function plugin_install_captcha() { global $pi_name, $pi_version, $gl_version, $pi_url, $NEWTABLE, $DEFVALUES, $NEWFEATURE; global $_TABLES, $_CONF, $LANG_CP00, $_DB_dbms; COM_errorLog("Attempting to install the {$pi_name} Plugin", 1); $_SQL['cp_config'] = "CREATE TABLE {$_TABLES['cp_config']} ( " . " `config_name` varchar(255) NOT NULL default '', " . " `config_value` varchar(255) NOT NULL default '', " . " PRIMARY KEY (`config_name`) " . " );"; $_SQL['cp_sessions'] = "CREATE TABLE {$_TABLES['cp_sessions']} ( " . " `session_id` varchar(40) NOT NULL default '', " . " `cptime` INT(11) NOT NULL default 0, " . " `validation` varchar(40) NOT NULL default '', " . " `counter` TINYINT(4) NOT NULL default 0, " . " PRIMARY KEY (`session_id`) " . " );"; foreach ($_SQL as $table => $sql) { COM_errorLog("Creating {$table} table", 1); DB_query($sql, 1); if (DB_error()) { COM_errorLog("Error Creating {$table} table", 1); plugin_uninstall_captcha(); return false; exit; } COM_errorLog("Success - Created {$table} table", 1); } $SQL_DEFAULTS = "INSERT INTO `{$_TABLES['cp_config']}` (`config_name`, `config_value`) VALUES " . " ('anonymous_only', '1'), " . " ('remoteusers','0'), " . " ('debug', '0'), " . " ('enable_comment', '0'), " . " ('enable_contact', '0'), " . " ('enable_emailstory', '0'), " . " ('enable_forum', '0'), " . " ('enable_registration', '0'), " . " ('enable_story', '0'), " . " ('gfxDriver', '2'), " . " ('gfxFormat', 'jpg'), " . " ('gfxPath', '');"; DB_query($SQL_DEFAULTS, 1); // Register the plugin with Geeklog COM_errorLog("Registering {$pi_name} plugin with Geeklog", 1); DB_delete($_TABLES['plugins'], 'pi_name', 'captcha'); DB_query("INSERT INTO {$_TABLES['plugins']} (pi_name, pi_version, pi_gl_version, pi_homepage, pi_enabled) " . "VALUES ('{$pi_name}', '{$pi_version}', '{$gl_version}', '{$pi_url}', 1)"); if (DB_error()) { COM_errorLog("Failure registering plugin with Geeklog"); plugin_uninstall_captcha(); return false; exit; } // Create initial log entry CAPTCHA_errorLog("CAPTCHA Plugin Successfully Installed"); COM_errorLog("Successfully installed the {$pi_name} Plugin!", 1); return true; }
/** * Constructor */ function display() { global $_CONF, $_TABLES, $LANG_SX00; $action = ''; if (isset($_GET['action'])) { $action = $_GET['action']; } elseif (isset($_POST['paction'])) { $action = $_POST['paction']; } if ($action == 'delete' && SEC_checkToken()) { $entry = $_GET['entry']; if (!empty($entry)) { $dbentry = addslashes($entry); DB_delete($_TABLES['spamx'], array('name', 'value'), array('HTTPHeader', $dbentry)); } } elseif ($action == $LANG_SX00['addentry'] && SEC_checkToken()) { $entry = ''; $name = COM_applyFilter($_REQUEST['header-name']); $n = explode(':', $name); $name = $n[0]; $value = $_REQUEST['header-value']; if (!empty($name) && !empty($value)) { $entry = $name . ': ' . $value; } $dbentry = addslashes($entry); if (!empty($entry)) { $result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('HTTPHeader','{$dbentry}')"); } } $token = SEC_createToken(); $display = '<hr' . XHTML . '>' . LB . '<p><b>'; $display .= $LANG_SX00['headerblack']; $display .= '</b></p>' . LB . '<ul>' . LB; $result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name='HTTPHeader' ORDER BY value"); $nrows = DB_numRows($result); for ($i = 0; $i < $nrows; $i++) { list($e) = DB_fetchArray($result); $display .= '<li>' . COM_createLink(htmlspecialchars($e), $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditHeader&action=delete&entry=' . urlencode($e) . '&' . CSRF_TOKEN . '=' . $token) . '</li>' . LB; } $display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB; $display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB; $display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditHeader">' . LB; $display .= '<table border="0" width="100%">' . LB; $display .= '<tr><td align="right"><b>Header:</b></td>' . LB; $display .= '<td><input type="text" size="40" name="header-name"' . XHTML . '> e.g. <tt>User-Agent</tt></td></tr>' . LB; $display .= '<tr><td align="right"><b>Content:</b></td>' . LB; $display .= '<td><input type="text" size="40" name="header-value"' . XHTML . '> e.g. <tt>Mozilla</tt></td></tr>' . LB; $display .= '</table>' . LB; $display .= '<p><input type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '"' . XHTML . '>'; $display .= '<input type="hidden" name="' . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . '></p>' . LB; $display .= '</form>' . LB; return $display; }
/** * Constructor */ function display() { global $_CONF, $_TABLES, $LANG_SX00; $action = ''; if (isset($_GET['action'])) { $action = $_GET['action']; } elseif (isset($_POST['paction'])) { $action = $_POST['paction']; } $entry = ''; if (isset($_GET['entry'])) { $entry = COM_stripslashes($_GET['entry']); } elseif (isset($_POST['pentry'])) { $entry = COM_stripslashes($_POST['pentry']); } if ($action == 'delete' && SEC_checkToken()) { $entry = DB_escapeString($entry); DB_delete($_TABLES['spamx'], array('name', 'value'), array('Personal', $entry)); } elseif ($action == $LANG_SX00['addentry'] && SEC_checkToken()) { if (!empty($entry)) { $entry = DB_escapeString($entry); $result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '{$entry}')"); } } elseif ($action == $LANG_SX00['addcen'] && SEC_checkToken()) { foreach ($_CONF['censorlist'] as $entry) { $entry = DB_escapeString($entry); $result = DB_query("INSERT INTO {$_TABLES['spamx']} VALUES ('Personal', '{$entry}')"); } } $token = SEC_createToken(); $display = '<hr' . XHTML . '>' . LB . '<p><b>'; $display .= $LANG_SX00['pblack']; $display .= '</b></p>' . LB . '<ul>' . LB; $result = DB_query("SELECT value FROM {$_TABLES['spamx']} WHERE name = 'Personal'"); $nrows = DB_numRows($result); for ($i = 0; $i < $nrows; $i++) { $A = DB_fetchArray($result); $e = $A['value']; $display .= '<li>' . COM_createLink(htmlspecialchars($e), $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditBlackList&action=delete&entry=' . urlencode($e) . '&' . CSRF_TOKEN . '=' . $token) . '</li>' . LB; } $display .= '</ul>' . LB . '<p>' . $LANG_SX00['e1'] . '</p>' . LB; $display .= '<p>' . $LANG_SX00['e2'] . '</p>' . LB; $display .= '<form method="post" action="' . $_CONF['site_admin_url'] . '/plugins/spamx/index.php?command=EditBlackList">' . LB; $display .= '<div><input type="text" size="30" name="pentry"' . XHTML . '> '; $display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addentry'] . '"' . XHTML . '>' . LB; $display .= '<p>' . $LANG_SX00['e3'] . '</p> '; $display .= '<input type="submit" name="paction" value="' . $LANG_SX00['addcen'] . '"' . XHTML . '>' . LB; $display .= '<input type="hidden" name="' . CSRF_TOKEN . "\" value=\"{$token}\"" . XHTML . '>' . LB; $display .= '</div></form>' . LB; return $display; }
/** * Add new config options * */ function update_ConfValues() { global $_CONF, $_TABLES; require_once $_CONF['path_system'] . 'classes/config.class.php'; // remove pdf_enabled option; this also makes room for new search options DB_delete($_TABLES['conf_values'], 'name', 'pdf_enabled'); // move num_search_results options DB_query("UPDATE {$_TABLES['conf_values']} SET sort_order = 651 WHERE sort_order = 670"); // change default for num_search_results $thirty = addslashes(serialize(30)); DB_query("UPDATE {$_TABLES['conf_values']} SET value = '{$thirty}', default_value = '{$thirty}' WHERE name = 'num_search_results'"); // fix censormode dropdown DB_query("UPDATE {$_TABLES['conf_values']} SET selectionArray = 18 WHERE name = 'censormode'"); $c = config::get_instance(); // new options $c->add('jpeg_quality', 75, 'text', 5, 23, NULL, 1495, FALSE); $c->add('advanced_html', array('img' => array('width' => 1, 'height' => 1, 'src' => 1, 'align' => 1, 'valign' => 1, 'border' => 1, 'alt' => 1)), '**placeholder', 7, 34, NULL, 1721, TRUE); // squeeze search options between 640 (lastlogin) and 680 (loginrequired) $c->add('fs_search', NULL, 'fieldset', 0, 6, NULL, 0, TRUE); $c->add('search_style', 'google', 'select', 0, 6, 19, 644, TRUE); $c->add('search_limits', '10,15,25,30', 'text', 0, 6, NULL, 647, TRUE); // see above: $c->add('num_search_results',30,'text',0,6,NULL,651,TRUE); $c->add('search_show_limit', TRUE, 'select', 0, 6, 1, 654, TRUE); $c->add('search_show_sort', TRUE, 'select', 0, 6, 1, 658, TRUE); $c->add('search_show_num', TRUE, 'select', 0, 6, 1, 661, TRUE); $c->add('search_show_type', TRUE, 'select', 0, 6, 1, 665, TRUE); $c->add('search_separator', ' > ', 'text', 0, 6, NULL, 668, TRUE); $c->add('search_def_keytype', 'phrase', 'select', 0, 6, 20, 672, TRUE); $c->add('search_use_fulltext', FALSE, 'hidden', 0, 6); // 675 // filename mask for db backup files $c->add('mysqldump_filename_mask', 'geeklog_db_backup_%Y_%m_%d_%H_%M_%S.sql', 'text', 0, 5, NULL, 185, TRUE); // DOCTYPE declaration, for {doctype} in header.thtml $c->add('doctype', 'html401strict', 'select', 2, 10, 21, 195, TRUE); // new comment options $c->add('comment_edit', 0, 'select', 4, 21, 0, 1680, TRUE); $c->add('commentsubmission', 0, 'select', 4, 21, 0, 1682, TRUE); $c->add('comment_edittime', 1800, 'text', 4, 21, NULL, 1684, TRUE); $c->add('article_comment_close_days', 30, 'text', 4, 21, NULL, 1686, TRUE); $c->add('comment_close_rec_stories', 0, 'text', 4, 21, NULL, 1688, TRUE); $c->add('allow_reply_notifications', 0, 'select', 4, 21, 0, 1689, TRUE); // cookie to store name of anonymous commenters $c->add('cookie_anon_name', 'anon_name', 'text', 7, 30, NULL, 577, TRUE); // enable/disable clickable links $c->add('clickable_links', 1, 'select', 7, 31, 1, 1753, TRUE); // experimental: compress output before sending it to the browser $c->add('compressed_output', 0, 'select', 7, 31, 1, 1756, TRUE); // for the X-FRAME-OPTIONS header (Clickjacking protection) $c->add('frame_options', 'DENY', 'select', 7, 31, 22, 1758, TRUE); return true; }
