コード例 #1
0
ファイル: forum.class.php プロジェクト: milk54/geeklog-japan
 public function getChildCategories($pid = FALSE, $all_langs = FALSE)
 {
     global $_CONF, $_TABLES;
     $entries = array();
     if ($pid !== FALSE) {
         return $entries;
     }
     $sql = "SELECT forum_id, forum_name FROM {$_TABLES['gf_forums']} " . "  WHERE (is_hidden = '0') ";
     if (!Dataproxy::isRoot()) {
         $current_groups = SEC_getUserGroups(Dataproxy::uid());
         $sql .= "AND (grp_id IN (" . implode(',', $current_groups) . ")) ";
     }
     $sql .= "ORDER BY forum_order";
     $result = DB_query($sql);
     if (DB_error()) {
         return $entries;
     }
     while (($A = DB_fetchArray($result, FALSE)) !== FALSE) {
         $entry = array();
         $entry['id'] = (int) $A['forum_id'];
         $entry['pid'] = FALSE;
         $entry['title'] = stripslashes($A['forum_name']);
         $entry['uri'] = $_CONF['site_url'] . '/forum/index.php?forum=' . $entry['id'];
         $entry['date'] = FALSE;
         $entry['image_uri'] = FALSE;
         $entries[] = $entry;
     }
     return $entries;
 }
コード例 #2
0
ファイル: global.php プロジェクト: mistgrass/geeklog-ivywe
/**
* Global album attribute editor
*
* @return   string              HTML
*
**/
function MG_globalAlbumPermEditor($adminMenu = 0)
{
    global $_CONF, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_ACCESS;
    $retval = '';
    if (!SEC_hasRights('mediagallery.admin')) {
        return COM_showMessageText($LANG_MG00['access_denied_msg']);
    }
    $A['moderate'] = 0;
    $A['member_uploads'] = 0;
    $A['email_mod'] = 0;
    // If edit, pull up the existing album information...
    $usergroups = SEC_getUserGroups();
    for ($i = 0; $i < count($usergroups); $i++) {
        if ('mediagallery Admin' == key($usergroups)) {
            $A['group_id'] = $usergroups[key($usergroups)];
            $A['mod_group_id'] = $A['group_id'];
        }
        next($usergroups);
    }
    $A['perm_owner'] = 3;
    $A['perm_group'] = 3;
    $A['perm_members'] = 2;
    $A['perm_anon'] = 2;
    $usergroups = SEC_getUserGroups();
    $groupdd = '';
    $moddd = '';
    $groupdd .= '<select name="group_id">';
    $moddd .= '<select name="mod_id">';
    for ($i = 0; $i < count($usergroups); $i++) {
        if ($usergroups[key($usergroups)] != 2 && $usergroups[key($usergroups)] != 13) {
            $groupdd .= '<option value="' . $usergroups[key($usergroups)] . '"';
            $moddd .= '<option value="' . $usergroups[key($usergroups)] . '"';
            if ($A['group_id'] == $usergroups[key($usergroups)]) {
                $groupdd .= ' selected="selected"';
                $groupname = key($usergroups);
            }
            if ($A['mod_group_id'] == $usergroups[key($usergroups)]) {
                $moddd .= ' selected="selected"';
            }
            $groupdd .= '>' . key($usergroups) . '</option>';
            $moddd .= '>' . key($usergroups) . '</option>';
        }
        next($usergroups);
    }
    $groupdd .= '</select>';
    $moddd .= '</select>';
    $T = COM_newTemplate(MG_getTemplatePath(0));
    $T->set_file('admin', 'global_album_perm.thtml');
    $T->set_var(array('action' => 'globalperm', 'permissions_editor' => SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']), 'permissions_msg' => $LANG_ACCESS['permmsg'], 'group_select' => $groupdd, 'mod_group_select' => $moddd, 'admin_menu' => $adminMenu, 'lang_save' => $LANG_MG01['save'], 's_form_action' => $_MG_CONF['site_url'] . '/admin.php', 'lang_cancel' => $LANG_MG01['cancel'], 'lang_global_perm_help' => $LANG_MG01['global_perm_help'], 'lang_value' => $LANG_MG01['value'], 'lang_attribute' => $LANG_MG01['attribute'], 'lang_update' => $LANG_MG01['update'], 'lang_group' => $LANG_ACCESS['group'], 'lang_permissions' => $LANG_ACCESS['permissions'], 'lang_perm_key' => $LANG_ACCESS['permissionskey'], 'lang_member_upload' => $LANG_MG01['member_upload'], 'lang_moderate_album' => $LANG_MG01['mod_album'], 'lang_mod_group' => $LANG_MG01['moderation_group'], 'lang_email_mods_on_submission' => $LANG_MG01['email_mods_on_submission']));
    $retval .= COM_startBlock($LANG_MG01['global_perm_editor'], '', COM_getBlockTemplate('_admin_block', 'header'));
    $retval .= $T->finish($T->parse('output', 'admin'));
    $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
    return $retval;
}
コード例 #3
0
ファイル: mail.php プロジェクト: hostellerie/nexpro
/**
* Shows the form the admin uses to send Geeklog members a message. Right now
* you can only email an entire group.
*
* @return   string      HTML for the email form
*
*/
function display_mailform()
{
    global $_CONF, $LANG31, $LANG_ADMIN, $_IMAGE_TYPE;
    require_once $_CONF['path_system'] . 'lib-admin.php';
    $retval = '';
    $retval .= COM_startBlock($LANG31[1], '', COM_getBlockTemplate('_admin_block', 'header'));
    $menu_arr = array(array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
    $desc = '<p>' . $LANG31[19] . '</p>';
    $icon = $_CONF['layout_url'] . '/images/icons/mail.' . $_IMAGE_TYPE;
    $retval .= ADMIN_createMenu($menu_arr, $desc, $icon);
    $mail_templates = new Template($_CONF['path_layout'] . 'admin/mail');
    $mail_templates->set_file(array('form' => 'mailform.thtml'));
    $mail_templates->set_var('site_url', $_CONF['site_url']);
    $mail_templates->set_var('site_admin_url', $_CONF['site_admin_url']);
    $mail_templates->set_var('layout_url', $_CONF['layout_url']);
    $mail_templates->set_var('startblock_email', COM_startBlock($LANG31[1], '', COM_getBlockTemplate('_admin_block', 'header')));
    $mail_templates->set_var('php_self', $_CONF['site_admin_url'] . '/mail.php');
    $mail_templates->set_var('lang_note', $LANG31[19]);
    $mail_templates->set_var('lang_to', $LANG31[18]);
    $mail_templates->set_var('lang_selectgroup', $LANG31[25]);
    $thisUsersGroups = SEC_getUserGroups();
    uksort($thisUsersGroups, 'strcasecmp');
    $group_options = '';
    foreach ($thisUsersGroups as $groupName => $groupID) {
        if ($groupName != 'All Users') {
            $group_options .= '<option value="' . $groupID . '">' . ucwords($groupName) . '</option>';
        }
    }
    $mail_templates->set_var('group_options', $group_options);
    $mail_templates->set_var('lang_from', $LANG31[2]);
    $mail_templates->set_var('site_name', $_CONF['site_name']);
    $mail_templates->set_var('lang_replyto', $LANG31[3]);
    $mail_templates->set_var('site_mail', $_CONF['site_mail']);
    $mail_templates->set_var('lang_subject', $LANG31[4]);
    $mail_templates->set_var('lang_body', $LANG31[5]);
    $mail_templates->set_var('lang_sendto', $LANG31[6]);
    $mail_templates->set_var('lang_allusers', $LANG31[7]);
    $mail_templates->set_var('lang_admin', $LANG31[8]);
    $mail_templates->set_var('lang_options', $LANG31[9]);
    $mail_templates->set_var('lang_HTML', $LANG31[10]);
    $mail_templates->set_var('lang_urgent', $LANG31[11]);
    $mail_templates->set_var('lang_ignoreusersettings', $LANG31[14]);
    $mail_templates->set_var('lang_send', $LANG31[12]);
    $mail_templates->set_var('end_block', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
    $mail_templates->set_var('xhtml', XHTML);
    $mail_templates->set_var('gltoken_name', CSRF_TOKEN);
    $mail_templates->set_var('gltoken', SEC_createToken());
    $mail_templates->parse('output', 'form');
    $retval .= $mail_templates->finish($mail_templates->get_var('output'));
    $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
    return $retval;
}
コード例 #4
0
ファイル: group.php プロジェクト: milk54/geeklog-japan
/**
* Delete a group
*
* @param    int     $grp_id     id of group to delete
* @return   string              HTML redirect
*
*/
function deleteGroup($grp_id)
{
    global $_CONF, $_TABLES, $_USER;
    if (!SEC_inGroup('Root') && DB_getItem($_TABLES['groups'], 'grp_name', "grp_id = {$grp_id}") == 'Root') {
        COM_accessLog("User {$_USER['username']} tried to delete the Root group with insufficient privileges.");
        return COM_refresh($_CONF['site_admin_url'] . '/group.php');
    }
    $GroupAdminGroups = SEC_getUserGroups();
    if (!in_array($grp_id, $GroupAdminGroups) && !SEC_groupIsRemoteUserAndHaveAccess($grp_id, $GroupAdminGroups)) {
        COM_accessLog("User {$_USER['username']} tried to delete group {$grp_id} with insufficient privileges.");
        return COM_refresh($_CONF['site_admin_url'] . '/group.php');
    }
    DB_delete($_TABLES['access'], 'acc_grp_id', $grp_id);
    DB_delete($_TABLES['group_assignments'], 'ug_grp_id', $grp_id);
    DB_delete($_TABLES['group_assignments'], 'ug_main_grp_id', $grp_id);
    DB_delete($_TABLES['groups'], 'grp_id', $grp_id);
    PLG_groupChanged($grp_id, 'delete');
    if (isset($_REQUEST['chk_showall']) && $_REQUEST['chk_showall'] == 1) {
        return COM_refresh($_CONF['site_admin_url'] . '/group.php?msg=50&chk_showall=1');
    } else {
        return COM_refresh($_CONF['site_admin_url'] . '/group.php?msg=50');
    }
}
コード例 #5
0
ファイル: lib-common.php プロジェクト: alxstuart/ajfs.me
/**
* Return SQL expression to check for allowed topics.
*
* Creates part of an SQL expression that can be used to only request stories
* from topics to which the user has access to.
*
* Note that this function does an SQL request, so you should cache
* the resulting SQL expression if you need it more than once.
*
* @param    string  $type   part of the SQL expr. e.g. 'WHERE', 'AND'
* @param    int     $u_id   user id or 0 = current user
* @param    string  $table  table name if ambiguous (e.g. in JOINs)
* @return   string          SQL expression string (may be empty)
*
*/
function COM_getTopicSQL($type = 'WHERE', $u_id = 0, $table = '')
{
    global $_TABLES, $_USER, $_GROUPS;
    $topicsql = ' ' . $type . ' ';
    if (!empty($table)) {
        $table .= '.';
    }
    $UserGroups = array();
    if ($u_id <= 0 || isset($_USER['uid']) && $u_id == $_USER['uid']) {
        if (!COM_isAnonUser()) {
            $uid = $_USER['uid'];
        } else {
            $uid = 1;
        }
        $UserGroups = $_GROUPS;
    } else {
        $uid = $u_id;
        $UserGroups = SEC_getUserGroups($uid);
    }
    if (empty($UserGroups)) {
        // this shouldn't really happen, but if it does, handle user
        // like an anonymous user
        $uid = 1;
    }
    if (SEC_inGroup('Root', $uid)) {
        return '';
    }
    $result = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL('WHERE', $uid));
    $tids = array();
    while ($T = DB_fetchArray($result)) {
        $tids[] = $T['tid'];
    }
    if (count($tids) > 0) {
        $topicsql .= "({$table}tid IN ('" . implode("','", $tids) . "'))";
    } else {
        $topicsql .= '0';
    }
    return $topicsql;
}
コード例 #6
0
ファイル: index.php プロジェクト: spacequad/glfusion
    exit;
}
$mytimer = new timerobject();
$mytimer->startTimer();
$errMsg = '';
$uid = 1;
if (!COM_isAnonUser() && isset($_USER['uid'])) {
    $uid = $_USER['uid'];
}
$dt = new Date('now', $_USER['tzid']);
//Display Categories
if ($forum == 0) {
    $birdSeedStart = '';
    $dCat = isset($_GET['cat']) ? COM_applyFilter($_GET['cat'], true) : 0;
    $groups = array();
    $usergroups = SEC_getUserGroups();
    foreach ($usergroups as $group) {
        $groups[] = $group;
    }
    $groupAccessList = implode(',', $groups);
    if ($dCat > 0) {
        $categoryQuery = DB_query("SELECT * FROM {$_TABLES['ff_categories']} WHERE id=" . (int) $dCat . " ORDER BY cat_order ASC");
        $birdSeedStart = '<a href="' . $_CONF['site_url'] . '/forum/index.php">Forum Index</a> :: ';
    } else {
        $categoryQuery = DB_query("SELECT * FROM {$_TABLES['ff_categories']} ORDER BY cat_order ASC");
    }
    $numCategories = DB_numRows($categoryQuery);
    $forumlisting = new Template(array($_CONF['path'] . 'plugins/forum/templates/', $_CONF['path'] . 'plugins/forum/templates/links/'));
    $forumlisting->set_file('forumlisting', 'homepage.thtml');
    $forumlisting->set_var(array('forumindeximg' => '<img src="' . _ff_getImage('forumindex') . '" alt=""/>', 'phpself' => $_CONF['site_url'] . '/forum/index.php', 'layout_url' => $_CONF['layout_url'], 'forum_home' => 'Forum Index'));
    for ($i = 1; $i <= $numCategories; $i++) {
コード例 #7
0
ファイル: mail.php プロジェクト: milk54/geeklog-japan
/**
* Shows the form the admin uses to send Geeklog members a message. Right now
* you can only email an entire group.
*
* @param    array   $vars   optional array of form content
* @return   string          HTML for the email form
*
*/
function display_mailform($vars = array())
{
    global $_CONF, $LANG31, $LANG_ADMIN, $_IMAGE_TYPE;
    require_once $_CONF['path_system'] . 'lib-admin.php';
    $retval = '';
    $retval .= COM_startBlock($LANG31[1], '', COM_getBlockTemplate('_admin_block', 'header'));
    $menu_arr = array(array('url' => $_CONF['site_admin_url'], 'text' => $LANG_ADMIN['admin_home']));
    $desc = '<p>' . $LANG31[19] . '</p>';
    $icon = $_CONF['layout_url'] . '/images/icons/mail.' . $_IMAGE_TYPE;
    $retval .= ADMIN_createMenu($menu_arr, $desc, $icon);
    $mail_templates = COM_newTemplate($_CONF['path_layout'] . 'admin/mail');
    $mail_templates->set_file(array('form' => 'mailform.thtml'));
    $mail_templates->set_var('startblock_email', COM_startBlock($LANG31[1], '', COM_getBlockTemplate('_admin_block', 'header')));
    $mail_templates->set_var('php_self', $_CONF['site_admin_url'] . '/mail.php');
    $mail_templates->set_var('lang_note', $LANG31[19]);
    $mail_templates->set_var('lang_to', $LANG31[18]);
    $mail_templates->set_var('lang_selectgroup', $LANG31[25]);
    $to_group = 0;
    if (isset($vars['to_group'])) {
        $to_group = COM_applyFilter($vars['to_group'], true);
    }
    $thisUsersGroups = SEC_getUserGroups();
    uksort($thisUsersGroups, 'strcasecmp');
    $group_options = '';
    foreach ($thisUsersGroups as $groupName => $groupID) {
        if ($groupName != 'All Users') {
            $group_options .= '<option value="' . $groupID . '"';
            if ($to_group > 0 && $to_group == $groupID) {
                $group_options .= ' selected="selected"';
            }
            $group_options .= '>' . ucwords($groupName) . '</option>';
        }
    }
    $mail_templates->set_var('group_options', $group_options);
    $mail_templates->set_var('lang_from', $LANG31[2]);
    if (!empty($vars['fra'])) {
        $from = $vars['fra'];
    } else {
        $from = $_CONF['site_name'];
    }
    $from = strip_tags($from);
    $from = substr($from, 0, strcspn($from, "\r\n"));
    $from = htmlspecialchars(trim($from), ENT_QUOTES);
    $mail_templates->set_var('site_name', $from);
    $mail_templates->set_var('lang_replyto', $LANG31[3]);
    if (!empty($vars['fraepost'])) {
        $fromemail = $vars['fraepost'];
    } else {
        $fromemail = $_CONF['site_mail'];
    }
    $fromemail = strip_tags($fromemail);
    $fromemail = substr($fromemail, 0, strcspn($fromemail, "\r\n"));
    $fromemail = htmlspecialchars(trim($fromemail), ENT_QUOTES);
    $mail_templates->set_var('site_mail', $fromemail);
    if (isset($vars['subject'])) {
        $mail_templates->set_var('subject', COM_applyFilter($vars['subject']));
    }
    if (isset($vars['message'])) {
        $mail_templates->set_var('message', COM_applyFilter($vars['message']));
    }
    if (isset($vars['html']) && trim($vars['html']) == 'on') {
        $mail_templates->set_var('html', ' checked="checked"');
    }
    if (isset($vars['priority']) && trim($vars['priority']) == 'on') {
        $mail_templates->set_var('priority', ' checked="checked"');
    }
    if (isset($vars['overstyr']) && trim($vars['overstyr']) == 'on') {
        $mail_templates->set_var('overstyr', ' checked="checked"');
    }
    $mail_templates->set_var('lang_subject', $LANG31[4]);
    $mail_templates->set_var('lang_body', $LANG31[5]);
    $mail_templates->set_var('lang_sendto', $LANG31[6]);
    $mail_templates->set_var('lang_allusers', $LANG31[7]);
    $mail_templates->set_var('lang_admin', $LANG31[8]);
    $mail_templates->set_var('lang_options', $LANG31[9]);
    $mail_templates->set_var('lang_HTML', $LANG31[10]);
    $mail_templates->set_var('lang_urgent', $LANG31[11]);
    $mail_templates->set_var('lang_ignoreusersettings', $LANG31[14]);
    $mail_templates->set_var('lang_send', $LANG31[12]);
    $mail_templates->set_var('end_block', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
    $mail_templates->set_var('gltoken_name', CSRF_TOKEN);
    $mail_templates->set_var('gltoken', SEC_createToken());
    $mail_templates->parse('output', 'form');
    $retval .= $mail_templates->finish($mail_templates->get_var('output'));
    $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
    return $retval;
}
コード例 #8
0
ファイル: index.php プロジェクト: NewRoute/glfusion
function MG_importAlbums($aid, $parent, $session_id = 0)
{
    global $mgAlbums, $_TABLES, $_CONF, $_MG_CONF, $_USER, $_POST;
    $children = $mgAlbums[$aid]->getChildren();
    $nrows = count($children);
    $checkCounter = 0;
    for ($i = 0; $i < $nrows; $i++) {
        $x = $mgAlbums[$children[$i]]->id;
        if ($_POST['gallery'][$x] == 1) {
            if ($parent == 0) {
                $sql = "SELECT MAX(album_id) + 1 AS nextalbum_id FROM " . $_TABLES['mg_albums'];
                $result2 = DB_query($sql);
                $row2 = DB_fetchArray($result2);
                $A['album_id'] = $row2['nextalbum_id'];
                if ($A['album_id'] < 1) {
                    $A['album_id'] = 1;
                }
                if ($A['album_id'] == 0) {
                    COM_errorLog("Media Gallery Error - Returned 0 as album_id");
                    $A['album_id'] = 1;
                }
                // now, let's create this bad boy....
