function plugin_install_captcha()
{
global $pi_name, $pi_version, $gl_version, $pi_url, $NEWTABLE, $DEFVALUES, $NEWFEATURE;
global $_TABLES, $_CONF, $LANG_CP00, $_DB_dbms;
COM_errorLog("Attempting to install the {$pi_name} Plugin", 1);
$_SQL['cp_config'] = "CREATE TABLE {$_TABLES['cp_config']} ( " . " `config_name` varchar(255) NOT NULL default '', " . " `config_value` varchar(255) NOT NULL default '', " . " PRIMARY KEY (`config_name`) " . " );";
$_SQL['cp_sessions'] = "CREATE TABLE {$_TABLES['cp_sessions']} ( " . " `session_id` varchar(40) NOT NULL default '', " . " `cptime` INT(11) NOT NULL default 0, " . " `validation` varchar(40) NOT NULL default '', " . " `counter` TINYINT(4) NOT NULL default 0, " . " PRIMARY KEY (`session_id`) " . " );";
foreach ($_SQL as $table => $sql) {
COM_errorLog("Creating {$table} table", 1);
DB_query($sql, 1);
if (DB_error()) {
COM_errorLog("Error Creating {$table} table", 1);
plugin_uninstall_captcha();
return false;
exit;
}
COM_errorLog("Success - Created {$table} table", 1);
}
$SQL_DEFAULTS = "INSERT INTO `{$_TABLES['cp_config']}` (`config_name`, `config_value`) VALUES " . " ('anonymous_only', '1'), " . " ('remoteusers','0'), " . " ('debug', '0'), " . " ('enable_comment', '0'), " . " ('enable_contact', '0'), " . " ('enable_emailstory', '0'), " . " ('enable_forum', '0'), " . " ('enable_registration', '0'), " . " ('enable_story', '0'), " . " ('gfxDriver', '2'), " . " ('gfxFormat', 'jpg'), " . " ('gfxPath', '');";
DB_query($SQL_DEFAULTS, 1);
// Register the plugin with Geeklog
COM_errorLog("Registering {$pi_name} plugin with Geeklog", 1);
DB_delete($_TABLES['plugins'], 'pi_name', 'captcha');
DB_query("INSERT INTO {$_TABLES['plugins']} (pi_name, pi_version, pi_gl_version, pi_homepage, pi_enabled) " . "VALUES ('{$pi_name}', '{$pi_version}', '{$gl_version}', '{$pi_url}', 1)");
if (DB_error()) {
COM_errorLog("Failure registering plugin with Geeklog");
plugin_uninstall_captcha();
return false;
exit;
}
// Create initial log entry
CAPTCHA_errorLog("CAPTCHA Plugin Successfully Installed");
COM_errorLog("Successfully installed the {$pi_name} Plugin!", 1);
return true;
}
/**
* Constructor
*/
function display()
{
global $_CONF, $_TABLES, $LANG_SX00;
$action = '';
if (isset($_GET['action'])) {
$action = $_GET['action'];
} elseif (isset($_POST['paction'])) {
$action = $_POST['paction'];
}
if ($action == 'delete' && SEC_checkToken()) {
$entry = $_GET['entry'];
if (!empty($entry)) {
$dbentry = addslashes($entry);
DB_delete($_TABLES['spamx'], array('name', 'value'), array('HTTPHeader', $dbentry));
}
} elseif ($action == $LANG_SX00['addentry'] && SEC_checkToken()) {
$entry = '';
$name = COM_applyFilter($_REQUEST['header-name']);
$n = explode(':', $name);
$name = $n[0];
$value = $_REQUEST['header-value'];
if (!empty($name) && !empty($value)) {
$entry = $name . ': ' . $value;
}
$dbentry = addslashes($entry);
if (!empty($entry)) {
$result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('HTTPHeader','{$dbentry}')");
}
}
$token = SEC_createToken();
$display = '<hr' . XHTML . '>' . LB . '<p><b>';
$display .= $LANG_SX00['headerblack'];
$display .= '</b></p>' . LB . '<ul>' . LB;
$result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name='HTTPHeader' ORDER BY value");
$nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
list($e) = DB_fetchArray($result);
$display .= '<li>' . COM_createLink(htmlspecialchars($e), $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditHeader&action=delete&entry=' . urlencode($e) . '&' . CSRF_TOKEN . '=' . $token) . '</li>' . LB;
}
$display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
$display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
$display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditHeader">' . LB;
$display .= '<table border="0" width="100%">' . LB;
$display .= '<tr><td align="right"><b>Header:</b></td>' . LB;
$display .= '<td><input type="text" size="40" name="header-name"' . XHTML . '> e.g. <tt>User-Agent</tt></td></tr>' . LB;
$display .= '<tr><td align="right"><b>Content:</b></td>' . LB;
$display .= '<td><input type="text" size="40" name="header-value"' . XHTML . '> e.g. <tt>Mozilla</tt></td></tr>' . LB;
$display .= '</table>' . LB;
$display .= '<p><input type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '"' . XHTML . '>';
$display .= '<input type="hidden" name="' . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . '></p>' . LB;
$display .= '</form>' . LB;
return $display;
}
/**
* Constructor
*/
function display()
{
global $_CONF, $_TABLES, $LANG_SX00;
$action = '';
if (isset($_GET['action'])) {
$action = $_GET['action'];
} elseif (isset($_POST['paction'])) {
$action = $_POST['paction'];
}
$entry = '';
if (isset($_GET['entry'])) {
$entry = COM_stripslashes($_GET['entry']);
} elseif (isset($_POST['pentry'])) {
$entry = COM_stripslashes($_POST['pentry']);
}
if ($action == 'delete' && SEC_checkToken()) {
$entry = DB_escapeString($entry);
DB_delete($_TABLES['spamx'], array('name', 'value'), array('Personal', $entry));
} elseif ($action == $LANG_SX00['addentry'] && SEC_checkToken()) {
if (!empty($entry)) {
$entry = DB_escapeString($entry);
$result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '{$entry}')");
}
} elseif ($action == $LANG_SX00['addcen'] && SEC_checkToken()) {
foreach ($_CONF['censorlist'] as $entry) {
$entry = DB_escapeString($entry);
$result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '{$entry}')");
}
}
$token = SEC_createToken();
$display = '<hr' . XHTML . '>' . LB . '<p><b>';
$display .= $LANG_SX00['pblack'];
$display .= '</b></p>' . LB . '<ul>' . LB;
$result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name = 'Personal'");
$nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
$e = $A['value'];
$display .= '<li>' . COM_createLink(htmlspecialchars($e), $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditBlackList&action=delete&entry=' . urlencode($e) . '&' . CSRF_TOKEN . '=' . $token) . '</li>' . LB;
}
$display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB;
$display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB;
$display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditBlackList">' . LB;
$display .= '<div><input type="text" size="30" name="pentry"' . XHTML . '> ';
$display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '"' . XHTML . '>' . LB;
$display .= '<p>' . $LANG_SX00['e3'] . '</p> ';
$display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addcen'] . '"' . XHTML . '>' . LB;
$display .= '<input type="hidden" name="' . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . '>' . LB;
$display .= '</div></form>' . LB;
return $display;
}
/**
* Add new config options
*
*/
function update_ConfValues()
{
global $_CONF, $_TABLES;
require_once $_CONF['path_system'] . 'classes/config.class.php';
// remove pdf_enabled option; this also makes room for new search options
DB_delete($_TABLES['conf_values'], 'name', 'pdf_enabled');
// move num_search_results options
DB_query("UPDATE {$_TABLES['conf_values']} SET sort_order = 651 WHERE sort_order = 670");
// change default for num_search_results
$thirty = addslashes(serialize(30));
DB_query("UPDATE {$_TABLES['conf_values']} SET value = '{$thirty}', default_value = '{$thirty}' WHERE name = 'num_search_results'");
// fix censormode dropdown
DB_query("UPDATE {$_TABLES['conf_values']} SET selectionArray = 18 WHERE name = 'censormode'");
$c = config::get_instance();
// new options
$c->add('jpeg_quality', 75, 'text', 5, 23, NULL, 1495, FALSE);
$c->add('advanced_html', array('img' => array('width' => 1, 'height' => 1, 'src' => 1, 'align' => 1, 'valign' => 1, 'border' => 1, 'alt' => 1)), '**placeholder', 7, 34, NULL, 1721, TRUE);
// squeeze search options between 640 (lastlogin) and 680 (loginrequired)
$c->add('fs_search', NULL, 'fieldset', 0, 6, NULL, 0, TRUE);
$c->add('search_style', 'google', 'select', 0, 6, 19, 644, TRUE);
$c->add('search_limits', '10,15,25,30', 'text', 0, 6, NULL, 647, TRUE);
// see above: $c->add('num_search_results',30,'text',0,6,NULL,651,TRUE);
$c->add('search_show_limit', TRUE, 'select', 0, 6, 1, 654, TRUE);
$c->add('search_show_sort', TRUE, 'select', 0, 6, 1, 658, TRUE);
$c->add('search_show_num', TRUE, 'select', 0, 6, 1, 661, TRUE);
$c->add('search_show_type', TRUE, 'select', 0, 6, 1, 665, TRUE);
$c->add('search_separator', ' > ', 'text', 0, 6, NULL, 668, TRUE);
$c->add('search_def_keytype', 'phrase', 'select', 0, 6, 20, 672, TRUE);
$c->add('search_use_fulltext', FALSE, 'hidden', 0, 6);
// 675
// filename mask for db backup files
$c->add('mysqldump_filename_mask', 'geeklog_db_backup_%Y_%m_%d_%H_%M_%S.sql', 'text', 0, 5, NULL, 185, TRUE);
// DOCTYPE declaration, for {doctype} in header.thtml
$c->add('doctype', 'html401strict', 'select', 2, 10, 21, 195, TRUE);
// new comment options
$c->add('comment_edit', 0, 'select', 4, 21, 0, 1680, TRUE);
$c->add('commentsubmission', 0, 'select', 4, 21, 0, 1682, TRUE);
$c->add('comment_edittime', 1800, 'text', 4, 21, NULL, 1684, TRUE);
$c->add('article_comment_close_days', 30, 'text', 4, 21, NULL, 1686, TRUE);
$c->add('comment_close_rec_stories', 0, 'text', 4, 21, NULL, 1688, TRUE);
$c->add('allow_reply_notifications', 0, 'select', 4, 21, 0, 1689, TRUE);
// cookie to store name of anonymous commenters
$c->add('cookie_anon_name', 'anon_name', 'text', 7, 30, NULL, 577, TRUE);
// enable/disable clickable links
$c->add('clickable_links', 1, 'select', 7, 31, 1, 1753, TRUE);
// experimental: compress output before sending it to the browser
$c->add('compressed_output', 0, 'select', 7, 31, 1, 1756, TRUE);
// for the X-FRAME-OPTIONS header (Clickjacking protection)
$c->add('frame_options', 'DENY', 'select', 7, 31, 22, 1758, TRUE);
return true;
}
function MG_batchDeleteSession()
{
global $_MG_CONF, $_CONF, $_TABLES;
if (!empty($_POST['sel'])) {
$numItems = count($_POST['sel']);
for ($i = 0; $i < $numItems; $i++) {
DB_delete($_TABLES['mg_session_items'], 'session_id', $_POST['sel'][$i]);
if (DB_error()) {
COM_errorLog("Media Gallery Error: Error removing session items");
}
DB_delete($_TABLES['mg_sessions'], 'session_id', $_POST['sel'][$i]);
if (DB_error()) {
COM_errorLog("Media Gallery Error: Error removing session");
}
}
}
echo COM_refresh($_MG_CONF['admin_url'] . 'sessions.php');
exit;
}
/**
* Handle update to plugin version 1.6.0: introduce meta tags option
*
*/
function update_ConfValues_1_6_0()
{
global $_CONF, $_TABLES, $_SP_DEFAULT;
require_once $_CONF['path_system'] . 'classes/config.class.php';
$c = config::get_instance();
require_once $_CONF['path'] . 'plugins/staticpages/install_defaults.php';
// meta tag config options.
