal.products']}"); if (DB_error()) { COM_errorLog("Error retrieving category data from products", 1); return false; } if (DB_numRows($r) > 0) { while ($A = DB_fetchArray($r, false)) { DB_query("UPDATE {$_TABLES['paypal.products']}\n SET cat_id = '{$cats[$A['category']]}'\n WHERE id = '{$A['id']}'"); if (DB_error()) { COM_errorLog("Error updating prodXcat table", 1); return false; } } } DB_query("ALTER TABLE {$_TABLES['paypal.products']}\n DROP category"); } // Add buttons to the product records or they won't be shown. // Old paypal version always has buy_now and add_cart buttons. $buttons = serialize(array('buy_now' => '', 'add_cart' => '')); DB_query("UPDATE {$_TABLES['paypal.products']} \n SET buttons='{$buttons}',\n dt_add = UNIX_TIMESTAMP()"); // Finally, rename any existing config.php file since we now use // the online configuration. $pi_path = $_CONF['path'] . '/plugins/' . $_PP_CONF['pi_name']; if (is_file($pi_path . '/config.php')) { COM_errorLog("Renaming old config.php file to {$pi_path}/config.old.php", 1); if (!rename($pi_path . '/config.php', $pi_path . '/config.old.php')) { COM_errorLog("Failed to rename old config.php file. Manual intervention needed", 1); } } if (!PAYPAL_do_set_version($current_ver)) { return false; } } if (!COM_checkVersion($current_ver, '0.4.1')) { // upgrade to 0.4.1 $current_ver = '0.4.1'; if (!PAYPAL_do_upgrade_sql($current_ver)) { return false; } if ($c->group_exists($_PP_CONF['pi_name'])) { $c->add('blk_random_limit', $_PP_DEFAULTS['blk_random_limit'], 'text', 0, 30, 2, 40, true, $_PP_CONF['pi_name']); $c->add('blk_featured_limit', $_PP_DEFAULTS['blk_featured_limit'], 'text', 0, 30, 2, 50, true, $_PP_CONF['pi_name']); $c->add('blk_popular_limit', $_PP_DEFAULTS['blk_popular_limit'], 'text', 0, 30, 2, 60, true, $_PP_CONF['pi_name']); $c->add('fs_debug', NULL, 'fieldset', 0, 50, NULL, 0, true, $_PP_CONF['pi_name']); $c->add('debug', $_PP_DEFAULTS['debug'], 'select', 0, 50, 2, 10, true, $_PP_CONF['pi_name']); } if (!PAYPAL_do_set_version($current_ver)) { return false; } } if (!COM_checkVersion($current_ver, '0.4.2')) { // upgrade to 0.4.2 $current_ver = '0.4.2'; if (!PAYPAL_do_upgrade_sql($current_ver)) { return false; } if (!PAYPAL_do_set_version($current_ver)) { return false; } } if (!COM_checkVersion($current_ver, '0.4.3')) { // upgrade to 0.4.3 // this adds a field that was possibly missing in the initial // installation, but could have been added in the 0.4.1 update. So, // an error is to be expected and ignored $current_ver = '0.4.3'; if (!PAYPAL_do_upgrade_sql($current_ver, true)) { return false; } if ($c->group_exists($_PP_CONF['pi_name'])) { $c->add('def_expiration', $_PP_DEFAULTS['def_expiration'], 'text', 0, 30, 0, 40, true, $_PP_CONF['pi_name']); } if (!PAYPAL_do_set_version($current_ver)) { return false; } } if (!COM_checkVersion($current_ver, '0.4.4')) { $current_ver = '0.4.4'; // Remove individual block selections and combine into one $displayblocks = 0; if ($_PP_CONF['leftblocks'] == 1) { $displayblocks += 1; } if ($_PP_CONF['rightblocks'] == 1) { $displayblocks += 2; } $c->del('leftblocks', 'paypal'); $c->del('rightblocks', 'paypal'); $c->add('displayblocks', $displayblocks, 'select', 0, 0, 13, 210, true, $_PP_CONF['pi_name']); $c->add('debug_ipn', $_PP_DEFAULTS['debug_ipn'], 'select', 0, 50, 2, 20, true, $_PP_CONF['pi_name']); if (!PAYPAL_do_upgrade_sql($current_ver)) { return false; } if (!PAYPAL_do_set_version($current_ver)) { return false; } } if (!COM_checkVersion($current_ver, '0.4.5')) { $current_ver = '0.4.5'; // Add notification email override $c->add('admin_email_addr', $_PP_DEFAULTS['admin_email_addr'], 'text', 0, 0, 0, 40, true, $_PP_CONF['pi_name']); if (!PAYPAL_do_upgrade_sql($current_ver)) { return false; } if (!PAYPAL_do_set_version($current_ver)) { return