                $sql = "SELECT MAX(album_order) + 1 AS nextalbum_order FROM " . $_TABLES['mg_albums'];
                $result2 = DB_query($sql);
                $row2 = DB_fetchArray($result2);
                if ($row2 == NULL || $result2 == NULL) {
                    $A['album_order'] = 10;
                } else {
                    $A['album_order'] = $row2['nextalbum_order'];
                    if ($A['album_order'] < 0) {
                        $A['album_order'] = 10;
                    }
                }
                if ($A['album_order'] == NULL) {
                    $A['album_order'] = 10;
                }
                $mgAlbums[$children[$i]]->mgid = $A['album_id'];
                $mgAlbums[$children[$i]]->order = $A['album_order'];
                if (!empty($mgAlbums[$children[$i]]->children)) {
                    $subChildren = $mgAlbums[$children[$i]]->getChildren();
                    foreach ($subChildren as $child1) {
                        $mgAlbums[$child1]->mgparent = $A['album_id'];
                    }
                }
                $usergroups = SEC_getUserGroups();
                for ($m = 0; $m < count($usergroups); $m++) {
                    if ('mediagallery Admin' == key($usergroups)) {
                        $mgAlbums[$children[$i]]->group_id = $usergroups[key($usergroups)];
                        $mgAlbums[$children[$i]]->mod_group_id = $usergroups[key($usergroups)];
                    }
                    next($usergroups);
                }
                $rc = $mgAlbums[$children[$i]]->createAlbum();
            } else {
                $mgAlbums[$children[$i]]->mgid = $parent;
            }
            COM_errorLog("Media Gallery: glFusion Story Import processed " . $mgAlbums[$children[$i]]->title . " MGID: " . $mgAlbums[$children[$i]]->mgid . " Parent: " . $mgAlbums[$children[$i]]->mgparent);
            MG_importFiles($mgAlbums[$children[$i]]->mgid, $mgAlbums[$children[$i]]->id, $session_id);
            if (!empty($mgAlbums[$children[$i]]->children)) {
                MG_importAlbums($mgAlbums[$children[$i]]->id, $A['album_id'], $session_id);
            }
        }
    }
}
コード例 #9
0
ファイル: user.php プロジェクト: milk54/geeklog-japan
/**
* Saves user to the database
*
* @param    int     $uid            user id
* @param    string  $usernmae       (short) username
* @param    string  $fullname       user's full name
* @param    string  $email          user's email address
* @param    string  $regdate        date the user registered with the site
* @param    string  $homepage       user's homepage URL
* @param    array   $groups         groups the user belongs to
* @param    string  $delete_photo   delete user's photo if == 'on'
* @return   string                  HTML redirect or error message
*
*/
function saveusers($uid, $username, $fullname, $passwd, $passwd_conf, $email, $regdate, $homepage, $groups, $delete_photo = '', $userstatus = 3, $oldstatus = 3)
{
    global $_CONF, $_TABLES, $_USER, $LANG28, $_USER_VERBOSE;
    $retval = '';
    $userChanged = false;
    if ($_USER_VERBOSE) {
        COM_errorLog("**** entering saveusers****", 1);
        COM_errorLog("group size at beginning = " . count($groups), 1);
    }
    $service = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$uid}");
    // If remote service then assume blank password
    if (!empty($service)) {
        $passwd = '';
        $passwd_conf = '';
    }
    $passwd_changed = true;
    if (empty($service) && SEC_encryptUserPassword($passwd, $uid) === 0 && $passwd_conf === '') {
        $passwd_changed = false;
    }
    if ($passwd_changed && $passwd != $passwd_conf) {
        // passwords don't match
        return edituser($uid, 67);
    }
    $nameAndEmailOkay = true;
    if (empty($username)) {
        $nameAndEmailOkay = false;
    } elseif (empty($email)) {
        if (empty($uid)) {
            $nameAndEmailOkay = false;
            // new users need an email address
        } else {
            if (empty($service)) {
                $nameAndEmailOkay = false;
                // not a remote user - needs email
            }
        }
    }
    if ($nameAndEmailOkay) {
        if (!empty($email) && !COM_isEmail($email)) {
            return edituser($uid, 52);
        }
        $uname = DB_escapeString($username);
        if (empty($uid)) {
            $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******'");
        } else {
            if (!empty($service)) {
                $uservice = DB_escapeString($service);
                $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND remoteservice = '{$uservice}'");
            } else {
                $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND (remoteservice = '' OR remoteservice IS NULL)");
            }
        }
        if ($ucount > 0) {
            // Admin just changed a user's username to one that already exists
            return edituser($uid, 51);
        }
        $emailaddr = DB_escapeString($email);
        $exclude_remote = " AND (remoteservice IS NULL OR remoteservice = '')";
        if (empty($uid)) {
            $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}'" . $exclude_remote);
        } else {
            $old_email = DB_getItem($_TABLES['users'], 'email', "uid = '{$uid}'");
            if ($old_email == $email) {
                // email address didn't change so don't care
                $ucount = 0;
            } else {
                $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}' AND uid <> {$uid}" . $exclude_remote);
            }
        }
        if ($ucount > 0) {
            // Admin just changed a user's email to one that already exists
            return edituser($uid, 56);
        }
        if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
            $ret = CUSTOM_userCheck($username, $email);
            if (!empty($ret)) {
                // need a numeric return value - otherwise use default message
                if (!is_numeric($ret['number'])) {
                    $ret['number'] = 400;
                }
                return edituser($uid, $ret['number']);
            }
        }
        if (empty($uid)) {
            if (empty($passwd)) {
                // no password? create one ...
                $passwd = SEC_generateRandomPassword();
            }
            $uid = USER_createAccount($username, $email, $passwd, $fullname, $homepage);
            if ($uid > 1) {
                DB_query("UPDATE {$_TABLES['users']} SET status = {$userstatus} WHERE uid = {$uid}");
            }
        } else {
            $fullname = DB_escapeString($fullname);
            $homepage = DB_escapeString($homepage);
            $curphoto = DB_getItem($_TABLES['users'], 'photo', "uid = {$uid}");
            if (!empty($curphoto) && $delete_photo == 'on') {
                USER_deletePhoto($curphoto);
                $curphoto = '';
            }
            if ($_CONF['allow_user_photo'] == 1 && !empty($curphoto)) {
                $curusername = DB_getItem($_TABLES['users'], 'username', "uid = {$uid}");
                if ($curusername != $username) {
                    // user has been renamed - rename the photo, too
                    $newphoto = preg_replace('/' . $curusername . '/', $username, $curphoto, 1);
                    $imgpath = $_CONF['path_images'] . 'userphotos/';
                    if (@rename($imgpath . $curphoto, $imgpath . $newphoto) === false) {
                        $retval .= COM_errorLog('Could not rename userphoto "' . $curphoto . '" to "' . $newphoto . '".');
                        return $retval;
                    }
                    $curphoto = $newphoto;
                }
            }
            $curphoto = DB_escapeString($curphoto);
            DB_query("UPDATE {$_TABLES['users']} SET username = '******', fullname = '{$fullname}', email = '{$email}', homepage = '{$homepage}', photo = '{$curphoto}', status='{$userstatus}' WHERE uid = {$uid}");
            if ($passwd_changed && !empty($passwd)) {
                SEC_updateUserPassword($passwd, $uid);
            }
            if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
                CUSTOM_userSave($uid);
            }
            if ($_CONF['usersubmission'] == 1 && $oldstatus == USER_ACCOUNT_AWAITING_APPROVAL && $userstatus == USER_ACCOUNT_ACTIVE) {
                USER_createAndSendPassword($username, $email, $uid);
            }
            if ($userstatus == USER_ACCOUNT_DISABLED) {
                SESS_endUserSession($uid);
            }
            $userChanged = true;
        }
        // check that the user is allowed to change group assignments
        if (is_array($groups) && SEC_hasRights('group.assign')) {
            if (!SEC_inGroup('Root')) {
                $rootgrp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'");
                if (in_array($rootgrp, $groups)) {
                    COM_accessLog("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user {$username}.");
                    echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
                    exit;
                }
            }
            // make sure the Remote Users group is in $groups
            if (SEC_inGroup('Remote Users', $uid)) {
                $remUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'");
                if (!in_array($remUsers, $groups)) {
                    $groups[] = $remUsers;
                }
            }
            if ($_USER_VERBOSE) {
                COM_errorLog("deleting all group_assignments for user {$uid}/{$username}", 1);
            }
            // remove user from all groups that the User Admin is a member of
            $UserAdminGroups = SEC_getUserGroups();
            $whereGroup = 'ug_main_grp_id IN (' . implode(',', $UserAdminGroups) . ')';
            DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = {$uid}) AND " . $whereGroup);
            // make sure to add user to All Users and Logged-in Users groups
            $allUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'All Users'");
            if (!in_array($allUsers, $groups)) {
                $groups[] = $allUsers;
            }
            $logUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Logged-in Users'");
            if (!in_array($logUsers, $groups)) {
                $groups[] = $logUsers;
            }
            foreach ($groups as $userGroup) {
                if (in_array($userGroup, $UserAdminGroups)) {
                    if ($_USER_VERBOSE) {
                        COM_errorLog("adding group_assignment " . $userGroup . " for {$username}", 1);
                    }
                    $sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$userGroup}, {$uid})";
                    DB_query($sql);
                }
            }
        }
        if ($userChanged) {
            PLG_userInfoChanged($uid);
        }
        $errors = DB_error();
        if (empty($errors)) {
            echo PLG_afterSaveSwitch($_CONF['aftersave_user'], "{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}", 'user', 21);
        } else {
            $retval .= COM_errorLog('Error in saveusers in ' . $_CONF['site_admin_url'] . '/user.php');
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[22]));
            echo $retval;
            exit;
        }
    } else {
        $retval .= COM_showMessageText($LANG28[10]);
        if (!empty($uid) && $uid > 1 && DB_count($_TABLES['users'], 'uid', $uid) > 0) {
            $retval .= edituser($uid);
        } else {
            $retval .= edituser();
        }
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG28[1]));
        COM_output($retval);
        exit;
    }
    if ($_USER_VERBOSE) {
        COM_errorLog("***************leaving saveusers*****************", 1);
    }
    return $retval;
}
コード例 #10
0
ファイル: albumedit.php プロジェクト: NewRoute/glfusion
/**
* edits or creates an album
*
* @param    int     album_id    album_id to edit
* @param    string  mode        create or edit
* @param    string  actionURL   where to redirection on finish
* @param    int     oldaid      original album id
* @return   string              HTML
*
*/
function MG_editAlbum($album_id = 0, $mode = '', $actionURL = '', $oldaid = 0)
{
    global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03, $LANG_ACCESS, $REMOTE_ADDR;
    global $MG_albums, $album_selectbox, $_DB_dbms;
    $valid_albums = 0;
    if ($actionURL == '') {
        $actionURL = $_CONF['site_admin_url'] . '/plugins/mediagallery/index.php';
    }
    if ($_DB_dbms == "mssql") {
        $sql = "SELECT *,CAST(album_desc AS TEXT) as album_desc FROM " . $_TABLES['mg_albums'] . " WHERE album_id=" . $album_id;
    } else {
        $sql = "SELECT * FROM " . $_TABLES['mg_albums'] . " WHERE album_id=" . intval($album_id);
    }
    $result = DB_query($sql);
    $numRows = DB_numRows($result);
    if ($numRows > 0) {
        $A = DB_fetchArray($result);
    }
    $retval = '';
    $T = new Template(MG_getTemplatePath($album_id));
    $T->set_var('site_url', $_CONF['site_url']);
    $T->set_var('site_admin_url', $_CONF['site_admin_url']);
    if ($album_id != 0 && $mode == 'edit') {
        // If edit, pull up the existing album information...
        if ($MG_albums[$album_id]->access != 3) {
            COM_errorLog("MediaGallery: Someone has tried to illegally edit a Media Gallery Album.  User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
            return MG_genericError($LANG_MG00['access_denied_msg']);
        }
    } else {
        if ($album_id == 0 && $mode == 'create') {
            // create the album...
            $A['album_id'] = -1;
            $A['album_order'] = 0;
            $album_id = -1;
            $A['album_parent'] = 0;
            $A['album_title'] = '';
            $A['album_desc'] = '';
            $A['hidden'] = 0;
            $A['album_cover'] = -1;
            $A['featured'] = 0;
            $A['cbposition'] = 0;
            $A['cbpage'] = 'all';
            $A['owner_id'] = $_USER['uid'];
            $A['member_uploads'] = $_MG_CONF['ad_member_uploads'];
            $A['moderate'] = $_MG_CONF['ad_moderate'];
            $A['tn_attached'] = 0;
            $A['exif_display'] = $_MG_CONF['ad_exif_display'];
            $A['enable_slideshow'] = $_MG_CONF['ad_enable_slideshow'];
            $A['enable_random'] = $_MG_CONF['ad_enable_random'];
            $A['enable_shutterfly'] = $_MG_CONF['ad_enable_shutterfly'];
            $A['enable_views'] = $_MG_CONF['ad_enable_views'];
            $A['enable_keywords'] = $_MG_CONF['ad_enable_keywords'];
            $A['display_album_desc'] = $_MG_CONF['ad_display_album_desc'];
            $A['enable_album_views'] = $_MG_CONF['ad_enable_album_views'];
            $A['image_skin'] = $_MG_CONF['ad_image_skin'];
            $A['album_skin'] = $_MG_CONF['ad_album_skin'];
            $A['display_skin'] = $_MG_CONF['ad_display_skin'];
            $A['enable_sort'] = $_MG_CONF['ad_enable_sort'];
            $A['enable_rss'] = $_MG_CONF['ad_enable_rss'];
            $A['enable_postcard'] = $_MG_CONF['ad_enable_postcard'];
            $A['albums_first'] = $_MG_CONF['ad_albums_first'];
            $A['enable_rating'] = $_MG_CONF['ad_enable_rating'];
            $A['enable_comments'] = $_MG_CONF['ad_enable_comments'];
            $A['tn_size'] = $_MG_CONF['ad_tn_size'];
            $A['allow_download'] = $_MG_CONF['ad_allow_download'];
            $A['max_image_height'] = $_MG_CONF['ad_max_image_height'];
            $A['max_image_width'] = $_MG_CONF['ad_max_image_width'];
            $A['max_filesize'] = $_MG_CONF['ad_max_filesize'];
            $A['display_image_size'] = $_MG_CONF['ad_display_image_size'];
            $A['display_rows'] = $_MG_CONF['ad_display_rows'];
            $A['display_columns'] = $_MG_CONF['ad_display_columns'];
            $A['valid_formats'] = $_MG_CONF['ad_valid_formats'];
            $A['filename_title'] = $_MG_CONF['ad_filename_title'];
            $A['wm_auto'] = $_MG_CONF['ad_wm_auto'];
            $A['wm_id'] = $_MG_CONF['ad_wm_id'];
            $A['opacity'] = $_MG_CONF['ad_wm_opacity'];
            $A['wm_location'] = $_MG_CONF['ad_wm_location'];
            $A['album_sort_order'] = $_MG_CONF['ad_album_sort_order'];
            $A['email_mod'] = $_MG_CONF['ad_email_mod'];
            $A['album_cover_filename'] = '';
            $A['last_update'] = 0;
            $A['media_count'] = 0;
            $A['full_display'] = $_MG_CONF['ad_full_display'];
            $A['playback_type'] = $_MG_CONF['ad_playback_type'];
            $A['podcast'] = isset($_MG_CONF['ad_podcast']) ? $_MG_CONF['ad_podcast'] : 0;
            $A['mp3ribbon'] = 0;
            $A['rsschildren'] = 0;
            $A['usealternate'] = isset($_MG_CONF['ad_use_alternate']) ? $_MG_CONF['ad_use_alternate'] : 0;
            $A['skin'] = isset($_MG_CONF['ad_skin']) ? $_MG_CONF['ad_skin'] : 'default';
            $gresult = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_name LIKE 'mediagallery Admin'");
            $grow = DB_fetchArray($gresult);
            $grp_id = $grow['grp_id'];
            $A['group_id'] = $grp_id;
            $A['mod_group_id'] = $grp_id;
            $A['perm_owner'] = $_MG_CONF['ad_perm_owner'];
            $A['perm_group'] = $_MG_CONF['ad_perm_group'];
            $A['perm_members'] = $_MG_CONF['ad_perm_members'];
            $A['perm_anon'] = $_MG_CONF['ad_perm_anon'];
            $A['tnheight'] = $_MG_CONF['ad_tn_height'];
            $A['tnwidth'] = $_MG_CONF['ad_tn_width'];
        }
    }
    $T->set_var('album_id', $A['album_id']);
    $retval .= COM_startBlock($mode == 'create' ? $LANG_MG01['create_album'] : $LANG_MG01['edit_album'] . ' - ' . strip_tags($A['album_title']), '', COM_getBlockTemplate('_admin_block', 'header'));
    // If edit, pull up the existing album information...
    $T->set_file(array('admin' => 'editalbum.thtml', 'falbum' => 'featured_album.thtml', 'perms_admin' => 'edit_album_permissions.thtml', 'perms_member' => 'edit_album_perm_member.thtml', 'admin_attr' => 'editalbum_admin.thtml', 'admin_formats' => 'editalbum_formats.thtml'));
    // construct the album jumpbox...
    if ($mode == 'create') {
        $select = $oldaid;
    } else {
        $select = $A['album_parent'];
    }
    $album_selectbox = '<select name="parentaid">';
    $valid_albums += $MG_albums[0]->buildAlbumBox($select, 3, $A['album_id'], $mode);
    $album_selectbox .= '</select>';
    $album_select = $album_selectbox;
    if ($valid_albums == 0) {
        COM_errorLog("MediaGallery: Someone has tried to illegally create a Medig Gallery Album.  User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$REMOTE_ADDR}", 1);
        return MG_genericError($LANG_MG00['access_denied_msg']);
    }
    // build exif select box...