$c->add('meta_tags', $_SP_DEFAULT['meta_tags'], 'select', 0, 0, 0, 120, true, 'staticpages');
// check for wrong Admin group name
$wrong_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Static Pages Admin'");
// wrong name
if (!empty($wrong_id)) {
$grp_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Static Page Admin'");
// correct name
if (empty($grp_id)) {
// correct name not found - probably a fresh install: rename
DB_query("UPDATE {$_TABLES['groups']} SET grp_name = 'Static Page Admin' WHERE grp_name = 'Static Pages Admin'");
} else {
// both names exist: delete wrong group & assignments
DB_delete($_TABLES['access'], 'acc_grp_id', $wrong_id);
DB_delete($_TABLES['group_assignments'], 'ug_grp_id', $wrong_id);
DB_delete($_TABLES['group_assignments'], 'ug_main_grp_id', $wrong_id);
DB_delete($_TABLES['groups'], 'grp_name', 'Static Pages Admin');
}
}
// move Default Permissions fieldset
DB_query("UPDATE {$_TABLES['conf_values']} SET fieldset = 3 WHERE (group_name = 'staticpages') AND (fieldset = 1)");
// What's New Block
$c->add('fs_whatsnew', NULL, 'fieldset', 0, 1, NULL, 0, true, 'staticpages');
$c->add('newstaticpagesinterval', $_SP_DEFAULT['new_staticpages_interval'], 'text', 0, 1, NULL, 10, TRUE, 'staticpages');
$c->add('hidenewstaticpages', $_SP_DEFAULT['hide_new_staticpages'], 'select', 0, 1, 0, 20, TRUE, 'staticpages');
$c->add('title_trim_length', $_SP_DEFAULT['title_trim_length'], 'text', 0, 1, NULL, 30, TRUE, 'staticpages');
$c->add('includecenterblocks', $_SP_DEFAULT['include_centerblocks'], 'select', 0, 1, 0, 40, TRUE, 'staticpages');
$c->add('includephp', $_SP_DEFAULT['include_PHP'], 'select', 0, 1, 0, 50, TRUE, 'staticpages');
// Search Results
$c->add('fs_search', NULL, 'fieldset', 0, 2, NULL, 0, true, 'staticpages');
$c->add('includesearch', $_SP_DEFAULT['include_search'], 'select', 0, 2, 0, 10, true, 'staticpages');
$c->add('includesearchcenterblocks', $_SP_DEFAULT['include_search_centerblocks'], 'select', 0, 2, 0, 20, TRUE, 'staticpages');
$c->add('includesearchphp', $_SP_DEFAULT['include_search_PHP'], 'select', 0, 2, 0, 30, TRUE, 'staticpages');
return true;
}
/**
* Delete a topic
*
* @param string $tid Topic ID
* @return string HTML redirect
*
*/
function deleteTopic($tid)
{
global $_CONF, $_TABLES, $_USER;
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid ='{$tid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete topic {$tid}.");
return COM_refresh($_CONF['site_admin_url'] . '/topic.php');
}
// don't delete topic blocks - assign them to 'all' and disable them
DB_query("UPDATE {$_TABLES['blocks']} SET tid = 'all', is_enabled = 0 WHERE tid = '{$tid}'");
// same with feeds
DB_query("UPDATE {$_TABLES['syndication']} SET topic = '::all', is_enabled = 0 WHERE topic = '{$tid}'");
// delete comments, trackbacks, images associated with stories in this topic
$result = DB_query("SELECT sid FROM {$_TABLES['stories']} WHERE tid = '{$tid}'");
$numStories = DB_numRows($result);
for ($i = 0; $i < $numStories; $i++) {
$A = DB_fetchArray($result);
STORY_deleteImages($A['sid']);
DB_delete($_TABLES['comments'], array('sid', 'type'), array($A['sid'], 'article'));
DB_delete($_TABLES['trackback'], array('sid', 'type'), array($A['sid'], 'article'));
}
// delete these
DB_delete($_TABLES['stories'], 'tid', $tid);
DB_delete($_TABLES['storysubmission'], 'tid', $tid);
DB_delete($_TABLES['topics'], 'tid', $tid);
// update feed(s) and Older Stories block
COM_rdfUpToDateCheck('article');
COM_olderStuff();
return COM_refresh($_CONF['site_admin_url'] . '/topic.php?msg=14');
}
function INSTALLER_install($A)
{
global $_TABLES;
COM_errorLog("AutoInstall: **** Start Installation ****");
if (!isset($A['installer']) or $A['installer']['version'] != INSTALLER_VERSION) {
COM_errorLog('AutoInstall: Invalid or Unknown installer version');
COM_errorLog("AutoInstall: **** END Installation ****");
return 2;
}
if (!isset($A['plugin'])) {
COM_errorLog("AutoInstall: Missing plugin description!");
COM_errorLog("AutoInstall: **** END Installation ****");
return 1;
}
if (!isset($A['plugin']['name'])) {
COM_errorLog("AutoInstall: Missing plugin name!");
COM_errorLog("AutoInstall: **** END Installation ****");
return 1;
}
if (!COM_checkVersion(GVERSION, $A['plugin']['gl_ver'])) {
COM_errorLog("AutoInstall: Plugin requires glFusion v" . $A['plugin']['gl_ver'] . " or greater");
COM_errorLog("AutoInstall: **** END Installation ****");
return 1;
}
$pluginName = $A['plugin']['name'];
$vars = array('__groups' => array(), '__features' => array(), '__blocks' => array());
$reverse = array();
foreach ($A as $meta => $step) {
if ($meta === 'installer') {
// must use === when since 0 == 'anystring' is true
} elseif ($meta === 'plugin') {
if (!isset($step['name'])) {
COM_errorLog("AutoInstall: Missing plugin name!");
INSTALLER_fail($pluginName, $reverse);
COM_errorLog("AutoInstall: **** END Installation ****");
return 1;
}
} else {
$function = "INSTALLER_install_{$step['type']}";
if (function_exists($function)) {
$result = $function($step, $vars);
if (is_numeric($result)) {
INSTALLER_fail($pluginName, $reverse);
COM_errorLog("AutoInstall: **** END Installation ****");
return $result;
} else {
if (!empty($result)) {
$reverse[] = $result;
}
}
} else {
$dump = var_dump($step);
COM_errorLog('Can\'t process step: ' . $dump);
INSTALLER_fail($pluginName, $reverse);
COM_errorLog("AutoInstall: **** END Installation ****");
return 1;
}
}
}
$plugin = $A['plugin'];
$cfgFunction = 'plugin_load_configuration_' . $plugin['name'];
// Load the online configuration records
if (function_exists($cfgFunction)) {
if (!$cfgFunction()) {
COM_errorLog("AutoInstall: Failed to load the default configuration");
INSTALLER_fail($pluginName, $reverse);
COM_errorLog("AutoInstall: **** END Installation ****");
return 1;
}
} else {
COM_errorLog("AutoInstall: No default config found: " . $cfgFunction);
}
// Finally, register the plugin with glFusion
COM_errorLog("AutoInstall: Registering {$plugin['display']} plugin with glFusion", 1);
// silently delete an existing entry
DB_delete($_TABLES['plugins'], 'pi_name', $plugin['name']);
DB_query("INSERT INTO {$_TABLES['plugins']} (pi_name, pi_version, pi_gl_version, pi_homepage, pi_enabled) " . "VALUES ('{$plugin['name']}', '{$plugin['ver']}', '{$plugin['gl_ver']}', '{$plugin['url']}', 1)", 1);
// run any post install routines
$postInstallFunction = 'plugin_postinstall_' . $plugin['name'];
if (function_exists($postInstallFunction)) {
$postInstallFunction();
} else {
COM_errorLog("AutoInstall: No post installation routine found.");
}
COM_errorLog("AutoInstall: **** END Installation ****");
CTL_clearCache();
return 0;
}
function MG_mediaResetRating($album_id, $media_id, $mqueue)
{
global $_MG_CONF, $_TABLES;
DB_change($_TABLES['mg_media'], 'media_rating', 0, 'media_id', addslashes($media_id));
DB_change($_TABLES['mg_media'], 'media_votes', 0, 'media_id', addslashes($media_id));
DB_delete($_TABLES['mg_rating'], 'media_id', addslashes($media_id));
$retval = MG_mediaEdit($album_id, $media_id, $_MG_CONF['site_url'] . '/admin.php?mode=media&album_id=' . $album_id, $mqueue);
return $retval;
}
/**
* Delete a poll
*
* @param string $pid ID of poll to delete
* @return string HTML redirect
*
*/
function deletePoll($pid)
{
global $_CONF, $_TABLES, $_USER;
$pid = addslashes($pid);
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
$Q = DB_fetchArray($result);
$access = SEC_hasAccess($Q['owner_id'], $Q['group_id'], $Q['perm_owner'], $Q['perm_group'], $Q['perm_members'], $Q['perm_anon']);
if ($access < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete poll {$pid}.");
return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php');
}
DB_delete($_TABLES['polltopics'], 'pid', $pid);
DB_delete($_TABLES['pollanswers'], 'pid', $pid);
DB_delete($_TABLES['pollquestions'], 'pid', $pid);
DB_delete($_TABLES['comments'], array('sid', 'type'), array($pid, 'polls'));
PLG_itemDeleted($pid, 'polls');
return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=20');
}
} elseif (empty($version)) {
$display .= INST_getAlertMsg($LANG_MIGRATE[45]);
// TBD: add a link back to the install script, preferrably a direct
// link to the upgrade screen
$upgrade_error = true;
} elseif ($version != VERSION) {
$use_innodb = false;
$db_engine = DB_getItem($_TABLES['vars'], 'value', "name = 'database_engine'");
if ($db_engine == 'InnoDB') {
// we've migrated, probably to a different server
// - so check InnoDB support again
if (INST_innodbSupported()) {
$use_innodb = true;
} else {
// no InnoDB support on this server
DB_delete($_TABLES['vars'], 'name', 'database_engine');
}
}
if (!INST_doDatabaseUpgrades($version)) {
$display .= INST_getAlertMsg(sprintf($LANG_MIGRATE[47], $version, VERSION));
$upgrade_error = true;
}
}
if ($upgrade_error) {
$display .= INST_getFooter();
echo $display;
exit;
}
/**
* Let's assume that the paths that were imported from the backup are
* incorrect and update them with the current paths.