false; } } if (!COM_checkVersion($current_ver, '0.4.5')) { $current_ver = '0.4.5'; // Move the buy_now buttons into a separate table $sql = "SELECT id, buttons FROM {$_TABLES['paypal.products']}"; $res = DB_query($sql, 1); while ($A = DB_fetchArray($res, false)) { $id = $A['id']; $btns = @unserialize($A['buttons']); if ($btns && isset($btns['buy_now'])) { $button = DB_escapeString($btns['buy_now']); } else { $button = ''; } DB_query("INSERT INTO {$_TABLES['paypal.buttons']} VALUES\n ('{$id}', 'paypal', '{$button}')", 1); } if (!PAYPAL_do_upgrade_sql($current_ver)) { return false; } if (!PAYPAL_do_set_version($current_ver)) { return false; } } if (!COM_checkVersion($current_ver, '0.5.0')) { $current_ver = '0.5.0'; // Perform the main database upgrades // The first few lines get the schema updated for elements that // may have been missed (0.4.4 wasn't updated properly). // Errors need to be ignored for these. DB_query("ALTER TABLE {$_TABLES['paypal.products']}\n ADD options text after show_popular", 1); DB_query("ALTER TABLE {$_TABLES['paypal.purchases']}\n ADD token varchar(40) after price", 1); if (!PAYPAL_do_upgrade_sql($current_ver)) { return false; } // Move the global PayPal-specific configurations into the config table $receiver_email = DB_escapeString($_PP_CONF['receiver_email'][0]); $gwconfig = array('bus_prod_email' => $receiver_email, 'bus_test_email' => $receiver_email, 'micro_prod_email' => $receiver_email, 'micro_test_email' => $receiver_email, 'micro_threshold' => 10, 'prod_url' => 'https://www.paypal.com', 'sandbox_url' => 'https://www.sandbox.paypal.com', 'test_mode' => (int) $_PP_CONF['testing'], 'prv_key' => DB_escapeString($_PP_CONF['prv_key']), 'pub_key' => DB_escapeString($_PP_CONF['pub_key']), 'pp_cert' => DB_escapeString($_PP_CONF['pp_cert']), 'pp_cert_id' => DB_escapeString($_PP_CONF['pp_cert_id']), 'micro_cert_id' => DB_escapeString($_PP_CONF['pp_cert_id']), 'encrypt' => (int) $_PP_CONF['encrypt_buttons']); $db_config = DB_escapeString(@serialize($gwconfig)); $services = array('buy_now' => 1, 'pay_now' => 1, 'checkout' => 1, 'donation' => 1, 'subscribe' => 1, 'external' => 1); $db_services = DB_escapeString(@serialize($services)); $sql = "INSERT INTO {$_TABLES['paypal.gateways']}\n (id, orderby, enabled, description, config, services)\n VALUES\n ('paypal', 10, 1, 'Paypal Website Payments Standard',\n '{$db_config}', '{$db_services}'),\n ('amazon', 20, 0, 'Amazon SimplePay', '', '{$db_services}')"; //echo $sql;die; // ... and remove Paypal-specific configs from the main config system $c->del('receiver_email', 'paypal'); $c->del('testing', 'paypal'); $c->del('paypal_url', 'paypal'); $c->del('prod_url', 'paypal'); $c->del('use_css_menus', 'paypal'); // Just not used any more $c->del('encrypt_buttons', 'paypal'); $c->del('prv_key', 'paypal'); $c->del('pub_key', 'paypal'); $c->del('pp_cert', 'paypal'); $c->del('pp_cert_id', 'paypal'); // Add new plugin config items $c->add('fs_addresses', NULL, 'fieldset', 0, 60, NULL, 0, true, $_PP_CONF['pi_name']); $c->add('get_street', $_PP_DEFAULTS['get_street'], 'select', 0, 60, 14, 10, true, $_PP_CONF['pi_name']); $c->add('get_city', $_PP_DEFAULTS['get_city'], 'select', 0, 60, 14, 20, true, $_PP_CONF['pi_name']); $c->add('get_state', $_PP_DEFAULTS['get_state'], 'select', 0, 60, 14, 30, true, $_PP_CONF['pi_name']); $c->add('get_country', $_PP_DEFAULTS['get_country'], 'select', 0, 60, 14, 40, true, $_PP_CONF['pi_name']); $c->add('get_postal', $_PP_DEFAULTS['get_postal'], 'select', 0, 60, 14, 50, true, $_PP_CONF['pi_name']); $c->add('weight_unit', $_PP_DEFAULTS['weight_unit'], 'select', 0, 0, 15, 230, true, $_PP_CONF['pi_name']); $c->add('ena_cart', $PP_DEFAULTS['ena_cart'], 'select', 0, 0, 2, 220, true, $_PP_CONF['pi_name']); DB_query("UPDATE {$_TABLES['conf_values']}\n