    $exif_select = '<select name="enable_exif">';
    $exif_select .= '<option value="0"' . ($A['exif_display'] == 0 ? 'selected="selected"' : '') . '>' . $LANG_MG01['disable_exif'] . '</option>';
    $exif_select .= '<option value="1"' . ($A['exif_display'] == 1 ? 'selected="selected"' : '') . '>' . $LANG_MG01['display_below_media'] . '</option>';
    $exif_select .= '<option value="2"' . ($A['exif_display'] == 2 ? 'selected="selected"' : '') . '>' . $LANG_MG01['display_in_popup'] . '</option>';
    $exif_select .= '<option value="3"' . ($A['exif_display'] == 3 ? 'selected="selected"' : '') . '>' . $LANG_MG01['both'] . '</option>';
    $exif_select .= '</select>';
    $full_select = '<select name="full_display"' . ($_MG_CONF['discard_original'] ? ' disabled=disabled ' : '') . '>';
    $full_select .= '<option value="0"' . ($A['full_display'] == 0 ? 'selected="selected"' : '') . '>' . $LANG_MG01['always'] . '</option>';
    $full_select .= '<option value="1"' . ($A['full_display'] == 1 ? 'selected="selected"' : '') . '>' . $LANG_MG01['members_only'] . '</option>';
    $full_select .= '<option value="2"' . ($A['full_display'] == 2 ? 'selected="selected"' : '') . '>' . $LANG_MG01['disabled'] . '</option>';
    $full_select .= '</select>';
    $ranking_select = '<select name="enable_rating">';
    $ranking_select .= '<option value="0"' . ($A['enable_rating'] == 0 ? 'selected="selected"' : '') . '>' . $LANG_MG01['disabled'] . '</option>';
    $ranking_select .= '<option value="1"' . ($A['enable_rating'] == 1 ? 'selected="selected"' : '') . '>' . $LANG_MG01['members_only'] . '</option>';
    $ranking_select .= '<option value="2"' . ($A['enable_rating'] == 2 ? 'selected="selected"' : '') . '>' . $LANG_MG01['always'] . '</option>';
    $ranking_select .= '</select>';
    $podcast_select = '<input type="checkbox" name="podcast" value="1" ' . ($A['podcast'] ? ' checked="checked"' : '') . '/>';
    $mp3ribbon_select = '<input type="checkbox" name="mp3ribbon" value="1" ' . ($A['mp3ribbon'] ? ' checked="checked"' : '') . '/>';
    $rsschildren_select = '<input type="checkbox" name="rsschildren" value="1" ' . ($A['rsschildren'] ? ' checked="checked"' : '') . '/>';
    $comment_select = '<input type="checkbox" name="enable_comments" value="1" ' . ($A['enable_comments'] ? ' checked="checked"' : '') . '/>';
    $ss_select = '<select name="enable_slideshow">';
    $ss_select .= '<option value="0" ' . ($A['enable_slideshow'] == 0 ? ' selected="selected"' : '') . '>' . $LANG_MG01['disabled'] . '</option>';
    $ss_select .= '<option value="1"' . ($A['enable_slideshow'] == 1 ? ' selected="selected"' : '') . '>' . $LANG_MG01['js_slideshow'] . '</option>';
    $ss_select .= '<option value="2"' . ($A['enable_slideshow'] == 2 ? ' selected="selected"' : '') . '>' . $LANG_MG01['lightbox'] . '</option>';
    $ss_select .= '<option value="3"' . ($A['enable_slideshow'] == 3 ? ' selected="selected"' : '') . '>' . $LANG_MG01['flash_slideshow_disp'] . '</option>';
    $ss_select .= '<option value="4"' . ($A['enable_slideshow'] == 4 ? ' selected="selected"' : '') . '>' . $LANG_MG01['flash_slideshow_full'] . '</option>';
    $ss_select .= '<option value="5"' . ($A['enable_slideshow'] == 5 ? ' selected="selected"' : '') . '>' . $LANG_MG01['mp3_jukebox'] . '</option>';
    $ss_select .= '</select>';
    $sf_select = '<input type="checkbox" name="enable_shutterfly" value="1" ' . ($A['enable_shutterfly'] ? ' checked="checked"' : '') . '/>';
    $views_select = '<input type="checkbox" name="enable_views" value="1" ' . ($A['enable_views'] ? ' checked="checked"' : '') . '/>';
    $keywords_select = '<input type="checkbox" name="enable_keywords" value="1" ' . ($A['enable_keywords'] ? ' checked="checked"' : '') . '/>';
    $sort_select = '<input type="checkbox" name="enable_sort" value="1" ' . ($A['enable_sort'] ? ' checked="checked"' : '') . '/>';
    $rss_select = '<input type="checkbox" name="enable_rss" value="1" ' . ($A['enable_rss'] ? ' checked="checked"' : '') . '/>';
    $postcard_select = '<select name="enable_postcard">';
    $postcard_select .= '<option value="0"' . ($A['enable_postcard'] == 0 ? 'selected="selected"' : '') . '>' . $LANG_MG01['disabled'] . '</option>';
    $postcard_select .= '<option value="1"' . ($A['enable_postcard'] == 1 ? 'selected="selected"' : '') . '>' . $LANG_MG01['members_only'] . '</option>';
    $postcard_select .= '<option value="2"' . ($A['enable_postcard'] == 2 ? 'selected="selected"' : '') . '>' . $LANG_MG01['all_users'] . '</option>';
    $postcard_select .= '</select>';
    $afirst_select = '<input type="checkbox" name="albums_first" value="1" ' . ($A['albums_first'] ? ' checked="checked"' : '') . '/>';
    $usealternate_select = '<input type="checkbox" name="usealternate" value="1" ' . ($A['usealternate'] ? ' checked="checked"' : '') . '/>';
    $album_views_select = '<input type="checkbox" name="enable_album_views" value="1" ' . ($A['enable_album_views'] ? ' checked="checked"' : '') . '/>';
    $display_album_desc_select = '<input type="checkbox" name="display_album_desc" value="1" ' . ($A['display_album_desc'] ? ' checked="checked"' : '') . '/>';
    $tn_size_select = '<select name="tn_size">';
    $tn_size_select .= '<option value="0"' . ($A['tn_size'] == 0 ? 'selected="selected"' : '') . '>' . $LANG_MG01['small'] . '</option>';
    $tn_size_select .= '<option value="1"' . ($A['tn_size'] == 1 ? 'selected="selected"' : '') . '>' . $LANG_MG01['medium'] . '</option>';
    $tn_size_select .= '<option value="2"' . ($A['tn_size'] == 2 ? 'selected="selected"' : '') . '>' . $LANG_MG01['large'] . '</option>';
    $tn_size_select .= '<option value="3"' . ($A['tn_size'] == 3 ? 'selected="selected"' : '') . '>' . $LANG_MG01['custom'] . '</option>';
    $tn_size_select .= '<option value="4"' . ($A['tn_size'] == 4 ? 'selected="selected"' : '') . '>' . $LANG_MG01['square'] . '</option>';
    $tn_size_select .= '</select>';
    $display_image_size_select = '<select name="display_image_size">';
    $display_image_size_select .= '<option value="0"' . ($A['display_image_size'] == 0 ? 'selected="selected"' : '') . '>' . $LANG_MG01['size_500x375'] . '</option>';
    $display_image_size_select .= '<option value="1"' . ($A['display_image_size'] == 1 ? 'selected="selected"' : '') . '>' . $LANG_MG01['size_600x450'] . '</option>';
    $display_image_size_select .= '<option value="2"' . ($A['display_image_size'] == 2 ? 'selected="selected"' : '') . '>' . $LANG_MG01['size_620x465'] . '</option>';
    $display_image_size_select .= '<option value="3"' . ($A['display_image_size'] == 3 ? 'selected="selected"' : '') . '>' . $LANG_MG01['size_720x540'] . '</option>';
    $display_image_size_select .= '<option value="4"' . ($A['display_image_size'] == 4 ? 'selected="selected"' : '') . '>' . $LANG_MG01['size_800x600'] . '</option>';
    $display_image_size_select .= '<option value="5"' . ($A['display_image_size'] == 5 ? 'selected="selected"' : '') . '>' . $LANG_MG01['size_912x684'] . '</option>';
    $display_image_size_select .= '<option value="6"' . ($A['display_image_size'] == 6 ? 'selected="selected"' : '') . '>' . $LANG_MG01['size_1024x768'] . '</option>';
    $display_image_size_select .= '<option value="7"' . ($A['display_image_size'] == 7 ? 'selected="selected"' : '') . '>' . $LANG_MG01['size_1152x864'] . '</option>';
    $display_image_size_select .= '<option value="8"' . ($A['display_image_size'] == 8 ? 'selected="selected"' : '') . '>' . $LANG_MG01['size_1280x1024'] . '</option>';
    $display_image_size_select .= '<option value="9"' . ($A['display_image_size'] == 9 ? 'selected="selected"' : '') . '>' . $LANG_MG01['size_custom'] . $_MG_CONF['custom_image_width'] . 'x' . $_MG_CONF['custom_image_height'] . '</option>';
    $display_image_size_select .= '</select>';
    $rows_input = '<input type="text" size="3" name="display_rows" value="' . $A['display_rows'] . '"/>';
    $columns_input = '<input type="text" size="3" name="display_columns" value="' . $A['display_columns'] . '"/>';
    $max_image_height_input = '<input type="text" size="4" name="max_image_height" value="' . $A['max_image_height'] . '"/>';
    $max_image_width_input = '<input type="text" size="4" name="max_image_width" value="' . $A['max_image_width'] . '"/>';
    $tnheight_input = '<input type="text" size="3" name="tnheight" value="' . $A['tnheight'] . '"/>';
    $tnwidth_input = '<input type="text" size="3" name="tnwidth" value="' . $A['tnwidth'] . '"/>';
    if ($A['max_filesize'] != 0) {
        $A['max_filesize'] = $A['max_filesize'] / 1024;
    }
    $max_filesize_input = '<input type="text" size="10" name="max_filesize" value="' . $A['max_filesize'] . '"/>';
    $email_mod_select = '<input type="checkbox" name="email_mod" value="1" ' . ($A['email_mod'] ? ' checked="checked"' : '') . '/>';
    $playback_type = '<select name="playback_type">';
    $playback_type .= '<option value="0"' . ($A['playback_type'] == 0 ? 'selected="selected"' : '') . '>' . $LANG_MG01['play_in_popup'] . '</option>';
    $playback_type .= '<option value="1"' . ($A['playback_type'] == 1 ? 'selected="selected"' : '') . '>' . $LANG_MG01['download_to_local'] . '</option>';
    $playback_type .= '<option value="2"' . ($A['playback_type'] == 2 ? 'selected="selected"' : '') . '>' . $LANG_MG01['play_inline'] . '</option>';
    $playback_type .= '<option value="3"' . ($A['playback_type'] == 3 ? 'selected="selected"' : '') . '>' . $LANG_MG01['use_mms'] . '</option>';
    $playback_type .= '</select>';
    $themes = MG_getThemes();
    $album_theme_select = '<select name="album_theme">';
    for ($i = 0; $i < count($themes); $i++) {
        $album_theme_select .= '<option value="' . $themes[$i] . '"' . ($A['skin'] == $themes[$i] ? 'selected="selected"' : '') . '>' . $themes[$i] . '</option>';
    }
    $album_theme_select .= '</select>';
    $attach_select = '<input type="checkbox" name="attach_tn" value="1" ' . ($A['tn_attached'] ? ' checked="checked"' : '') . '/>';
    $result = DB_query("SELECT * FROM {$_TABLES['users']}");
    $nRows = DB_numRows($result);
    $owner_select = '<select name="owner_id">';
    for ($i = 0; $i < $nRows; $i++) {
        $row = DB_fetchArray($result);
        if ($row['uid'] == 1) {
            continue;
        }
        $owner_select .= '<option value="' . $row['uid'] . '"' . ($A['owner_id'] == $row['uid'] ? 'selected="selected"' : '') . '>' . COM_getDisplayName($row['uid'], $row['username'], $row['fullname'], $row['remoteusername'], $row['remoteservice']) . '</option>';
    }
    $owner_select .= '</select>';
    $album_sort_select = '<select name="album_sort_order">';
    $album_sort_select .= '<option value="0"' . ($A['album_sort_order'] == 0 ? 'selected="selected"' : '') . '>' . $LANG_MG03['no_sort'] . '</option>';
    $album_sort_select .= '<option value="1"' . ($A['album_sort_order'] == 1 ? 'selected="selected"' : '') . '>' . $LANG_MG03['sort_capture_asc'] . '</option>';
    $album_sort_select .= '<option value="2"' . ($A['album_sort_order'] == 2 ? 'selected="selected"' : '') . '>' . $LANG_MG03['sort_capture'] . '</option>';
    $album_sort_select .= '<option value="3"' . ($A['album_sort_order'] == 3 ? 'selected="selected"' : '') . '>' . $LANG_MG03['sort_upload_asc'] . '</option>';
    $album_sort_select .= '<option value="4"' . ($A['album_sort_order'] == 4 ? 'selected="selected"' : '') . '>' . $LANG_MG03['sort_upload'] . '</option>';
    $album_sort_select .= '<option value="5"' . ($A['album_sort_order'] == 5 ? 'selected="selected"' : '') . '>' . $LANG_MG03['sort_alpha'] . '</option>';
    $album_sort_select .= '<option value="6"' . ($A['album_sort_order'] == 6 ? 'selected="selected"' : '') . '>' . $LANG_MG03['sort_alpha_asc'] . '</option>';
    $album_sort_select .= '</select>';
    if (SEC_hasRights('mediagallery.admin')) {
        //
        // -- build the featured selects and info...
        //
        $featured_select = '<input type="checkbox" name="featured" value="1" ' . ($A['featured'] ? ' checked="checked"' : '') . '/>';
        // build featurepage select...
        $featurepage_select = '<select name="featurepage">';
        $featurepage_select .= '<option value="all"' . ($A['cbpage'] == 'all' ? 'selected="selected"' : '') . '>' . $LANG_MG01['all'] . '</option>';
        $featurepage_select .= '<option value="allnhp"' . ($A['cbpage'] == 'allnhp' ? 'selected="selected"' : '') . '>' . $LANG_MG01['all_nhp'] . '</option>';
        $featurepage_select .= '<option value="none"' . ($A['cbpage'] == 'none' ? 'selected="selected"' : '') . '>' . $LANG_MG01['homepage_only'] . '</option>';
        $featurepage_select .= COM_topicList('tid,topic', $A['cbpage']);
        $featurepage_select .= '</select>';
        // position
        $feature_pos = '<select name="featureposition">';
        $feature_pos .= '<option value="1"' . ($A['cbposition'] == 1 ? ' selected="selected"' : '') . '>' . $LANG_MG01['top'] . '</option>';
        $feature_pos .= '<option value="2"' . ($A['cbposition'] == 2 ? ' selected="selected"' : '') . '>' . $LANG_MG01['after_featured_articles'] . '</option>';
        $feature_pos .= '<option value="3"' . ($A['cbposition'] == 3 ? ' selected="selected"' : '') . '>' . $LANG_MG01['bottom'] . '</option>';
        $feature_pos .= '</select>    ';
        $T->set_var(array('featured_select' => $featured_select, 'feature_page_select' => $featurepage_select, 'feature_position' => $feature_pos, 'lang_featured_album' => $LANG_MG01['featured_album'], 'lang_set_featured' => $LANG_MG01['set_featured'], 'lang_featured_help' => $LANG_MG01['featured_help'], 'lang_position' => $LANG_MG01['position'], 'lang_topic' => $LANG_MG01['topic']));
        $T->parse('featureselect', 'falbum');
        $ri_select = '<input type="checkbox" name="enable_random" value="1" ' . ($A['enable_random'] ? ' checked="checked"' : '') . '/>';
        $T->set_var(array('height_input' => $max_image_height_input, 'width_input' => $max_image_width_input, 'max_size_input' => $max_filesize_input, 'ri_select' => $ri_select, 'lang_ri_enable' => $LANG_MG01['ri_enable'], 'lang_max_image_height' => $LANG_MG01['max_image_height'], 'lang_max_image_width' => $LANG_MG01['max_image_width'], 'lang_max_filesize' => $LANG_MG01['max_filesize']));
        $T->parse('adminattr', 'admin_attr');
        $T->set_var(array('jpg_checked' => $A['valid_formats'] & MG_JPG ? ' checked="checked"' : '', 'png_checked' => $A['valid_formats'] & MG_PNG ? ' checked="checked"' : '', 'tif_checked' => $A['valid_formats'] & MG_TIF ? ' checked="checked"' : '', 'gif_checked' => $A['valid_formats'] & MG_GIF ? ' checked="checked"' : '', 'bmp_checked' => $A['valid_formats'] & MG_BMP ? ' checked="checked"' : '', 'tga_checked' => $A['valid_formats'] & MG_TGA ? ' checked="checked"' : '', 'psd_checked' => $A['valid_formats'] & MG_PSD ? ' checked="checked"' : '', 'mp3_checked' => $A['valid_formats'] & MG_MP3 ? ' checked="checked"' : '', 'ogg_checked' => $A['valid_formats'] & MG_OGG ? ' checked="checked"' : '', 'asf_checked' => $A['valid_formats'] & MG_ASF ? ' checked="checked"' : '', 'swf_checked' => $A['valid_formats'] & MG_SWF ? ' checked="checked"' : '', 'mov_checked' => $A['valid_formats'] & MG_MOV ? ' checked="checked"' : '', 'mp4_checked' => $A['valid_formats'] & MG_MP4 ? ' checked="checked"' : '', 'mpg_checked' => $A['valid_formats'] & MG_MPG ? ' checked="checked"' : '', 'zip_checked' => $A['valid_formats'] & MG_ZIP ? ' checked="checked"' : '', 'flv_checked' => $A['valid_formats'] & MG_FLV ? ' checked="checked"' : '', 'rflv_checked' => $A['valid_formats'] & MG_RFLV ? ' checked="checked"' : '', 'emb_checked' => $A['valid_formats'] & MG_EMB ? ' checked="checked"' : '', 'other_checked' => $A['valid_formats'] & MG_OTHER ? ' checked="checked"' : '', 'lang_jpg' => $LANG_MG01['jpg'], 'lang_png' => $LANG_MG01['png'], 'lang_tif' => $LANG_MG01['tif'], 'lang_gif' => $LANG_MG01['gif'], 'lang_bmp' => $LANG_MG01['bmp'], 'lang_tga' => $LANG_MG01['tga'], 'lang_psd' => $LANG_MG01['psd'], 'lang_mp3' => $LANG_MG01['mp3'], 'lang_ogg' => $LANG_MG01['ogg'], 'lang_asf' => $LANG_MG01['asf'], 'lang_swf' => $LANG_MG01['swf'], 'lang_mov' => $LANG_MG01['mov'], 'lang_mp4' => $LANG_MG01['mp4'], 'lang_mpg' => $LANG_MG01['mpg'], 'lang_zip' => $LANG_MG01['zip'], 'lang_flv' => $LANG_MG01['flv'], 'lang_rflv' => $LANG_MG01['rflv'], 'lang_emb' => $LANG_MG01['emb'], 'lang_other' => $LANG_MG01['other'], 'lang_allowed_formats' => $LANG_MG01['allowed_media_formats'], 'lang_image' => $LANG_MG01['image'], 'lang_audio' => $LANG_MG01['audio'], 'lang_video' => $LANG_MG01['video']));
        $T->parse('valid_formats', 'admin_formats');
    }
    $r = rand();
    if ($A['tn_attached']) {
        $media_size = false;
        foreach ($_MG_CONF['validExtensions'] as $ext) {
            if (file_exists($_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $A['album_id'] . $ext)) {
                $album_last_image = $_MG_CONF['mediaobjects_url'] . '/covers/cover_' . $A['album_id'] . $ext;
                $media_size = @getimagesize($_MG_CONF['path_mediaobjects'] . 'covers/cover_' . $A['album_id'] . $ext);
                if ($media_size != false) {
                    $T->set_var('thumbnail', '<img src="' . $_MG_CONF['mediaobjects_url'] . '/covers/cover_' . $A['album_id'] . $ext . '?r=' . $r . '" alt=""/>');
                }
                break;
            }
        }
        //        $T->set_var('thumbnail','<img src="' . $_MG_CONF['mediaobjects_url'] . '/covers/cover_' . $A['album_id'] . '.jpg?r=' . $r . '" alt="">');
    }
    $filename_title_select = '<input type="checkbox" name="filename_title" value="1" ' . ($A['filename_title'] ? ' checked="checked"' : '') . '/>';
    // watermark stuff...
    $wm_auto_select = '<input type="checkbox" name="wm_auto" value="1" ' . ($A['wm_auto'] ? ' checked="checked"' : '') . '/>';
    $wm_opacity_select = '<select name="wm_opacity">';
    $wm_opacity_select .= '<option value="10"' . ($A['opacity'] == 10 ? 'selected="selected"' : '') . '>10%</option>';
    $wm_opacity_select .= '<option value="20"' . ($A['opacity'] == 20 ? 'selected="selected"' : '') . '>20%</option>';
    $wm_opacity_select .= '<option value="30"' . ($A['opacity'] == 30 ? 'selected="selected"' : '') . '>30%</option>';
    $wm_opacity_select .= '<option value="40"' . ($A['opacity'] == 40 ? 'selected="selected"' : '') . '>40%</option>';
    $wm_opacity_select .= '<option value="50"' . ($A['opacity'] == 50 ? 'selected="selected"' : '') . '>50%</option>';
    $wm_opacity_select .= '<option value="60"' . ($A['opacity'] == 60 ? 'selected="selected"' : '') . '>60%</option>';
    $wm_opacity_select .= '<option value="70"' . ($A['opacity'] == 70 ? 'selected="selected"' : '') . '>70%</option>';
    $wm_opacity_select .= '<option value="80"' . ($A['opacity'] == 80 ? 'selected="selected"' : '') . '>80%</option>';
    $wm_opacity_select .= '<option value="90"' . ($A['opacity'] == 90 ? 'selected="selected"' : '') . '>90%</option>';
    $wm_opacity_select .= '</select>';
    $wm_location_select = '<select name="wm_location">';
    $wm_location_select .= '<option value="1"' . ($A['wm_location'] == 1 ? 'selected="selected"' : '') . '>' . $LANG_MG01['top_left'] . '</option>';
    $wm_location_select .= '<option value="2"' . ($A['wm_location'] == 2 ? 'selected="selected"' : '') . '>' . $LANG_MG01['top_center'] . '</option>';
    $wm_location_select .= '<option value="3"' . ($A['wm_location'] == 3 ? 'selected="selected"' : '') . '>' . $LANG_MG01['top_right'] . '</option>';
    $wm_location_select .= '<option value="4"' . ($A['wm_location'] == 4 ? 'selected="selected"' : '') . '>' . $LANG_MG01['middle_left'] . '</option>';
    $wm_location_select .= '<option value="5"' . ($A['wm_location'] == 5 ? 'selected="selected"' : '') . '>' . $LANG_MG01['middle_center'] . '</option>';
    $wm_location_select .= '<option value="6"' . ($A['wm_location'] == 6 ? 'selected="selected"' : '') . '>' . $LANG_MG01['middle_right'] . '</option>';
    $wm_location_select .= '<option value="7"' . ($A['wm_location'] == 7 ? 'selected="selected"' : '') . '>' . $LANG_MG01['bottom_left'] . '</option>';
    $wm_location_select .= '<option value="8"' . ($A['wm_location'] == 8 ? 'selected="selected"' : '') . '>' . $LANG_MG01['bottom_center'] . '</option>';
    $wm_location_select .= '<option value="9"' . ($A['wm_location'] == 9 ? 'selected="selected"' : '') . '>' . $LANG_MG01['bottom_right'] . '</option>';
    $wm_location_select .= '</select>';
    // now select what watermarks we have permission to use...