/**
* Delete a topic
*
* @param string $tid Topic ID
* @return string HTML redirect
*/
function deleteTopic($tid)
{
global $_CONF, $_TABLES, $_USER, $_TOPICS;
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid ='{$tid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete topic {$tid}.");
COM_redirect($_CONF['site_admin_url'] . '/topic.php');
}
// Update any child topics to root and un hide them
DB_query("UPDATE {$_TABLES['topics']} SET parent_id = '" . TOPIC_ROOT . "', hidden = 0 WHERE parent_id = '{$tid}'");
// same with feeds
DB_query("UPDATE {$_TABLES['syndication']} SET topic = '::all', is_enabled = 0 WHERE topic = '{$tid}'");
// Need to cycle through stories from topic
// Only delete story if only this one topic
// Make sure to check if this topic is default for story. If is make another topic default.
$object_tables[] = $_TABLES['stories'];
$object_tables[] = $_TABLES['storysubmission'];
$object_tables[] = $_TABLES['blocks'];
$object_tables_id[$_TABLES['stories']] = 'sid';
$object_tables_id[$_TABLES['storysubmission']] = 'sid';
$object_tables_id[$_TABLES['blocks']] = 'bid';
$object_type[$_TABLES['stories']] = 'article';
$object_type[$_TABLES['storysubmission']] = 'article';
$object_type[$_TABLES['blocks']] = 'block';
foreach ($object_tables as $object_table) {
$sql = "SELECT {$object_tables_id[$object_table]}, ta.tdefault\n FROM {$object_table}, {$_TABLES['topic_assignments']} ta\n WHERE ta.type = '{$object_type[$object_table]}' AND ta.id = CAST({$object_tables_id[$object_table]} AS CHAR) AND ta.tid = '{$tid}'";
$result = DB_query($sql);
$numStories = DB_numRows($result);
for ($i = 0; $i < $numStories; $i++) {
$A = DB_fetchArray($result);
// Now check if another topic exists for this story
$sql = "SELECT {$object_tables_id[$object_table]}, ta.tid\n FROM {$object_table}, {$_TABLES['topic_assignments']} ta\n WHERE ta.type = '{$object_type[$object_table]}' AND ta.id = {$object_tables_id[$object_table]}\n AND ta.tid <> '{$tid}' AND {$object_tables_id[$object_table]} = '{$A[$object_tables_id[$object_table]]}'";
$resultB = DB_query($sql);
$numTopics = DB_numRows($resultB);
if ($numTopics == 0) {
// Delete comments, trackbacks, images associated with stories in this topic since only topic
if ($object_table == $_TABLES['stories'] || $object_table == $_TABLES['storysubmission']) {
STORY_deleteImages($A['sid']);
DB_delete($_TABLES['comments'], array('sid', 'type'), array($A['sid'], 'article'));
DB_delete($_TABLES['trackback'], array('sid', 'type'), array($A['sid'], 'article'));
if ($object_table == $_TABLES['stories']) {
PLG_itemDeleted($A['sid'], 'article');
}
}
DB_delete($object_table, $object_tables_id[$object_table], $A[$object_tables_id[$object_table]]);
} else {
// Story still exists for other topics so make sure one is default
if ($object_table == $_TABLES['stories'] || $object_table == $_TABLES['storysubmission']) {
if ($A['tdefault'] == 1) {
$B = DB_fetchArray($resultB);
$sql = "UPDATE {$_TABLES['topic_assignments']} SET tdefault = 1 WHERE type = 'article' AND tid = '{$B['tid']}' AND id = '{$B['sid']}'";
DB_query($sql);
}
}
}
}
}
// Notify of Delete topic so other plugins can deal with their items without topics
PLG_itemDeleted($tid, 'topic');
// delete these
DB_delete($_TABLES['topic_assignments'], 'tid', $tid);
DB_delete($_TABLES['topics'], 'tid', $tid);
// Reorder Topics, Delete topic cache and reload topic tree
reorderTopics();
// update feed(s)
COM_rdfUpToDateCheck('article');
COM_redirect($_CONF['site_admin_url'] . '/topic.php?msg=14');
}
function migrate_deletestory($sid)
{
global $_TABLES, $_CONF;
$result = DB_query("SELECT ai_filename FROM {$_TABLES['article_images']} WHERE ai_sid='" . DB_escapeString($sid) . "'");
$nrows = DB_numRows($result);
for ($i = 1; $i <= $nrows; $i++) {
$A = DB_fetchArray($result);
$filename = $_CONF['path_html'] . 'images/articles/' . $A['ai_filename'];
if (!@unlink($filename)) {
// log the problem but don't abort the script
COM_errorLog('Unable to remove the following image from the article: ' . $filename);
}
// remove unscaled image, if it exists
$lFilename_large = substr_replace($A['ai_filename'], '_original.', strrpos($A['ai_filename'], '.'), 1);
$lFilename_large_complete = $_CONF['path_html'] . 'images/articles/' . $lFilename_large;
if (file_exists($lFilename_large_complete)) {
if (!@unlink($lFilename_large_complete)) {
// ;og the problem but don't abort the script
COM_errorLog('Unable to remove the following image from the article: ' . $lFilename_large_complete);
}
}
}
DB_delete($_TABLES['article_images'], 'ai_sid', DB_escapeString($sid));
DB_delete($_TABLES['comments'], 'sid', DB_escapeString($sid));
DB_delete($_TABLES['stories'], 'sid', DB_escapeString($sid));
// update RSS feed and Older Stories block
COM_rdfUpToDateCheck();
COM_olderStuff();
return;
}
/**
* Delete a route
*
* @param int $rid id of block to delete
* @return string HTML redirect or error message
*/
function deleteRoute($rid)
{
global $_CONF, $_TABLES;
$rid = intval($rid, 10);
DB_delete($_TABLES['routes'], 'rid', $rid);
reorderRoutes();
return COM_refresh($_CONF['site_admin_url'] . '/router.php?msg=123');
}
function LIB_Deleteconfig($pi_name, $config)
{
COM_errorLog("[" . strtoupper($pi_name) . "] configuration delete");
global $_TABLES;
$group = $pi_name;
DB_delete($_TABLES['conf_values'], 'group_name', $group);
unset($config->config_array[$group]);
$box_conf = "_" . strtoupper($pi_name) . "_CONF";
global ${$box_conf};
${$box_conf} = array();
$display .= "..........{$pi_name} Config Delete" . "<br>";
return $display;
}
if (isset($_POST['type'])) {
$type = COM_applyFilter($_POST['type']);
}
if (!isset($sid) || empty($sid)) {
COM_errorLog('Attempted to delete story sid=' . $sid);
echo COM_refresh($_CONF['site_admin_url'] . '/story.php');
} else {
if ($type == 'submission') {
if (TOPIC_hasMultiTopicAccess('article', $sid) < 3) {
COM_accessLog("User {$_USER['username']} tried to illegally delete story submission {$sid}.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
} else {
if (SEC_checkToken()) {
// Delete Topic Assignments for this submission
TOPIC_deleteTopicAssignments('article', $sid);
DB_delete($_TABLES['storysubmission'], 'sid', $sid, $_CONF['site_admin_url'] . '/moderation.php');
} else {
COM_accessLog("User {$_USER['username']} tried to illegally delete story submission {$sid} and failed CSRF checks.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
}
} else {
if (SEC_checkToken()) {
echo STORY_deleteStory($sid);
} else {
COM_accessLog("User {$_USER['username']} tried to delete story and failed CSRF checks {$sid}.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
}
}
} else {
function links_delete_category($cid)
{
global $_TABLES, $LANG_LINKS_ADMIN;
$cid = addslashes($cid);
if (DB_count($_TABLES['linkcategories'], 'cid', $cid) > 0) {
// item exists so check access rights
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,\n perm_members,perm_anon FROM {$_TABLES['linkcategories']}\n WHERE cid='{$cid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
if ($access > 2) {
// has edit rights
// Check for subfolders and sublinks
$sf = DB_count($_TABLES['linkcategories'], 'pid', $cid);
$sl = DB_count($_TABLES['links'], 'cid', $cid);
if ($sf == 0 && $sl == 0) {
// No subfolder/links so OK to delete
DB_delete($_TABLES['linkcategories'], 'cid', $cid);
PLG_itemDeleted($cid, 'links.category');
return 13;
} else {
// Subfolders and/or sublinks exist so return a message
return 14;
}
} else {
// no access
return 15;
COM_accessLog(sprintf($LANG_LINKS_ADMIN[46], $_USER['username']));
}
} else {
// no such category
return 16;
}
}
/**
* Delete an existing static page
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_delete_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC;
$output = COM_refresh($_CONF['site_admin_url'] . '/plugins/staticpages/index.php?msg=20');
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
// Apply filters to the parameters passed by the webservice
if ($args['gl_svc']) {
$args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
$sp_id = $args['sp_id'];
if (!SEC_hasRights('staticpages.delete')) {
$output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
$output .= COM_startBlock($LANG_STATIC['access_denied'], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= $LANG_STATIC['access_denied_msg'];
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$output .= COM_siteFooter();
if ($_USER['uid'] > 1) {
return PLG_RET_PERMISSION_DENIED;