SET sort_order=80\n WHERE name='tmpdir'\n AND group_name='paypal'"); DB_query($sql, 1); if (DB_error()) { COM_errorLog("Error Executing SQL: {$sql}", 1); } // Convert saved buttons in the product records to simple text strings // indicating the type of button to use. Don't save the button in the // new cache table; that will be done when the button is needed. DB_query("UPDATE {$_TABLES['paypal.products']} SET buttons='buy_now'"); // Create order records and associate with the existing purchase table. // We create our own sid to try and use the original purchase date. // Since this function runs so fast, there could still be duplicate // sid's so we check for an existing sid before trying to use it. // If that happens, the order_id will just be a current sid. $sql = "SELECT * FROM {$_TABLES['paypal.purchases']}"; $res = DB_query($sql); if ($res && DB_numRows($res) > 0) { USES_paypal_class_order(); while ($A = DB_fetchArray($res, false)) { $dt_tm = explode(' ', $A['purchase_date']); list($y, $m, $d) = explode('-', $dt_tm[0]); list($h, $i, $s) = explode(':', $dt_tm[1]); $sid = $y . $m . $d . $h . $i . $s; $order_id = $sid . mt_rand(0, 999); while (DB_count($_TABLES['paypal.orders'], 'order_id', $order_id) > 0) { $order_id = COM_makeSid(); } // Discovered that the "price" field isn't filled in for the // purchase table. Read the IPN data and use mc_gross. $IPN = DB_getItem($_TABLES['paypal.ipnlog'], 'ipn_data', "txn_id = '" . DB_escapeString($A['txn_id']) . "'"); $price = 0; if (!empty($IPN)) { $data = @unserialize($IPN); if ($data && isset($data['mc_gross'])) { $price = (double) $data['mc_gross']; if (isset($data['tax'])) { $tax = (double) $data['tax']; $price -= $tax; } else { $tax = 0; } if (isset($data['shipping'])) { $shipping = (double) $data['shipping']; $price -= $shipping; } else { $shipping = 0; } if (isset($data['handling'])) { $handling = (double) $data['handling']; $price -= $handling; } else { $handling = 0; } } } $ord = new ppOrder($order_id); $ord->uid = $A['user_id']; $ord->order_date = DB_escapeString($A['purchase_date']); $ord->status = PP_STATUS_PAID; $ord->pmt_method = 'paypal'; $ord->pmt_txn_id = $A['txn_id']; $ord->tax = $tax; $ord->shipping = $shipping; $ord->handling = $handling; $order_id = $ord->Save(); // Also, split out the item number from any attributes. // Starting with 0.5.0 we store the actual item number // and options separately. // * PAYPAL_explode_opts() not available in this version * list($item_num, $options) = explode('|', $A['product_id']); if (!$options) { $options = ''; } DB_query("UPDATE {$_TABLES['paypal.purchases']} SET\n order_id = '" . DB_escapeString($order_id) . "',\n price = '{$price}',\n product_id = '" . DB_escapeString($item_num) . "',\n options = '" . DB_escapeString($options) . "'\n WHERE txn_id = '{$A['txn_id']}'"); } } if (!PAYPAL_do_set_version($current_ver)) { return false; } } if (!COM_checkVersion($current_ver, '0.5.2')) { $current_ver = '0.5.2'; $error = PAYPAL_do_upgrade_sql($current_ver); if ($error) { return $error; } $c->add('centerblock', $_PP_DEFAULTS['centerblock'], 'select', 0, 0, 2, 215, true, $_PP_CONF['pi_name']); if (!PAYPAL_do_set_version($current_ver)) { return false; } } if (!COM_checkVersion($current_ver, '0.5.4')) { $current_ver = '0.5.4'; // Addes the currency table and formatting functions if (!PAYPAL_do_upgrade_sql($current_ver)) { return false; } if (!PAYPAL_do_set_version($current_ver)) { return false; } } if (!COM_checkVersion($current_ver, '0.5.6')) { $current_ver = '0.5.6'; // SQL updates in 0.5.4 weren't included in new installation, so check // if they're done and add them to the upgrade process if not. $res = DB_query("SHOW TABLES LIKE '{$_TABLES['paypal.currency']}'", 1); if (!