    $whereClause = " WHERE wm_id<>0 AND ";
    if (SEC_hasRights('mediagallery.admin')) {
        $whereClause .= "1=1";
    } else {
        $whereClause .= "(owner_id=" . $_USER['uid'] . " OR owner_id=0)";
    }
    $sql = "SELECT * FROM {$_TABLES['mg_watermarks']} " . $whereClause . " ORDER BY owner_id";
    $result = DB_query($sql);
    $nRows = DB_numRows($result);
    $wm_select = '<select name="wm_id"  onchange="change(this)">';
    $wm_select .= '<option value="blank.png">' . $LANG_MG01['no_watermark'] . '</option>';
    $wm_current = '<img src="' . $_MG_CONF['site_url'] . '/watermarks/blank.png" name="myImage" alt=""/>';
    for ($i = 0; $i < $nRows; $i++) {
        $row = DB_fetchArray($result);
        $wm_select .= '<option value="' . $row['filename'] . '"' . ($A['wm_id'] == $row['wm_id'] ? 'selected="selected"' : '') . '>' . $row['filename'] . '</option>';
        if ($A['wm_id'] == $row['wm_id']) {
            $wm_current = '<img src="' . $_MG_CONF['site_url'] . '/watermarks/' . $row['filename'] . '" name="myImage" alt=""/>';
        }
    }
    $wm_select .= '</select>';
    $frames = new mgFrame();
    $skins = array();
    $skins = $frames->getFrames();
    $skin_select = '<select name="skin">';
    $askin_select = '<select name="askin">';
    $dskin_select = '<select name="dskin">';
    for ($i = 0; $i < count($skins); $i++) {
        $skin_select .= '<option value="' . $skins[$i]['dir'] . '"' . ($A['image_skin'] == $skins[$i]['dir'] ? ' selected="selected" ' : '') . '>' . $skins[$i]['name'] . '</option>';
        $askin_select .= '<option value="' . $skins[$i]['dir'] . '"' . ($A['album_skin'] == $skins[$i]['dir'] ? ' selected="selected" ' : '') . '>' . $skins[$i]['name'] . '</option>';
        $dskin_select .= '<option value="' . $skins[$i]['dir'] . '"' . ($A['display_skin'] == $skins[$i]['dir'] ? ' selected="selected" ' : '') . '>' . $skins[$i]['name'] . '</option>';
    }
    $skin_select .= '</select>';
    $askin_select .= '</select>';
    $dskin_select .= '</select>';
    // permission template
    $usergroups = SEC_getUserGroups();
    $groupdd = '';
    $moddd = '';
    $groupdd .= '<select name="group_id">';
    $moddd .= '<select name="mod_id">';
    for ($i = 0; $i < count($usergroups); $i++) {
        if ($usergroups[key($usergroups)] != 2 && $usergroups[key($usergroups)] != 13) {
            $groupdd .= '<option value="' . $usergroups[key($usergroups)] . '"';
            $moddd .= '<option value="' . $usergroups[key($usergroups)] . '"';
            if ($A['group_id'] == $usergroups[key($usergroups)]) {
                $groupdd .= ' selected="selected"';
            }
            if ($A['mod_group_id'] == $usergroups[key($usergroups)]) {
                $moddd .= ' selected="selected"';
            }
            $groupdd .= '>' . key($usergroups) . '</option>';
            $moddd .= '>' . key($usergroups) . '</option>';
        }
        next($usergroups);
    }
    $groupdd .= '</select>';
    $moddd .= '</select>';
    $upload_select = '<input type="checkbox" name="uploads" value="1" ' . ($A['member_uploads'] ? ' checked="checked"' : '') . '/>';
    $moderate_select = '<input type="checkbox" name="moderate" value="1" ' . ($A['moderate'] ? ' checked="checked"' : '') . '/>';
    $child_update_select = '<input type="checkbox" name="force_child_update" value="1"/>';
    $hidden_select = '<input type="checkbox" name="hidden" value="1" ' . ($A['hidden'] ? ' checked="checked"' : '') . '/>';
    $allow_download_select = '<input type="checkbox" name="allow_download" value="1" ' . ($A['allow_download'] ? ' checked="checked"' : '') . '/>';
    if (SEC_hasRights('mediagallery.admin')) {
        $perm_editor = SEC_getPermissionsHTML($A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    } else {
        $perm_editor = MG_getMemberPermissionsHTML($A['perm_members'], $A['perm_anon']);
    }
    $T->set_var(array('lang_uploads' => $LANG_MG01['anonymous_uploads_prompt'], 'lang_accessrights' => $LANG_ACCESS['accessrights'], 'lang_owner' => $LANG_ACCESS['owner'], 'owner_username' => DB_getItem($_TABLES['users'], 'username', "uid={$A['owner_id']}"), 'owner_id' => $A['owner_id'], 'lang_group' => $LANG_ACCESS['group'], 'lang_permissions' => $LANG_ACCESS['permissions'], 'lang_perm_key' => $LANG_ACCESS['permissionskey'], 'lang_hidden' => $LANG_MG01['hidden'], 'permissions_msg' => $LANG_ACCESS['permmsg'], 'permissions_editor' => $perm_editor, 'origaid' => '<input type="hidden" name="origaid" value="' . $oldaid . '"/>', 'group_dropdown' => $groupdd, 'mod_dropdown' => $moddd, 'lang_member_upload' => $LANG_MG01['member_upload'], 'lang_moderate_album' => $LANG_MG01['mod_album'], 'lang_mod_group' => $LANG_MG01['moderation_group'], 'uploads' => $upload_select, 'moderate' => $moderate_select, 'hidden' => $hidden_select, 'force_child_update' => $child_update_select, 'lang_force_child_update' => $LANG_MG01['force_child_update'], 'lang_allow_download' => $LANG_MG01['allow_download'], 'owner_select' => $owner_select, 'email_mod_select' => $email_mod_select, 'lang_email_mods_on_submission' => $LANG_MG01['email_mods_on_submission']));
    if (SEC_hasRights('mediagallery.admin')) {
        $T->parse('perm_editor', 'perms_admin');
    } else {
        $T->parse('perm_editor', 'perms_member');
    }
    $T->set_var(array('action' => 'album', 'path_mg' => $_MG_CONF['site_url'], 'attach_select' => $attach_select, 'comment_select' => $comment_select, 'exif_select' => $exif_select, 'ranking_select' => $ranking_select, 'podcast_select' => $podcast_select, 'mp3ribbon_select' => $mp3ribbon_select, 'rsschildren_select' => $rsschildren_select, 'full_select' => $full_select, 'ss_select' => $ss_select, 'sf_select' => $sf_select, 'views_select' => $views_select, 'keywords_select' => $keywords_select, 'album_views_select' => $album_views_select, 'display_album_desc_select' => $display_album_desc_select, 'sort_select' => $sort_select, 'rss_select' => $rss_select, 'postcard_select' => $postcard_select, 'afirst_select' => $afirst_select, 'tn_size_select' => $tn_size_select, 'display_image_size' => $display_image_size_select, 'rows_input' => $rows_input, 'columns_input' => $columns_input, 'playback_type' => $playback_type, 'album_title' => $A['album_title'], 'album_desc' => $A['album_desc'], 'album_id' => $A['album_id'], 'parent_select' => $album_select, 'album_cover' => $A['album_cover'], 'album_owner' => $A['owner_id'], 'album_order' => $A['album_order'], 'album_cover_filename' => $A['album_cover_filename'], 'last_update' => $A['last_update'], 'media_count' => $A['media_count'], 'wm_auto_select' => $wm_auto_select, 'wm_opacity_select' => $wm_opacity_select, 'wm_location_select' => $wm_location_select, 'wm_select' => $wm_select, 'wm_current' => $wm_current, 'album_theme_select' => $album_theme_select, 'album_sort_select' => $album_sort_select, 'allow_download_select' => $allow_download_select, 'filename_title_select' => $filename_title_select, 'skin_select' => $skin_select, 'askin_select' => $askin_select, 'dskin_select' => $dskin_select, 'tnheight_input' => $tnheight_input, 'tnwidth_input' => $tnwidth_input, 'usealternate_select' => $usealternate_select, 'lang_usealternate' => $LANG_MG01['use_alternate_url'], 'lang_tnheight' => $LANG_MG01['tn_height'], 'lang_tnwidth' => $LANG_MG01['tn_width'], 'lang_save' => $LANG_MG01['save'], 'lang_edit_title' => $mode == 'create' ? $LANG_MG01['create_album'] : $LANG_MG01['edit_album'], 's_form_action' => $actionURL, 'lang_image_skin' => $LANG_MG01['image_skin'], 'lang_album_skin' => $LANG_MG01['album_skin'], 'lang_display_skin' => $LANG_MG01['display_skin'], 'lang_album_edit_help' => $LANG_MG01['album_edit_help'], 'lang_title' => $LANG_MG01['title'], 'lang_podcast' => $LANG_MG01['podcast'], 'lang_mp3ribbon' => $LANG_MG01['mp3ribbon'], 'lang_rsschildren' => $LANG_MG01['rsschildren'], 'lang_parent_album' => $LANG_MG01['parent_album'], 'lang_description' => $LANG_MG01['description'], 'lang_cancel' => $LANG_MG01['cancel'], 'lang_delete' => $LANG_MG01['delete'], 'lang_comments' => $LANG_MG01['comments_prompt'], 'lang_enable_exif' => $LANG_MG01['enable_exif'], 'lang_enable_ratings' => $LANG_MG01['enable_ratings'], 'lang_ss_enable' => $LANG_MG01['ss_enable'], 'lang_sf_enable' => $LANG_MG01['sf_enable'], 'lang_tn_size' => $LANG_MG01['tn_size'], 'lang_rows' => $LANG_MG01['rows'], 'lang_columns' => $LANG_MG01['columns'], 'lang_av_play_album' => $LANG_MG01['av_play_album'], 'lang_av_play_options' => $LANG_MG01['av_play_options'], 'lang_attached_thumbnail' => $LANG_MG01['attached_thumbnail'], 'lang_thumbnail' => $LANG_MG01['thumbnail'], 'lang_album_attributes' => $LANG_MG01['album_attributes'], 'lang_album_cover' => $LANG_MG01['album_cover'], 'lang_enable_views' => $LANG_MG01['enable_views'], 'lang_enable_keywords' => $LANG_MG01['enable_keywords'], 'lang_enable_album_views' => $LANG_MG01['enable_album_views'], 'lang_enable_sort' => $LANG_MG01['enable_sort'], 'lang_enable_rss' => $LANG_MG01['enable_rss'], 'lang_enable_postcard' => $LANG_MG01['enable_postcard'], 'lang_albums_first' => $LANG_MG01['albums_first'], 'lang_full_display' => $LANG_MG01['full_display'], 'lang_display_image_size' => $LANG_MG01['display_image_size'], 'lang_album_sort' => $LANG_MG01['default_album_sort'], 'lang_watermark' => $LANG_MG01['watermark'], 'lang_wm_auto' => $LANG_MG01['watermark_auto'], 'lang_wm_opacity' => $LANG_MG01['watermark_opacity'], 'lang_wm_location' => $LANG_MG01['watermark_location'], 'lang_wm_id' => $LANG_MG01['watermark_image'], 'lang_unlimited' => $LANG_MG01['zero_unlimited'], 'lang_display_album_desc' => $LANG_MG01['display_album_desc'], 'lang_filename_title' => $LANG_MG01['filename_title'], 'lang_media_attributes' => $LANG_MG01['media_attributes'], 'lang_theme_select' => $LANG_MG01['album_theme']));
    if ($_MG_CONF['htmlallowed'] == 1) {
        $T->set_var('allowed_html', COM_allowedHTML(SEC_getUserPermissions(), false, 'mediagallery', 'album_title'));
    }
    $T->parse('output', 'admin');
    $retval .= $T->finish($T->get_var('output'));
    $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
    return $retval;
}
コード例 #11
0
/**
 * Authenticates the user if authentication headers are present
 *
 * Our handling of the speedlimit here requires some explanation ...
 * Atompub clients will usually try to do everything without logging in first.
 * Since that would mean that we can't provide feeds for drafts, items with
 * special permissions, etc. we ask them to log in (PLG_RET_AUTH_FAILED).
 * That, however, means that every request from an Atompub client will count
 * as one failed login attempt. So doing a couple of requests in quick
 * succession will surely get the client blocked. Therefore
 * - a request without any login credentials counts as one failed login attempt
 * - a request with wrong login credentials counts as two failed login attempts
 * - if, after a successful login, we have only one failed attempt on record,
 *   we reset the speedlimit
 * This still ensures that
 * - repeated failed logins (without or with invalid credentials) will cause the
 *   client to be blocked eventually
 * - this can not be used for dictionary attacks
 *
 */
function WS_authenticate()
{
    global $_CONF, $_TABLES, $_USER, $_GROUPS, $_RIGHTS, $WS_VERBOSE;
    $uid = '';
    $username = '';
    $password = '';
    $status = -1;
    if (isset($_SERVER['PHP_AUTH_USER'])) {
        $username = COM_applyBasicFilter($_SERVER['PHP_AUTH_USER']);
        $password = $_SERVER['PHP_AUTH_PW'];
        if ($WS_VERBOSE) {
            COM_errorLog("WS: Attempting to log in user '{$username}'");
        }
        /** this does not work! *******************************************************
        
            } elseif (!empty($_SERVER['HTTP_X_WSSE']) &&
                    (strpos($_SERVER['HTTP_X_WSSE'], 'UsernameToken') !== false)) {
        
                // this is loosely based on a code snippet taken from Elgg (elgg.org)
        
                $wsse = str_replace('UsernameToken', '', $_SERVER['HTTP_X_WSSE']);
                $wsse = explode(',', $wsse);
        
                $username = '';
                $pwdigest = '';
                $created = '';
                $nonce = '';
        
                foreach ($wsse as $element) {
                    $element = explode('=', $element);
                    $key = array_shift($element);
                    if (count($element) == 1) {
                        $val = $element[0];
                    } else {
                        $val = implode('=', $element);
                    }
                    $key = trim($key);
                    $val = trim($val, "\x22\x27");
                    if ($key == 'Username') {
                        $username = COM_applyBasicFilter($val);
                    } elseif ($key == 'PasswordDigest') {
                        $pwdigest = $val;
                    } elseif ($key == 'Created') {
                        $created = $val;
                    } elseif ($key == 'Nonce') {
                        $nonce = $val;
                    }
                }
        
                if (!empty($username) && !empty($pwdigest) && !empty($created) &&
                        !empty($nonce)) {
        
                    $uname = DB_escapeString($username);
                    $pwd = DB_getItem($_TABLES['users'], 'passwd',
                                      "username = '******'");
                    // ... and here we would need the _unencrypted_ password
        
                    if (!empty($pwd)) {
                        $mydigest = pack('H*', sha1($nonce . $created . $pwd));
                        $mydigest = base64_encode($mydigest);
        
                        if ($pwdigest == $mydigest) {
                            $password = $pwd;
                        }
                    }
                }
        
                if ($WS_VERBOSE) {
                    COM_errorLog("WS: Attempting to log in user '$username' (via WSSE)");
                }
        
        ******************************************************************************/
    } elseif (!empty($_SERVER['REMOTE_USER'])) {
        /* PHP installed as CGI may not have access to authorization headers of
         * Apache. In that case, use .htaccess to store the auth header as
         * explained at
         * http://wiki.geeklog.net/wiki/index.php/Webservices_API#Authentication
         */
        list($auth_type, $auth_data) = explode(' ', $_SERVER['REMOTE_USER']);
        list($username, $password) = explode(':', base64_decode($auth_data));
        $username = COM_applyBasicFilter($username);
        if ($WS_VERBOSE) {
            COM_errorLog("WS: Attempting to log in user '{$username}' (via \$_SERVER['REMOTE_USER'])");
        }
    } else {
        if ($WS_VERBOSE) {
            COM_errorLog("WS: No login given");
        }
        // fallthrough (see below)
    }
    COM_clearSpeedlimit($_CONF['login_speedlimit'], 'wsauth');
    if (COM_checkSpeedlimit('wsauth', $_CONF['login_attempts']) > 0) {
        WS_error(PLG_RET_PERMISSION_DENIED, 'Speed Limit exceeded');
    }
    if (!empty($username) && !empty($password)) {
        if ($_CONF['user_login_method']['3rdparty']) {
            // remote users will have to use username@servicename
            $u = explode('@', $username);
            if (count($u) > 1) {
                $sv = $u[count($u) - 1];
                if (!empty($sv)) {
                    $modules = SEC_collectRemoteAuthenticationModules();
                    foreach ($modules as $smod) {
                        if (strcasecmp($sv, $smod) == 0) {
                            array_pop($u);
                            // drop the service name
                            $uname = implode('@', $u);
                            $status = SEC_remoteAuthentication($uname, $password, $smod, $uid);
                            break;
                        }
                    }
                }
            }
        }
        if ($status == -1 && $_CONF['user_login_method']['standard']) {
            $status = SEC_authenticate($username, $password, $uid);
        }
    }
    if ($status == USER_ACCOUNT_ACTIVE) {
        $_USER = SESS_getUserDataFromId($uid);
        PLG_loginUser($_USER['uid']);
        // Global array of groups current user belongs to
        $_GROUPS = SEC_getUserGroups($_USER['uid']);
        // Global array of current user permissions [read,edit]
        $_RIGHTS = explode(',', SEC_getUserPermissions());
        if ($_CONF['restrict_webservices']) {
            if (!SEC_hasRights('webservices.atompub')) {
                COM_updateSpeedlimit('wsauth');
                if ($WS_VERBOSE) {
                    COM_errorLog("WS: User '{$_USER['username']}' ({$_USER['uid']}) does not have permission to use the webservices");
                }
                // reset user, groups, and rights, just in case ...
                $_USER = array();
                $_GROUPS = array();
                $_RIGHTS = array();
                WS_error(PLG_RET_AUTH_FAILED);
            }
        }
        if ($WS_VERBOSE) {
            COM_errorLog("WS: User '{$_USER['username']}' ({$_USER['uid']}) successfully logged in");
        }
        // if there were less than 2 failed login attempts, reset speedlimit
        if (COM_checkSpeedlimit('wsauth', 2) == 0) {
            if ($WS_VERBOSE) {
                COM_errorLog("WS: Successful login - resetting speedlimit");
            }
            COM_resetSpeedlimit('wsauth');
        }
    } else {
        COM_updateSpeedlimit('wsauth');
        if (!empty($username) && !empty($password)) {
            COM_updateSpeedlimit('wsauth');
            if ($WS_VERBOSE) {
                COM_errorLog("WS: Wrong login credentials - counting as 2 failed attempts");
            }
        } elseif ($WS_VERBOSE) {
            COM_errorLog("WS: Empty login credentials - counting as 1 failed attempt");
        }
        WS_error(PLG_RET_AUTH_FAILED);
    }
}
コード例 #12
0
ファイル: gf_format.php プロジェクト: hostellerie/nexpro
function gf_makeFilemgmtCatSelect($uid)
{
    global $_CONF, $_FM_TABLES, $_DB_name;
    include_once $_CONF[path_html] . "filemgmt/include/xoopstree.php";
    include_once $_CONF[path_html] . "filemgmt/include/textsanitizer.php";
    $_GROUPS = SEC_getUserGroups($uid);
    $mytree = new XoopsTree($_DB_name, $_FM_TABLES['filemgmt_cat'], "cid", "pid");
    $mytree->setGroupUploadAccessFilter($_GROUPS);
    return $mytree->makeMySelBox('title', 'title', '', '', 'filemgmtcat');
}
コード例 #13
0
ファイル: lib-webservices.php プロジェクト: NewRoute/glfusion
/**
 * Authenticates the user if authentication headers are present
 *
 * Our handling of the speedlimit here requires some explanation ...
 * Atompub clients will usually try to do everything without logging in first.
 * Since that would mean that we can't provide feeds for drafts, items with
 * special permissions, etc. we ask them to log in (PLG_RET_AUTH_FAILED).
 * That, however, means that every request from an Atompub client will count
 * as one failed login attempt. So doing a couple of requests in quick
 * succession will surely get the client blocked. Therefore
 * - a request without any login credentials counts as one failed login attempt
 * - a request with wrong login credentials counts as two failed login attempts
 * - if, after a successful login, we have only one failed attempt on record,
 *   we reset the speedlimit
 * This still ensures that
 * - repeated failed logins (without or with invalid credentials) will cause the
 *   client to be blocked eventually
 * - this can not be used for dictionary attacks
 *
 */
function WS_authenticate()
{
    global $_CONF, $_TABLES, $_USER, $_GROUPS, $_RIGHTS, $WS_VERBOSE;
    $uid = '';
    $username = '';
    $password = '';
    $status = -1;
    if (isset($_SERVER['PHP_AUTH_USER'])) {
        $username = $_SERVER['PHP_AUTH_USER'];
        $password = $_SERVER['PHP_AUTH_PW'];
        $username = COM_applyFilter($username);
        $password = COM_applyFilter($password);
        if ($WS_VERBOSE) {
            COM_errorLog("WS: Attempting to log in user '{$username}'");
        }
    } elseif (!empty($_SERVER['REMOTE_USER'])) {
        /* PHP installed as CGI may not have access to authorization headers of
         * Apache. In that case, use .htaccess to store the auth header
         */
        list($auth_type, $auth_data) = explode(' ', $_SERVER['REMOTE_USER']);
        list($username, $password) = explode(':', base64_decode($auth_data));
        $username = COM_applyFilter($username);
        $password = COM_applyFilter($password);
        if ($WS_VERBOSE) {
            COM_errorLog("WS: Attempting to log in user '{$username}' (via \$_SERVER['REMOTE_USER'])");
        }
    } else {
        if ($WS_VERBOSE) {
            COM_errorLog("WS: No login given");
        }
        // fallthrough (see below)
    }
    COM_clearSpeedlimit($_CONF['login_speedlimit'], 'wsauth');
    if (COM_checkSpeedlimit('wsauth', $_CONF['login_attempts']) > 0) {
        WS_error(PLG_RET_PERMISSION_DENIED, 'Speed Limit exceeded');
    }
    if (!empty($username) && !empty($password)) {
        if ($_CONF['user_login_method']['3rdparty']) {
            // remote users will have to use username@servicename
            $u = explode('@', $username);
            if (count($u) > 1) {
                $sv = $u[count($u) - 1];
                if (!empty($sv)) {
                    $modules = SEC_collectRemoteAuthenticationModules();
                    foreach ($modules as $smod) {
                        if (strcasecmp($sv, $smod) == 0) {
                            array_pop($u);
                            // drop the service name
                            $uname = implode('@', $u);
                            $status = SEC_remoteAuthentication($uname, $password, $smod, $uid);
                            break;
                        }
                    }
                }
            }
        }
        if ($status == -1 && $_CONF['user_login_method']['standard']) {
            $status = SEC_authenticate($username, $password, $uid);
        }
    }
    if ($status == USER_ACCOUNT_ACTIVE) {
        $_USER = SESS_getUserDataFromId($uid);
        PLG_loginUser($_USER['uid']);
        // Global array of groups current user belongs to
        $_GROUPS = SEC_getUserGroups($_USER['uid']);
        // Global array of current user permissions [read,edit]
        $_RIGHTS = explode(',', SEC_getUserPermissions());
        if ($_CONF['restrict_webservices']) {
            if (!SEC_hasRights('webservices.atompub')) {
                COM_updateSpeedlimit('wsauth');
                if ($WS_VERBOSE) {
                    COM_errorLog("WS: User '{$_USER['username']}' ({$_USER['uid']}) does not have permission to use the webservices");
                }
                // reset user, groups, and rights, just in case ...
                $_USER = array();
                $_GROUPS = array();
                $_RIGHTS = array();
                WS_error(PLG_RET_AUTH_FAILED);
            }
        }
        if ($WS_VERBOSE) {
            COM_errorLog("WS: User '{$_USER['username']}' ({$_USER['uid']}) successfully logged in");
        }
        // if there were less than 2 failed login attempts, reset speedlimit
        if (COM_checkSpeedlimit('wsauth', 2) == 0) {
            if ($WS_VERBOSE) {
                COM_errorLog("WS: Successful login - resetting speedlimit");
            }
            COM_resetSpeedlimit('wsauth');
        }
    } else {
        COM_updateSpeedlimit('wsauth');
        if (!empty($username) && !empty($password)) {
            COM_updateSpeedlimit('wsauth');
            if ($WS_VERBOSE) {
                COM_errorLog("WS: Wrong login credentials - counting as 2 failed attempts");
            }
        } elseif ($WS_VERBOSE) {
            COM_errorLog("WS: Empty login credentials - counting as 1 failed attempt");
        }
        WS_error(PLG_RET_AUTH_FAILED);
    }
}
コード例 #14
0
ファイル: nexmenu.class.php プロジェクト: hostellerie/nexpro
 function _construct()
 {
     global $_TABLES, $_USER, $CONF_NEXMENU, $_BLOCK_TEMPLATE;
     $this->_currentBlockTemplate = $_BLOCK_TEMPLATE;
     $this->_version = DB_getItem($_TABLES['plugins'], 'pi_version', "pi_name = 'nexmenu'");
     $query = DB_query("SELECT * FROM {$_TABLES['nexmenu_config']} WHERE theme='{$this->_theme}'");
     $A = DB_fetchArray($query);
     $this->_blockMenuStyle = $A['blockmenu_style'];
     $this->_blockSubmenuStyle = $A['blocksubmenu_style'];
     $this->_headerMenuStyle = $A['headermenu_style'];
     $this->_headerSubmenuStyle = $A['headersubmenu_style'];
     if ($A['multilanguage'] == 1) {
         $this->_multiLangMode = true;
     } else {
         $this->_multiLangMode = false;
     }
     $this->_targetFeatures = DB_getItem($_TABLES['nexmenu_config'], "targetfeatures");
     if (DB_getItem($_TABLES['plugins'], 'pi_enabled', "pi_name = 'links'") == 1) {
         $this->_linksPlugin = true;
     } else {
         $this->_linksPlugin = false;
     }
     if (DB_getItem($_TABLES['plugins'], 'pi_enabled', "pi_name = 'staticpages'") == 1) {
         $this->_staticpagesPlugin = true;
     } else {
         $this->_staticpagesPlugin = false;
     }
     // Get list of groups member belongs to
     if (!isset($_USER['uid']) or $_USER['uid'] < 2) {
         $this->_groupAccessList = '0,2';
     } else {
         $groups = array();
         $usergroups = SEC_getUserGroups();
         foreach ($usergroups as $group) {
             $groups[] = $group;
         }
         $this->_groupAccessList = implode(',', $groups);
     }
 }
コード例 #15
0
ファイル: lib-menu.php プロジェクト: spacequad/glfusion
function getAdminMenu()
{
    global $_SP_CONF, $_USER, $_TABLES, $LANG01, $LANG_MB01, $LANG_LOGO, $LANG_AM, $LANG_SOCIAL, $LANG29, $_CONF, $_DB_dbms, $_GROUPS, $config;
    $item_array = array();
    if (!COM_isAnonUser()) {
        $plugin_options = PLG_getAdminOptions();
        $num_plugins = count($plugin_options);
        if (SEC_isModerator() or SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit,social.admin', 'OR') or $num_plugins > 0) {
            // what's our current URL?