} else {
return PLG_RET_AUTH_FAILED;
}
}
// If a staticpage template, remove any use of the file
if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_id}'") == 1) {
$sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_id}'";
$result = DB_query($sql);
}
DB_delete($_TABLES['staticpage'], 'sp_id', $sp_id);
DB_delete($_TABLES['comments'], array('sid', 'type'), array($sp_id, 'staticpages'));
PLG_itemDeleted($sp_id, 'staticpages');
return PLG_RET_OK;
}
/**
* Optimize database tables
*
* @param string $startwith table to start with
* @param int $failures number of previous errors
* @return int number of errors during conversion
*
*/
function DBADMIN_dooptimize($startwith = '', $failures = 0)
{
global $_CONF, $_TABLES;
$retval = '';
$start = time();
$lasttable = DB_getItem($_TABLES['vars'], 'value', "name = 'lastoptimizedtable'");
if (empty($startwith) && !empty($lasttable)) {
$startwith = $lasttable;
}
$maxtime = @ini_get('max_execution_time');
if (empty($maxtime)) {
// unlimited or not allowed to query - assume 30 second default
$maxtime = 30;
}
$maxtime -= 5;
DB_displayError(true);
$token = '';
// SEC_createToken();
$result = DB_query("SHOW TABLES");
$numTables = DB_numRows($result);
for ($i = 0; $i < $numTables; $i++) {
$A = DB_fetchArray($result, true);
$table = $A[0];
if (in_array($table, $_TABLES)) {
if (!empty($startwith)) {
if ($table == $startwith) {
$startwith = '';
} else {
continue;
// already handled - skip
}
if (!empty($lasttable) && $lasttable == $table) {
continue;
// skip
}
}
if (time() > $start + $maxtime) {
// this is taking too long - kick off another request
$startwith = $table;
$url = $_CONF['site_admin_url'] . '/database.php?dooptimize=x';
if (!empty($token)) {
$token = '&' . CSRF_TOKEN . '=' . $token;
}
header("Location: {$url}&startwith={$startwith}&failures={$failures}" . $token);
exit;
}
if (empty($lasttable)) {
DB_query("INSERT INTO {$_TABLES['vars']} (name, value) VALUES ('lastoptimizedtable', '{$table}')");
$lasttable = $table;
} else {
DB_query("UPDATE {$_TABLES['vars']} SET value = '{$table}' WHERE name = 'lastoptimizedtable'");
}
$optimize = DB_query("OPTIMIZE TABLE {$table}", 1);
if ($optimize === false) {
$failures++;
COM_errorLog('SQL error for table "' . $table . '" (ignored): ' . DB_error());
$startwith = $table;
$url = $_CONF['site_admin_url'] . '/database.php?dooptimize=x';
if (!empty($token)) {
$token = '&' . CSRF_TOKEN . '=' . $token;
}
header("Location: {$url}&startwith={$startwith}&failures={$failures}" . $token);
exit;
}
}
}
DB_delete($_TABLES['vars'], 'name', 'lastoptimizedtable');
DB_delete($_TABLES['vars'], 'name', 'lastoptimizeddb');
DB_query("INSERT INTO {$_TABLES['vars']} (name, value) VALUES ('lastoptimizeddb', FROM_UNIXTIME(" . time() . "))");
return $failures;
}
function MG_watermarkDelete($actionURL = '')
{
global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03;
$root_album = new mgAlbum(0);
// check permissions...
if ($root_album->access != 3 && !$root_album->owner_id) {
COM_errorLog("Someone has tried to illegally save a watermark image in Media Gallery. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
return COM_showMessageText($LANG_MG00['access_denied_msg']);
}
$numItems = count($_POST['sel']);
for ($i = 0; $i < $numItems; $i++) {
$wm_id = COM_applyFilter($_POST['sel'][$i], true);
$filename = DB_getItem($_TABLES['mg_watermarks'], 'filename', 'wm_id="' . intval($wm_id) . '"');
if ($filename != "") {
DB_delete($_TABLES['mg_watermarks'], 'wm_id', intval($wm_id));
if (DB_error()) {
COM_errorLog("MG Admin: Error removing watermark");
}
@unlink($_MG_CONF['path_html'] . 'watermarks/' . $filename);
// now check and see if this is assigned to any albums....
$sql = "SELECT album_id FROM {$_TABLES['mg_albums']} WHERE wm_id='" . intval($wm_id) . "'";
$result = DB_query($sql);
$nRows = DB_numRows($result);
if ($nRows > 0) {
$row = DB_fetchArray($result);
DB_change($_TABLES['mg_albums'], 'wm_id', 0, 'album_id', $row['album_id']);
}
}
}
echo COM_refresh($actionURL);
exit;
}
/**
* Do the actual plugin auto install
*
* @param string $plugin Plugin name
* @param array $inst_parms Installation parameters for the plugin
* @param boolean $verbose true: enable verbose logging
* @return boolean true on success, false otherwise
*
*/
function plugin_do_autoinstall($plugin, $inst_parms, $verbose = true)
{
global $_CONF, $_TABLES, $_USER, $_DB_dbms, $_DB_table_prefix;
$base_path = $_CONF['path'] . 'plugins/' . $plugin . '/';
if ($verbose) {
COM_errorLog("Attempting to install the '{$plugin}' plugin", 1);
}
// sanity checks in $inst_parms
if (isset($inst_parms['info'])) {
$pi_name = $inst_parms['info']['pi_name'];
$pi_version = $inst_parms['info']['pi_version'];
$pi_gl_version = $inst_parms['info']['pi_gl_version'];
$pi_homepage = $inst_parms['info']['pi_homepage'];
}
if (empty($pi_name) || $pi_name != $plugin || empty($pi_version) || empty($pi_gl_version) || empty($pi_homepage)) {
COM_errorLog('Incomplete plugin info', 1);
return false;
}
// add plugin tables, if any
if (!empty($inst_parms['tables'])) {
$tables = $inst_parms['tables'];
foreach ($tables as $table) {
$_TABLES[$table] = $_DB_table_prefix . $table;
}
}
// Create the plugin's group(s), if any
$groups = array();
$admin_group_id = 0;
if (!empty($inst_parms['groups'])) {
$groups = $inst_parms['groups'];
foreach ($groups as $name => $desc) {
if ($verbose) {
COM_errorLog("Attempting to create '{$name}' group", 1);
}
$grp_name = addslashes($name);
$grp_desc = addslashes($desc);
$sql = array();
$sql['pgsql'] = "INSERT INTO {$_TABLES['groups']} (grp_id,grp_name, grp_descr) VALUES ((SELECT NEXTVAL('{$_TABLES['groups']}_grp_id_seq')),'{$grp_name}', '{$grp_desc}')";
$sql['mysql'] = "INSERT INTO {$_TABLES['groups']} (grp_name, grp_descr) VALUES ('{$grp_name}', '{$grp_desc}')";
$sql['mssql'] = "INSERT INTO {$_TABLES['groups']} (grp_name, grp_descr) VALUES ('{$grp_name}', '{$grp_desc}')";
DB_query($sql, 1);
if (DB_error()) {
COM_errorLog('Error creating plugin group', 1);
PLG_uninstall($plugin);
return false;
}
// keep the new group's ID for use in the mappings section (below)
$groups[$name] = DB_insertId();
// assume that the first group is the plugin's Admin group
if ($admin_group_id == 0) {
$admin_group_id = $groups[$name];
}
}
}
// Create the plugin's table(s)
$_SQL = array();
$DEFVALUES = array();
if (file_exists($base_path . 'sql/' . $_DB_dbms . '_install.php')) {
require_once $base_path . 'sql/' . $_DB_dbms . '_install.php';
}
if (count($_SQL) > 0) {
$use_innodb = false;
if ($_DB_dbms == 'mysql' && DB_getItem($_TABLES['vars'], 'value', "name = 'database_engine'") == 'InnoDB') {
$use_innodb = true;
}
foreach ($_SQL as $sql) {
$sql = str_replace('#group#', $admin_group_id, $sql);
if ($use_innodb) {
$sql = str_replace('MyISAM', 'InnoDB', $sql);
}
DB_query($sql);
if (DB_error()) {
COM_errorLog('Error creating plugin table', 1);
PLG_uninstall($plugin);
return false;
}
}
}
// Add the plugin's features
if ($verbose) {
COM_errorLog("Attempting to add '{$plugin}' features", 1);
}
$features = array();
$mappings = array();
if (!empty($inst_parms['features'])) {
$features = $inst_parms['features'];
if (!empty($inst_parms['mappings'])) {
$mappings = $inst_parms['mappings'];
}
foreach ($features as $feature => $desc) {
$ft_name = addslashes($feature);
$ft_desc = addslashes($desc);
$sql = array();
$sql['pgsql'] = "INSERT INTO {$_TABLES['features']} (ft_id,ft_name, ft_descr)\n VALUES ((SELECT nextval('{$_TABLES['features']}_ft_id_seq')),'{$ft_name}', '{$ft_desc}')";
$sql['mysql'] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr)\n VALUES ('{$ft_name}', '{$ft_desc}')";
$sql['mysql'] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr)\n VALUES ('{$ft_name}', '{$ft_desc}')";
DB_query($sql, 1);
if (DB_error()) {
COM_errorLog('Error adding plugin feature', 1);
PLG_uninstall($plugin);
return false;
}
$feat_id = DB_insertId();
if (isset($mappings[$feature])) {
foreach ($mappings[$feature] as $group) {
if ($verbose) {
COM_errorLog("Adding '{$feature}' feature to the '{$group}' group", 1);
}
DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES ({$feat_id}, {$groups[$group]})");
if (DB_error()) {
COM_errorLog('Error mapping plugin feature', 1);
PLG_uninstall($plugin);
return false;
}
}
}
}
}
// Add plugin's Admin group to the Root user group
// (assumes that the Root group's ID is always 1)
if (count($groups) > 0) {
if ($verbose) {
COM_errorLog("Attempting to give all users in the Root group access to the '{$plugin}' Admin group", 1);