$res || DB_numRows($res) < 1) { // Add the table $PP_UPGRADE['0.5.6'][] = $PP_UPGRADE['0.5.4'][0]; // Populate with data $PP_UPGRADE['0.5.6'][] = $PP_UPGRADE['0.5.4'][1]; } $res = DB_query("SHOW COLUMNS FROM {$_TABLES['paypal.products']}\n LIKE 'sale_price'", 1); if (!$res || DB_numRows($res) < 1) { // Add the field to the products table $PP_UPGRADE['0.5.6'][] = $PP_UPGRADE['0.5.4'][2]; } if (!PAYPAL_do_upgrade_sql('0.5.6')) { return false; } // Add new product defaults for onhand tracking $c->add('def_track_onhand', $_PP_DEFAULTS['def_track_onhand'], 'select', 0, 30, 2, 50, true, $_PP_CONF['pi_name']); $c->add('def_oversell', $_PP_DEFAULTS['def_oversell'], 'select', 0, 30, 16, 60, true, $_PP_CONF['pi_name']); if (!PAYPAL_do_set_version($current_ver)) { return false; } } if (!COM_checkVersion($current_ver, '0.5.7')) { $current_ver = '0.5.7'; $gid = (int) DB_getItem($_TABLES['groups'], 'grp_id', "grp_name='{$_PP_CONF['pi_name']} Admin'"); if ($gid < 1) { $gid = 1; } // default to Root if paypal group not found DB_query("INSERT INTO {$_TABLES['vars']}\n SET name='paypal_gid', value={$gid}"); $c->add('product_tpl_ver', $_PP_DEFAULTS['product_tpl_ver'], 'select', 0, 30, 2, 70, true, $_PP_CONF['pi_name']); $c->add('list_tpl_ver', $_PP_DEFAULTS['list_tpl_ver'], 'select', 0, 30, 0, 80, true, $_PP_CONF['pi_name']); $c->add('cache_max_age', $_PP_DEFAULTS['cache_max_age'], 'text', 0, 40, 2, 40, true, $_PP_CONF['pi_name']); // Create cache directory if (!is_dir($_PP_DEFAULTS['tmpdir'] . 'cache')) { @mkdir($_PP_DEFAULTS['tmpdir'] . 'cache', '0755', true); } if (!PAYPAL_do_upgrade_sql($current_ver)) { return false; } if (!PAYPAL_do_set_version($current_ver)) { return false; } } if (!COM_checkVersion($current_ver, '0.5.8')) { $current_ver = '0.5.8'; // Add terms and conditions link $c->add('tc_link', $_PP_DEFAULTS['tc_link'], 'text', 0, 40, 2, 50, true, $_PP_CONF['pi_name']); // Upgrade sql changes from owner/group/member/anon perms to group id // First update the group_id based on the perms. $sql = "SELECT cat_id,group_id,perm_group,perm_members,perm_anon\n FROM {$_TABLES['paypal.categories']}"; $res = DB_query($sql, 1); while ($A = DB_fetchArray($res, false)) { if ($A['perm_anon'] >= 2) { $grp_id = 2; } elseif ($A['perm_members'] >= 2) { $grp_id = 13; } else { $grp_id = $A['group_id']; } if ($A['group_id'] != $grp_id) { $grp_id = (int) $grp_id; DB_query("UPDATE {$_TABLES['paypal.categories']}\n SET group_id = {$grp_id}\n WHERE cat_id = {$A['cat_id']}"); } } // Remove Amazon Simplepay gateway file to prevent re-enabling @unlink(PAYPAL_PI_PATH . '/classes/gateways/amazon.class.php'); if (!PAYPAL_do_upgrade_sql($current_ver, true)) { return false; } if (!PAYPAL_do_set_version($current_ver)) { return false; } } if (!COM_checkVersion($current_ver, '0.5.9')) { $current_ver = '0.5.9'; // Add shop phone and email conf values, fix subgroup ID for shop info $c->add('shop_phone', '', 'text', 10, 100, 0, 30, true, $_PP_CONF['pi_name']); $c->add('shop_email', $_PP_DEFAULTS['shop_email'], 'text', 10, 100, 0, 40, true, $_PP_CONF['pi_name']); // Create default path for downloads (even if not used) @mkdir($_CONF['path'] . 'data/' . $_PP_CONF['pi_name'] . '/files', true); // Remove stray .htaccess file that interferes with plugin removal @unlink(PAYPAL_PI_PATH . '/files/.htaccess'); if (!PAYPAL_do_upgrade_sql('0.5.9')) { return false; } if (!PAYPAL_do_set_version($current_ver)) { return false; } } CTL_clearCache($_PP_CONF['pi_name']); COM_errorLog("Successfully updated the {$_PP_CONF['pi_display_name']} Plugin", 1); return true; }