            $elementUrl = COM_getCurrentURL();
            $topicsql = '';
            if (SEC_isModerator() || SEC_hasRights('story.edit')) {
                $tresult = DB_query("SELECT tid FROM {$_TABLES['topics']}" . COM_getPermSQL());
                $trows = DB_numRows($tresult);
                if ($trows > 0) {
                    $tids = array();
                    for ($i = 0; $i < $trows; $i++) {
                        $T = DB_fetchArray($tresult);
                        $tids[] = $T['tid'];
                    }
                    if (sizeof($tids) > 0) {
                        $topicsql = " (tid IN ('" . implode("','", $tids) . "'))";
                    }
                }
            }
            $modnum = 0;
            if (SEC_hasRights('story.edit,story.moderate', 'OR') || $_CONF['usersubmission'] == 1 && SEC_hasRights('user.edit,user.delete')) {
                if (SEC_hasRights('story.moderate')) {
                    if (empty($topicsql)) {
                        $modnum += DB_count($_TABLES['storysubmission']);
                    } else {
                        $sresult = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['storysubmission']} WHERE" . $topicsql);
                        $S = DB_fetchArray($sresult);
                        $modnum += $S['count'];
                    }
                }
                if ($_CONF['listdraftstories'] == 1 && SEC_hasRights('story.edit')) {
                    $sql = "SELECT COUNT(*) AS count FROM {$_TABLES['stories']} WHERE (draft_flag = 1)";
                    if (!empty($topicsql)) {
                        $sql .= ' AND' . $topicsql;
                    }
                    $result = DB_query($sql . COM_getPermSQL('AND', 0, 3));
                    $A = DB_fetchArray($result);
                    $modnum += $A['count'];
                }
                if ($_CONF['usersubmission'] == 1) {
                    if (SEC_hasRights('user.edit') && SEC_hasRights('user.delete')) {
                        $modnum += DB_count($_TABLES['users'], 'status', '2');
                    }
                }
            }
            // now handle submissions for plugins
            $modnum += PLG_getSubmissionCount();
            if (SEC_hasRights('story.edit')) {
                $url = $_CONF['site_admin_url'] . '/story.php';
                $label = $LANG01[11];
                if (empty($topicsql)) {
                    $numstories = DB_count($_TABLES['stories']);
                } else {
                    $nresult = DB_query("SELECT COUNT(*) AS count from {$_TABLES['stories']} WHERE" . $topicsql . COM_getPermSql('AND'));
                    $N = DB_fetchArray($nresult);
                    $numstories = $N['count'];
                }
                $label .= ' (' . COM_numberFormat($numstories) . ')';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_hasRights('block.edit')) {
                $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['blocks']}" . COM_getPermSql());
                list($count) = DB_fetchArray($result);
                $url = $_CONF['site_admin_url'] . '/block.php';
                $label = $LANG01[12] . ' (' . COM_numberFormat($count) . ')';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_hasRights('autotag.admin')) {
                $url = $_CONF['site_admin_url'] . '/autotag.php';
                $label = $LANG_AM['title'];
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_inGroup('Root')) {
                $url = $_CONF['site_admin_url'] . '/clearctl.php';
                $label = $LANG01['ctl'];
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_inGroup('Root')) {
                $url = $_CONF['site_admin_url'] . '/menu.php';
                $label = $LANG_MB01['menu_builder'];
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_inGroup('Root')) {
                $url = $_CONF['site_admin_url'] . '/logo.php';
                $label = $LANG_LOGO['logo_admin'];
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_hasRights('topic.edit')) {
                $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['topics']}" . COM_getPermSql());
                list($count) = DB_fetchArray($result);
                $url = $_CONF['site_admin_url'] . '/topic.php';
                $label = $LANG01[13] . ' (' . COM_numberFormat($count) . ')';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_hasRights('user.edit')) {
                $url = $_CONF['site_admin_url'] . '/user.php';
                $label = $LANG01[17] . ' (' . COM_numberFormat(DB_count($_TABLES['users']) - 1) . ')';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_hasRights('group.edit')) {
                if (SEC_inGroup('Root')) {
                    $grpFilter = '';
                } else {
                    $elementUsersGroups = SEC_getUserGroups();
                    $grpFilter = 'WHERE (grp_id IN (' . implode(',', $elementUsersGroups) . '))';
                }
                $result = DB_query("SELECT COUNT(*) AS count FROM {$_TABLES['groups']} {$grpFilter};");
                $A = DB_fetchArray($result);
                $url = $_CONF['site_admin_url'] . '/group.php';
                $label = $LANG01[96] . ' (' . COM_numberFormat($A['count']) . ')';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_hasRights('social.admin')) {
                $url = $_CONF['site_admin_url'] . '/social.php';
                $label = $LANG_SOCIAL['label'];
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_inGroup('Root')) {
                $url = $_CONF['site_admin_url'] . '/envcheck.php';
                $label = $LANG01['env_check'];
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_hasRights('user.mail')) {
                $url = $_CONF['site_admin_url'] . '/mail.php';
                $label = $LANG01[105] . ' (N/A)';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if ($_CONF['backend'] == 1 && SEC_hasRights('syndication.edit')) {
                $url = $_CONF['site_admin_url'] . '/syndication.php';
                $label = $LANG01[38] . ' (' . COM_numberFormat(DB_count($_TABLES['syndication'])) . ')';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (($_CONF['trackback_enabled'] || $_CONF['pingback_enabled'] || $_CONF['ping_enabled']) && SEC_hasRights('story.ping')) {
                $url = $_CONF['site_admin_url'] . '/trackback.php';
                $label = $LANG01[116] . ' (' . COM_numberFormat(DB_count($_TABLES['pingservice'])) . ')';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_hasRights('plugin.edit')) {
                $url = $_CONF['site_admin_url'] . '/plugins.php';
                $label = $LANG01[77] . ' (' . COM_numberFormat(DB_count($_TABLES['plugins'])) . ')';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_inGroup('Root')) {
                $url = $_CONF['site_admin_url'] . '/configuration.php';
                $label = $LANG01[129] . ' (' . COM_numberFormat(count($config->_get_groups())) . ')';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            // This will show the admin options for all installed plugins (if any)
            for ($i = 0; $i < $num_plugins; $i++) {
                $plg = current($plugin_options);
                $url = $plg->adminurl;
                $label = $plg->adminlabel;
                if (empty($plg->numsubmissions)) {
                    $label .= '';
                } else {
                    $label .= ' (' . COM_numberFormat($plg->numsubmissions) . ')';
                }
                $item_array[] = array('label' => $label, 'url' => $url);
                next($plugin_options);
            }
            if (SEC_inGroup('Root')) {
                $url = $_CONF['site_admin_url'] . '/database.php';
                $label = $LANG01[103] . '';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_inGroup('Root')) {
                $url = $_CONF['site_admin_url'] . '/logview.php';
                $label = $LANG01['logview'] . '';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if ($_CONF['link_documentation'] == 1) {
                $doclang = COM_getLanguageName();
                if (@file_exists($_CONF['path_html'] . 'docs/' . $doclang . '/index.html')) {
                    $docUrl = $_CONF['site_url'] . '/docs/' . $doclang . '/index.html';
                } else {
                    $docUrl = $_CONF['site_url'] . '/docs/english/index.html';
                }
                $url = $docUrl;
                $label = $LANG01[113] . '';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_inGroup('Root')) {
                $url = $_CONF['site_admin_url'] . '/vercheck.php';
                $label = $LANG01[107] . ' (' . GVERSION . PATCHLEVEL . ')';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if (SEC_isModerator()) {
                $url = $_CONF['site_admin_url'] . '/moderation.php';
                $label = $LANG01[10] . ' (' . COM_numberFormat($modnum) . ')';
                $item_array[] = array('label' => $label, 'url' => $url);
            }
            if ($_CONF['sort_admin']) {
                usort($item_array, '_mb_cmp');
            }
            $url = $_CONF['site_admin_url'] . '/index.php';
            $label = $LANG29[34];
            $cc_item = array('label' => $LANG29[34], 'url' => $url);
            $item_array = array_merge(array($cc_item), $item_array);
        }
    }
    return $item_array;
}
コード例 #16
0
ファイル: library.php プロジェクト: hostellerie/nexpro
function nexlistShowLists($listid, $page = 0, $pluginmode = '', $catmode = '')
{
    global $_CONF, $_TABLES, $CONF_LL;
    $search = COM_applyFilter($_GET['search']);
    $p = new Template($_CONF['path_layout'] . 'nexlist');
    $p->set_file(array('page' => 'viewitems.thtml', 'javascript' => 'javascript/listitems.thtml', 'headingfield' => 'listheading_field.thtml', 'list_rec' => 'list_record.thtml', 'rec_field' => 'list_record_field.thtml', 'new_item' => 'additem_record.thtml'));
    $actionurl = "{$_CONF['site_admin_url']}/plugins/nexlist/index.php";
    $query = DB_query("SELECT name,description FROM {$_TABLES['nexlist']} WHERE id='{$listid}'");
    list($listname, $listdesc) = DB_fetchArray($query);
    $p->set_var('layouturl', $_CONF['layout_url']);
    $p->set_var('actionurl', $actionurl);
    $p->set_var('listid', $listid);
    $p->set_var('listname', $listname);
    $p->set_var('listdesc', $listdesc);
    $p->set_var('pluginmode', $pluginmode);
    $p->set_var('catmode', $catmode);
    if ($GLOBALS['errmsg'] != '') {
        $p->set_var('error_msg', $GLOBALS['errmsg']);
    } else {
        $p->set_var('hide_errormsg', 'none');
    }
    // Check if user has edit access to this list
    $GROUPS = SEC_getUserGroups($_USER['uid']);
    // List of groups user is a member of
    $sql = "SELECT id FROM {$_TABLES['nexlist']} WHERE edit_perms IN (" . implode(',', $GROUPS) . ") AND id={$listid}";
    if (DB_numRows(DB_query($sql)) != 1) {
        $editright = false;
        $p->set_var('showhide_additem', 'hidden');
        $p->set_var('show_edit_actions', 'none');
    } else {
        $editright = true;
    }
    // Retrieve list of fields for this nexlist list and if a function is used for its value options
    $query = DB_query("SELECT id,fieldname,value_by_function,width FROM {$_TABLES['nexlistfields']} WHERE lid='{$listid}' ORDER BY id");
    $numfields = 0;
    while (list($fieldid, $fieldname, $function, $width) = DB_fetchArray($query)) {
        $listfields[$fieldname] = $function;
        $listfieldwidths[$numfields] = $width;
        $numfields++;
    }
    if ($numfields == 0) {
        $p->set_var('help_msg', 'No fields have yet been defined for this definition');
        $p->set_var('showhide_additem', 'hidden');
    } else {
        $p->set_var('help_msg', 'The following are current list items. Click on [New Item] to add an new list item.');
        // Headings of list fields
        $p->set_var('heading_label', 'Order');
        $p->set_var('heading_cell_width', '');
        $p->parse('heading_fields', 'headingfield');
        $p->set_var('heading_label', 'ID');
        $p->set_var('heading_cell_width', '');
        $p->parse('heading_fields', 'headingfield', true);
        for ($i = 0; $i < $numfields; $i++) {
            $p->set_var('heading_label', key($listfields));
            $width = $listfieldwidths[$i];
            if ($width > 0) {
                $p->set_var('heading_cell_width', "width=\"{$width}%\"");
            } else {
                $p->set_var('heading_cell_width', '');
            }
            $p->parse('heading_fields', 'headingfield', true);
            $p->set_var('newfield_name', key($listfields));
            $function = current($listfields);
            // If field uses a function and it exists - then return the display value
            if (!empty($function) and function_exists($function)) {
                $edit_field_html = $function('edit', "field{$i}", $listvalues[$i], true);
                $p->set_var('newfield_html', $edit_field_html);
            } elseif (strpos($function, 'list:') > 0) {
                // Check if list autotag is used
                // Autotag being used - need to extract it and append to it to activate the read mode
                $autotag = explode('list:', $function);
                $autotag_contents = str_replace(']', '', $autotag[1]);
                $varname = "field{$i}";
                $editautotag = "[list:{$autotag_contents},{$listvalues[$field]},edit,{$varname}]";
                $p->set_var('newfield_html', PLG_replacetags($editautotag, 'nexlist'));
            } else {
                $p->set_var('newfield_html', '<input type="text" name="field' . $i . '">');
            }
            $p->parse('additem_record', 'new_item', true);
            next($listfields);
        }
        if ($editright) {
            $p->set_var('heading_label', 'Actions');
            $p->set_var('heading_cell_width', '');
            $p->parse('heading_fields', 'headingfield', true);
        }
        $sql = "SELECT * FROM {$_TABLES['nexlistitems']} WHERE lid='{$listid}' ";
        if ($search != '') {
            $search = addslashes($search);
            $sql .= "AND value like '%{$search}%' ";
        }
        $query = DB_query($sql);
        $numRecords = DB_numRows($query);
        $numpages = ceil($numRecords / $CONF_LL['pagesize']);
        if ($page > 0) {
            $offset = ($page - 1) * $CONF_LL['pagesize'];
        } else {
            $offset = 0;
            $page = 1;
        }
        // Retrieve the list records and field values - checking if field uses a function
        $sql = "SELECT * FROM {$_TABLES['nexlistitems']} WHERE lid='{$listid}' ";
        if ($search != '') {
            $search = addslashes($search);
            $sql .= "AND value like '%{$search}%' ";
        }
        $sql .= "ORDER BY itemorder asc, id asc LIMIT {$offset},{$CONF_LL['pagesize']}";
        $query = DB_query($sql);
        $cssid = 1;
        $p->set_var('num_records', DB_numRows($query));
        $p->set_var('num_fields', $numfields);
        $rowid = 1;
        while ($B = DB_fetchArray($query, false)) {
            $p->set_var('cssid', $rowid % 2 + 1);
            $p->set_var('list_recid', $B['id']);
            $p->set_var('list_order', $B['itemorder']);
            $p->parse('listrec_fields', 'rec_field');
            $p->set_var('rowid', $rowid);
            $listvalues = explode(',', $B['value']);
            reset($listfields);
            for ($field = 0; $field < $numfields; $field++) {
                $fldname = "item_{$rowid}_field{$field}";
                $p->set_var('fieldid', $field);
                $function = current($listfields);
                // If field uses a function and it exists - then return the display value
                if (!empty($function) and function_exists($function)) {
                    $fieldvalue = $function('read', '', $listvalues[$field]);
                    $p->set_var('field_value', $fieldvalue);
                    $edit_field_html = $function('edit', $fldname, $listvalues[$field]);
                    $p->set_var('edit_field_html', $edit_field_html);
                } elseif (strpos($function, 'list:') > 0) {
                    // Check if list autotag is used
                    // Autotag being used - need to extract it and append to it to activate the read mode
                    $autotag = explode('list:', $function);
                    $autotag_contents = str_replace(']', '', $autotag[1]);
                    $readautotag = "[list:{$autotag_contents},{$listvalues[$field]},read]";
                    $fieldvalue = PLG_replacetags($readautotag, 'nexlist');
                    $p->set_var('field_value', $fieldvalue);
                    $varname = "item_{$rowid}_field{$field}";
                    $editautotag = "[list:{$autotag_contents},{$listvalues[$field]},edit,{$varname}]";
                    $p->set_var('edit_field_html', PLG_replacetags($editautotag, 'nexlist'));
                } else {
                    $fieldvalue = $listvalues[$field];
                    $p->set_var('field_value', $fieldvalue);
                    $p->set_var('edit_field_html', '<input type="text" name="' . $fldname . '" value="' . $fieldvalue . '">');
                }
                next($listfields);
                if ($field == 0) {
                    $p->parse('listrec_fields', 'rec_field');
                } else {
                    $p->parse('listrec_fields', 'rec_field', true);
                }
            }
            $editlink = '[&nbsp;<a href="#" onClick="document.nexlist.op.value=\'edititem\';document.nexlist.item.value=\'' . $B['id'] . '\';nexlist.submit();">Edit</a>&nbsp;]';
            $deletelink = '&nbsp;[&nbsp;<a href="#">Delete</a>&nbsp;]';
            $p->set_var('edit_action', $editlink);
            $p->set_var('delete_action', $deletelink);
            $p->parse('list_records', 'list_rec', true);
            $rowid++;
            // For each list item - create the edit div and form
        }
    }
    $base_url = $_CONF['site_admin_url'] . '/plugins/nexlist/index.php?op=list_def&listid=' . $listid;
    $p->set_var('pagenavigation', COM_printPageNavigation($base_url, $page, $numpages));
    $p->parse('javascript_code', 'javascript');
    $p->parse('output', 'page');
    $retval = $p->finish($p->get_var('output'));
    return $retval;
}
コード例 #17
0
ファイル: lib-admin.php プロジェクト: Geeklog-Core/geeklog
/**
 * used in the user editor in admin/user.php
 *
 * @param  string $fieldName
 * @param  string $fieldValue
 * @param  array  $A
 * @param  array  $icon_arr
 * @param  string $selected
 * @return string
 */
function ADMIN_getListField_usergroups($fieldName, $fieldValue, $A, $icon_arr, $selected = '')
{
    global $thisUsersGroups;
    $retval = false;
    if (!is_array($thisUsersGroups)) {
        $thisUsersGroups = SEC_getUserGroups();
    }
    if (in_array($A['grp_id'], $thisUsersGroups) || SEC_groupIsRemoteUserAndHaveAccess($A['grp_id'], $thisUsersGroups)) {
        switch ($fieldName) {
            case 'checkbox':
                $checked = '';
                if (is_array($selected) && in_array($A['grp_id'], $selected)) {
                    $checked = ' checked="checked"';
                }
                if ($A['grp_name'] === 'All Users' || $A['grp_name'] === 'Logged-in Users' || $A['grp_name'] === 'Remote Users') {
                    $retval = '<input type="checkbox" disabled="disabled"' . $checked . XHTML . '>';
                    if (!empty($checked)) {
                        $retval .= '<input type="hidden" name="groups[]" value="' . $A['grp_id'] . '"' . $checked . XHTML . '>';
                    }
                } else {
                    $retval = '<input type="checkbox" name="groups[]" value="' . $A['grp_id'] . '"' . $checked . XHTML . '>';
                }
                break;
            case 'grp_name':
                $retval = ucwords($fieldValue);
                break;
            default:
                $retval = $fieldValue;
                break;
        }
    }
    return $retval;
}
コード例 #18
0
ファイル: library.php プロジェクト: hostellerie/nexpro
function prj_displayAllProjects(&$blockPage)
{
    global $_TABLES, $_CONF, $_USER, $subTaskImg, $progress, $priority, $strings, $labels, $_PRJCONF, $_COOKIE;
    $limitbase = $_COOKIE['allprjmin'];
    if ($limitbase == '') {
        $limitbase = 0;
    }
    if (isset($_USER['uid'])) {
        $userid = $_USER['uid'];
    } else {
        $userid = 1;
    }
    if ($blockPage == NULL or $blockPage == '') {
        $blockPage = new block();
    }
    $filter = COM_applyFilter($_COOKIE['filter']);
    $category_string = substr("{$filter}", 0, 3);
    // Get a list of groups user is a member of and setup to be used in SQL to test user can view project
    $groups = SEC_getUserGroups($uid);
    foreach ($groups as $id) {
        $aGroups[] = $id;
    }
    $prjPermGroups = implode(',', $aGroups);
    if (SEC_inGroup('Root')) {
        $querycolumns = "SELECT DISTINCT a.pid, a.progress_id, a.status_id, a.priority_id, a.name, ";
        $querycolumns .= "a.last_updated_date, a.lhs, a.rhs, a.parent_id  ";
        $queryfrom = "FROM {$_TABLES['prj_projects']} a";
        $querywhere = " WHERE 1=1 ";
    } else {
        $querycolumns = "SELECT DISTINCT a.pid, a.progress_id, a.status_id, a.priority_id, a.name, ";
        $querycolumns .= "a.last_updated_date, a.lhs, a.rhs, a.parent_id  ";
        $queryfrom = "FROM {$_TABLES['prj_projects']} a, {$_TABLES['prj_projPerms']} b ";
        $querywhere .= "WHERE b.pid =a.pid";
        $querywhere .= " AND b.taskID=0 AND (b.uid={$userid} OR b.gid in ({$prjPermGroups})) ";
    }
    switch ($category_string) {
        case 'cat':
            $needle = substr("{$filter}", 3, 3);
            $queryfrom = $queryfrom . ", {$_TABLES['prj_category']} c ";
            $querywhere = $querywhere . "AND c.pid=a.pid AND c.category_id={$needle} ";
            $header = nexlistOptionList('view', '', $_PRJCONF['nexlist_category'], 0, $needle);
            break;
        case 'loc':
            $needle = substr("{$filter}", 3, 3);
            $queryfrom = $queryfrom . ", {$_TABLES['prj_location']} c ";
            $querywhere = $querywhere . "AND c.pid=a.pid AND c.location_id={$needle} ";
            $header = nexlistOptionList('view', '', $_PRJCONF['nexlist_locations'], 0, $needle);
            break;
        case 'dep':
            $needle = substr("{$filter}", 3, 3);
            $queryfrom = $queryfrom . ", {$_TABLES['prj_department']} c ";
            $querywhere = $querywhere . "AND c.pid=a.pid AND c.department_id={$needle} ";
            $header = nexlistOptionList('view', '', $_PRJCONF['nexlist_departments'], 0, $needle);
            break;
        case 'pri':
            $needle = substr("{$filter}", 3, 3);
            $querywhere = $querywhere . " AND a.priority_id={$needle} ";
            $header = $strings["filter_priority"] . $priority[$needle];
            break;
        case 'pro':
            $needle = substr("{$filter}", 3, 3);
            $querywhere = $querywhere . " AND a.progress_id={$needle} ";
            $header = $strings["filter_progress"] . $progress[$needle];
            break;
        case 'sta':
            $needle = substr("{$filter}", 3, 3);
            $querywhere = $querywhere . " AND a.status_id={$needle} ";
            $header = $strings["filter_status"] . $status[$needle];
            break;
        case 'ctm':
            if (SEC_inGroup('Root')) {
                $querycolumns = "SELECT DISTINCT {$_TABLES['prj_projects']}.pid, {$_TABLES['prj_projects']}.progress_id, {$_TABLES['prj_projects']}.status_id, {$_TABLES['prj_projects']}.priority_id, {$_TABLES['prj_projects']}.name, ";
                $querycolumns .= "{$_TABLES['prj_projects']}.last_updated_date, {$_TABLES['prj_projects']}.lhs, {$_TABLES['prj_projects']}.rhs, {$_TABLES['prj_projects']}.parent_id  ";
                $querywhere = "";
            } else {
                $querycolumns = "SELECT DISTINCT {$_TABLES['prj_projects']}.pid, {$_TABLES['prj_projects']}.progress_id, {$_TABLES['prj_projects']}.status_id, {$_TABLES['prj_projects']}.priority_id, {$_TABLES['prj_projects']}.name, ";
                $querycolumns .= "{$_TABLES['prj_projects']}.last_updated_date, {$_TABLES['prj_projects']}.lhs, {$_TABLES['prj_projects']}.rhs, {$_TABLES['prj_projects']}.parent_id, {$_TABLES['prj_projPerms']}.viewRead  ";
                $querywhere = "WHERE b.pid =a.pid";
                $querywhere .= " AND b.taskID=0 AND (b.uid={$userid} OR b.gid in ({$prjPermGroups})) ";
            }
            $needle = substr("{$filter}", 3, 3);
            $customFilter = prj_constructFilter($needle);
            $queryfrom = $customFilter['clause'];
            $header = $strings["filter_custom"] . $customFilter['name'];
            break;
        default:
            $needle = '';
            $customFilter = '';
            $header = '';
    }
    $block1 = new block();
    $block1->form = "allP";
    $block1->openForm($_CONF['site_url'] . "/nexproject/projects.php?" . "#" . $block1->form . "Anchor");
    if ($header != '') {
        $headingTitle = $strings["projects"] . "&nbsp;-&nbsp;{$header}";
    } else {
        $headingTitle = "{$strings['projects']}&nbsp;-&nbsp;{$strings['allprojects']}&nbsp;&nbsp;";
        $headingTitle .= "(<a href=\"{$_CONF['site_url']}/nexproject/index.php?mode=add\">{$strings['add']}</a>)";
    }
    $headingStatusArea = '<span id="ajaxstatus_myprojects" class="pluginInfo" style="display:none">&nbsp;</span>';
    $block1->heading($headingTitle, $headingStatusArea);
    $block1->borne = $blockPage->returnBorne("1");
    $block1->rowsLimit = $_PRJCONF['project_block_rows'];
    if ($category_string == 'ctm') {
        $queryend = " ORDER BY {$_TABLES['prj_projects']}.lhs";
    } else {
        $queryend = " ORDER BY a.lhs";
    }
    $lim = $limitbase * $block1->rowsLimit;
    $query = $querycolumns . $queryfrom . $querywhere . $queryend;
    $countRes = DB_query($query);
    $block1->recordsTotal = DB_numrows($countRes);
    $query .= " LIMIT {$lim}, {$block1->rowsLimit} ";
    $result = DB_query($query);
    echo '<!--startMyProjects-->';
    echo '<div id="divMyProjects" style="padding-bottom:0px;">';
    $comptListProjects = DB_numrows($result);
    if ($comptListProjects != "0") {
        $block1->openResults('false');
        $block1->labels($labels = array(0 => $strings["project"], 1 => $strings["priority"], 2 => $strings["lastupdated"], 3 => $strings["owner"]), false, "false");
        for ($i = 0; $i < DB_numrows($result); $i++) {
            list($id, $idProgress, $idStatus, $idPriority, $projectName, $lastupdated, $lhs, $rhs, $parent_id) = DB_fetchArray($result);
            $pArray = prj_getProjectPermissions($id, $userid);
            //based on the projectID, fetch the permissions for this user...