function MG_batchDeleteSession() { global $_MG_CONF, $_CONF, $_TABLES; if (!empty($_POST['sel'])) { $numItems = count($_POST['sel']); for ($i = 0; $i < $numItems; $i++) { DB_delete($_TABLES['mg_session_items'], 'session_id', $_POST['sel'][$i]); if (DB_error()) { COM_errorLog("Media Gallery Error: Error removing session items"); } DB_delete($_TABLES['mg_sessions'], 'session_id', $_POST['sel'][$i]); if (DB_error()) { COM_errorLog("Media Gallery Error: Error removing session"); } } } echo COM_refresh($_MG_CONF['admin_url'] . 'sessions.php'); exit; }
/** * Handle update to plugin version 1.6.0: introduce meta tags option * */ function update_ConfValues_1_6_0() { global $_CONF, $_TABLES, $_SP_DEFAULT; require_once $_CONF['path_system'] . 'classes/config.class.php'; $c = config::get_instance(); require_once $_CONF['path'] . 'plugins/staticpages/install_defaults.php'; // meta tag config options. $c->add('meta_tags', $_SP_DEFAULT['meta_tags'], 'select', 0, 0, 0, 120, true, 'staticpages'); // check for wrong Admin group name $wrong_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Static Pages Admin'"); // wrong name if (!empty($wrong_id)) { $grp_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Static Page Admin'"); // correct name if (empty($grp_id)) { // correct name not found - probably a fresh install: rename DB_query("UPDATE {$_TABLES['groups']} SET grp_name = 'Static Page Admin' WHERE grp_name = 'Static Pages Admin'"); } else { // both names exist: delete wrong group & assignments DB_delete($_TABLES['access'], 'acc_grp_id', $wrong_id); DB_delete($_TABLES['group_assignments'], 'ug_grp_id', $wrong_id); DB_delete($_TABLES['group_assignments'], 'ug_main_grp_id', $wrong_id); DB_delete($_TABLES['groups'], 'grp_name', 'Static Pages Admin'); } } // move Default Permissions fieldset DB_query("UPDATE {$_TABLES['conf_values']} SET fieldset = 3 WHERE (group_name = 'staticpages') AND (fieldset = 1)"); // What's New Block $c->add('fs_whatsnew', NULL, 'fieldset', 0, 1, NULL, 0, true, 'staticpages'); $c->add('newstaticpagesinterval', $_SP_DEFAULT['new_staticpages_interval'], 'text', 0, 1, NULL, 10, TRUE, 'staticpages'); $c->add('hidenewstaticpages', $_SP_DEFAULT['hide_new_staticpages'], 'select', 0, 1, 0, 20, TRUE, 'staticpages'); $c->add('title_trim_length', $_SP_DEFAULT['title_trim_length'], 'text', 0, 1, NULL, 30, TRUE, 'staticpages'); $c->add('includecenterblocks', $_SP_DEFAULT['include_centerblocks'], 'select', 0, 1, 0, 40, TRUE, 'staticpages'); $c->add('includephp', $_SP_DEFAULT['include_PHP'], 'select', 0, 1, 0, 50, TRUE, 'staticpages'); // Search Results $c->add('fs_search', NULL, 'fieldset', 0, 2, NULL, 0, true, 'staticpages'); $c->add('includesearch', $_SP_DEFAULT['include_search'], 'select', 0, 2, 0, 10, true, 'staticpages'); $c->add('includesearchcenterblocks', $_SP_DEFAULT['include_search_centerblocks'], 'select', 0, 2, 0, 20, TRUE, 'staticpages'); $c->add('includesearchphp', $_SP_DEFAULT['include_search_PHP'], 'select', 0, 2, 0, 30, TRUE, 'staticpages'); return true; }
/** * Delete a topic * * @param string $tid Topic ID * @return string HTML redirect * */ function deleteTopic($tid) { global $_CONF, $_TABLES, $_USER; $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid ='{$tid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); if ($access < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete topic {$tid}."); return COM_refresh($_CONF['site_admin_url'] . '/topic.php'); } // don't delete topic blocks - assign them to 'all' and disable them DB_query("UPDATE {$_TABLES['blocks']} SET tid = 'all', is_enabled = 0 WHERE tid = '{$tid}'"); // same with feeds DB_query("UPDATE {$_TABLES['syndication']} SET topic = '::all', is_enabled = 0 WHERE topic = '{$tid}'"); // delete comments, trackbacks, images associated with stories in this topic $result = DB_query("SELECT sid FROM {$_TABLES['stories']} WHERE tid = '{$tid}'"); $numStories = DB_numRows($result); for ($i = 0; $i < $numStories; $i++) { $A = DB_fetchArray($result); STORY_deleteImages($A['sid']); DB_delete($_TABLES['comments'], array('sid', 'type'), array($A['sid'], 'article')); DB_delete($_TABLES['trackback'], array('sid', 'type'), array($A['sid'], 'article')); } // delete these DB_delete($_TABLES['stories'], 'tid', $tid); DB_delete($_TABLES['storysubmission'], 'tid', $tid); DB_delete($_TABLES['topics'], 'tid', $tid); // update feed(s) and Older Stories block COM_rdfUpToDateCheck('article'); COM_olderStuff(); return COM_refresh($_CONF['site_admin_url'] . '/topic.php?msg=14'); }
function INSTALLER_install($A) { global $_TABLES; COM_errorLog("AutoInstall: **** Start Installation ****"); if (!isset($A['installer']) or $A['installer']['version'] != INSTALLER_VERSION) { COM_errorLog('AutoInstall: Invalid or Unknown installer version'); COM_errorLog("AutoInstall: **** END Installation ****"); return 2; } if (!isset($A['plugin'])) { COM_errorLog("AutoInstall: Missing plugin description!"); COM_errorLog("AutoInstall: **** END Installation ****"); return 1; } if (!isset($A['plugin']['name'])) { COM_errorLog("AutoInstall: Missing plugin name!"); COM_errorLog("AutoInstall: **** END Installation ****"); return 1; } if (!COM_checkVersion(GVERSION, $A['plugin']['gl_ver'])) { COM_errorLog("AutoInstall: Plugin requires glFusion v" . $A['plugin']['gl_ver'] . " or greater"); COM_errorLog("AutoInstall: **** END Installation ****"); return 1; } $pluginName = $A['plugin']['name']; $vars = array('__groups' => array(), '__features' => array(), '__blocks' => array()); $reverse = array(); foreach ($A as $meta => $step) { if ($meta === 'installer') { // must use === when since 0 == 'anystring' is true } elseif ($meta === 'plugin') { if (!isset($step['name'])) { COM_errorLog("AutoInstall: Missing plugin name!"); INSTALLER_fail($pluginName, $reverse); COM_errorLog("AutoInstall: **** END Installation ****"); return 1; } } else { $function = "INSTALLER_install_{$step['type']}"; if (function_exists($function)) { $result = $function($step, $vars); if (is_numeric($result)) { INSTALLER_fail($pluginName, $reverse); COM_errorLog("AutoInstall: **** END Installation ****"); return $result; } else { if (!empty($result)) { $reverse[] = $result; } } } else { $dump = var_dump($step); COM_errorLog('Can\'t process step: ' . $dump); INSTALLER_fail($pluginName, $reverse); COM_errorLog("AutoInstall: **** END Installation ****"); return 1; } } } $plugin = $A['plugin']; $cfgFunction = 'plugin_load_configuration_' . $plugin['name']; // Load the online configuration records if (function_exists($cfgFunction)) { if (!$cfgFunction()) { COM_errorLog("AutoInstall: Failed to load the default configuration"); INSTALLER_fail($pluginName, $reverse); COM_errorLog("AutoInstall: **** END Installation ****"); return 1; } } else { COM_errorLog("AutoInstall: No default config found: " . $cfgFunction); } // Finally, register the plugin with glFusion COM_errorLog("AutoInstall: Registering {$plugin['display']} plugin with glFusion", 1); // silently delete an existing entry DB_delete($_TABLES['plugins'], 'pi_name', $plugin['name']); DB_query("INSERT INTO {$_TABLES['plugins']} (pi_name, pi_version, pi_gl_version, pi_homepage, pi_enabled) " . "VALUES ('{$plugin['name']}', '{$plugin['ver']}', '{$plugin['gl_ver']}', '{$plugin['url']}', 1)", 1); // run any post install routines $postInstallFunction = 'plugin_postinstall_' . $plugin['name']; if (function_exists($postInstallFunction)) { $postInstallFunction(); } else { COM_errorLog("AutoInstall: No post installation routine found."); } COM_errorLog("AutoInstall: **** END Installation ****"); CTL_clearCache(); return 0; }