$_REQUEST['item_3'] = addslashes($_REQUEST['item_3']); $_REQUEST['item_4'] = addslashes($_REQUEST['item_4']); $_REQUEST['item_5'] = addslashes($_REQUEST['item_5']); $_REQUEST['item_6'] = addslashes($_REQUEST['item_6']); $_REQUEST['item_7'] = addslashes($_REQUEST['item_7']); $_REQUEST['item_8'] = addslashes($_REQUEST['item_8']); $_REQUEST['item_9'] = addslashes($_REQUEST['item_9']); $_REQUEST['item_10'] = addslashes($_REQUEST['item_10']); if (!empty($_REQUEST['mkid']) && $_REQUEST['submission'] != 1) { //edit mode $sql = "name = '{$_REQUEST['name']}', " . "description = '{$_REQUEST['description']}', " . "modified = '{$_REQUEST['modified']}', " . "payed = '{$_REQUEST['payed']}', " . "validity = '{$_REQUEST['validity']}', " . "validity_start = '{$_REQUEST['from']}', " . "validity_end = '{$_REQUEST['to']}', " . "active = '{$_REQUEST['active']}', " . "hidden = '{$_REQUEST['hidden']}', " . "address = '{$_REQUEST['address']}', " . "lat = '{$lat}', " . "lng = '{$lng}', " . "mk_default = '{$_REQUEST['mk_default']}', " . "mk_pcolor = '{$_REQUEST['primary_color']}', " . "mk_scolor = '{$_REQUEST['stroke_color']}', " . "mk_label = '{$_REQUEST['label']}', " . "mk_label_color = '{$_REQUEST['label_color']}', " . "mk_icon = '{$_REQUEST['mk_icon']}', " . "mid = '{$_REQUEST['mid']}', " . "remark = '{$_REQUEST['remark']}', " . "street = '{$_REQUEST['street']}', " . "city = '{$_REQUEST['city']}', " . "code = '{$_REQUEST['code']}', " . "state = '{$_REQUEST['state']}', " . "country = '{$_REQUEST['country']}', " . "tel = '{$_REQUEST['tel']}', " . "fax = '{$_REQUEST['fax']}', " . "web = '{$_REQUEST['web']}', " . "item_1 = '{$_REQUEST['item_1']}', " . "item_2 = '{$_REQUEST['item_2']}', " . "item_3 = '{$_REQUEST['item_3']}', " . "item_4 = '{$_REQUEST['item_4']}', " . "item_5 = '{$_REQUEST['item_5']}', " . "item_6 = '{$_REQUEST['item_6']}', " . "item_7 = '{$_REQUEST['item_7']}', " . "item_8 = '{$_REQUEST['item_8']}', " . "item_9 = '{$_REQUEST['item_9']}', " . "item_10 = '{$_REQUEST['item_10']}', " . "owner_id = '{$_REQUEST['owner_id']}', " . "group_id = '{$_REQUEST['group_id']}', " . "perm_owner = '{$_REQUEST['perm_owner']}', " . "perm_group = '{$_REQUEST['perm_group']}', " . "perm_members = '{$_REQUEST['perm_members']}', " . "perm_anon = '{$_REQUEST['perm_anon']}', " . "submission = '0'"; $sql = "UPDATE {$_TABLES['maps_markers']} SET {$sql} " . "WHERE mkid = {$mkid}"; } else { // create mode if ($_REQUEST['submission'] != 1) { $newmkid = addslashes(COM_makeSid()); } else { $newmkid = $mkid; } $sql = "mkid = '{$newmkid}', " . "name = '{$_REQUEST['name']}', " . "description = '{$_REQUEST['description']}', " . "created = '{$_REQUEST['created']}', " . "modified = '{$_REQUEST['modified']}', " . "payed = '{$_REQUEST['payed']}', " . "validity = '{$_REQUEST['validity']}', " . "validity_start = '{$_REQUEST['from']}', " . "validity_end = '{$_REQUEST['to']}', " . "active = '{$_REQUEST['active']}', " . "hidden = '{$_REQUEST['hidden']}', " . "address = '{$_REQUEST['address']}', " . "lat = '{$lat}', " . "lng = '{$lng}', " . "mk_default = '{$_REQUEST['mk_default']}', " . "mk_pcolor = '{$_REQUEST['primary_color']}', " . "mk_scolor = '{$_REQUEST['stroke_color']}', " . "mk_label = '{$_REQUEST['label']}', " . "mk_label_color = '{$_REQUEST['label_color']}', " . "mk_icon = '{$_REQUEST['mk_icon']}', " . "mid = '{$_REQUEST['mid']}', " . "remark = '{$_REQUEST['remark']}', " . "street = '{$_REQUEST['street']}', " . "city = '{$_REQUEST['city']}', " . "code = '{$_REQUEST['code']}', " . "state = '{$_REQUEST['state']}', " . "country = '{$_REQUEST['country']}', " . "tel = '{$_REQUEST['tel']}', " . "fax = '{$_REQUEST['fax']}', " . "web = '{$_REQUEST['web']}', " . "item_1 = '{$_REQUEST['item_1']}', " . "item_2 = '{$_REQUEST['item_2']}', " . "item_3 = '{$_REQUEST['item_3']}', " . "item_4 = '{$_REQUEST['item_4']}', " . "item_5 = '{$_REQUEST['item_5']}', " . "item_6 = '{$_REQUEST['item_6']}', " . "item_7 = '{$_REQUEST['item_7']}', " . "item_8 = '{$_REQUEST['item_8']}', " . "item_9 = '{$_REQUEST['item_9']}', " . "item_10 = '{$_REQUEST['item_10']}', " . "owner_id = '{$_REQUEST['owner_id']}', " . "group_id = '{$_REQUEST['group_id']}', " . "perm_owner = '{$_REQUEST['perm_owner']}', " . "perm_group = '{$_REQUEST['perm_group']}', " . "perm_members = '{$_REQUEST['perm_members']}', " . "perm_anon = '{$_REQUEST['perm_anon']}', " . "submission = 0"; $sql = "INSERT INTO {$_TABLES['maps_markers']} SET {$sql} "; } DB_query($sql); updateMap($_REQUEST['mid']); if ($_REQUEST['submission'] == 0) { DB_delete($_TABLES['maps_submission'], 'mkid', $mkid); } if (DB_error()) { $msg = $LANG_MAPS_1['save_fail']; } else { $msg = $LANG_MAPS_1['save_success'];
/** * Saves a poll * * Saves a poll topic and potential answers to the database * * @param string $pid Poll topic ID * @param string $old_pid Previous poll topic ID * @param array $Q Array of poll questions * @param string $mainpage Checkbox: poll appears on homepage * @param string $topic The text for the topic * @param int $statuscode (unused) * @param string $open Checkbox: poll open for voting * @param string $hideresults Checkbox: hide results until closed * @param int $commentcode Indicates if users can comment on poll * @param array $A Array of possible answers * @param array $V Array of vote per each answer * @param array $R Array of remark per each answer * @param int $owner_id ID of poll owner * @param int $group_id ID of group poll belongs to * @param int $perm_owner Permissions the owner has on poll * @param int $perm_grup Permissions the group has on poll * @param int $perm_members Permissions logged in members have on poll * @param int $perm_anon Permissions anonymous users have on poll * @return string HTML redirect or error message * */ function POLLS_save($pid, $old_pid, $Q, $mainpage, $topic, $statuscode, $open, $hideresults, $commentcode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF; $retval = ''; // Convert array values to numeric permission values list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); $pid = COM_sanitizeID($pid); $topic = $topic; $old_pid = COM_sanitizeID($old_pid); if (empty($pid)) { if (empty($old_pid)) { $pid = COM_makeSid(); } else { $pid = $old_pid; } } // check if any question was entered if (empty($topic) or count($Q) == 0 or strlen($Q[0]) == 0 or strlen($A[0][0]) == 0) { $retval .= COM_siteHeader('menu', $LANG25[5]); $retval .= COM_startBlock($LANG21[32], '', COM_getBlockTemplate('_msg_block', 'header')); $retval .= $LANG25[2]; $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $retval .= COM_siteFooter(); return $retval; } // check for poll id change if (!empty($old_pid) && $pid != $old_pid) { // check if new pid is already in use if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) { // TBD: abort, display editor with all content intact again $pid = $old_pid; // for now ... } } // start processing the poll topic if ($_POLL_VERBOSE) { COM_errorLog('**** Inside POLL_save() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); } $pid = str_replace(' ', '', $pid); // strip spaces from poll id $access = 0; if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'"); $P = DB_fetchArray($result); $access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $display .= COM_siteHeader('menu', $MESSAGE[30]); $display .= COM_startBlock($MESSAGE[30], '', COM_getBlockTemplate('_msg_block', 'header')); $display .= $MESSAGE[31]; $display .= COM_endBlock(); $display .