            if ($pArray['monitor'] == '1' || $pArray['teammember'] == '1' || $pArray['full'] == '1') {
                $fullname = $projectName;
                $owner_uid = DB_getItem($_TABLES['prj_users'], 'uid', "pid={$id} AND role='o'");
                if ($owner_uid >= 2) {
                    $projectOwner = DB_getItem($_TABLES['users'], 'fullname', "uid={$owner_uid}");
                    if (strlen($projectOwner) > 15) {
                        $projectOwner = substr($projectOwner, 0, 12) . "..";
                    }
                }
                $block1->openRow();
                // $block1->checkboxRow($id);
                $block1->cellProgress($progress[$idProgress]);
                $indent = '';
                //we need to determine if the user has access to the parent that this item is related to.
                //we do this by determining which project is on its left hand side.
                $testparent = DB_getItem($_TABLES['prj_projects'], "parent_id", "pid={$id}");
                $aGroups = array();
                $groups = SEC_getUserGroups($uid);
                foreach ($groups as $gid) {
                    $aGroups[] = $gid;
                }
                $prjPermGroups = implode(',', $aGroups);
                $testsql = "SELECT a.* ";
                $testsql .= "FROM  {$_TABLES['prj_projPerms']} a ";
                $testsql .= "WHERE a.pid={$testparent} ";
                $testsql .= " AND a.taskID=0 AND (a.uid={$_USER['uid']} OR a.gid in ({$prjPermGroups})) ";
                $testres = DB_query($testsql);
                $testrows = DB_numRows($testres);
                if ($testrows > 0 && $testparent > 0) {
                    if ($parent_id != 0) {
                        $level = prj_getProjectLevel($id);
                        for ($z = 1; $z < $level; $z++) {
                            $indent .= '&nbsp;&nbsp;';
                        }
                        $indent .= $subTaskImg;
                    }
                }
                if (strlen($projectName) > $_PRJCONF['project_name_length']) {
                    $span = "<span title=\"{$projectName}\">";
                    $projectName = substr($projectName, 0, $_PRJCONF['project_name_length']) . "....";
                    $projectName = $span . $projectName . "</span>";
                }
                $block1->cellRow($indent . $blockPage->buildLink("{$_CONF['site_url']}/nexproject/viewproject.php?pid={$id}", $projectName, "context", $fullname, $id));
                $block1->cellRow($priority[$idPriority]);
                //$block1->cellProgress($status[$idStatus]);
                $block1->cellRow(strftime("%Y/%m/%d %H:%M", $lastupdated));
                $block1->cellRow($projectOwner);
                $block1->closeRow();
            }
        }
        //end for
        $block1->closeResults();
        //$block1->bornesFooter("1", $blockPage->bornesNumber, "", "typeProjects=$typeProjects");
        $pages = intval($block1->recordsTotal / $block1->rowsLimit);
        if (fmod($block1->recordsTotal, $block1->rowsLimit) > 0) {
            $pages += 1;
        }
        if ($pages > 1) {
            for ($pagecntr = 0; $pagecntr < $pages; $pagecntr++) {
                echo '<span  style="text-decoration:underline;cursor: hand" onclick=\'setCookie("allprjmin","';
                echo $pagecntr;
                echo '","","");prj_getMyProjects("", "", "allprojects")\'>';
                if ($limitbase == $pagecntr) {
                    echo '<span style="color:red">';
                    echo $pagecntr + 1;
                    echo '</span>';
                } else {
                    echo $pagecntr + 1;
                }
                echo '</span>&nbsp;';
            }
        }
    } else {
        $block1->noresults();
    }
    echo '</div>';
    echo '<!--endMyProjects-->';
    //$block1->closeToggle();
    $block1->closeFormResults();
}
コード例 #19
0
ファイル: lib-security.php プロジェクト: spacequad/glfusion
/**
* Create a group dropdown
*
* Creates the group dropdown menu that's used on pretty much every admin page
*
* @param    int     $group_id   current group id (to be selected)
* @param    int     $access     access permission
* @param    string  $var_name   Optional variable name, "group_id" if empty
* @return   string              HTML for the dropdown
*
*/
function SEC_getGroupDropdown($group_id, $access, $var_name = 'group_id')
{
    global $_TABLES;
    $groupdd = '';
    if ($access == 3) {
        $usergroups = SEC_getUserGroups();
        uksort($usergroups, "strnatcasecmp");
        $groupdd .= '<select name="' . $var_name . '">' . LB;
        foreach ($usergroups as $ug_name => $ug_id) {
            $groupdd .= '<option value="' . $ug_id . '"';
            if ($group_id == $ug_id) {
                $groupdd .= ' selected="selected"';
            }
            $groupdd .= '>' . ucfirst($ug_name) . '</option>' . LB;
        }
        $groupdd .= '</select>' . LB;
    } else {
        // They can't set the group then
        $groupdd .= DB_getItem($_TABLES['groups'], 'grp_name', "grp_id = '" . DB_escapeString($group_id) . "'") . '<input type="hidden" name="' . $var_name . '" value="' . $group_id . '"/>';
    }
    return $groupdd;
}
コード例 #20
0
ファイル: lib-security.php プロジェクト: Geeklog-Core/geeklog
/**
 * Create a group dropdown
 * Creates the group dropdown menu that's used on pretty much every admin page
 *
 * @param    int $group_id current group id (to be selected)
 * @param    int $access   access permission
 * @return   string              HTML for the dropdown
 */
function SEC_getGroupDropdown($group_id, $access)
{
    global $_TABLES;
    $groupdd = '';
    if ($access == 3) {
        $usergroups = SEC_getUserGroups();
        $groupdd .= '<select id="group_id" name="group_id">' . LB;
        foreach ($usergroups as $ug_name => $ug_id) {
            $groupdd .= '<option value="' . $ug_id . '"';
            if ($group_id == $ug_id) {
                $groupdd .= ' selected="selected"';
            }
            $groupdd .= '>' . ucwords($ug_name) . '</option>' . LB;
        }
        $groupdd .= '</select>' . LB;
    } else {
        // They can't set the group then
        $groupdd .= DB_getItem($_TABLES['groups'], 'grp_name', "grp_id = '{$group_id}'") . '<input type="hidden" id="group_id" name="group_id" value="' . $group_id . '"' . XHTML . '>';
    }
    return $groupdd;
}
コード例 #21
0
ファイル: index.php プロジェクト: alxstuart/ajfs.me
/* Check if WS component is enabled */
if ($_CONF['disable_webservices']) {
    /* Pretend the WS doesn't exist */
    COM_displayMessageAndAbort($LANG_404[3], '', 404, 'Not Found');
}
// Set the default content type
header('Content-type: ' . 'application/atom+xml' . '; charset=UTF-8');
/* Authenticate the user IF credentials are present */
WS_authenticate();
/**
* Global array of groups current user belongs to
*/
if (!COM_isAnonUser()) {
    $_GROUPS = SEC_getUserGroups($_USER['uid']);
} else {
    $_GROUPS = SEC_getUserGroups(1);
}
/**
* Global array of current user permissions [read,edit]
*/
$_RIGHTS = explode(',', SEC_getUserPermissions());
switch ($_SERVER['REQUEST_METHOD']) {
    case 'POST':
        WS_post();
        break;
    case 'PUT':
        WS_put();
        break;
    case 'GET':
        WS_get();
        break;
コード例 #22
0
ファイル: projects_gantt.php プロジェクト: hostellerie/nexpro
function prj_drawProjectGanttBar(&$graph, &$row, &$count, $pid = 0, $nameIndent = '', $sm, $stm)
{
    global $_TABLES, $_CONF, $showTasksForExpandedProjects, $expandedCookie, $userid, $_PRJCONF, $filterCSV, $proj_query_from, $proj_query_where;
    // Determine the expanded projects
    $expanded = split(',', $expandedCookie);
    $sm = ppApplyFilter($sm, true, true);
    $stm = ppApplyFilter($stm, true, true);
    $filter = COM_applyFilter($_COOKIE['filter']);
    $category_string = substr("{$filter}", 0, 3);
    // Get a list of groups user is a member of and setup to be used in SQL to test user can view project
    $groups = SEC_getUserGroups($uid);
    foreach ($groups as $id) {
        $aGroups[] = $id;
    }
    $prjPermGroups = implode(',', $aGroups);
    if (SEC_inGroup('Root')) {
        $queryfrom = "FROM {$_TABLES['prj_projects']} a";
        $querywhere = " WHERE 1=1 ";
    } else {
        $queryfrom = "FROM {$_TABLES['prj_projects']} a, {$_TABLES['prj_projPerms']} b ";
        $querywhere .= "WHERE b.pid =a.pid";
        $querywhere .= " AND b.taskID=0 AND (b.uid={$userid} OR b.gid in ({$prjPermGroups})) ";
    }
    switch ($category_string) {
        case 'cat':
            $needle = substr("{$filter}", 3, 3);
            $queryfrom = $queryfrom . ", {$_TABLES['prj_category']} c ";
            $querywhere = $querywhere . "AND c.pid=a.pid AND c.category_id={$needle} ";
            $header = nexlistOptionList('view', '', $_PRJCONF['nexlist_category'], 0, $needle);
            break;
        case 'loc':
            $needle = substr("{$filter}", 3, 3);
            $queryfrom = $queryfrom . ", {$_TABLES['prj_location']} c ";
            $querywhere = $querywhere . "AND c.pid=a.pid AND c.location_id={$needle} ";
            $header = nexlistOptionList('view', '', $_PRJCONF['nexlist_locations'], 0, $needle);
            break;
        case 'dep':
            $needle = substr("{$filter}", 3, 3);
            $queryfrom = $queryfrom . ", {$_TABLES['prj_department']} c ";
            $querywhere = $querywhere . "AND c.pid=a.pid AND c.department_id={$needle} ";
            $header = nexlistOptionList('view', '', $_PRJCONF['nexlist_departments'], 0, $needle);
            break;
        case 'pri':
            $needle = substr("{$filter}", 3, 3);
            $querywhere = $querywhere . " AND a.priority_id={$needle} ";
            $header = $strings["filter_priority"] . $priority[$needle];
            break;
        case 'pro':
            $needle = substr("{$filter}", 3, 3);
            $querywhere = $querywhere . " AND a.progress_id={$needle} ";
            $header = $strings["filter_progress"] . $progress[$needle];
            break;
        case 'sta':
            $needle = substr("{$filter}", 3, 3);
            $querywhere = $querywhere . " AND a.status_id={$needle} ";
            $header = $strings["filter_status"] . $status[$needle];
            break;
        default:
            $needle = '';
            $customFilter = '';
            $header = '';
    }
    $sql = "SELECT a.pid, a.name, a.start_date, a.estimated_end_date, a.parent_id, a.percent_completion as progress, progress_id ";
    $sql .= $queryfrom;
    $sql .= $querywhere;
    if ($pid == 0) {
        $sql .= "AND parent_id=0 AND a.pid=c.pid ";
    } else {
        $sql .= "AND parent_id='{$pid}' ";
    }
    if ($filterCSV != '') {
        $sql .= "AND pid  in ({$filterCSV}) ";
    }
    $sql .= " ORDER BY lhs ASC";
    $result = DB_query($sql, true);
    $testrows = DB_numRows($result);
    if ($testrows == 0) {
        $sql = "SELECT a.pid, a.name, a.start_date, a.estimated_end_date, a.parent_id, a.percent_completion as progress, progress_id ";
        $sql .= $queryfrom;
        $sql .= $querywhere;
        if ($pid == 0) {
            $sql .= "AND parent_id=0 ";
        } else {
            $sql .= "AND parent_id='{$pid}' ";
        }
        $sql .= " ORDER BY lhs ASC";
        $result = DB_query($sql);
    }
    for ($j = 0; $j < DB_numrows($result); $j++) {
        list($pid, $name, $startdate, $enddate, $parent_task, $progress, $status) = DB_fetchArray($result);
        $permsArray = prj_getProjectPermissions($pid, $userid);
        $ownertoken = getProjectToken($pid, $userid, "{$_TABLES['prj_users']}");
        if ($sm == '0' && $stm == '1') {
            //only show team members (my projects)
            if ($permsArray['teammember'] == '1' || $permsArray['full'] == '1' || $ownertoken == '1') {
                prj_paintProjectBar(false, $pid, $name, $startdate, $enddate, $parent_task, $progress, $status, $expanded, $userid, $nameIndent, $graph, $count, $row, $sm, $stm);
            }
            //end if for perms checking
        } elseif ($sm == '1' && $stm == '1') {
            //show everything you have monitor and upwards access to (all projects)
            if ($permsArray['monitor'] == '1' || $permsArray['teammember'] == '1' || $permsArray['full'] == '1' || $ownertoken == '1') {
                prj_paintProjectBar(true, $pid, $name, $startdate, $enddate, $parent_task, $progress, $status, $expanded, $userid, $nameIndent, $graph, $count, $row, $sm, $stm);
            }
        }
        //if this project has no child projects AND it has tasks AND the expansion sign is empty
        if (DB_count($_TABLES['prj_projects'], 'parent_id', $pid) == 0 && DB_count($_TABLES['prj_tasks'], 'pid', $pid) > 0 && $sign == '') {
            if ($showTasksForExpandedProjects == 'true') {
                prj_drawProjectTasksGanttBar($graph, $row, $count, $pid, $nameIndent . ' ', 0, 0, $sm, $stm);
            }
        }
        $tempPerms = prj_getProjectPermissions($pid, $userid);
        if (array_keys($expanded, $pid) != array() && DB_count($_TABLES['prj_projects'], 'parent_id', $pid) > 0 || $tempPerms['monitor'] == '0' && $tempPerms['teammember'] == '0') {
            if ($showTasksForExpandedProjects == 'true') {
                prj_drawProjectTasksGanttBar($graph, $row, $count, $pid, $nameIndent . ' ', 0, 0, $sm, $stm);
            }
            prj_drawProjectGanttBar($graph, $row, $count, $pid, $nameIndent . ' ', $sm, $stm);
            $activity = NULL;
        }
    }
    //end for
}
コード例 #23
0
ファイル: tagcloud.class.php プロジェクト: hostellerie/nexpro
 function displaycloud()
 {
     global $_TABLES, $_CONF, $_USER;
     if (isset($_USER) and $_USER['uid'] > 1) {
         $_GROUPS = SEC_getUserGroups($_USER['uid']);
     } else {
         $_GROUPS = SEC_getUserGroups(1);
     }
     $grouplist = implode(',', $_GROUPS);
     $tpl = new Template($_CONF['path_layout'] . 'tagcloud');
     $tpl->set_file(array('cloud' => 'tagcloud.thtml', 'tagcloud_rec' => 'tagcloud_record.thtml'));
     // Retrieve the Maximum Metric
     $sql = "SELECT metric from {$this->_tagmetrics} WHERE type='{$this->_type}' ";
     $sql .= "AND grpid IN ({$grouplist}) ";
     $sql .= "ORDER BY metric DESC limit 1";
     $qmaxm = DB_query($sql);
     list($maxm) = DB_fetchArray($qmaxm);
     $sql = "SELECT a.tagid,b.tagword,sum(a.metric) as metric from {$this->_tagmetrics} a ";
     $sql .= "LEFT JOIN {$this->_tagwords} b ON a.tagid=b.id ";
     $sql .= "WHERE type='{$this->_type}' AND grpid IN ({$grouplist}) GROUP BY tagid";
     $query = DB_query($sql);
     $numrecords = DB_numRows($query);
     $i = 0;
     while ($A = DB_fetchArray($query)) {
         // Using a Linear Interpolation equation to create a relative font size
         $ranking = $this->_fontmultiplier * (1.0 + (1.5 * $A['metric'] - $maxm / 2) / $maxm);
         $tpl->set_var('fontsize', $ranking);
         $tpl->set_var('search_url', "{$_CONF['site_url']}/search.php?query={$A['tagword']}&type=stories&mode=search&results=150");
         $tpl->set_var('metric', $A['metric']);
         $tpl->set_var('tag', $A['tagword']);
         $tpl->parse('tag_words', 'tagcloud_rec', true);
         if ($i >= $this->_maxclouditems) {
             break;
         }
         $i++;
     }
     $tpl->parse('output', 'cloud');
     return $tpl->finish($tpl->get_var('output'));
 }
コード例 #24
0
ファイル: submit.php プロジェクト: spacequad/glfusion
    return $checked;
}
$display = '';
if (defined('DEMO_MODE')) {
    redirect_header($_CONF['site_url'] . "/filemgmt/index.php", 10, 'Uploads are disabled in demo mode');
    exit;
}
if (isset($_USER['uid'])) {
    $uid = $_USER['uid'];
} else {
    $uid = 1;
}
if (SEC_hasRights("filemgmt.upload") or $mydownloads_uploadselect) {
    $logourl = '';
    // Get the number of files in the database and post it in the title.