}
foreach ($groups as $key => $value) {
DB_query("INSERT INTO {$_TABLES['group_assignments']} VALUES " . "({$value}, NULL, 1)");
if (DB_error()) {
COM_errorLog('Error adding plugin admin group to Root group', 1);
PLG_uninstall($plugin);
return false;
}
}
}
// Pre-populate tables or run any other SQL queries
if (count($DEFVALUES) > 0) {
if ($verbose) {
COM_errorLog('Inserting default data', 1);
}
foreach ($DEFVALUES as $sql) {
$sql = str_replace('#group#', $admin_group_id, $sql);
DB_query($sql, 1);
if (DB_error()) {
COM_errorLog('Error adding plugin default data', 1);
PLG_uninstall($plugin);
return false;
}
}
}
// Load the online configuration records
$load_config = 'plugin_load_configuration_' . $plugin;
if (function_exists($load_config)) {
if (!$load_config($plugin)) {
COM_errorLog('Error loading plugin configuration', 1);
PLG_uninstall($plugin);
return false;
}
require_once $_CONF['path'] . 'system/classes/config.class.php';
$config =& config::get_instance();
$config->initConfig();
// force re-reading, including new plugin conf
}
// Finally, register the plugin with Geeklog
if ($verbose) {
COM_errorLog("Registering '{$plugin}' plugin", 1);
}
// silently delete an existing entry
DB_delete($_TABLES['plugins'], 'pi_name', $plugin);
DB_query("INSERT INTO {$_TABLES['plugins']} (pi_name, pi_version, pi_gl_version, pi_homepage, pi_enabled) VALUES " . "('{$plugin}', '{$pi_version}', '{$pi_gl_version}', '{$pi_homepage}', 1)");
if (DB_error()) {
COM_errorLog('Failed to register plugin', 1);
PLG_uninstall($plugin);
return false;
}
// give the plugin a chance to perform any post-install operations
$post_install = 'plugin_postinstall_' . $plugin;
if (function_exists($post_install)) {
if (!$post_install($plugin)) {
COM_errorLog('Plugin postinstall failed', 1);
PLG_uninstall($plugin);
return false;
}
}
if ($verbose) {
COM_errorLog("Successfully installed the '{$plugin}' plugin!", 1);
}
// load plugin here already, for any plugins wanting to act on
// PLG_pluginStateChange($plugin, 'installed') when we return from here
require_once $_CONF['path'] . 'plugins/' . $plugin . '/functions.inc';
return true;
}
/**
* Performs story exclusive work for items deleted by moderation
* While moderation.php handles the actual removal from the submission
* table, within this function we handle all other deletion related tasks
*
* @param string $sid Identifying string, i.e. the story id
* @return string Any wanted HTML output
*/
function plugin_moderationdelete_story($sid)
{
global $_TABLES;
TOPIC_deleteTopicAssignments('article', $sid);
DB_delete($_TABLES['storysubmission'], 'sid', $sid);
return '';
}
/**
* Delete an existing static page
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_delete_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN;
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
// Apply filters to the parameters passed by the webservice
if ($args['gl_svc']) {
$args['sp_id'] = COM_applyBasicFilter($args['sp_id']);
$args['mode'] = COM_applyBasicFilter($args['mode']);
}
$sp_id = $args['sp_id'];
if (!SEC_hasRights('staticpages.delete')) {
$output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
$output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied'], true);
$output .= COM_siteFooter();
if (!COM_isAnonUser()) {
return PLG_RET_PERMISSION_DENIED;
} else {
return PLG_RET_AUTH_FAILED;
}
}
DB_delete($_TABLES['staticpage'], 'sp_id', $sp_id);
DB_delete($_TABLES['comments'], array('sid', 'type'), array($sp_id, 'staticpages'));
PLG_itemDeleted($sp_id, 'staticpages');
$output = COM_refresh($_CONF['site_admin_url'] . '/plugins/staticpages/index.php');
return PLG_RET_OK;
}
/**
* Recursivly deletes all albums and child albums
*
* @param int album_id album id to delete
* @return int true for success or false for failure
*
*/
function MG_MassdeleteChildAlbums($album_id)
{
global $_CONF, $_MG_CONF, $_TABLES, $_USER;
$sql = "SELECT * FROM {$_TABLES['mg_albums']} WHERE album_parent=" . $album_id;
$aResult = DB_query($sql);
$rowCount = DB_numRows($aResult);
for ($z = 0; $z < $rowCount; $z++) {
$row = DB_fetchArray($aResult);
MG_MassdeleteChildAlbums($row['album_id']);
}
$sql = "SELECT ma.media_id, m.media_filename, m.media_mime_ext\n FROM " . $_TABLES['mg_media_albums'] . " as ma LEFT JOIN " . $_TABLES['mg_media'] . " as m ON ma.media_id=m.media_id\n WHERE ma.album_id = " . $album_id;
$result = DB_query($sql);
$nRows = DB_numRows($result);
$mediarow = array();
for ($i = 0; $i < $nRows; $i++) {
$row = DB_fetchArray($result);
$mediarow[] = $row;
}
if (count($mediarow) != 0) {
for ($i = 0; $i < count($mediarow); $i++) {
$sql = "SELECT COUNT(media_id) AS count FROM " . $_TABLES['mg_media_albums'] . " WHERE media_id = '" . $mediarow[$i]['media_id'] . "'";
$result = DB_query($sql);
$row = DB_fetchArray($result);
if ($row['count'] <= 1) {
@unlink($_MG_CONF['path_mediaobjects'] . 'tn/' . $mediarow[$i]['media_filename'][0] . '/' . $mediarow[$i]['media_filename'] . '.jpg');
@unlink($_MG_CONF['path_mediaobjects'] . 'disp/' . $mediarow[$i]['media_filename'][0] . '/' . $mediarow[$i]['media_filename'] . '.jpg');
@unlink($_MG_CONF['path_mediaobjects'] . 'orig/' . $mediarow[$i]['media_filename'][0] . '/' . $mediarow[$i]['media_filename'] . '.' . $mediarow[$i]['media_mime_ext']);
$sql = "DELETE FROM " . $_TABLES['mg_media'] . " WHERE media_id = '" . $mediarow[$i]['media_id'] . "'";
DB_query($sql);
DB_delete($_TABLES['comments'], 'sid', $mediarow[$i]['media_id']);
DB_delete($_TABLES['mg_playback_options'], 'media_id', $mediarow[$i]['media_id']);
}
}
}
$sql = "DELETE FROM " . $_TABLES['mg_media_albums'] . " WHERE album_id = " . $album_id;
DB_query($sql);
$sql = "DELETE FROM " . $_TABLES['mg_albums'] . " WHERE album_id = " . $album_id;
DB_query($sql);
$feedname = sprintf($_MG_CONF['rss_feed_name'] . "%06d", $album_id);
@unlink($_MG_CONF['path_html'] . 'rss/' . $feedname . '.rdf');
}
/**
* Perform database upgrades
*
* @param string $currentGlVersion Current Geeklog version
* @return bool True if successful
*/
private function doDatabaseUpgrades($currentGlVersion)
{
global $_TABLES, $_CONF, $_SP_CONF, $_DB, $_DB_dbms, $_DB_table_prefix;
$_DB->setDisplayError(true);
// Because the upgrade sql syntax can vary from dbms-to-dbms we are
// leaving that up to each Geeklog database driver
$done = false;
$progress = '';
$_SQL = array();
while (!$done) {
switch ($currentGlVersion) {
case '1.2.5-1':
// Get DMBS-specific update sql
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.2.5-1_to_1.3.php';
$this->updateDB($_SQL, $progress);
// OK, now we need to add all users except anonymous to the All Users group and Logged in users group
// I can hard-code these group numbers because the group table was JUST created with these numbers
$result = DB_query("SELECT uid FROM {$_TABLES['users']} WHERE uid <> 1");
$numRows = DB_numRows($result);
for ($i = 1; $i <= $numRows; $i++) {
$U = DB_fetchArray($result);
DB_query("INSERT INTO {$_TABLES['group_assignments']} VALUES (2, {$U['uid']}, NULL)");
DB_query("INSERT INTO {$_TABLES['group_assignments']} VALUES (13, {$U['uid']}, NULL)");
}
// Now take care of any orphans off the user table...and let me curse MySQL lack for supporting foreign
// keys at this time ;-)
$result = DB_query("SELECT MAX(uid) FROM {$_TABLES['users']}");
$ITEM = DB_fetchArray($result);
$max_uid = $ITEM[0];
if (!empty($max_uid) && $max_uid != 0) {
DB_query("DELETE FROM {$_TABLES['userindex']} WHERE uid > {$max_uid}");
DB_query("DELETE FROM {$_TABLES['userinfo']} WHERE uid > {$max_uid}");
DB_query("DELETE FROM {$_TABLES['userprefs']} WHERE uid > {$max_uid}");
DB_query("DELETE FROM {$_TABLES['usercomment']} WHERE uid > {$max_uid}");
}
$currentGlVersion = '1.3';
$_SQL = array();
break;
case '1.3':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3_to_1.3.1.php';
$this->updateDB($_SQL, $progress);
$currentGlVersion = '1.3.1';
$_SQL = array();
break;
case '1.3.1':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.1_to_1.3.2.php';
$this->updateDB($_SQL, $progress);
$currentGlVersion = '1.3.2-1';
$_SQL = array();
break;
case '1.3.2':
case '1.3.2-1':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.2-1_to_1.3.3.php';
$this->updateDB($_SQL, $progress);
// Now we need to switch how user blocks are stored. Right now we only store the blocks the
// user wants. This will switch it to store the ones they don't want which allows us to add
// new blocks and ensure they are shown to the user.