function MG_mediaResetRating($album_id, $media_id, $mqueue) { global $_MG_CONF, $_TABLES; DB_change($_TABLES['mg_media'], 'media_rating', 0, 'media_id', addslashes($media_id)); DB_change($_TABLES['mg_media'], 'media_votes', 0, 'media_id', addslashes($media_id)); DB_delete($_TABLES['mg_rating'], 'media_id', addslashes($media_id)); $retval = MG_mediaEdit($album_id, $media_id, $_MG_CONF['site_url'] . '/admin.php?mode=media&album_id=' . $album_id, $mqueue); return $retval; }
/** * Delete a poll * * @param string $pid ID of poll to delete * @return string HTML redirect * */ function deletePoll($pid) { global $_CONF, $_TABLES, $_USER; $pid = addslashes($pid); $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'"); $Q = DB_fetchArray($result); $access = SEC_hasAccess($Q['owner_id'], $Q['group_id'], $Q['perm_owner'], $Q['perm_group'], $Q['perm_members'], $Q['perm_anon']); if ($access < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete poll {$pid}."); return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php'); } DB_delete($_TABLES['polltopics'], 'pid', $pid); DB_delete($_TABLES['pollanswers'], 'pid', $pid); DB_delete($_TABLES['pollquestions'], 'pid', $pid); DB_delete($_TABLES['comments'], array('sid', 'type'), array($pid, 'polls')); PLG_itemDeleted($pid, 'polls'); return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=20'); }
} elseif (empty($version)) { $display .= INST_getAlertMsg($LANG_MIGRATE[45]); // TBD: add a link back to the install script, preferrably a direct // link to the upgrade screen $upgrade_error = true; } elseif ($version != VERSION) { $use_innodb = false; $db_engine = DB_getItem($_TABLES['vars'], 'value', "name = 'database_engine'"); if ($db_engine == 'InnoDB') { // we've migrated, probably to a different server // - so check InnoDB support again if (INST_innodbSupported()) { $use_innodb = true; } else { // no InnoDB support on this server DB_delete($_TABLES['vars'], 'name', 'database_engine'); } } if (!INST_doDatabaseUpgrades($version)) { $display .= INST_getAlertMsg(sprintf($LANG_MIGRATE[47], $version, VERSION)); $upgrade_error = true; } } if ($upgrade_error) { $display .= INST_getFooter(); echo $display; exit; } /** * Let's assume that the paths that were imported from the backup are * incorrect and update them with the current paths.
/** * Delete a topic * * @param string $tid Topic ID * @return string HTML redirect */ function deleteTopic($tid) { global $_CONF, $_TABLES, $_USER, $_TOPICS; $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid ='{$tid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); if ($access < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete topic {$tid}."); COM_redirect($_CONF['site_admin_url'] . '/topic.php'); } // Update any child topics to root and un hide them DB_query("UPDATE {$_TABLES['topics']} SET parent_id = '" . TOPIC_ROOT . "', hidden = 0 WHERE parent_id = '{$tid}'"); // same with feeds DB_query("UPDATE {$_TABLES['syndication']} SET topic = '::all', is_enabled = 0 WHERE topic = '{$tid}'"); // Need to cycle through stories from topic // Only delete story if only this one topic // Make sure to check if this topic is default for story. If is make another topic default. $object_tables[] = $_TABLES['stories']; $object_tables[] = $_TABLES['storysubmission']; $object_tables[] = $_TABLES['blocks']; $object_tables_id[$_TABLES['stories']] = 'sid'; $object_tables_id[$_TABLES['storysubmission']] = 'sid'; $object_tables_id[$_TABLES['blocks']] = 'bid'; $object_type[$_TABLES['stories']] = 'article'; $object_type[$_TABLES['storysubmission']] = 'article'; $object_type[$_TABLES['blocks']] = 'block'; foreach ($object_tables as $object_table) { $sql = "SELECT {$object_tables_id[$object_table]}, ta.tdefault\n FROM {$object_table}, {$_TABLES['topic_assignments']} ta\n WHERE ta.type = '{$object_type[$object_table]}' AND ta.id = CAST({$object_tables_id[$object_table]} AS CHAR) AND ta.tid = '{$tid}'"; $result = DB_query($sql); $numStories = DB_numRows($result); for ($i = 0; $i < $numStories; $i++) { $A = DB_fetchArray($result); // Now check if another topic exists for this story $sql = "SELECT {$object_tables_id[$object_table]}, ta.tid\n FROM {$object_table}, {$_TABLES['topic_assignments']} ta\n WHERE ta.type = '{$object_type[$object_table]}' AND ta.id = {$object_tables_id[$object_table]}\n AND ta.tid <> '{$tid}' AND {$object_tables_id[$object_table]} = '{$A[$object_tables_id[$object_table]]}'"; $resultB = DB_query($sql); $numTopics = DB_numRows($resultB); if ($numTopics == 0) { // Delete comments, trackbacks, images associated with stories in this topic since only topic if ($object_table == $_TABLES['stories'] || $object_table == $_TABLES['storysubmission']) { STORY_deleteImages($A['sid']); DB_delete($_TABLES['comments'], array('sid', 'type'), array($A['sid'], 'article')); DB_delete($_TABLES['trackback'], array('sid', 'type'), array($A['sid'], 'article')); if ($object_table == $_TABLES['stories']) { PLG_itemDeleted($A['sid'], 'article'); } } DB_delete($object_table, $object_tables_id[$object_table], $A[$object_tables_id[$object_table]]); } else { // Story still exists for other topics so make sure one is default if ($object_table == $_TABLES['stories'] || $object_table == $_TABLES['storysubmission']) { if ($A['tdefault'] == 1) { $B = DB_fetchArray($resultB); $sql = "UPDATE {$_TABLES['topic_assignments']} SET tdefault = 1 WHERE type = 'article' AND tid = '{$B['tid']}' AND id = '{$B['sid']}'"; DB_query($sql); } } } } } // Notify of Delete topic so other plugins can deal with their items without topics PLG_itemDeleted($tid, 'topic'); // delete these DB_delete($_TABLES['topic_assignments'], 'tid', $tid); DB_delete($_TABLES['topics'], 'tid', $tid); // Reorder Topics, Delete topic cache and reload topic tree reorderTopics(); // update feed(s) COM_rdfUpToDateCheck('article'); COM_redirect($_CONF['site_admin_url'] . '/topic.php?msg=14'); }
function migrate_deletestory($sid) { global $_TABLES, $_CONF; $result = DB_query("SELECT ai_filename FROM {$_TABLES['article_images']} WHERE ai_sid='" . DB_escapeString($sid) . "'"); $nrows = DB_numRows($result); for ($i = 1; $i <= $nrows; $i++) { $A = DB_fetchArray($result); $filename = $_CONF['path_html'] . 'images/articles/' . $A['ai_filename']; if (!@unlink($filename)) { // log the problem but don't abort the script COM_errorLog('Unable to remove the following image from the article: ' . $filename); } // remove unscaled image, if it exists $lFilename_large = substr_replace($A['ai_filename'], '_original.', strrpos($A['ai_filename'], '.'), 1); $lFilename_large_complete = $_CONF['path_html'] . 'images/articles/' . $lFilename_large; if (file_exists($lFilename_large_complete)) { if (!@unlink($lFilename_large_complete)) { // ;og the problem but don't abort the script COM_errorLog('Unable to remove the following image from the article: ' . $lFilename_large_complete); } } } DB_delete($_TABLES['article_images'], 'ai_sid', DB_escapeString($sid)); DB_delete($_TABLES['comments'], 'sid', DB_escapeString($sid)); DB_delete($_TABLES['stories'], 'sid', DB_escapeString($sid)); // update RSS feed and Older Stories block COM_rdfUpToDateCheck(); COM_olderStuff(); return; }
/** * Delete a route * * @param int $rid id of block to delete * @return string HTML redirect or error message */ function deleteRoute($rid) { global $_CONF, $_TABLES; $rid = intval($rid, 10); DB_delete($_TABLES['routes'], 'rid', $rid); reorderRoutes(); return COM_refresh($_CONF['site_admin_url'] . '/router.php?msg=123'); }
function LIB_Deleteconfig($pi_name, $config) { COM_errorLog("[" . strtoupper($pi_name) . "] configuration delete"); global $_TABLES; $group = $pi_name; DB_delete($_TABLES['conf_values'], 'group_name', $group); unset($config->config_array[$group]); $box_conf = "_" . strtoupper($pi_name) . "_CONF"; global ${$box_conf}; ${$box_conf} = array(); $display .= "..........{$pi_name} Config Delete" . "<br>"; return $display; }
if (isset($_POST['type'])) { $type = COM_applyFilter($_POST['type']); } if (!isset($sid) || empty($sid)) { COM_errorLog('Attempted to delete story sid=' . $sid); echo COM_refresh($_CONF['site_admin_url'] . '/story.php'); } else { if ($type == 'submission') { if (TOPIC_hasMultiTopicAccess('article', $sid) < 3) { COM_accessLog("User {$_USER['username']} tried to illegally delete story submission {$sid}."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); } else { if (SEC_checkToken()) { // Delete Topic Assignments for this submission TOPIC_deleteTopicAssignments('article', $sid); DB_delete($_TABLES['storysubmission'], 'sid', $sid, $_CONF['site_admin_url'] . '/moderation.php'); } else { COM_accessLog("User {$_USER['username']} tried to illegally delete story submission {$sid} and failed CSRF checks."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); } } } else { if (SEC_checkToken()) { echo STORY_deleteStory($sid); } else { COM_accessLog("User {$_USER['username']} tried to delete story and failed CSRF checks {$sid}."); echo COM_refresh($_CONF['site_admin_url'] . '/index.php'); } } } } else {