    $_GROUPS = SEC_getUserGroups($uid);
    $myts = new MyTextSanitizer();
    // MyTextSanitizer object
    $eh = new ErrorHandler();
    //ErrorHandler object
    $mytree = new XoopsTree($_DB_name, $_TABLES['filemgmt_cat'], "cid", "pid");
    $mytree->setGroupAccessFilter($_GROUPS);
    $groupsql = filemgmt_buildAccessSql();
    $sql = "SELECT COUNT(*) FROM {$_TABLES['filemgmt_cat']} WHERE pid=0 ";
    $sql .= $groupsql;
    list($catAccessCnt) = DB_fetchArray(DB_query($sql));
    if ($catAccessCnt < 1) {
        COM_errorLOG("Submit.php => FileMgmt Plugin Access denied. Attempted user upload of a file, Remote address is:{$_SERVER['REMOTE_ADDR']}");
        redirect_header($_CONF['site_url'] . "/index.php", 1, _GL_ERRORNOUPLOAD);
        exit;
    }
コード例 #25
0
ファイル: users.php プロジェクト: spacequad/glfusion
         if ($oauth_userinfo === false) {
             COM_updateSpeedlimit('login');
             COM_errorLog("OAuth Error: " . $consumer->error);
             echo COM_refresh($_CONF['site_url'] . '/users.php?msg=111');
             // OAuth authentication error
         }
         $consumer->doAction($oauth_userinfo);
     }
     //  end OAuth authentication method(s)
 } else {
     $status = -2;
 }
 if ($status == USER_ACCOUNT_ACTIVE || $status == USER_ACCOUNT_AWAITING_ACTIVATION) {
     // logged in AOK.
     SESS_completeLogin($uid);
     $_GROUPS = SEC_getUserGroups($_USER['uid']);
     $_RIGHTS = explode(',', SEC_getUserPermissions());
     if ($_SYSTEM['admin_session'] > 0 && $local_login) {
         if (SEC_isModerator() || SEC_hasRights('story.edit,block.edit,topic.edit,user.edit,plugin.edit,user.mail,syndication.edit', 'OR') || count(PLG_getAdminOptions()) > 0) {
             $admin_token = SEC_createTokenGeneral('administration', $_SYSTEM['admin_session']);
             SEC_setCookie('token', $admin_token, 0, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true);
         }
     }
     if (!isset($_USER['theme'])) {
         $_USER['theme'] = $_CONF['theme'];
         $_CONF['path_layout'] = $_CONF['path_themes'] . $_USER['theme'] . '/';
         $_CONF['layout_url'] = $_CONF['site_url'] . '/layout/' . $_USER['theme'];
         if ($_CONF['allow_user_themes'] == 1) {
             if (isset($_COOKIE[$_CONF['cookie_theme']])) {
                 $theme = COM_sanitizeFilename($_COOKIE[$_CONF['cookie_theme']], true);
                 if (is_dir($_CONF['path_themes'] . $theme)) {
コード例 #26
0
ファイル: list.php プロジェクト: spacequad/glfusion
function FF_lastx()
{
    global $_CONF, $_TABLES, $_USER, $_FF_CONF, $LANG_GF01, $LANG_GF02, $LANG_GF92;
    $retval = '';
    $pageTitle = $LANG_GF01['LASTX'];
    USES_lib_admin();
    USES_lib_html2text();
    $T = new Template($_CONF['path'] . 'plugins/forum/templates/');
    $T->set_file('list', 'lists.thtml');
    $dt = new Date('now', $_USER['tzid']);
    $header_arr = array(array('text' => $LANG_GF01['FORUM'], 'field' => 'forum'), array('text' => $LANG_GF01['TOPIC'], 'field' => 'subject'), array('text' => $LANG_GF92['sb_latestposts'], 'field' => 'date', 'nowrap' => true));
    $data_arr = array();
    $text_arr = array();
    if ($_FF_CONF['usermenu'] == 'navbar') {
        $T->set_var('navbar', FF_NavbarMenu($LANG_GF01['LASTX']));
    }
    $T->set_var('block_start', COM_startBlock($LANG_GF01['LASTX'], '', COM_getBlockTemplate('_admin_block', 'header')));
    $groups = array();
    $usergroups = SEC_getUserGroups();
    foreach ($usergroups as $group) {
        $groups[] = $group;
    }
    $grouplist = implode(',', $groups);
    if (!COM_isAnonUser() && $_FF_CONF['enable_user_rating_system']) {
        $grade = (int) _ff_getUserRating((int) $_USER['uid']);
        $ratingSQL = ' AND b.rating_view <= ' . $grade . ' ';
    } else {
        $ratingSQL = '';
    }
    $sql = "SELECT * ";
    $sql .= "FROM {$_TABLES['ff_topic']} a ";
    $sql .= "LEFT JOIN {$_TABLES['ff_forums']} b ON a.forum=b.forum_id ";
    $sql .= "WHERE pid=0 AND b.grp_id IN ({$grouplist}) AND b.no_newposts = 0 " . $ratingSQL;
    $sql .= "ORDER BY lastupdated DESC LIMIT {$_FF_CONF['show_last_post_count']}";
    $result = DB_query($sql);
    $nrows = DB_numRows($result);
    $displayrecs = 0;
    for ($i = 1; $i <= $nrows; $i++) {
        $P = DB_fetchArray($result);
        if ($_FF_CONF['use_censor']) {
            $P['subject'] = COM_checkWords($P['subject']);
            $P['comment'] = COM_checkWords($P['comment']);
        }
        $topic_id = $P['id'];
        $displayrecs++;
        $dt->setTimestamp($P['date']);
        $firstdate = $dt->format($_FF_CONF['default_Datetime_format'], true);
        $dt->setTimestamp($P['lastupdated']);
        $lastdate = $dt->format($_FF_CONF['default_Datetime_format'], true);
        if ($P['uid'] > 1) {
            $topicinfo = "{$LANG_GF01['STARTEDBY']} " . COM_getDisplayName($P['uid']) . ', ';
        } else {
            $topicinfo = "{$LANG_GF01['STARTEDBY']} {$P['name']},";
        }
        $topicinfo .= "{$firstdate}<br/>{$LANG_GF01['VIEWS']}:{$P['views']}, {$LANG_GF01['REPLIES']}:{$P['replies']}<br/>";
        if (empty($P['last_reply_rec']) || $P['last_reply_rec'] < 1) {
            $lastid = $P['id'];
            $testText = FF_formatTextBlock($P['comment'], 'text', 'text', $P['status']);
            $testText = strip_tags($testText);
            $html2txt = new html2text($testText, false);
            $testText = trim($html2txt->get_text());
            $lastpostinfogll = @htmlspecialchars(preg_replace('#\\r?\\n#', '<br>', strip_tags(substr($testText, 0, $_FF_CONF['contentinfo_numchars']) . '...')), ENT_QUOTES, COM_getEncodingt());
        } else {
            $qlreply = DB_query("SELECT id,uid,name,comment,date,status FROM {$_TABLES['ff_topic']} WHERE id={$P['last_reply_rec']}");
            $B = DB_fetchArray($qlreply);
            $lastid = $B['id'];
            $lastcomment = $B['comment'];
            $P['date'] = $B['date'];
            if ($B['uid'] > 1) {
                $topicinfo .= sprintf($LANG_GF01['LASTREPLYBY'], COM_getDisplayName($B['uid']));
            } else {
                $topicinfo .= sprintf($LANG_GF01['LASTREPLYBY'], $B['name']);
            }
            $testText = FF_formatTextBlock($B['comment'], 'text', 'text', $B['status']);
            $testText = strip_tags($testText);
            $html2txt = new html2text($testText, false);
            $testText = trim($html2txt->get_text());
            $lastpostinfogll = @htmlspecialchars(preg_replace('#\\r?\\n#', '<br>', strip_tags(substr($testText, 0, $_FF_CONF['contentinfo_numchars']) . '...')), ENT_QUOTES, COM_getEncodingt());
        }
        $link = '<a class="' . COM_getTooltipStyle() . '" style="text-decoration:none; white-space:nowrap;" href="' . $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . $topic_id . '&amp;lastpost=true#' . $lastid . '" title="' . @htmlspecialchars($P['subject'], ENT_QUOTES, COM_getEncodingt()) . '::' . $lastpostinfogll . '" rel="nofollow">';
        $topiclink = '<a class="' . COM_getTooltipStyle() . '" style="text-decoration:none;" href="' . $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . $topic_id . '" title="' . @htmlspecialchars($P['subject'], ENT_QUOTES, COM_getEncodingt()) . '::' . $topicinfo . '">' . $P['subject'] . '</a>';
        $dt->setTimestamp($P['date']);
        $tdate = $dt->format($_FF_CONF['default_Datetime_format'], true);
        $data_arr[] = array('forum' => $P['forum_name'], 'subject' => $topiclink, 'date' => $link . $tdate . '</a>');
        if ($displayrecs >= $_FF_CONF['show_last_post_count']) {
            break;
        }
    }
    $T->set_var('list_data', ADMIN_simpleList("", $header_arr, $text_arr, $data_arr));
    $T->set_var('block_end', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
    $T->parse('output', 'list');
    $retval = $T->finish($T->get_var('output'));
    return array($pageTitle, $retval);
}
コード例 #27
0
ファイル: menu.php プロジェクト: spacequad/glfusion
function MB_editMenu($mid)
{
    global $_CONF, $_TABLES, $_ST_CONF, $stMenu, $LANG_MB00, $LANG_MB01, $LANG_MB_ADMIN, $LANG_MB_TYPES, $LANG_MB_GLTYPES, $LANG_MB_GLFUNCTION, $LANG_MB_MENU_TYPES;
    $retval = '';
    $menu_id = $mid;
    $menu = menu::getInstance($menu_id);
    $menu_arr = array(array('url' => $_CONF['site_admin_url'] . '/menu.php?mode=menu&amp;menu=' . $menu_id, 'text' => $LANG_MB01['return_to'] . $menu->name), array('url' => $_CONF['site_admin_url'] . '/menu.php', 'text' => $LANG_MB01['menu_list']));
    $retval .= COM_startBlock($LANG_MB01['menu_builder'] . ' :: ' . $LANG_MB01['edit_element'] . ' for ' . $menu->name, '', COM_getBlockTemplate('_admin_block', 'header'));
    $retval .= ADMIN_createMenu($menu_arr, $LANG_MB_ADMIN[5], $_CONF['layout_url'] . '/images/icons/menubuilder.png');
    // build menu type select
    $menuTypeSelect = '<select id="menutype" name="menutype">' . LB;
    while ($types = current($LANG_MB_MENU_TYPES)) {
        $menuTypeSelect .= '<option value="' . key($LANG_MB_MENU_TYPES) . '"';
        if (key($LANG_MB_MENU_TYPES) == $menu->type) {
            $menuTypeSelect .= ' selected="selected"';
        }
        $menuTypeSelect .= '>' . $types . '</option>' . LB;
        next($LANG_MB_MENU_TYPES);
    }
    $menuTypeSelect .= '</select>' . LB;
    // build group select
    $rootUser = DB_getItem($_TABLES['group_assignments'], 'ug_uid', 'ug_main_grp_id=1');
    $usergroups = SEC_getUserGroups($rootUser);
    $usergroups[$LANG_MB01['non-logged-in']] = 998;
    uksort($usergroups, "strnatcasecmp");
    $group_select = '<select id="group" name="group">' . LB;
    for ($i = 0; $i < count($usergroups); $i++) {
        $group_select .= '<option value="' . $usergroups[key($usergroups)] . '"';
        if ($usergroups[key($usergroups)] == $menu->group_id) {
            $group_select .= ' selected="selected"';
        }
        $group_select .= '>' . ucfirst(key($usergroups)) . '</option>' . LB;
        next($usergroups);
    }
    $group_select .= '</select>' . LB;
    $T = new Template($_CONF['path_layout'] . 'admin/menu');
    $T->set_file(array('admin' => 'editmenu.thtml'));
    if ($mid == 1 || $mid == 2 || $mid == 3) {
        $disabled = ' readonly ';
    } else {
        $disabled = '';
    }
    $menu_active_check = $menu->active == 1 ? ' checked="checked"' : '';
    $T->set_var(array('group_select' => $group_select, 'menutype' => $menu->type, 'menutype_select' => $menuTypeSelect, 'menuactive' => $menu->active == 1 ? ' checked="checked"' : ' ', 'form_action' => $_CONF['site_admin_url'] . '/menu.php', 'menu_id' => $mid, 'menuname' => $menu->name, 'enabled' => $menu_active_check, 'disabled' => $disabled));
    $T->parse('output', 'admin');
    $retval .= $T->finish($T->get_var('output'));
    $retval .= COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer'));
    return $retval;
}
コード例 #28
0
ファイル: member.php プロジェクト: spacequad/glfusion
function MG_editMemberDefaults()
{
    global $_CONF, $_MG_CONF, $_TABLES, $_USER, $LANG_MG00, $LANG_MG01, $LANG_MG03, $LANG_ACCESS, $LANG_DIRECTION;
    global $album_jumpbox, $album_selectbox, $MG_albums, $LANG04;
    MG_initAlbums();
    $retval = '';
    $T = new Template($_MG_CONF['template_path'] . '/admin');
    $T->set_file(array('admin' => 'editmember.thtml', 'admin_formats' => 'editalbum_formats.thtml'));
    include_once $_CONF['path_system'] . "classes/navbar.class.php";
    $navbar = new navbar();
    $navbar->add_menuitem($LANG_MG01['member_albums'], 'showhideMGAdminEditorDiv("members",0);return false;', true);
    $navbar->add_menuitem($LANG_MG01['allowed_media_formats'], 'showhideMGAdminEditorDiv("media",1);return false;', true);
    $navbar->add_menuitem($LANG_MG01['album_attributes'], 'showhideMGAdminEditorDiv("attributes",2);return false;', true);
    $navbar->add_menuitem($LANG_MG01['anonymous_uploads_prompt'], 'showhideMGAdminEditorDiv("useruploads",3);return false;', true);
    $navbar->add_menuitem($LANG_ACCESS['accessrights'], 'showhideMGAdminEditorDiv("access",4);return false;', true);
    $navbar->set_selected($LANG_MG01['member_albums']);
    $T->set_var('navbar', $navbar->generate());
    $T->set_var('no_javascript_warning', $LANG04[150]);
    $T->set_var(array('jpg_checked' => $_MG_CONF['member_valid_formats'] & MG_JPG ? ' checked="checked"' : '', 'png_checked' => $_MG_CONF['member_valid_formats'] & MG_PNG ? ' checked="checked"' : '', 'tif_checked' => $_MG_CONF['member_valid_formats'] & MG_TIF ? ' checked="checked"' : '', 'gif_checked' => $_MG_CONF['member_valid_formats'] & MG_GIF ? ' checked="checked"' : '', 'bmp_checked' => $_MG_CONF['member_valid_formats'] & MG_BMP ? ' checked="checked"' : '', 'tga_checked' => $_MG_CONF['member_valid_formats'] & MG_TGA ? ' checked="checked"' : '', 'psd_checked' => $_MG_CONF['member_valid_formats'] & MG_PSD ? ' checked="checked"' : '', 'mp3_checked' => $_MG_CONF['member_valid_formats'] & MG_MP3 ? ' checked="checked"' : '', 'ogg_checked' => $_MG_CONF['member_valid_formats'] & MG_OGG ? ' checked="checked"' : '', 'asf_checked' => $_MG_CONF['member_valid_formats'] & MG_ASF ? ' checked="checked"' : '', 'swf_checked' => $_MG_CONF['member_valid_formats'] & MG_SWF ? ' checked="checked"' : '', 'mov_checked' => $_MG_CONF['member_valid_formats'] & MG_MOV ? ' checked="checked"' : '', 'mp4_checked' => $_MG_CONF['member_valid_formats'] & MG_MP4 ? ' checked="checked"' : '', 'mpg_checked' => $_MG_CONF['member_valid_formats'] & MG_MPG ? ' checked="checked"' : '', 'zip_checked' => $_MG_CONF['member_valid_formats'] & MG_ZIP ? ' checked="checked"' : '', 'flv_checked' => $_MG_CONF['member_valid_formats'] & MG_FLV ? ' checked="checked"' : '', 'rflv_checked' => $_MG_CONF['member_valid_formats'] & MG_RFLV ? ' checked="checked"' : '', 'emb_checked' => $_MG_CONF['member_valid_formats'] & MG_EMB ? ' checked="checked"' : '', 'other_checked' => $_MG_CONF['member_valid_formats'] & MG_OTHER ? ' checked="checked"' : '', 'lang_jpg' => $LANG_MG01['jpg'], 'lang_png' => $LANG_MG01['png'], 'lang_tif' => $LANG_MG01['tif'], 'lang_gif' => $LANG_MG01['gif'], 'lang_bmp' => $LANG_MG01['bmp'], 'lang_tga' => $LANG_MG01['tga'], 'lang_psd' => $LANG_MG01['psd'], 'lang_mp3' => $LANG_MG01['mp3'], 'lang_ogg' => $LANG_MG01['ogg'], 'lang_asf' => $LANG_MG01['asf'], 'lang_swf' => $LANG_MG01['swf'], 'lang_mov' => $LANG_MG01['mov'], 'lang_mp4' => $LANG_MG01['mp4'], 'lang_mpg' => $LANG_MG01['mpg'], 'lang_zip' => $LANG_MG01['zip'], 'lang_flv' => $LANG_MG01['flv'], 'lang_rflv' => $LANG_MG01['rflv'], 'lang_emb' => $LANG_MG01['emb'], 'lang_other' => $LANG_MG01['other'], 'lang_allowed_formats' => $LANG_MG01['allowed_media_formats'], 'lang_image' => $LANG_MG01['image'], 'lang_audio' => $LANG_MG01['audio'], 'lang_video' => $LANG_MG01['video']));
    $T->parse('valid_formats', 'admin_formats');
    $member_albums = '<input type="checkbox" name="member_albums" value="1" ' . ($_MG_CONF['member_albums'] ? ' checked="checked"' : '') . '/>';
    $auto_create = '<input type="checkbox" name="auto_create" value="1" ' . ($_MG_CONF['member_auto_create'] ? ' checked="checked"' : '') . '/>';
    $allow_create = '<input type="checkbox" name="allow_create" value="1" ' . ($_MG_CONF['member_create_new'] ? ' checked="checked"' : '') . '/>';
    $album_jumpbox = '';
    $MG_albums[0]->buildJumpBox($_MG_CONF['member_album_root']);
    $album_list_root = '<select name="member_root">';
    $album_list_root .= '<option value="0">' . $LANG_MG01['root_album'] . '</option>';
    $album_list_root .= $album_jumpbox;
    $album_list_root .= '</select>';
    $MG_albums[0]->buildAlbumBox($_MG_CONF['member_album_archive'], 3, -1, 'upload');
    $member_archive = '<select name="member_archive">';
    $member_archive .= '<option value="0">' . $LANG_MG01['do_not_archive'] . '</option>';
    $member_archive .= $album_selectbox;
    $member_archive .= '</select>';
    $T->set_var('site_url', $_CONF['site_url']);
    $T->set_var('site_admin_url', $_CONF['site_admin_url']);
    $ri_select = '<input type="checkbox" name="enable_random" value="1" ' . ($_MG_CONF['member_enable_random'] ? ' checked="checked"' : '') . '/>';
    $max_image_height_input = '<input type="text" size="4" name="max_image_height" value="' . $_MG_CONF['member_max_height'] . '"' . '/>';
    $max_image_width_input = '<input type="text" size="4" name="max_image_width" value="' . $_MG_CONF['member_max_width'] . '"' . '/>';
    $max_filesize_input = '<input type="text" size="10" name="max_filesize" value="' . $_MG_CONF['member_max_filesize'] . '"' . '/>';
    $email_mod_select = '<input type="checkbox" name="email_mod" value="1" ' . ($_MG_CONF['member_email_mod'] ? ' checked="checked"' : '') . '/>';
    // permission template
    $usergroups = SEC_getUserGroups();
    $groupdd = '';
    $moddd = '';
    $gresult = DB_query("SELECT grp_id FROM {$_TABLES['groups']} WHERE grp_name LIKE 'mediagallery Admin'");
    $grow = DB_fetchArray($gresult);
    $grp_id = $grow['grp_id'];
    if (!isset($_MG_CONF['ad_group_id'])) {
        $_MG_CONF['ad_group_id'] = $grp_id;
    }
    if (!isset($_MG_CONF['member_mod_group_id'])) {
        $_MG_CONF['member_mod_group_id'] = $grp_id;
    }
    $groupdd .= '<select name="group_id">';
    $moddd .= '<select name="mod_id">';
    for ($i = 0; $i < count($usergroups); $i++) {
        $groupdd .= '<option value="' . $usergroups[key($usergroups)] . '"';
        $moddd .= '<option value="' . $usergroups[key($usergroups)] . '"';
        if ($_MG_CONF['ad_group_id'] == $usergroups[key($usergroups)]) {
            $groupdd .= ' selected="selected"';
            $groupname = key($usergroups);
        }
        if ($_MG_CONF['member_mod_group_id'] == $usergroups[key($usergroups)]) {
            $moddd .= ' selected="selected"';
        }
        $groupdd .= '>' . key($usergroups) . '</option>';
        $moddd .= '>' . key($usergroups) . '</option>';
        next($usergroups);
    }
    $groupdd .= '</select>';
    $moddd .= '</select>';
    $upload_select = '<input type="checkbox" name="uploads" value="1" ' . ($_MG_CONF['member_uploads'] ? ' checked="checked"' : '') . '/>';
    $moderate_select = '<input type="checkbox" name="moderate" value="1" ' . ($_MG_CONF['member_moderate'] ? ' checked="checked"' : '') . '/>';
    if (!isset($_MG_CONF['member_use_fullname'])) {
        $_MG_CONF['member_use_fullname'] = 0;
    }
    $fullname_select = '<input type="checkbox" name="member_use_fullname" value="1" ' . ($_MG_CONF['member_use_fullname'] ? ' checked="checked"' : '') . '/>';
    if (!isset($_MG_CONF['feature_member_album'])) {
        $_MG_CONF['feature_member_album'] = 0;
    }
    $feature_select = '<input type="checkbox" name="feature_member_album" value="1" ' . ($_MG_CONF['feature_member_album'] ? ' checked="checked"' : '') . '/>';
    if (!isset($_MG_CONF['allow_remote'])) {
        $_MG_CONF['allow_remote'] = 0;
    }
    $allow_remote = '<input type="checkbox" name="allow_remote" value="1" ' . ($_MG_CONF['allow_remote'] ? ' checked="checked"' : '') . '/>';