$result = DB_query("SELECT {$_TABLES['users']}.uid,boxes FROM {$_TABLES['users']},{$_TABLES['userindex']} WHERE boxes IS NOT NULL AND boxes <> '' AND {$_TABLES['users']}.uid = {$_TABLES['userindex']}.uid");
$numRows = DB_numRows($result);
for ($i = 1; $i <= $numRows; $i++) {
$row = DB_fetchArray($result);
$uBlocks = str_replace(' ', ',', $row['boxes']);
$result2 = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ({$uBlocks})");
$newBlocks = '';
for ($x = 1; $x <= DB_numRows($result2); $x++) {
$currentBlock = DB_fetchArray($result2);
if ($currentBlock['name'] !== 'user_block' && $currentBlock['name'] !== 'admin_block' && $currentBlock['name'] !== 'section_block') {
$newBlocks .= $currentBlock['bid'];
if ($x != DB_numRows($result2)) {
$newBlocks .= ' ';
}
}
}
DB_query("UPDATE {$_TABLES['userindex']} SET boxes = '{$newBlocks}' WHERE uid = {$row['uid']}");
}
$currentGlVersion = '1.3.3';
$_SQL = array();
break;
case '1.3.3':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.3_to_1.3.4.php';
$this->updateDB($_SQL, $progress);
$currentGlVersion = '1.3.4';
$_SQL = array();
break;
case '1.3.4':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.4_to_1.3.5.php';
$this->updateDB($_SQL, $progress);
$result = DB_query("SELECT ft_id FROM {$_TABLES['features']} WHERE ft_name = 'user.mail'");
$row = DB_fetchArray($result);
$mail_ft = $row['ft_id'];
$result = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_name = 'Mail Admin'");
$row = DB_fetchArray($result);
$group_id = $row['grp_id'];
DB_query("INSERT INTO {$_TABLES['access']} (acc_grp_id, acc_ft_id) VALUES ({$group_id}, {$mail_ft})");
$currentGlVersion = '1.3.5';
$_SQL = array();
break;
case '1.3.5':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.5_to_1.3.6.php';
$this->updateDB($_SQL, $progress);
if (!empty($_DB_table_prefix)) {
DB_query("RENAME TABLE staticpage TO {$_TABLES['staticpage']}");
}
$currentGlVersion = '1.3.6';
$_SQL = array();
break;
case '1.3.6':
// fix wrong permissions value
DB_query("UPDATE {$_TABLES['topics']} SET perm_anon = 2 WHERE perm_anon = 3");
// check for existence of 'date' field in gl_links table
DB_query("SELECT date FROM {$_TABLES['links']}", 1);
if (strpos(DB_error(), 'date') > 0) {
DB_query("ALTER TABLE {$_TABLES['links']} ADD date datetime default NULL");
}
// Fix primary key so that more than one user can add an event
// to his/her personal calendar.
DB_query("ALTER TABLE {$_TABLES['personal_events']} DROP PRIMARY KEY, ADD PRIMARY KEY (eid,uid)");
$currentGlVersion = '1.3.7';
$_SQL = array();
break;
case '1.3.7':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.7_to_1.3.8.php';
$this->updateDB($_SQL, $progress);
// upgrade Static Pages plugin
$spVersion = $this->getStaticPagesVersion();
if ($spVersion == 1) {
// original version
DB_query("ALTER TABLE {$_TABLES['staticpage']} " . "ADD COLUMN group_id mediumint(8) unsigned DEFAULT '1'," . "ADD COLUMN owner_id mediumint(8) unsigned DEFAULT '1'," . "ADD COLUMN perm_owner tinyint(1) unsigned DEFAULT '3'," . "ADD COLUMN perm_group tinyint(1) unsigned DEFAULT '2'," . "ADD COLUMN perm_members tinyint(1) unsigned DEFAULT '2'," . "ADD COLUMN perm_anon tinyint(1) unsigned DEFAULT '2'," . "ADD COLUMN sp_php tinyint(1) unsigned DEFAULT '0'," . "ADD COLUMN sp_nf tinyint(1) unsigned DEFAULT '0'," . "ADD COLUMN sp_centerblock tinyint(1) unsigned NOT NULL default '0'," . "ADD COLUMN sp_tid varchar(20) NOT NULL default 'none'," . "ADD COLUMN sp_where tinyint(1) unsigned NOT NULL default '1'");
DB_query("INSERT INTO {$_TABLES['features']} (ft_name, ft_descr) VALUES ('staticpages.PHP','Ability to use PHP in static pages')");
$php_id = DB_insertId();
$group_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Static Page Admin'");
DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES ({$php_id}, {$group_id})");
} elseif ($spVersion == 2) {
// extended version by Phill or Tom
DB_query("ALTER TABLE {$_TABLES['staticpage']} " . "DROP COLUMN sp_pos," . "DROP COLUMN sp_search_keywords," . "ADD COLUMN sp_nf tinyint(1) unsigned DEFAULT '0'," . "ADD COLUMN sp_centerblock tinyint(1) unsigned NOT NULL default '0'," . "ADD COLUMN sp_tid varchar(20) NOT NULL default 'none'," . "ADD COLUMN sp_where tinyint(1) unsigned NOT NULL default '1'");
}
if ($spVersion > 0) {
// update plugin version number
DB_query("UPDATE {$_TABLES['plugins']} SET pi_version = '1.3', pi_gl_version = '1.3.8' WHERE pi_name = 'staticpages'");
// remove Static Pages 'lock' flag
DB_query("DELETE FROM {$_TABLES['vars']} WHERE name = 'staticpages'");
// remove Static Pages Admin group id
DB_query("DELETE FROM {$_TABLES['vars']} WHERE name = 'sp_group_id'");
if ($spVersion == 1) {
$result = DB_query("SELECT DISTINCT sp_uid FROM {$_TABLES['staticpage']}");
$authors = DB_numRows($result);
for ($i = 0; $i < $authors; $i++) {
$A = DB_fetchArray($result);
DB_query("UPDATE {$_TABLES['staticpage']} SET owner_id = '{$A['sp_uid']}' WHERE sp_uid = '{$A['sp_uid']}'");
}
}
$result = DB_query("SELECT sp_label FROM {$_TABLES['staticpage']} WHERE sp_title = 'Frontpage'");
if (DB_numRows($result) > 0) {
$A = DB_fetchArray($result);
if ($A['sp_label'] == 'nonews') {
DB_query("UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 1, sp_where = 0 WHERE sp_title = 'Frontpage'");
} elseif (!empty($A['sp_label'])) {
DB_query("UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 1, sp_title = '{$A['sp_label']}' WHERE sp_title = 'Frontpage'");
} else {
DB_query("UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 1 WHERE sp_title = 'Frontpage'");
}
}
}
$currentGlVersion = '1.3.8';
$_SQL = array();
break;
case '1.3.8':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.8_to_1.3.9.php';
$this->updateDB($_SQL, $progress);
$pos = strrpos($_CONF['rdf_file'], '/');
$filename = substr($_CONF['rdf_file'], $pos + 1);
$siteName = DB_escapeString($_CONF['site_name']);
$siteSlogan = DB_escapeString($_CONF['site_slogan']);
DB_query("INSERT INTO {$_TABLES['syndication']} (title, description, limits, content_length, filename, charset, language, is_enabled, updated, update_info) VALUES ('{$siteName}', '{$siteSlogan}', '{$_CONF['rdf_limit']}', {$_CONF['rdf_storytext']}, '{$filename}', '{$_CONF['default_charset']}', '{$_CONF['rdf_language']}', {$_CONF['backend']}, CURRENT_TIMESTAMP, NULL)");
// upgrade static pages plugin
$spVersion = $this->getStaticPagesVersion();
if ($spVersion > 0) {
if ($spVersion < 4) {
if (!isset($_SP_CONF['in_block'])) {
$_SP_CONF['in_block'] = 1;
} elseif ($_SP_CONF['in_block'] > 1) {
$_SP_CONF['in_block'] = 1;
} elseif ($_SP_CONF['in_block'] < 0) {
$_SP_CONF['in_block'] = 0;
}
DB_query("ALTER TABLE {$_TABLES['staticpage']} ADD COLUMN sp_inblock tinyint(1) unsigned DEFAULT '{$_SP_CONF['in_block']}'");
}
DB_query("UPDATE {$_TABLES['plugins']} SET pi_version = '1.4', pi_gl_version = '1.3.9' WHERE pi_name = 'staticpages'");
}
// recreate 'date' field for old links
$result = DB_query("SELECT lid FROM {$_TABLES['links']} WHERE date IS NULL");