function links_delete_category($cid) { global $_TABLES, $LANG_LINKS_ADMIN; $cid = addslashes($cid); if (DB_count($_TABLES['linkcategories'], 'cid', $cid) > 0) { // item exists so check access rights $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,\n perm_members,perm_anon FROM {$_TABLES['linkcategories']}\n WHERE cid='{$cid}'"); $A = DB_fetchArray($result); $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']); if ($access > 2) { // has edit rights // Check for subfolders and sublinks $sf = DB_count($_TABLES['linkcategories'], 'pid', $cid); $sl = DB_count($_TABLES['links'], 'cid', $cid); if ($sf == 0 && $sl == 0) { // No subfolder/links so OK to delete DB_delete($_TABLES['linkcategories'], 'cid', $cid); PLG_itemDeleted($cid, 'links.category'); return 13; } else { // Subfolders and/or sublinks exist so return a message return 14; } } else { // no access return 15; COM_accessLog(sprintf($LANG_LINKS_ADMIN[46], $_USER['username'])); } } else { // no such category return 16; } }
/** * Delete an existing static page * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @param string &svc_msg OUTPUT parameter containing any service messages * @return int Response code as defined in lib-plugins.php */ function service_delete_staticpages($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC; $output = COM_refresh($_CONF['site_admin_url'] . '/plugins/staticpages/index.php?msg=20'); if (empty($args['sp_id']) && !empty($args['id'])) { $args['sp_id'] = $args['id']; } // Apply filters to the parameters passed by the webservice if ($args['gl_svc']) { $args['sp_id'] = COM_applyBasicFilter($args['sp_id']); $args['mode'] = COM_applyBasicFilter($args['mode']); } $sp_id = $args['sp_id']; if (!SEC_hasRights('staticpages.delete')) { $output = COM_siteHeader('menu', $LANG_STATIC['access_denied']); $output .= COM_startBlock($LANG_STATIC['access_denied'], '', COM_getBlockTemplate('_msg_block', 'header')); $output .= $LANG_STATIC['access_denied_msg']; $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $output .= COM_siteFooter(); if ($_USER['uid'] > 1) { return PLG_RET_PERMISSION_DENIED; } else { return PLG_RET_AUTH_FAILED; } } // If a staticpage template, remove any use of the file if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_id}'") == 1) { $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_id}'"; $result = DB_query($sql); } DB_delete($_TABLES['staticpage'], 'sp_id', $sp_id); DB_delete($_TABLES['comments'], array('sid', 'type'), array($sp_id, 'staticpages')); PLG_itemDeleted($sp_id, 'staticpages'); return PLG_RET_OK; }
/** * Optimize database tables * * @param string $startwith table to start with * @param int $failures number of previous errors * @return int number of errors during conversion * */ function DBADMIN_dooptimize($startwith = '', $failures = 0) { global $_CONF, $_TABLES; $retval = ''; $start = time(); $lasttable = DB_getItem($_TABLES['vars'], 'value', "name = 'lastoptimizedtable'"); if (empty($startwith) && !empty($lasttable)) { $startwith = $lasttable; } $maxtime = @ini_get('max_execution_time'); if (empty($maxtime)) { // unlimited or not allowed to query - assume 30 second default $maxtime = 30; } $maxtime -= 5; DB_displayError(true); $token = ''; // SEC_createToken(); $result = DB_query("SHOW TABLES"); $numTables = DB_numRows($result); for ($i = 0; $i < $numTables; $i++) { $A = DB_fetchArray($result, true); $table = $A[0]; if (in_array($table, $_TABLES)) { if (!empty($startwith)) { if ($table == $startwith) { $startwith = ''; } else { continue; // already handled - skip } if (!empty($lasttable) && $lasttable == $table) { continue; // skip } } if (time() > $start + $maxtime) { // this is taking too long - kick off another request $startwith = $table; $url = $_CONF['site_admin_url'] . '/database.php?dooptimize=x'; if (!empty($token)) { $token = '&' . CSRF_TOKEN . '=' . $token; } header("Location: {$url}&startwith={$startwith}&failures={$failures}" . $token); exit; } if (empty($lasttable)) { DB_query("INSERT INTO {$_TABLES['vars']} (name, value) VALUES ('lastoptimizedtable', '{$table}')"); $lasttable = $table; } else { DB_query("UPDATE {$_TABLES['vars']} SET value = '{$table}' WHERE name = 'lastoptimizedtable'"); } $optimize = DB_query("OPTIMIZE TABLE {$table}", 1); if ($optimize === false) { $failures++; COM_errorLog('SQL error for table "' . $table . '" (ignored): ' . DB_error()); $startwith = $table; $url = $_CONF['site_admin_url'] . '/database.php?dooptimize=x'; if (!empty($token)) { $token = '&' . CSRF_TOKEN . '=' . $token; } header("Location: {$url}&startwith={$startwith}&failures={$failures}" . $token); exit; } } } DB_delete($_TABLES['vars'], 'name', 'lastoptimizedtable'); DB_delete($_TABLES['vars'], 'name', 'lastoptimizeddb'); DB_query("INSERT INTO {$_TABLES['vars']} (name, value) VALUES ('lastoptimizeddb', FROM_UNIXTIME(" . time() . "))"); return $failures; }
function MG_watermarkDelete($actionURL = '') { global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03; $root_album = new mgAlbum(0); // check permissions... if ($root_album->access != 3 && !$root_album->owner_id) { COM_errorLog("Someone has tried to illegally save a watermark image in Media Gallery. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1); return COM_showMessageText($LANG_MG00['access_denied_msg']); } $numItems = count($_POST['sel']); for ($i = 0; $i < $numItems; $i++) { $wm_id = COM_applyFilter($_POST['sel'][$i], true); $filename = DB_getItem($_TABLES['mg_watermarks'], 'filename', 'wm_id="' . intval($wm_id) . '"'); if ($filename != "") { DB_delete($_TABLES['mg_watermarks'], 'wm_id', intval($wm_id)); if (DB_error()) { COM_errorLog("MG Admin: Error removing watermark"); } @unlink($_MG_CONF['path_html'] . 'watermarks/' . $filename); // now check and see if this is assigned to any albums.... $sql = "SELECT album_id FROM {$_TABLES['mg_albums']} WHERE wm_id='" . intval($wm_id) . "'"; $result = DB_query($sql); $nRows = DB_numRows($result); if ($nRows > 0) { $row = DB_fetchArray($result); DB_change($_TABLES['mg_albums'], 'wm_id', 0, 'album_id', $row['album_id']); } } } echo COM_refresh($actionURL); exit; }
/** * Do the actual plugin auto install * * @param string $plugin Plugin name * @param array $inst_parms Installation parameters for the plugin * @param boolean $verbose true: enable verbose logging * @return boolean true on success, false otherwise * */ function plugin_do_autoinstall($plugin, $inst_parms, $verbose = true) { global $_CONF, $_TABLES, $_USER, $_DB_dbms, $_DB_table_prefix; $base_path = $_CONF['path'] . 'plugins/' . $plugin . '/'; if ($verbose) { COM_errorLog("Attempting to install the '{$plugin}' plugin", 1); } // sanity checks in $inst_parms if (isset($inst_parms['info'])) { $pi_name = $inst_parms['info']['pi_name']; $pi_version = $inst_parms['info']['pi_version']; $pi_gl_version = $inst_parms['info']['pi_gl_version']; $pi_homepage = $inst_parms['info']['pi_homepage']; } if (empty($pi_name) || $pi_name != $plugin || empty($pi_version) || empty($pi_gl_version) || empty($pi_homepage)) { COM_errorLog('Incomplete plugin info', 1); return false; } // add plugin tables, if any if (!empty($inst_parms['tables'])) { $tables = $inst_parms['tables']; foreach ($tables as $table) { $_TABLES[$table] = $_DB_table_prefix . $table; } } // Create the plugin's group(s), if any $groups = array(); $admin_group_id = 0; if (!empty($inst_parms['groups'])) { $groups = $inst_parms['groups']; foreach ($groups as $name => $desc) { if ($verbose) { COM_errorLog("Attempting to create '{$name}' group", 1); } $grp_name = addslashes($name); $grp_desc = addslashes($desc); $sql = array(); $sql['pgsql'] = "INSERT INTO {$_TABLES['groups']} (grp_id,grp_name, grp_descr) VALUES ((SELECT NEXTVAL('{$_TABLES['groups']}_grp_id_seq')),'{$grp_name}', '{$grp_desc}')"; $sql['mysql'] = "INSERT INTO {$_TABLES['groups']} (grp_name, grp_descr) VALUES ('{$grp_name}', '{$grp_desc}')"; $sql['mssql'] = "INSERT INTO {$_TABLES['groups']} (grp_name, grp_descr) VALUES ('{$grp_name}', '{$grp_desc}')"; DB_query($sql, 1); if (DB_error()) { COM_errorLog('Error creating plugin group', 1); PLG_uninstall($plugin); return false; } // keep the new group's ID for use in the mappings section (below) $groups[$name] = DB_insertId(); // assume that the first group is the plugin's Admin group if ($admin_group_id == 0) { $admin_group_id = $groups[$name]; } } } // Create the plugin's table(s) $_SQL = array(); $DEFVALUES = array(); if (file_exists($base_path . 