= COM_siteFooter(COM_getBlockTemplate('_msg_block', 'footer')); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}."); echo $display; exit; } if (empty($voters)) { $voters = 0; } if ($_POLL_VERBOSE) { COM_errorLog('owner permissions: ' . $perm_owner, 1); COM_errorLog('group permissions: ' . $perm_group, 1); COM_errorLog('member permissions: ' . $perm_members, 1); COM_errorLog('anonymous permissions: ' . $perm_anon, 1); } // we delete everything and re-create it with the input from the form $del_pid = $pid; if (!empty($old_pid) && $pid != $old_pid) { $del_pid = $old_pid; // delete by old pid, create using new pid below } DB_delete($_TABLES['polltopics'], 'pid', $del_pid); DB_delete($_TABLES['pollanswers'], 'pid', $del_pid); DB_delete($_TABLES['pollquestions'], 'pid', $del_pid); $topic = DB_escapeString($topic); $k = 0; // set up a counter to make sure we do assign a straight line of question id's $v = 0; // re-count votes sine they might have been changed // first dimension of array are the questions $num_questions = count($Q); for ($i = 0; $i < $num_questions; $i++) { $Q[$i] = $Q[$i]; if (strlen($Q[$i]) > 0) { // only insert questions that exist $Q[$i] = DB_escapeString($Q[$i]); DB_save($_TABLES['pollquestions'], 'qid, pid, question', "'{$k}', '{$pid}', '{$Q[$i]}'"); // within the questions, we have another dimensions with answers, // votes and remarks $num_answers = count($A[$i]); for ($j = 0; $j < $num_answers; $j++) { $A[$i][$j] = $A[$i][$j]; if (strlen($A[$i][$j]) > 0) { // only insert answers etc that exist if (!is_numeric($V[$i][$j])) { $V[$i][$j] = "0"; } $A[$i][$j] = DB_escapeString($A[$i][$j]); $R[$i][$j] = DB_escapeString($R[$i][$j]); $sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');"; DB_query($sql); $v = $v + $V[$i][$j]; } } $k++; } } // save topics after the questions so we can include question count into table $sql = "'{$pid}','{$topic}',{$v}, {$k}, '" . date('Y-m-d H:i:s'); if ($mainpage == 'on') { $sql .= "',1"; } else { $sql .= "',0"; } if ($open == 'on') { $sql .= ",1"; } else { $sql .= ",0"; } if ($hideresults == 'on') { $sql .= ",1"; } else { $sql .= ",0"; } $sql .= ",'{$statuscode}','{$commentcode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"; // Save poll topic DB_save($_TABLES['polltopics'], "pid, topic, voters, questions, date, display, " . "is_open, hideresults, statuscode, commentcode, owner_id, group_id, " . "perm_owner, perm_group, perm_members, perm_anon", $sql); if (empty($old_pid) || $old_pid == $pid) { PLG_itemSaved($pid, 'polls'); } else { DB_change($_TABLES['comments'], 'sid', DB_escapeString($pid), array('sid', 'type'), array(DB_escapeString($old_pid), 'polls')); PLG_itemSaved($pid, 'polls', $old_pid); } if ($_POLL_VERBOSE) { COM_errorLog('**** Leaving POLL_save() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***'); } return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19); return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=19'); }
/** * Create a unique ticket ID * * @param array $A Array of values, non-indexed * @return string Ticket ID */ public static function MakeTicketId($A = array()) { /*if (empty($A)) { return NULL; } if (!is_array($A)) { $A = array($A); }*/ /* $str = 'EVT'; // some meaningless string to start foreach ($A as $val) { $str .= $val; } $str .= rand(0,100) . time(); return md5($str); */ // md5 makes a long value to put in a qrcode url. // makeSid() should be sufficient since it includes some // random characters. return COM_makeSid(); }
/** * Saves banner to the database * * @param string $bid ID for banner * @param string $old_bid old ID for banner * @param string $cid cid of category banner belongs to * @param string $categorydd Category banner belong to * @param string $url URL of banner to save * @param string $description Description of banner * @param string $title Title of banner * @param int $hits Number of hits for banner * @param int $owner_id ID of owner * @param int $group_id ID of group banner belongs to * @param int $perm_owner Permissions the owner has * @param int $perm_group Permissions the group has * @param int $perm_members Permissions members have * @param int $perm_anon Permissions anonymous users have * @return string