$num = DB_numRows($result);
if ($num > 0) {
for ($i = 0; $i < $num; $i++) {
$A = DB_fetchArray($result);
$myYear = substr($A['lid'], 0, 4);
$myMonth = substr($A['lid'], 4, 2);
$myDay = substr($A['lid'], 6, 2);
$myHour = substr($A['lid'], 8, 2);
$myMin = substr($A['lid'], 10, 2);
$mySec = substr($A['lid'], 12, 2);
$mTime = mktime($myHour, $myMin, $mySec, $myMonth, $myDay, $myYear);
$date = date('Y-m-d H:i:s', $mTime);
DB_query("UPDATE {$_TABLES['links']} SET date = '{$date}' WHERE lid = '{$A['lid']}'");
}
}
// remove unused entries left over from deleted groups
$result = DB_query("SELECT grp_id FROM {$_TABLES['groups']}");
$num = DB_numRows($result);
$groups = array();
for ($i = 0; $i < $num; $i++) {
$A = DB_fetchArray($result);
$groups[] = $A['grp_id'];
}
$groupList = '(' . implode(',', $groups) . ')';
DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_main_grp_id NOT IN {$groupList}) OR (ug_grp_id NOT IN {$groupList})");
$currentGlVersion = '1.3.9';
$_SQL = array();
break;
case '1.3.9':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.9_to_1.3.10.php';
$this->updateDB($_SQL, $progress);
commentsToPreorderTree();
$result = DB_query("SELECT sid,introtext,bodytext FROM {$_TABLES['stories']}");
$numStories = DB_numRows($result);
for ($i = 0; $i < $numStories; $i++) {
$A = DB_fetchArray($result);
$related = DB_escapeString(implode("\n", UPDATE_extractLinks($A['introtext'] . ' ' . $A['bodytext'])));
if (empty($related)) {
DB_query("UPDATE {$_TABLES['stories']} SET related = NULL WHERE sid = '{$A['sid']}'");
} else {
DB_query("UPDATE {$_TABLES['stories']} SET related = '{$related}' WHERE sid = '{$A['sid']}'");
}
}
$spVersion = $this->getStaticPagesVersion();
if ($spVersion > 0) {
// no database changes this time, but set new version number
DB_query("UPDATE {$_TABLES['plugins']} SET pi_version = '1.4.1', pi_gl_version = '1.3.10' WHERE pi_name = 'staticpages'");
}
// install SpamX plugin
// (also handles updates from version 1.0)
install_spamx_plugin();
$currentGlVersion = '1.3.10';
$_SQL = array();
break;
case '1.3.10':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.10_to_1.3.11.php';
$this->updateDB($_SQL, $progress);
$currentGlVersion = '1.3.11';
$_SQL = array();
break;
case '1.3.11':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.11_to_1.4.0.php';
$this->updateDB($_SQL, $progress);
upgrade_addFeature();
upgrade_uniqueGroupNames();
$currentGlVersion = '1.4.0';
$_SQL = array();
break;
case '1.4.0':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.4.0_to_1.4.1.php';
$this->updateDB($_SQL, $progress);
upgrade_addSyndicationFeature();
upgrade_ensureLastScheduledRunFlag();
upgrade_plugins_141();
$currentGlVersion = '1.4.1';
$_SQL = array();
break;
case '1.4.1':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.4.1_to_1.5.0.php';
$this->updateDB($_SQL, $progress);
upgrade_addWebservicesFeature();
create_ConfValues();
require_once $_CONF['path_system'] . 'classes/config.class.php';
$config = config::get_instance();
if (file_exists($_CONF['path'] . 'config.php')) {
// Read the values from config.php and use them to populate conf_values
$tempPath = $_CONF['path'];
// We'll need this to remember what the correct path is.
// Including config.php will overwrite all our $_CONF values.
require $tempPath . 'config.php';
// Load some important values from config.php into conf_values
foreach ($_CONF as $key => $val) {
$config->set($key, $val);
}
if (!$this->setDefaultCharset($this->env['siteconfig_path'], $_CONF['default_charset'])) {
exit($this->LANG['INSTALL'][26] . ' ' . $this->env['siteconfig_path'] . $this->LANG['INSTALL'][58]);
}
require $this->env['siteconfig_path'];
require $this->env['dbconfig_path'];
}
// Update the GL configuration with the correct paths.
$config->set('path_html', $this->env['html_path']);
$config->set('path_log', $_CONF['path'] . 'logs/');
$config->set('path_language', $_CONF['path'] . 'language/');
$config->set('backup_path', $_CONF['path'] . 'backups/');
$config->set('path_data', $_CONF['path'] . 'data/');
$config->set('path_images', $this->env['html_path'] . 'images/');
$config->set('path_themes', $this->env['html_path'] . 'layout/');
$config->set('path_editors', $this->env['html_path'] . 'editors/');
$config->set('rdf_file', $this->env['html_path'] . 'backend/geeklog.rss');
$config->set('path_pear', $_CONF['path_system'] . 'pear/');
// core plugin updates are done in the plugins themselves
$currentGlVersion = '1.5.0';
$_SQL = array();
break;
case '1.5.0':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.5.0_to_1.5.1.php';
$this->updateDB($_SQL, $progress);
$currentGlVersion = '1.5.1';
$_SQL = array();
break;
case '1.5.1':
// there were no core database changes in 1.5.2
$currentGlVersion = '1.5.2';
$_SQL = array();
break;
case '1.5.2':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.5.2_to_1.6.0.php';
$this->updateDB($_SQL, $progress);
update_ConfValues();
upgrade_addNewPermissions();
upgrade_addIsoFormat();
$this->fixOptionalConfig();
$currentGlVersion = '1.6.0';
$_SQL = array();
break;
case '1.6.0':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.6.0_to_1.6.1.php';
$this->updateDB($_SQL, $progress);
update_ConfValuesFor161();
$currentGlVersion = '1.6.1';
$_SQL = array();
break;
case '1.6.1':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.6.1_to_1.7.0.php';
$this->updateDB($_SQL, $progress);
update_ConfValuesFor170();
$currentGlVersion = '1.7.0';
$_SQL = array();
break;
case '1.7.0':
$currentGlVersion = '1.7.2';
// skip ahead
$_SQL = array();
break;
case '1.7.1':
// there were no database changes in 1.7.1
// there were no database changes in 1.7.1
case '1.7.2':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.7.2_to_1.8.0.php';
$this->updateDB($_SQL, $progress);
update_ConfValuesFor180();
update_ConfigSecurityFor180();
update_UsersFor180();
$currentGlVersion = '1.8.0';
$_SQL = array();
break;
case '1.8.0':
case '1.8.1':
case '1.8.2':
// there were no database changes in 1.8.x
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.8.2_to_2.0.0.php';
$this->updateDB($_SQL, $progress);
update_ConfValuesFor200();
update_BlockTopicAssignmentsFor200();
update_StoryTopicAssignmentsFor200();
$currentGlVersion = '2.0.0';
$_SQL = array();
break;
case '2.0.0':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_2.0.0_to_2.1.0.php';
$this->updateDB($_SQL, $progress);
update_addFilemanager();
update_ConfValuesFor210();
$currentGlVersion = '2.1.0';
$_SQL = array();
break;
case '2.1.1':
require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_2.1.1_to_2.1.2.php';
$this->updateDB($_SQL, $progress);
update_ConfValuesFor212();
$currentGlVersion = '2.1.2';
$_SQL = array();
break;
default:
$done = true;
}
}
$this->setVersion($this->env['siteconfig_path']);
// delete the security check flag on every update to force the user
// to run admin/sectest.php again
DB_delete($_TABLES['vars'], 'name', 'security_check');
return true;
}
/**
* Tells a plugin to uninstall itself.