'sql/' . $_DB_dbms . '_install.php')) { require_once $base_path . 'sql/' . $_DB_dbms . '_install.php'; } if (count($_SQL) > 0) { $use_innodb = false; if ($_DB_dbms == 'mysql' && DB_getItem($_TABLES['vars'], 'value', "name = 'database_engine'") == 'InnoDB') { $use_innodb = true; } foreach ($_SQL as $sql) { $sql = str_replace('#group#', $admin_group_id, $sql); if ($use_innodb) { $sql = str_replace('MyISAM', 'InnoDB', $sql); } DB_query($sql); if (DB_error()) { COM_errorLog('Error creating plugin table', 1); PLG_uninstall($plugin); return false; } } } // Add the plugin's features if ($verbose) { COM_errorLog("Attempting to add '{$plugin}' features", 1); } $features = array(); $mappings = array(); if (!empty($inst_parms['features'])) { $features = $inst_parms['features']; if (!empty($inst_parms['mappings'])) { $mappings = $inst_parms['mappings']; } foreach ($features as $feature => $desc) { $ft_name = addslashes($feature); $ft_desc = addslashes($desc); $sql = array(); $sql['pgsql'] = "INSERT INTO {$_TABLES['features']} (ft_id,ft_name, ft_descr)\n VALUES ((SELECT nextval('{$_TABLES['features']}_ft_id_seq')),'{$ft_name}', '{$ft_desc}')"; $sql['mysql'] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr)\n VALUES ('{$ft_name}', '{$ft_desc}')"; $sql['mysql'] = "INSERT INTO {$_TABLES['features']} (ft_name, ft_descr)\n VALUES ('{$ft_name}', '{$ft_desc}')"; DB_query($sql, 1); if (DB_error()) { COM_errorLog('Error adding plugin feature', 1); PLG_uninstall($plugin); return false; } $feat_id = DB_insertId(); if (isset($mappings[$feature])) { foreach ($mappings[$feature] as $group) { if ($verbose) { COM_errorLog("Adding '{$feature}' feature to the '{$group}' group", 1); } DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES ({$feat_id}, {$groups[$group]})"); if (DB_error()) { COM_errorLog('Error mapping plugin feature', 1); PLG_uninstall($plugin); return false; } } } } } // Add plugin's Admin group to the Root user group // (assumes that the Root group's ID is always 1) if (count($groups) > 0) { if ($verbose) { COM_errorLog("Attempting to give all users in the Root group access to the '{$plugin}' Admin group", 1); } foreach ($groups as $key => $value) { DB_query("INSERT INTO {$_TABLES['group_assignments']} VALUES " . "({$value}, NULL, 1)"); if (DB_error()) { COM_errorLog('Error adding plugin admin group to Root group', 1); PLG_uninstall($plugin); return false; } } } // Pre-populate tables or run any other SQL queries if (count($DEFVALUES) > 0) { if ($verbose) { COM_errorLog('Inserting default data', 1); } foreach ($DEFVALUES as $sql) { $sql = str_replace('#group#', $admin_group_id, $sql); DB_query($sql, 1); if (DB_error()) { COM_errorLog('Error adding plugin default data', 1); PLG_uninstall($plugin); return false; } } } // Load the online configuration records $load_config = 'plugin_load_configuration_' . $plugin; if (function_exists($load_config)) { if (!$load_config($plugin)) { COM_errorLog('Error loading plugin configuration', 1); PLG_uninstall($plugin); return false; } require_once $_CONF['path'] . 'system/classes/config.class.php'; $config =& config::get_instance(); $config->initConfig(); // force re-reading, including new plugin conf } // Finally, register the plugin with Geeklog if ($verbose) { COM_errorLog("Registering '{$plugin}' plugin", 1); } // silently delete an existing entry DB_delete($_TABLES['plugins'], 'pi_name', $plugin); DB_query("INSERT INTO {$_TABLES['plugins']} (pi_name, pi_version, pi_gl_version, pi_homepage, pi_enabled) VALUES " . "('{$plugin}', '{$pi_version}', '{$pi_gl_version}', '{$pi_homepage}', 1)"); if (DB_error()) { COM_errorLog('Failed to register plugin', 1); PLG_uninstall($plugin); return false; } // give the plugin a chance to perform any post-install operations $post_install = 'plugin_postinstall_' . $plugin; if (function_exists($post_install)) { if (!$post_install($plugin)) { COM_errorLog('Plugin postinstall failed', 1); PLG_uninstall($plugin); return false; } } if ($verbose) { COM_errorLog("Successfully installed the '{$plugin}' plugin!", 1); } // load plugin here already, for any plugins wanting to act on // PLG_pluginStateChange($plugin, 'installed') when we return from here require_once $_CONF['path'] . 'plugins/' . $plugin . '/functions.inc'; return true; }
/** * Performs story exclusive work for items deleted by moderation * While moderation.php handles the actual removal from the submission * table, within this function we handle all other deletion related tasks * * @param string $sid Identifying string, i.e. the story id * @return string Any wanted HTML output */ function plugin_moderationdelete_story($sid) { global $_TABLES; TOPIC_deleteTopicAssignments('article', $sid); DB_delete($_TABLES['storysubmission'], 'sid', $sid); return ''; }
/** * Delete an existing static page * * @param array args Contains all the data provided by the client * @param string &output OUTPUT parameter containing the returned text * @param string &svc_msg OUTPUT parameter containing any service messages * @return int Response code as defined in lib-plugins.php */ function service_delete_staticpages($args, &$output, &$svc_msg) { global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN; if (empty($args['sp_id']) && !empty($args['id'])) { $args['sp_id'] = $args['id']; } // Apply filters to the parameters passed by the webservice if ($args['gl_svc']) { $args['sp_id'] = COM_applyBasicFilter($args['sp_id']); $args['mode'] = COM_applyBasicFilter($args['mode']); } $sp_id = $args['sp_id']; if (!SEC_hasRights('staticpages.delete')) { $output = COM_siteHeader('menu', $LANG_STATIC['access_denied']); $output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied'], true); $output .= COM_siteFooter(); if (!COM_isAnonUser()) { return PLG_RET_PERMISSION_DENIED; } else { return PLG_RET_AUTH_FAILED; } } DB_delete($_TABLES['staticpage'], 'sp_id', $sp_id); DB_delete($_TABLES['comments'], array('sid', 'type'), array($sp_id, 'staticpages')); PLG_itemDeleted($sp_id, 'staticpages'); $output = COM_refresh($_CONF['site_admin_url'] . '/plugins/staticpages/index.php'); return PLG_RET_OK; }
/** * Recursivly deletes all albums and child albums * * @param int album_id album id to delete * @return int true for success or false for failure * */ function MG_MassdeleteChildAlbums($album_id) { global $_CONF, $_MG_CONF, $_TABLES, $_USER; $sql = "SELECT * FROM {$_TABLES['mg_albums']} WHERE album_parent=" . $album_id; $aResult = DB_query($sql); $rowCount = DB_numRows($aResult); for ($z = 0; $z < $rowCount; $z++) { $row = DB_fetchArray($aResult); MG_MassdeleteChildAlbums($row['album_id']); } $sql = "SELECT ma.media_id, m.media_filename, m.media_mime_ext\n FROM " . $_TABLES['mg_media_albums'] . " as ma LEFT JOIN " . $_TABLES['mg_media'] . " as m ON ma.media_id=m.media_id\n WHERE ma.album_id = " . $album_id; $result = DB_query($sql); $nRows = DB_numRows($result); $mediarow = array(); for ($i = 0; $i < $nRows; $i++) { $row = DB_fetchArray($result); $mediarow[] = $row; } if (count($mediarow) != 0) { for ($i = 0; $i < count($mediarow); $i++) { $sql = "SELECT COUNT(media_id) AS count FROM " . $_TABLES['mg_media_albums'] . " WHERE media_id = '" . $mediarow[$i]['media_id'] . "'"; $result = DB_query($sql); $row = DB_fetchArray($result); if ($row['count'] <= 1) { @unlink($_MG_CONF['path_mediaobjects'] . 'tn/' . $mediarow[$i]['media_filename'][0] . '/' . $mediarow[$i]['media_filename'] . '.jpg'); @unlink($_MG_CONF['path_mediaobjects'] . 'disp/' . $mediarow[$i]['media_filename'][0] . '/' . $mediarow[$i]['media_filename'] . '.jpg'); @unlink($_MG_CONF['path_mediaobjects'] . 'orig/' . $mediarow[$i]['media_filename'][0] . '/' . $mediarow[$i]['media_filename'] . '.' . $mediarow[$i]['media_mime_ext']); $sql = "DELETE FROM " . $_TABLES['mg_media'] . " WHERE media_id = '" . $mediarow[$i]['media_id'] . "'"; DB_query($sql); DB_delete($_TABLES['comments'], 'sid', $mediarow[$i]['media_id']); DB_delete($_TABLES['mg_playback_options'], 'media_id', $mediarow[$i]['media_id']); } } } $sql = "DELETE FROM " . $_TABLES['mg_media_albums'] . " WHERE album_id = " . $album_id; DB_query($sql); $sql = "DELETE FROM " . $_TABLES['mg_albums'] . " WHERE album_id = " . $album_id; DB_query($sql); $feedname = sprintf($_MG_CONF['rss_feed_name'] . "%06d", $album_id); @unlink($_MG_CONF['path_html'] . 'rss/' . $feedname . '.rdf'); }