HTML redirect or error message * @global array core config vars * @global array core group data * @global array core table data * @global array core user data * @global array core msg data * @global array banner plugin lang admin vars * */ function savebanner($bid, $old_bid, $cid, $categorydd, $url, $description, $title, $publishstart, $publishend, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon) { global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_BANNER_ADMIN, $_BAN_CONF; $retval = ''; // Convert array values to numeric permission values if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) { list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon); } // clean 'em up $description = addslashes(COM_checkHTML(COM_checkWords($description))); $title = addslashes(COM_checkHTML(COM_checkWords($title))); $cid = addslashes($cid); //$description = str_replace('<p>','',$description); //$description = str_replace('</p>','',$description); if (empty($owner_id)) { // this is new banner from admin, set default values $owner_id = $_USER['uid']; if (isset($_GROUPS['Banner Admin'])) { $group_id = $_GROUPS['Banner Admin']; } else { $group_id = SEC_getFeatureGroup('banner.edit'); } $perm_owner = 3; $perm_group = 2; $perm_members = 2; $perm_anon = 2; } if (empty($publishstart)) { $publishstart = 'NULL'; } else { $publishstart = "'" . $publishstart . "'"; } if (empty($publishend)) { $publishend = 'NULL'; } else { $publishend = "'" . $publishend . "'"; } $bid = COM_sanitizeID($bid); $old_bid = COM_sanitizeID($old_bid); if (empty($bid)) { if (empty($old_bid)) { $bid = COM_makeSid(); } else { $bid = $old_bid; } } // check for banner id change if (!empty($old_bid) && $bid != $old_bid) { // check if new bid is already in use if (DB_count($_TABLES['banner'], 'bid', $bid) > 0) { // TBD: abort, display editor with all content intact again $bid = $old_bid; // for now ... } } $access = 0; $old_bid = addslashes($old_bid); if (DB_count($_TABLES['banner'], 'bid', $old_bid) > 0) { $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['banner']} WHERE bid = '{$old_bid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); } else { $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon); } if ($access < 3 || !SEC_inGroup($group_id)) { $display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[31], $MESSAGE[30]) . COM_siteFooter(); COM_accessLog("User {$_USER['username']} tried to illegally submit or edit banner {$bid}."); echo $display; exit; } elseif (!empty($title) && !empty($description)) { if ($categorydd != $LANG_BANNER_ADMIN[7] && !empty($categorydd)) { $cid = addslashes($categorydd); } else { if ($categorydd != $LANG_BANNER_ADMIN[7]) { echo COM_refresh($_CONF['site_admin_url'] . '/plugins/banner/index.php'); } } DB_delete($_TABLES['bannersubmission'], 'bid', $old_bid); DB_delete($_TABLES['banner'], 'bid', $old_bid); DB_save($_TABLES['banner'], 'bid,cid,url,description,title,date,publishstart,publishend,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$bid}','{$cid}','{$url}','{$description}','{$title}',NOW(),{$publishstart},{$publishend},'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}"); // Get category for rdf check $category = DB_getItem($_TABLES['bannercategories'], "category", "cid='{$cid}'"); COM_rdfUpToDateCheck('banner', $category, $bid); return PLG_afterSaveSwitch($_BAN_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/banner/portal.php?what=banner&item={$bid}"), 'banner', 2); } else { // missing fields $retval .= COM_siteHeader('menu', $LANG_BANNER_ADMIN[1]); $retval .= COM_errorLog($LANG_BANNER_ADMIN[10], 2); if (DB_count($_TABLES['banner'], 'bid', $old_bid) > 0) { $retval .= editbanner('edit', $old_bid); } else { $retval .= editbanner('edit', ''); } $retval .= COM_siteFooter(); return $retval; } }