*
* @param string $type Plugin to uninstall
* @return boolean Returns true on success otherwise false
* @link http://wiki.geeklog.net/index.php/Plugin_Auto-Uninstall
*
*/
function PLG_uninstall($type)
{
global $_PLUGINS, $_TABLES;
if (empty($type)) {
return false;
}
if (function_exists('plugin_autouninstall_' . $type)) {
COM_errorLog("Auto-uninstalling plugin {$type}:", 1);
$function = 'plugin_autouninstall_' . $type;
$remvars = $function();
if (empty($remvars) || $remvars == false) {
return false;
}
// removing tables
if (isset($remvars['tables'])) {
$num_tables = count($remvars['tables']);
} else {
$num_tables = 0;
}
for ($i = 0; $i < $num_tables; $i++) {
if (isset($_TABLES[$remvars['tables'][$i]])) {
COM_errorLog("Dropping table {$_TABLES[$remvars['tables'][$i]]}", 1);
DB_query("DROP TABLE {$_TABLES[$remvars['tables'][$i]]}", 1);
COM_errorLog('...success', 1);
}
}
// removing variables
if (isset($remvars['vars'])) {
$num_vars = count($remvars['vars']);
} else {
$num_vars = 0;
}
for ($i = 0; $i < $num_vars; $i++) {
COM_errorLog("Removing variable {$remvars['vars'][$i]}", 1);
DB_delete($_TABLES['vars'], 'name', $remvars['vars'][$i]);
COM_errorLog('...success', 1);
}
// removing groups
if (isset($remvars['groups'])) {
$num_groups = count($remvars['groups']);
} else {
$num_groups = 0;
}
for ($i = 0; $i < $num_groups; $i++) {
$grp_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = '{$remvars['groups'][$i]}'");
if (!empty($grp_id)) {
COM_errorLog("Attempting to remove the {$remvars['groups'][$i]} group", 1);
DB_delete($_TABLES['groups'], 'grp_id', $grp_id);
COM_errorLog('...success', 1);
COM_errorLog("Attempting to remove the {$remvars['groups'][$i]} group from all groups.", 1);
DB_delete($_TABLES['group_assignments'], 'ug_main_grp_id', $grp_id);
COM_errorLog('...success', 1);
}
}
// removing features
if (isset($remvars['features'])) {
$num_features = count($remvars['features']);
} else {
$num_features = 0;
}
for ($i = 0; $i < $num_features; $i++) {
SEC_removeFeatureFromDB($remvars['features'][$i]);
}
// uninstall feeds
$sql = "SELECT filename FROM {$_TABLES['syndication']} WHERE type = '{$type}';";
$result = DB_query($sql);
$nrows = DB_numRows($result);
if ($nrows > 0) {
COM_errorLog('removing feed files', 1);
COM_errorLog($nrows . ' files stored in table.', 1);
for ($i = 0; $i < $nrows; $i++) {
$fcount = $i + 1;
$A = DB_fetchArray($result);
$fullpath = SYND_getFeedPath($A[0]);
if (file_exists($fullpath)) {
unlink($fullpath);
COM_errorLog("removed file {$fcount} of {$nrows}: {$fullpath}", 1);
} else {
COM_errorLog("cannot remove file {$fcount} of {$nrows}, it does not exist! ({$fullpath})", 1);
}
}
COM_errorLog('...success', 1);
// Remove Links Feeds from syndiaction table
COM_errorLog('removing links feeds from table', 1);
DB_delete($_TABLES['syndication'], 'type', $type);
COM_errorLog('...success', 1);
}
// remove comments for this plugin
COM_errorLog("Attempting to remove comments for {$type}", 1);
DB_delete($_TABLES['comments'], 'type', $type);
COM_errorLog('...success', 1);
// uninstall php-blocks
if (isset($remvars['php_blocks'])) {
$num_blocks = count($remvars['php_blocks']);
} else {
$num_blocks = 0;
}
for ($i = 0; $i < $num_blocks; $i++) {
DB_delete($_TABLES['blocks'], array('type', 'phpblockfn'), array('phpblock', $remvars['php_blocks'][$i]));
}
// remove config table data for this plugin
COM_errorLog("Attempting to remove config table records for group_name: {$type}", 1);
DB_delete($_TABLES['conf_values'], 'group_name', $type);
COM_errorLog('...success', 1);
// remove topic assignment table data for this plugin
COM_errorLog("Attempting to remove topic assignments table records for {$type}", 1);
DB_delete($_TABLES['topic_assignments'], 'type', $type);
COM_errorLog('...success', 1);
// uninstall the plugin
COM_errorLog("Attempting to unregister the {$type} plugin from Geeklog", 1);
DB_delete($_TABLES['plugins'], 'pi_name', $type);
COM_errorLog('...success', 1);
COM_errorLog("Finished uninstalling the {$type} plugin.", 1);
return true;
} else {
$retval = PLG_callFunctionForOnePlugin('plugin_uninstall_' . $type);
if ($retval === true) {
$plg = array_search($type, $_PLUGINS);
if ($plg !== false) {
unset($_PLUGINS[$plg]);
}
return true;
}
}
return false;
}
/**
* Helper function: Actual check of the security token
*
* @return boolean true if the token is valid and for this user.
* @access private
* @see SEC_checkToken
*/
function SECINT_checkToken()
{
global $_TABLES, $_USER, $_DB_dbms;
$token = '';
// Default to no token.
$return = false;
// Default to fail.
if (array_key_exists(CSRF_TOKEN, $_GET)) {
$token = COM_applyFilter($_GET[CSRF_TOKEN]);
} elseif (array_key_exists(CSRF_TOKEN, $_POST)) {
$token = COM_applyFilter($_POST[CSRF_TOKEN]);
}
if (trim($token) != '') {
$sql['mysql'] = "SELECT ((DATE_ADD(created, INTERVAL ttl SECOND) < NOW()) AND ttl > 0) as expired, owner_id, urlfor FROM " . "{$_TABLES['tokens']} WHERE token='{$token}'";
$sql['pgsql'] = "SELECT ((UNIX_TIMESTAMP(created) + ttl) < UNIX_TIMESTAMP() AND ttl > 0)::int4 as expired, owner_id, urlfor FROM " . "{$_TABLES['tokens']} WHERE token='{$token}'";
$tokens = DB_query($sql);
$numberOfTokens = DB_numRows($tokens);
if ($numberOfTokens != 1) {
$return = false;
// none, or multiple tokens. Both are invalid. (token is unique key...)
} else {
$tokendata = DB_fetchArray($tokens);
/* Check that:
* token's user is the current user.
* token is not expired.
* the http referer is the url for which the token was created.
*/
$uid = isset($_USER['uid']) ? $_USER['uid'] : 1;
if ($uid != $tokendata['owner_id']) {
$return = false;
} else {
if ($tokendata['urlfor'] != $_SERVER['HTTP_REFERER']) {
$return = false;
} else {
if ($tokendata['expired']) {
$return = false;
} else {
$return = true;
// Everything is AOK in only one condition...
}
}
}
// It's a one time token. So eat it.
DB_delete($_TABLES['tokens'], 'token', $token);
}
} else {
$return = false;
// no token.
}
return $return;
}
function upgrade_uniqueGroupNames()
{
global $_TABLES;
$groups = DB_count($_TABLES['groups']);
$result = DB_query("SELECT DISTINCT grp_name FROM {$_TABLES['groups']} ORDER BY grp_gl_core ASC");
$numGroups = DB_numRows($result);
if ($groups != $numGroups) {
// find and delete the duplicates
// first, prepare a list of all unique group names
$names = array();
for ($i = 0; $i < $numGroups; $i++) {
$A = DB_fetchArray($result);
$names[] = $A['grp_name'];
}
// then search for names that occur more than once
foreach ($names as $name) {
$result = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_name = '{$name}'");
$num = DB_numRows($result);
if ($num > 1) {
// we're going to keep the first entry - fetch and discard
$A = DB_fetchArray($result);
$num--;
for ($i = 0; $i < $num; $i++) {
list($grp_id) = DB_fetchArray($result);
DB_delete($_TABLES['access'], 'acc_grp_id', $grp_id);
DB_delete($_TABLES['group_assignments'], 'ug_grp_id', $grp_id);
DB_delete($_TABLES['group_assignments'], 'ug_main_grp_id', $grp_id);
DB_delete($_TABLES['groups'], 'grp_id', $grp_id);
}
// check if we already found all the duplicates
$groups -= $num;
if ($groups == $numGroups) {
break;
}
}
}
}
// make 'grp_name' a unique index
DB_query("ALTER TABLE {$_TABLES['groups']} DROP INDEX grp_name");
DB_query("ALTER TABLE {$_TABLES['groups']} ADD UNIQUE grp_name(grp_name)");
}
function LIB_delete($pi_name)
{
global $_CONF;
global $_TABLES;
$lang_box_admin = "LANG_" . strtoupper($pi_name) . "_ADMIN";
global ${$lang_box_admin};
$lang_box_admin = ${$lang_box_admin};
$table = $_TABLES[strtoupper($pi_name) . '_def_group'];
$id = COM_applyFilter($_POST['id'], true);
// CHECK
$err = "";
//category addtionfield check!!!
if ($err != "") {
$pagetitle = $lang_box_admin['err'];
$retval .= DATABOX_siteHeader($pi_name, '_admin', $page_title);
$retval .= COM_startBlock($lang_box_admin['err'], '', COM_getBlockTemplate('_msg_block', 'header'));
$retval .= $err;
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$retval .= DATABOX_siteFooter($pi_name, '_admin');
return $retval;
}
//
DB_delete($table, 'group_id', $id);
return COM_refresh($_CONF['site_admin_url'] . '/plugins/' . THIS_SCRIPT . '?msg=2');
}
function _userSetnewpwd()
{
global $_CONF, $_TABLES, $_USER, $LANG04;
$retval = '';
if (empty($_POST['passwd']) || $_POST['passwd'] != $_POST['passwd_conf']) {
echo COM_refresh($_CONF['site_url'] . '/users.php?mode=newpwd&uid=' . COM_applyFilter($_POST['uid'], true) . '&rid=' . COM_applyFilter($_POST['rid']));
} else {
$uid = COM_applyFilter($_POST['uid'], true);
$reqid = COM_sanitizeID(COM_applyFilter($_POST['rid']));
if (!empty($uid) && is_numeric($uid) && $uid > 1 && !empty($reqid) && strlen($reqid) == 16) {
$uid = (int) $uid;
$safereqid = DB_escapeString($reqid);
$valid = DB_count($_TABLES['users'], array('uid', 'pwrequestid'), array($uid, $safereqid));
if ($valid == 1) {
$passwd = SEC_encryptPassword($_POST['passwd']);
DB_change($_TABLES['users'], 'passwd', DB_escapeString($passwd), "uid", $uid);
DB_delete($_TABLES['sessions'], 'uid', $uid);
DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $uid);
echo COM_refresh($_CONF['site_url'] . '/users.php?msg=53');
} else {
// request invalid or expired
$retval .= COM_showMessage(54, '', '', 1, 'error');
$retval .= getpasswordform();
}
} else {
// this request doesn't make sense - ignore it
echo COM_refresh($_CONF['site_url']);
}
}
}