/** * Perform database upgrades * * @param string $currentGlVersion Current Geeklog version * @return bool True if successful */ private function doDatabaseUpgrades($currentGlVersion) { global $_TABLES, $_CONF, $_SP_CONF, $_DB, $_DB_dbms, $_DB_table_prefix; $_DB->setDisplayError(true); // Because the upgrade sql syntax can vary from dbms-to-dbms we are // leaving that up to each Geeklog database driver $done = false; $progress = ''; $_SQL = array(); while (!$done) { switch ($currentGlVersion) { case '1.2.5-1': // Get DMBS-specific update sql require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.2.5-1_to_1.3.php'; $this->updateDB($_SQL, $progress); // OK, now we need to add all users except anonymous to the All Users group and Logged in users group // I can hard-code these group numbers because the group table was JUST created with these numbers $result = DB_query("SELECT uid FROM {$_TABLES['users']} WHERE uid <> 1"); $numRows = DB_numRows($result); for ($i = 1; $i <= $numRows; $i++) { $U = DB_fetchArray($result); DB_query("INSERT INTO {$_TABLES['group_assignments']} VALUES (2, {$U['uid']}, NULL)"); DB_query("INSERT INTO {$_TABLES['group_assignments']} VALUES (13, {$U['uid']}, NULL)"); } // Now take care of any orphans off the user table...and let me curse MySQL lack for supporting foreign // keys at this time ;-) $result = DB_query("SELECT MAX(uid) FROM {$_TABLES['users']}"); $ITEM = DB_fetchArray($result); $max_uid = $ITEM[0]; if (!empty($max_uid) && $max_uid != 0) { DB_query("DELETE FROM {$_TABLES['userindex']} WHERE uid > {$max_uid}"); DB_query("DELETE FROM {$_TABLES['userinfo']} WHERE uid > {$max_uid}"); DB_query("DELETE FROM {$_TABLES['userprefs']} WHERE uid > {$max_uid}"); DB_query("DELETE FROM {$_TABLES['usercomment']} WHERE uid > {$max_uid}"); } $currentGlVersion = '1.3'; $_SQL = array(); break; case '1.3': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3_to_1.3.1.php'; $this->updateDB($_SQL, $progress); $currentGlVersion = '1.3.1'; $_SQL = array(); break; case '1.3.1': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.1_to_1.3.2.php'; $this->updateDB($_SQL, $progress); $currentGlVersion = '1.3.2-1'; $_SQL = array(); break; case '1.3.2': case '1.3.2-1': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.2-1_to_1.3.3.php'; $this->updateDB($_SQL, $progress); // Now we need to switch how user blocks are stored. Right now we only store the blocks the // user wants. This will switch it to store the ones they don't want which allows us to add // new blocks and ensure they are shown to the user. $result = DB_query("SELECT {$_TABLES['users']}.uid,boxes FROM {$_TABLES['users']},{$_TABLES['userindex']} WHERE boxes IS NOT NULL AND boxes <> '' AND {$_TABLES['users']}.uid = {$_TABLES['userindex']}.uid"); $numRows = DB_numRows($result); for ($i = 1; $i <= $numRows; $i++) { $row = DB_fetchArray($result); $uBlocks = str_replace(' ', ',', $row['boxes']); $result2 = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ({$uBlocks})"); $newBlocks = ''; for ($x = 1; $x <= DB_numRows($result2); $x++) { $currentBlock = DB_fetchArray($result2); if ($currentBlock['name'] !== 'user_block' && $currentBlock['name'] !== 'admin_block' && $currentBlock['name'] !== 'section_block') { $newBlocks .= $currentBlock['bid']; if ($x != DB_numRows($result2)) { $newBlocks .= ' '; } } } DB_query("UPDATE {$_TABLES['userindex']} SET boxes = '{$newBlocks}' WHERE uid = {$row['uid']}"); } $currentGlVersion = '1.3.3'; $_SQL = array(); break; case '1.3.3': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.3_to_1.3.4.php'; $this->updateDB($_SQL, $progress); $currentGlVersion = '1.3.4'; $_SQL = array(); break; case '1.3.4': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.4_to_1.3.5.php'; $this->updateDB($_SQL, $progress); $result = DB_query("SELECT ft_id FROM {$_TABLES['features']} WHERE ft_name = 'user.mail'"); $row = DB_fetchArray($result); $mail_ft = $row['ft_id']; $result = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_name = 'Mail Admin'"); $row = DB_fetchArray($result); $group_id = $row['grp_id']; DB_query("INSERT INTO {$_TABLES['access']} (acc_grp_id, acc_ft_id) VALUES ({$group_id}, {$mail_ft})"); $currentGlVersion = '1.3.5'; $_SQL = array(); break; case '1.3.5': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.5_to_1.3.6.php'; $this->updateDB($_SQL, $progress); if (!empty($_DB_table_prefix)) { DB_query("RENAME TABLE staticpage TO {$_TABLES['staticpage']}"); } $currentGlVersion = '1.3.6'; $_SQL = array(); break; case '1.3.6': // fix wrong permissions value DB_query("UPDATE {$_TABLES['topics']} SET perm_anon = 2 WHERE perm_anon = 3"); // check for existence of 'date' field in gl_links table DB_query("SELECT date FROM {$_TABLES['links']}", 1); if (strpos(DB_error(), 'date') > 0) { DB_query("ALTER TABLE {$_TABLES['links']} ADD date datetime default NULL"); } // Fix primary key so that more than one user can add an event // to his/her personal calendar. DB_query("ALTER TABLE {$_TABLES['personal_events']} DROP PRIMARY KEY, ADD PRIMARY KEY (eid,uid)"); $currentGlVersion = '1.3.7'; $_SQL = array(); break; case '1.3.7': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.7_to_1.3.8.php'; $this->updateDB($_SQL, $progress); // upgrade Static Pages plugin $spVersion = $this->getStaticPagesVersion(); if ($spVersion == 1) { // original version DB_query("ALTER TABLE {$_TABLES['staticpage']} " . "ADD COLUMN group_id mediumint(8) unsigned DEFAULT '1'," . "ADD COLUMN owner_id mediumint(8) unsigned DEFAULT '1'," . "ADD COLUMN perm_owner tinyint(1) unsigned DEFAULT '3'," . "ADD COLUMN perm_group tinyint(1) unsigned DEFAULT '2'," . "ADD COLUMN perm_members tinyint(1) unsigned DEFAULT '2'," . "ADD COLUMN perm_anon tinyint(1) unsigned DEFAULT '2'," . "ADD COLUMN sp_php tinyint(1) unsigned DEFAULT '0'," . "ADD COLUMN sp_nf tinyint(1) unsigned DEFAULT '0'," . "ADD COLUMN sp_centerblock tinyint(1) unsigned NOT NULL default '0'," . "ADD COLUMN sp_tid varchar(20) NOT NULL default 'none'," . "ADD COLUMN sp_where tinyint(1) unsigned NOT NULL default '1'"); DB_query("INSERT INTO {$_TABLES['features']} (ft_name, ft_descr) VALUES ('staticpages.PHP','Ability to use PHP in static pages')"); $php_id = DB_insertId(); $group_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Static Page Admin'"); DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id, acc_grp_id) VALUES ({$php_id}, {$group_id})"); } elseif ($spVersion == 2) { // extended version by Phill or Tom DB_query("ALTER TABLE {$_TABLES['staticpage']} " . "DROP COLUMN sp_pos," . "DROP COLUMN sp_search_keywords," . "ADD COLUMN sp_nf tinyint(1) unsigned DEFAULT '0'," . "ADD COLUMN sp_centerblock tinyint(1) unsigned NOT NULL default '0'," . "ADD COLUMN sp_tid varchar(20) NOT NULL default 'none'," . "ADD COLUMN sp_where tinyint(1) unsigned NOT NULL default '1'"); } if ($spVersion > 0) { // update plugin version number DB_query("UPDATE {$_TABLES['plugins']} SET pi_version = '1.3', pi_gl_version = '1.3.8' WHERE pi_name = 'staticpages'"); // remove Static Pages 'lock' flag DB_query("DELETE FROM {$_TABLES['vars']} WHERE name = 'staticpages'"); // remove Static Pages Admin group id DB_query("DELETE FROM {$_TABLES['vars']} WHERE name = 'sp_group_id'"); if ($spVersion == 1) { $result = DB_query("SELECT DISTINCT sp_uid FROM {$_TABLES['staticpage']}"); $authors = DB_numRows($result); for ($i = 0; $i < $authors; $i++) { $A = DB_fetchArray($result); DB_query("UPDATE {$_TABLES['staticpage']} SET owner_id = '{$A['sp_uid']}' WHERE sp_uid = '{$A['sp_uid']}'"); } } $result = DB_query("SELECT sp_label FROM {$_TABLES['staticpage']} WHERE sp_title = 'Frontpage'"); if (DB_numRows($result) > 0) { $A = DB_fetchArray($result); if ($A['sp_label'] == 'nonews') { DB_query("UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 1, sp_where = 0 WHERE sp_title = 'Frontpage'"); } elseif (!empty($A['sp_label'])) { DB_query("UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 1, sp_title = '{$A['sp_label']}' WHERE sp_title = 'Frontpage'"); } else { DB_query("UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 1 WHERE sp_title = 'Frontpage'"); } } } $currentGlVersion = '1.3.8'; $_SQL = array(); break; case '1.3.8': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.8_to_1.3.9.php'; $this->updateDB($_SQL, $progress); $pos = strrpos($_CONF['rdf_file'], '/'); $filename = substr($_CONF['rdf_file'], $pos + 1); $siteName = DB_escapeString($_CONF['site_name']); $siteSlogan = DB_escapeString($_CONF['site_slogan']); DB_query("INSERT INTO {$_TABLES['syndication']} (title, description, limits, content_length, filename, charset, language, is_enabled, updated, update_info) VALUES ('{$siteName}', '{$siteSlogan}', '{$_CONF['rdf_limit']}', {$_CONF['rdf_storytext']}, '{$filename}', '{$_CONF['default_charset']}', '{$_CONF['rdf_language']}', {$_CONF['backend']}, CURRENT_TIMESTAMP, NULL)"); // upgrade static pages plugin $spVersion = $this->getStaticPagesVersion(); if ($spVersion > 0) { if ($spVersion < 4) { if (!isset($_SP_CONF['in_block'])) { $_SP_CONF['in_block'] = 1; } elseif ($_SP_CONF['in_block'] > 1) { $_SP_CONF['in_block'] = 1; } elseif ($_SP_CONF['in_block'] < 0) { $_SP_CONF['in_block'] = 0; } DB_query("ALTER TABLE {$_TABLES['staticpage']} ADD COLUMN sp_inblock tinyint(1) unsigned DEFAULT '{$_SP_CONF['in_block']}'"); } DB_query("UPDATE {$_TABLES['plugins']} SET pi_version = '1.4', pi_gl_version = '1.3.9' WHERE pi_name = 'staticpages'"); } // recreate 'date' field for old links $result = DB_query("SELECT lid FROM {$_TABLES['links']} WHERE date IS NULL"); $num = DB_numRows($result); if ($num > 0) { for ($i = 0; $i < $num; $i++) { $A = DB_fetchArray($result); $myYear = substr($A['lid'], 0, 4); $myMonth = substr($A['lid'], 4, 2); $myDay = substr($A['lid'], 6, 2); $myHour = substr($A['lid'], 8, 2); $myMin = substr($A['lid'], 10, 2); $mySec = substr($A['lid'], 12, 2); $mTime = mktime($myHour, $myMin, $mySec, $myMonth, $myDay, $myYear); $date = date('Y-m-d H:i:s', $mTime); DB_query("UPDATE {$_TABLES['links']} SET date = '{$date}' WHERE lid = '{$A['lid']}'"); } } // remove unused entries left over from deleted groups $result = DB_query("SELECT grp_id FROM {$_TABLES['groups']}"); $num = DB_numRows($result); $groups = array(); for ($i = 0; $i < $num; $i++) { $A = DB_fetchArray($result); $groups[] = $A['grp_id']; } $groupList = '(' . implode(',', $groups) . ')'; DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_main_grp_id NOT IN {$groupList}) OR (ug_grp_id NOT IN {$groupList})"); $currentGlVersion = '1.3.9'; $_SQL = array(); break; case '1.3.9': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.9_to_1.3.10.php'; $this->updateDB($_SQL, $progress); commentsToPreorderTree(); $result = DB_query("SELECT sid,introtext,bodytext FROM {$_TABLES['stories']}"); $numStories = DB_numRows($result); for ($i = 0; $i < $numStories; $i++) { $A = DB_fetchArray($result); $related = DB_escapeString(implode("\n", UPDATE_extractLinks($A['introtext'] . ' ' . $A['bodytext']))); if (empty($related)) { DB_query("UPDATE {$_TABLES['stories']} SET related = NULL WHERE sid = '{$A['sid']}'"); } else { DB_query("UPDATE {$_TABLES['stories']} SET related = '{$related}' WHERE sid = '{$A['sid']}'"); } } $spVersion = $this->getStaticPagesVersion(); if ($spVersion > 0) { // no database changes this time, but set new version number DB_query("UPDATE {$_TABLES['plugins']} SET pi_version = '1.4.1', pi_gl_version = '1.3.10' WHERE pi_name = 'staticpages'"); } // install SpamX plugin // (also handles updates from version 1.0) install_spamx_plugin(); $currentGlVersion = '1.3.10'; $_SQL = array(); break; case '1.3.10': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.10_to_1.3.11.php'; $this->updateDB($_SQL, $progress); $currentGlVersion = '1.3.11'; $_SQL = array(); break; case '1.3.11': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.3.11_to_1.4.0.php'; $this->updateDB($_SQL, $progress); upgrade_addFeature(); upgrade_uniqueGroupNames(); $currentGlVersion = '1.4.0'; $_SQL = array(); break; case '1.4.0': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.4.0_to_1.4.1.php'; $this->updateDB($_SQL, $progress); upgrade_addSyndicationFeature(); upgrade_ensureLastScheduledRunFlag(); upgrade_plugins_141(); $currentGlVersion = '1.4.1'; $_SQL = array(); break; case '1.4.1': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.4.1_to_1.5.0.php'; $this->updateDB($_SQL, $progress); upgrade_addWebservicesFeature(); create_ConfValues(); require_once $_CONF['path_system'] . 'classes/config.class.php'; $config = config::get_instance(); if (file_exists($_CONF['path'] . 'config.php')) { // Read the values from config.php and use them to populate conf_values $tempPath = $_CONF['path']; // We'll need this to remember what the correct path is. // Including config.php will overwrite all our $_CONF values. require $tempPath . 'config.php'; // Load some important values from config.php into conf_values foreach ($_CONF as $key => $val) { $config->set($key, $val); } if (!$this->setDefaultCharset($this->env['siteconfig_path'], $_CONF['default_charset'])) { exit($this->LANG['INSTALL'][26] . ' ' . $this->env['siteconfig_path'] . $this->LANG['INSTALL'][58]); } require $this->env['siteconfig_path']; require $this->env['dbconfig_path']; } // Update the GL configuration with the correct paths. $config->set('path_html', $this->env['html_path']); $config->set('path_log', $_CONF['path'] . 'logs/'); $config->set('path_language', $_CONF['path'] . 'language/'); $config->set('backup_path', $_CONF['path'] . 'backups/'); $config->set('path_data', $_CONF['path'] . 'data/'); $config->set('path_images', $this->env['html_path'] . 'images/'); $config->set('path_themes', $this->env['html_path'] . 'layout/'); $config->set('path_editors', $this->env['html_path'] . 'editors/'); $config->set('rdf_file', $this->env['html_path'] . 'backend/geeklog.rss'); $config->set('path_pear', $_CONF['path_system'] . 'pear/'); // core plugin updates are done in the plugins themselves $currentGlVersion = '1.5.0'; $_SQL = array(); break; case '1.5.0': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.5.0_to_1.5.1.php'; $this->updateDB($_SQL, $progress); $currentGlVersion = '1.5.1'; $_SQL = array(); break; case '1.5.1': // there were no core database changes in 1.5.2 $currentGlVersion = '1.5.2'; $_SQL = array(); break; case '1.5.2': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.5.2_to_1.6.0.php'; $this->updateDB($_SQL, $progress); update_ConfValues(); upgrade_addNewPermissions(); upgrade_addIsoFormat(); $this->fixOptionalConfig(); $currentGlVersion = '1.6.0'; $_SQL = array(); break; case '1.6.0': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.6.0_to_1.6.1.php'; $this->updateDB($_SQL, $progress); update_ConfValuesFor161(); $currentGlVersion = '1.6.1'; $_SQL = array(); break; case '1.6.1': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.6.1_to_1.7.0.php'; $this->updateDB($_SQL, $progress); update_ConfValuesFor170(); $currentGlVersion = '1.7.0'; $_SQL = array(); break; case '1.7.0': $currentGlVersion = '1.7.2'; // skip ahead $_SQL = array(); break; case '1.7.1': // there were no database changes in 1.7.1 // there were no database changes in 1.7.1 case '1.7.2': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.7.2_to_1.8.0.php'; $this->updateDB($_SQL, $progress); update_ConfValuesFor180(); update_ConfigSecurityFor180(); update_UsersFor180(); $currentGlVersion = '1.8.0'; $_SQL = array(); break; case '1.8.0': case '1.8.1': case '1.8.2': // there were no database changes in 1.8.x require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_1.8.2_to_2.0.0.php'; $this->updateDB($_SQL, $progress); update_ConfValuesFor200(); update_BlockTopicAssignmentsFor200(); update_StoryTopicAssignmentsFor200(); $currentGlVersion = '2.0.0'; $_SQL = array(); break; case '2.0.0': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_2.0.0_to_2.1.0.php'; $this->updateDB($_SQL, $progress); update_addFilemanager(); update_ConfValuesFor210(); $currentGlVersion = '2.1.0'; $_SQL = array(); break; case '2.1.1': require_once $_CONF['path'] . 'sql/updates/' . $_DB_dbms . '_2.1.1_to_2.1.2.php'; $this->updateDB($_SQL, $progress); update_ConfValuesFor212(); $currentGlVersion = '2.1.2'; $_SQL = array(); break; default: $done = true; } } $this->setVersion($this->env['siteconfig_path']); // delete the security check flag on every update to force the user // to run admin/sectest.php again DB_delete($_TABLES['vars'], 'name', 'security_check'); return true; }
/** * Tells a plugin to uninstall itself. * * @param string $type Plugin to uninstall * @return boolean Returns true on success otherwise false * @link http://wiki.geeklog.net/index.php/Plugin_Auto-Uninstall * */ function PLG_uninstall($type) { global $_PLUGINS, $_TABLES; if (empty($type)) { return false; } if (function_exists('plugin_autouninstall_' . $type)) { COM_errorLog("Auto-uninstalling plugin {$type}:", 1); $function = 'plugin_autouninstall_' . $type; $remvars = $function(); if (empty($remvars) || $remvars == false) { return false; } // removing tables if (isset($remvars['tables'])) { $num_tables = count($remvars['tables']); } else { $num_tables = 0; } for ($i = 0; $i < $num_tables; $i++) { if (isset($_TABLES[$remvars['tables'][$i]])) { COM_errorLog("Dropping table {$_TABLES[$remvars['tables'][$i]]}", 1); DB_query("DROP TABLE {$_TABLES[$remvars['tables'][$i]]}", 1); COM_errorLog('...success', 1); } } // removing variables if (isset($remvars['vars'])) { $num_vars = count($remvars['vars']); } else { $num_vars = 0; } for ($i = 0; $i < $num_vars; $i++) { COM_errorLog("Removing variable {$remvars['vars'][$i]}", 1); DB_delete($_TABLES['vars'], 'name', $remvars['vars'][$i]); COM_errorLog('...success', 1); } // removing groups if (isset($remvars['groups'])) { $num_groups = count($remvars['groups']); } else { $num_groups = 0; } for ($i = 0; $i < $num_groups; $i++) { $grp_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = '{$remvars['groups'][$i]}'"); if (!empty($grp_id)) { COM_errorLog("Attempting to remove the {$remvars['groups'][$i]} group", 1); DB_delete($_TABLES['groups'], 'grp_id', $grp_id); COM_errorLog('...success', 1); COM_errorLog("Attempting to remove the {$remvars['groups'][$i]} group from all groups.", 1); DB_delete($_TABLES['group_assignments'], 'ug_main_grp_id', $grp_id); COM_errorLog('...success', 1); } } // removing features if (isset($remvars['features'])) { $num_features = count($remvars['features']); } else { $num_features = 0; } for ($i = 0; $i < $num_features; $i++) { SEC_removeFeatureFromDB($remvars['features'][$i]); } // uninstall feeds $sql = "SELECT filename FROM {$_TABLES['syndication']} WHERE type = '{$type}';"; $result = DB_query($sql); $nrows = DB_numRows($result); if ($nrows > 0) { COM_errorLog('removing feed files', 1); COM_errorLog($nrows . ' files stored in table.', 1); for ($i = 0; $i < $nrows; $i++) { $fcount = $i + 1; $A = DB_fetchArray($result); $fullpath = SYND_getFeedPath($A[0]); if (file_exists($fullpath)) { unlink($fullpath); COM_errorLog("removed file {$fcount} of {$nrows}: {$fullpath}", 1); } else { COM_errorLog("cannot remove file {$fcount} of {$nrows}, it does not exist! ({$fullpath})", 1); } } COM_errorLog('...success', 1); // Remove Links Feeds from syndiaction table COM_errorLog('removing links feeds from table', 1); DB_delete($_TABLES['syndication'], 'type', $type); COM_errorLog('...success', 1); } // remove comments for this plugin COM_errorLog("Attempting to remove comments for {$type}", 1); DB_delete($_TABLES['comments'], 'type', $type); COM_errorLog('...success', 1); // uninstall php-blocks if (isset($remvars['php_blocks'])) { $num_blocks = count($remvars['php_blocks']); } else { $num_blocks = 0; } for ($i = 0; $i < $num_blocks; $i++) { DB_delete($_TABLES['blocks'], array('type', 'phpblockfn'), array('phpblock', $remvars['php_blocks'][$i])); } // remove config table data for this plugin COM_errorLog("Attempting to remove config table records for group_name: {$type}", 1); DB_delete($_TABLES['conf_values'], 'group_name', $type); COM_errorLog('...success', 1); // remove topic assignment table data for this plugin COM_errorLog("Attempting to remove topic assignments table records for {$type}", 1); DB_delete($_TABLES['topic_assignments'], 'type', $type); COM_errorLog('...success', 1); // uninstall the plugin COM_errorLog("Attempting to unregister the {$type} plugin from Geeklog", 1); DB_delete($_TABLES['plugins'], 'pi_name', $type); COM_errorLog('...success', 1); COM_errorLog("Finished uninstalling the {$type} plugin.", 1); return true; } else { $retval = PLG_callFunctionForOnePlugin('plugin_uninstall_' . $type); if ($retval === true) { $plg = array_search($type, $_PLUGINS); if ($plg !== false) { unset($_PLUGINS[$plg]); } return true; } } return false; }
/** * Helper function: Actual check of the security token * * @return boolean true if the token is valid and for this user. * @access private * @see SEC_checkToken */ function SECINT_checkToken() { global $_TABLES, $_USER, $_DB_dbms; $token = ''; // Default to no token. $return = false; // Default to fail. if (array_key_exists(CSRF_TOKEN, $_GET)) { $token = COM_applyFilter($_GET[CSRF_TOKEN]); } elseif (array_key_exists(CSRF_TOKEN, $_POST)) { $token = COM_applyFilter($_POST[CSRF_TOKEN]); } if (trim($token) != '') { $sql['mysql'] = "SELECT ((DATE_ADD(created, INTERVAL ttl SECOND) < NOW()) AND ttl > 0) as expired, owner_id, urlfor FROM " . "{$_TABLES['tokens']} WHERE token='{$token}'"; $sql['pgsql'] = "SELECT ((UNIX_TIMESTAMP(created) + ttl) < UNIX_TIMESTAMP() AND ttl > 0)::int4 as expired, owner_id, urlfor FROM " . "{$_TABLES['tokens']} WHERE token='{$token}'"; $tokens = DB_query($sql); $numberOfTokens = DB_numRows($tokens); if ($numberOfTokens != 1) { $return = false; // none, or multiple tokens. Both are invalid. (token is unique key...) } else { $tokendata = DB_fetchArray($tokens); /* Check that: * token's user is the current user. * token is not expired. * the http referer is the url for which the token was created. */ $uid = isset($_USER['uid']) ? $_USER['uid'] : 1; if ($uid != $tokendata['owner_id']) { $return = false; } else { if ($tokendata['urlfor'] != $_SERVER['HTTP_REFERER']) { $return = false; } else { if ($tokendata['expired']) { $return = false; } else { $return = true; // Everything is AOK in only one condition... } } } // It's a one time token. So eat it. DB_delete($_TABLES['tokens'], 'token', $token); } } else { $return = false; // no token. } return $return; }
function upgrade_uniqueGroupNames() { global $_TABLES; $groups = DB_count($_TABLES['groups']); $result = DB_query("SELECT DISTINCT grp_name FROM {$_TABLES['groups']} ORDER BY grp_gl_core ASC"); $numGroups = DB_numRows($result); if ($groups != $numGroups) { // find and delete the duplicates // first, prepare a list of all unique group names $names = array(); for ($i = 0; $i < $numGroups; $i++) { $A = DB_fetchArray($result); $names[] = $A['grp_name']; } // then search for names that occur more than once foreach ($names as $name) { $result = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_name = '{$name}'"); $num = DB_numRows($result); if ($num > 1) { // we're going to keep the first entry - fetch and discard $A = DB_fetchArray($result); $num--; for ($i = 0; $i < $num; $i++) { list($grp_id) = DB_fetchArray($result); DB_delete($_TABLES['access'], 'acc_grp_id', $grp_id); DB_delete($_TABLES['group_assignments'], 'ug_grp_id', $grp_id); DB_delete($_TABLES['group_assignments'], 'ug_main_grp_id', $grp_id); DB_delete($_TABLES['groups'], 'grp_id', $grp_id); } // check if we already found all the duplicates $groups -= $num; if ($groups == $numGroups) { break; } } } } // make 'grp_name' a unique index DB_query("ALTER TABLE {$_TABLES['groups']} DROP INDEX grp_name"); DB_query("ALTER TABLE {$_TABLES['groups']} ADD UNIQUE grp_name(grp_name)"); }
function LIB_delete($pi_name) { global $_CONF; global $_TABLES; $lang_box_admin = "LANG_" . strtoupper($pi_name) . "_ADMIN"; global ${$lang_box_admin}; $lang_box_admin = ${$lang_box_admin}; $table = $_TABLES[strtoupper($pi_name) . '_def_group']; $id = COM_applyFilter($_POST['id'], true); // CHECK $err = ""; //category addtionfield check!!! if ($err != "") { $pagetitle = $lang_box_admin['err']; $retval .= DATABOX_siteHeader($pi_name, '_admin', $page_title); $retval .= COM_startBlock($lang_box_admin['err'], '', COM_getBlockTemplate('_msg_block', 'header')); $retval .= $err; $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer')); $retval .= DATABOX_siteFooter($pi_name, '_admin'); return $retval; } // DB_delete($table, 'group_id', $id); return COM_refresh($_CONF['site_admin_url'] . '/plugins/' . THIS_SCRIPT . '?msg=2'); }
function _userSetnewpwd() { global $_CONF, $_TABLES, $_USER, $LANG04; $retval = ''; if (empty($_POST['passwd']) || $_POST['passwd'] != $_POST['passwd_conf']) { echo COM_refresh($_CONF['site_url'] . '/users.php?mode=newpwd&uid=' . COM_applyFilter($_POST['uid'], true) . '&rid=' . COM_applyFilter($_POST['rid'])); } else { $uid = COM_applyFilter($_POST['uid'], true); $reqid = COM_sanitizeID(COM_applyFilter($_POST['rid'])); if (!empty($uid) && is_numeric($uid) && $uid > 1 && !empty($reqid) && strlen($reqid) == 16) { $uid = (int) $uid; $safereqid = DB_escapeString($reqid); $valid = DB_count($_TABLES['users'], array('uid', 'pwrequestid'), array($uid, $safereqid)); if ($valid == 1) { $passwd = SEC_encryptPassword($_POST['passwd']); DB_change($_TABLES['users'], 'passwd', DB_escapeString($passwd), "uid", $uid); DB_delete($_TABLES['sessions'], 'uid', $uid); DB_change($_TABLES['users'], 'pwrequestid', "NULL", 'uid', $uid); echo COM_refresh($_CONF['site_url'] . '/users.php?msg=53'); } else { // request invalid or expired $retval .= COM_showMessage(54, '', '', 1, 'error'); $retval .= getpasswordform(); } } else { // this request doesn't make sense - ignore it echo COM_refresh($_CONF['site_url']); } } }