    $T->set_var(array('site_url' => $_MG_CONF['site_url'], 'member_albums' => $member_albums, 'album_list_root' => $album_list_root, 'member_archive' => $member_archive, 'auto_create' => $auto_create, 'allow_create' => $allow_create, 'ri_select' => $ri_select, 'height_input' => $max_image_height_input, 'width_input' => $max_image_width_input, 'email_mod_select' => $email_mod_select, 'uploads' => $upload_select, 'moderate' => $moderate_select, 'member_quota' => $_MG_CONF['member_quota'] / 1048576, 'max_filesize' => $_MG_CONF['member_max_filesize'] / 1024, 'member_use_fullname' => $fullname_select, 'feature_member_album' => $feature_select, 'allow_remote' => $allow_remote, 'lang_uploads' => $LANG_MG01['anonymous_uploads_prompt'], 'lang_accessrights' => $LANG_ACCESS['accessrights'], 'lang_owner' => $LANG_ACCESS['owner'], 'lang_group' => $LANG_ACCESS['group'], 'lang_permissions' => $LANG_ACCESS['permissions'], 'lang_perm_key' => $LANG_ACCESS['permissionskey'], 'permissions_editor' => SEC_getPermissionsHTML($_MG_CONF['member_perm_owner'], $_MG_CONF['member_perm_group'], $_MG_CONF['member_perm_members'], $_MG_CONF['member_perm_anon']), 'permissions_msg' => $LANG_ACCESS['permmsg'], 'group_dropdown' => $groupdd, 'mod_dropdown' => $moddd, 'lang_member_upload' => $LANG_MG01['member_upload'], 'lang_moderate_album' => $LANG_MG01['mod_album'], 'lang_mod_group' => $LANG_MG01['moderation_group'], 'lang_zero_unlimited' => $LANG_MG01['zero_unlimited'], 'lang_ri_enable' => $LANG_MG01['ri_enable'], 'lang_max_image_height' => $LANG_MG01['max_image_height'], 'lang_max_image_width' => $LANG_MG01['max_image_width'], 'lang_max_filesize' => $LANG_MG01['max_filesize'], 'lang_display_image_size' => $LANG_MG01['display_image_size'], 'lang_email_mods_on_submission' => $LANG_MG01['email_mods_on_submission'], 'lang_album_attributes' => $LANG_MG01['album_attributes'], 'lang_member_albums' => $LANG_MG01['member_albums'], 'lang_enable_member_albums' => $LANG_MG01['enable_member_albums'], 'lang_member_quota' => $LANG_MG01['default_member_quota'], 'lang_auto_create' => $LANG_MG01['auto_create'], 'lang_allow_create' => $LANG_MG01['allow_create'], 'lang_member_root' => $LANG_MG01['member_root'], 'lang_member_archive' => $LANG_MG01['member_archive'], 'lang_member_use_fullname' => $LANG_MG01['member_use_fullname'], 'lang_feature_member_album' => $LANG_MG01['feature_member_album'], 'lang_allow_remote' => $LANG_MG01['allow_remote'], 'lang_save' => $LANG_MG01['save'], 'lang_cancel' => $LANG_MG01['cancel'], 's_form_action' => $_MG_CONF['admin_url'] . 'member.php', 'rtl' => $LANG_DIRECTION == "rtl" ? "rtl" : ""));
    $T->parse('output', 'admin');
    $retval .= $T->finish($T->get_var('output'));
    return $retval;
}
コード例 #29
0
ファイル: moderation.php プロジェクト: hostellerie/nexpro
     $promptform .= '<INPUT TYPE="hidden" NAME="forum"  VALUE="' . $forum . '">';
     $promptform .= '<INPUT TYPE="hidden" NAME="msgpid" VALUE="' . $msgpid . '">';
     $promptform .= '<INPUT TYPE="hidden" NAME="top" VALUE="' . $top . '">';
     $promptform .= '<CENTER><INPUT TYPE="submit" NAME="submit" VALUE="' . $LANG_GF01['CONFIRM'] . '">&nbsp;&nbsp;';
     $promptform .= '<INPUT TYPE="submit" NAME="submit" VALUE="' . $LANG_GF01['CANCEL'] . '"></CENTER>';
     $promptform .= '</CENTER></FORM></p>';
     alertMessage($alertmessage, $LANG_GF02['msg182'], $promptform);
 } elseif ($modfunction == 'editpost' and forum_modPermission($forum, $_USER['uid'], 'mod_edit') and $fortopicid != 0) {
     $page = COM_applyFilter($_REQUEST['page'], true);
     echo COM_refresh("createtopic.php?method=edit&id={$fortopicid}&page={$page}");
     echo $LANG_GF02['msg110'];
 } elseif ($modfunction == 'lockedpost' and forum_modPermission($forum, $_USER['uid'], 'mod_edit') and $fortopicid != 0) {
     echo COM_refresh("createtopic.php?method=postreply&id={$fortopicid}");
     echo $LANG_GF02['msg173'];
 } elseif ($modfunction == 'movetopic' and forum_modPermission($forum, $_USER['uid'], 'mod_move') and $fortopicid != 0) {
     $SECgroups = SEC_getUserGroups();
     // Returns an Associative Array - need to parse out the group id's
     $modgroups = '';
     foreach ($SECgroups as $key) {
         if ($modgroups == '') {
             $modgroups = $key;
         } else {
             $modgroups .= ",{$key}";
         }
     }
     /* Check and see if user had moderation rights to another forum to complete the topic move */
     $sql = "SELECT DISTINCT forum_name FROM {$_TABLES['gf_moderators']} a , {$_TABLES['gf_forums']} b ";
     $sql .= "where a.mod_forum = b.forum_id AND ( a.mod_uid='{$_USER['uid']}' OR a.mod_groupid in ({$modgroups}))";
     $query = DB_query($sql);
     if (DB_numRows($query) == 0) {
         alertMessage($LANG_GF02['msg181'], $LANG_GF01['WARNING']);
コード例 #30
0
ファイル: user.php プロジェクト: spacequad/glfusion
/**
* Saves user to the database
*
* @param    int     $uid            user id
* @return   string                  HTML redirect or error message
*
*/
function USER_save($uid)
{
    global $_CONF, $_TABLES, $_USER, $LANG28, $_USER_VERBOSE;
    $retval = '';
    $userChanged = false;
    if ($_USER_VERBOSE) {
        COM_errorLog("**** entering USER_save()****", 1);
    }
    if ($_USER_VERBOSE) {
        COM_errorLog("group size at beginning = " . sizeof($groups), 1);
    }
    $uid = COM_applyFilter($_POST['uid'], true);
    if ($uid == 0) {
        $uid = '';
    }
    $regdate = COM_applyFilter($_POST['regdate'], true);
    $username = trim($_POST['new_username']);
    $fullname = COM_truncate(trim(USER_sanitizeName($_POST['fullname'])), 80);
    $userstatus = COM_applyFilter($_POST['userstatus'], true);
    $oldstatus = COM_applyFilter($_POST['oldstatus'], true);
    $passwd = isset($_POST['newp']) ? trim($_POST['newp']) : '';
    $passwd_conf = isset($_POST['newp_conf']) ? trim($_POST['newp_conf']) : '';
    $cooktime = COM_applyFilter($_POST['cooktime'], true);
    $email = trim($_POST['email']);
    $email_conf = trim($_POST['email_conf']);
    $groups = $_POST['groups'];
    $homepage = trim($_POST['homepage']);
    $location = strip_tags(trim($_POST['location']));
    $photo = isset($_POST['photo']) ? $_POST['photo'] : '';
    $delete_photo = isset($_POST['delete_photo']) && $_POST['delete_photo'] == 'on' ? 1 : 0;
    $sig = trim($_POST['sig']);
    $about = trim($_POST['about']);
    $pgpkey = trim($_POST['pgpkey']);
    $language = isset($_POST['language']) ? trim(COM_applyFilter($_POST['language'])) : '';
    $theme = isset($_POST['theme']) ? trim(COM_applyFilter($_POST['theme'])) : '';
    $maxstories = COM_applyFilter($_POST['maxstories'], true);
    $tzid = COM_applyFilter($_POST['tzid']);
    $dfid = COM_applyFilter($_POST['dfid'], true);
    $search_fmt = COM_applyFilter($_POST['search_result_format']);
    $commentmode = COM_applyFilter($_POST['commentmode']);
    $commentorder = isset($_POST['commentorder']) && $_POST['commentorder'] == 'DESC' ? 'DESC' : 'ASC';
    $commentlimit = COM_applyFilter($_POST['commentlimit'], true);
    $emailfromuser = isset($_POST['emailfromuser']) && $_POST['emailfromuser'] == 'on' ? 1 : 0;
    $emailfromadmin = isset($_POST['emailfromadmin']) && $_POST['emailfromadmin'] == 'on' ? 1 : 0;
    $noicons = isset($_POST['noicons']) && $_POST['noicons'] == 'on' ? 1 : 0;
    $noboxes = isset($_POST['noboxes']) && $_POST['noboxes'] == 'on' ? 1 : 0;
    $showonline = isset($_POST['showonline']) && $_POST['showonline'] == 'on' ? 1 : 0;
    $topic_order = isset($_POST['topic_order']) && $_POST['topic_order'] == 'ASC' ? 'ASC' : 'DESC';
    $maxstories = COM_applyFilter($_POST['maxstories'], true);
    $newuser = COM_applyFilter($_POST['newuser'], true);
    $remoteuser = isset($_POST['remoteuser']) && $_POST['remoteuser'] == 'on' ? 1 : 0;
    $remoteusername = isset($_POST['remoteusername']) ? strip_tags(trim($_POST['remoteusername'])) : '';
    $remoteservice = isset($_POST['remoteservice']) ? COM_applyFilter($_POST['remoteservice']) : '';
    $social_services = SOC_followMeProfile($uid);
    foreach ($social_services as $service) {
        $service_input = $service['service'] . '_username';
        $_POST[$service_input] = strip_tags($_POST[$service_input]);
    }
    if ($uid == 1) {
        return USER_list();
    }
    if ($uid == '' || $uid < 2 || $newuser == 1) {
        if (empty($passwd) && $remoteuser == 0) {
            return USER_edit($uid, 504);
        }
        if (empty($email)) {
            return USER_edit($uid, 505);
        }
    }
    if ($username == '') {
        return USER_edit($uid, 506);
    }
    if (!USER_validateUsername($username)) {
        return USER_edit($uid, 512);
    }
    if ($email == '') {
        return USER_edit($uid, 507);
    }
    if ($passwd != $passwd_conf && $remoteuser == 0) {
        // passwords don't match
        return USER_edit($uid, 67);
    }
    if ($email != $email_conf) {
        return USER_edit($uid, 508);
    }
    // remote user checks
    if ($remoteuser == 1) {
        if ($remoteusername == '') {
            return USER_edit($uid, 513);
        }
        if ($remoteservice == '') {
            return USER_edit($uid, 514);
        }
    }
    $validEmail = true;
    if (empty($username)) {
        $validEmail = false;
    } elseif (empty($email)) {
        if (empty($uid)) {
            $validEmail = false;
        } else {
            $ws_user = DB_getItem($_TABLES['users'], 'remoteservice', "uid = " . intval($uid));
            if (empty($ws_user)) {
                $validEmail = false;
            }
        }
    }
    if ($validEmail) {
        if (!empty($email) && !COM_isEmail($email)) {
            return USER_edit($uid, 52);
        }
        $uname = DB_escapeString($username);
        if (empty($uid)) {
            $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******'");
        } else {
            $uservice = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$uid}");
            if ($uservice != '') {
                $uservice = DB_escapeString($uservice);
                $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND remoteservice = '{$uservice}'");
            } else {
                $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND (remoteservice = '' OR remoteservice IS NULL)");
            }
        }
        if ($ucount > 0) {
            // Admin just changed a user's username to one that already exists
            return USER_edit($uid, 51);
        }
        $emailaddr = DB_escapeString($email);
        $exclude_remote = " AND (remoteservice IS NULL OR remoteservice = '')";
        if (empty($uid)) {
            $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}'" . $exclude_remote);
        } else {
            $old_email = DB_getItem($_TABLES['users'], 'email', "uid = {$uid}");
            if ($old_email == $email) {
                // email address didn't change so don't care
                $ucount = 0;
            } else {
                $ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}' AND uid <> {$uid}" . $exclude_remote);
            }
        }
        if ($ucount > 0) {
            // Admin just changed a user's email to one that already exists
            return USER_edit($uid, 56);
        }
        if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
            $ret = CUSTOM_userCheck($username, $email);
            if (!empty($ret)) {
                // need a numeric return value - otherwise use default message
                if (!is_numeric($ret['number'])) {
                    $ret['number'] = 97;
                }
                return USER_edit($uid, $ret['number']);
            }
        }
        // Let plugins have a chance to decide what to do before saving the user, return errors.
        $msg = PLG_itemPreSave('useredit', $username);
        if (!empty($msg)) {
            // need a numeric return value - otherwise use default message
            if (!is_numeric($msg)) {
                $msg = 97;
            }
            return USER_edit($uid, $msg);
        }
        if (empty($uid) || !empty($passwd)) {
            $passwd2 = SEC_encryptPassword($passwd);
        } else {
            $passwd2 = DB_getItem($_TABLES['users'], 'passwd', "uid = {$uid}");
        }
        // do we need to create the user?
        if (empty($uid)) {
            if (empty($passwd)) {
                // no password? create one ...
                $passwd = USER_createPassword(8);
                $passwd2 = SEC_encryptPassword($passwd);
            }
            if ($remoteuser == 1) {
                $uid = USER_createAccount($username, $email, '', $fullname, '', $remoteusername, $remoteservice, 1);
            } else {
                $uid = USER_createAccount($username, $email, $passwd2, $fullname, $homepage, '', '', 1);
            }
            if ($uid > 1) {
                DB_query("UPDATE {$_TABLES['users']} SET status = {$userstatus} WHERE uid = {$uid}");
            }
            if (isset($_POST['emailuser'])) {
                USER_createAndSendPassword($username, $email, $uid, $passwd);
            }
            if ($uid < 2) {
                return USER_edit('', 509);
            }
            $newuser = 1;
        }
        // at this point, we have a valid user...
        // Filter some of the text entry fields to ensure they don't cause problems...
        $fullname = strip_tags($fullname);
        $about = strip_tags($about);
        $pgpkey = strip_tags($pgpkey);
        $curphoto = USER_handlePhotoUpload($uid, $delete_photo);
        if ($_CONF['allow_user_photo'] == 1 && !empty($curphoto)) {
            $curusername = DB_getItem($_TABLES['users'], 'username', "uid = {$uid}");
            if ($curusername != $username) {
                // user has been renamed - rename the photo, too
                $newphoto = preg_replace('/' . $curusername . '/', $username, $curphoto, 1);
                $imgpath = $_CONF['path_images'] . 'userphotos/';
                if (rename($imgpath . $curphoto, $imgpath . $newphoto) === false) {
                    $display = COM_siteHeader('menu', $LANG28[22]);
                    $display .= COM_errorLog('Could not rename userphoto "' . $curphoto . '" to "' . $newphoto . '".');
                    $display .= COM_siteFooter();
                    return $display;
                }
                $curphoto = $newphoto;
            }
        }
        // update users table
        $sql = "UPDATE {$_TABLES['users']} SET " . "username = '******'," . "fullname = '" . DB_escapeString($fullname) . "'," . "passwd   = '" . DB_escapeString($passwd2) . "'," . "email    = '" . DB_escapeString($email) . "'," . "homepage = '" . DB_escapeString($homepage) . "'," . "sig      = '" . DB_escapeString($sig) . "'," . "photo    = '" . DB_escapeString($curphoto) . "'," . "cookietimeout = {$cooktime}," . "theme    = '" . DB_escapeString($theme) . "'," . "language = '" . DB_escapeString($language) . "'," . "status   = {$userstatus} WHERE uid = {$uid};";
        DB_query($sql);
        // update userprefs
        $sql = "UPDATE {$_TABLES['userprefs']} SET " . "noicons = {$noicons}," . "dfid    = {$dfid}," . "tzid    = '" . DB_escapeString($tzid) . "'," . "emailstories = 0," . "emailfromadmin = {$emailfromadmin}," . "emailfromuser  = {$emailfromuser}," . "showonline = {$showonline}," . "search_result_format = '" . DB_escapeString($search_fmt) . "' WHERE uid={$uid};";
        DB_query($sql);
        // userinfo table
        $sql = "UPDATE {$_TABLES['userinfo']} SET " . "about      = '" . DB_escapeString($about) . "'," . "location   = '" . DB_escapeString($location) . "'," . "pgpkey     = '" . DB_escapeString($pgpkey) . "' WHERE uid={$uid};";
        DB_query($sql);
        // userindex table
        $TIDS = @array_values($_POST['topics']);
        $AIDS = @array_values($_POST['selauthors']);
        $BOXES = @array_values($_POST['blocks']);
        $ETIDS = @array_values($_POST['dgtopics']);
        $allowed_etids = USER_buildTopicList();
        $AETIDS = explode(' ', $allowed_etids);
        $tids = '';
        if (sizeof($TIDS) > 0) {
            $tids = DB_escapeString(implode(' ', array_intersect($AETIDS, $TIDS)));
        }
        $aids = '';
        if (sizeof($AIDS) > 0) {
            foreach ($AIDS as $key => $val) {
                $AIDS[$key] = intval($val);
            }
            $aids = DB_escapeString(implode(' ', $AIDS));
        }
        $selectedblocks = '';
        $selectedBoxes = array();
        if (count($BOXES) > 0) {
            foreach ($BOXES as $key => $val) {
                $BOXES[$key] = intval($val);
            }
            $boxes = DB_escapeString(implode(',', $BOXES));
            $blockresult = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ({$boxes})");
            $numRows = DB_numRows($blockresult);
            for ($x = 1; $x <= $numRows; $x++) {
                $row = DB_fetchArray($blockresult);
                if ($row['name'] != 'user_block' and $row['name'] != 'admin_block' and $row['name'] != 'section_block') {
                    $selectedblocks .= $row['bid'];
                    if ($x != $numRows) {
                        $selectedblocks .= ' ';
                    }
                }
            }
        }
        $etids = '-';
        if (sizeof($ETIDS) > 0) {
            $etids = DB_escapeString(implode(' ', array_intersect($AETIDS, $ETIDS)));
        } else {
            $etids = '-';
        }
        DB_save($_TABLES['userindex'], "uid,tids,aids,boxes,noboxes,maxstories,etids", "{$uid},'{$tids}','{$aids}','{$selectedblocks}',{$noboxes},{$maxstories},'{$etids}'");
        // usercomment
        DB_save($_TABLES['usercomment'], 'uid,commentmode,commentorder,commentlimit', "{$uid},'{$commentmode}','{$commentorder}'," . intval($commentlimit));
        if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
            CUSTOM_userSave($uid);
        }
        if ($_CONF['usersubmission'] == 1 && $oldstatus == USER_ACCOUNT_AWAITING_APPROVAL && ($userstatus == USER_ACCOUNT_ACTIVE || $userstatus == USER_ACCOUNT_AWAITING_ACTIVATION || $userstatus == USER_ACCOUNT_AWAITING_VERIFICATION)) {
            USER_createAndSendPassword($username, $email, $uid);
        }
        if ($userstatus == USER_ACCOUNT_DISABLED) {
            SESS_endUserSession($uid);
        }
        $userChanged = true;
        // if groups is -1 then this user isn't allowed to change any groups so ignore
        if (is_array($groups) && SEC_hasRights('group.edit')) {
            if (!SEC_inGroup('Root')) {
                $rootgrp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'");
                if (in_array($rootgrp, $groups)) {
                    COM_accessLog("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user {$username}.");
                    echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
                    exit;
                }
            }
            // make sure the Remote Users group is in $groups
            if (SEC_inGroup('Remote Users', $uid)) {
                $remUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'");
                if (!in_array($remUsers, $groups)) {
                    $groups[] = $remUsers;
                }
            }
            if ($_USER_VERBOSE) {
                COM_errorLog("deleting all group_assignments for user {$uid}/{$username}", 1);
            }
            // remove user from all groups that the User Admin is a member of
            $UserAdminGroups = SEC_getUserGroups();
            $whereGroup = 'ug_main_grp_id IN (' . implode(',', $UserAdminGroups) . ')';
            DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = {$uid}) AND " . $whereGroup);
            // make sure to add user to All Users and Logged-in Users groups
            $allUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'All Users'");
            if (!in_array($allUsers, $groups)) {
                $groups[] = $allUsers;
            }
            $logUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Logged-in Users'");
            if (!in_array($logUsers, $groups)) {
                $groups[] = $logUsers;
            }
            foreach ($groups as $userGroup) {
                if (in_array($userGroup, $UserAdminGroups)) {
                    if ($_USER_VERBOSE) {
                        COM_errorLog("adding group_assignment " . $userGroup . " for {$username}", 1);
                    }
                    $sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$userGroup}, {$uid})";
                    DB_query($sql);
                }
            }
        }
        // subscriptions
        $subscription_deletes = @array_values($_POST['subdelete']);
        if (is_array($subscription_deletes)) {
            foreach ($subscription_deletes as $subid) {
                DB_delete($_TABLES['subscriptions'], 'sub_id', (int) $subid);
            }
        }
        foreach ($social_services as $service) {
            $service_input = $service['service'] . '_username';
            $_POST[$service_input] = DB_escapeString($_POST[$service_input]);
            if ($_POST[$service_input] != '') {
                $sql = "REPLACE INTO {$_TABLES['social_follow_user']} (ssid,uid,ss_username) ";
                $sql .= " VALUES (" . (int) $service['service_id'] . "," . $uid . ",'" . $_POST[$service_input] . "');";
                DB_query($sql, 1);
            } else {
                $sql = "DELETE FROM {$_TABLES['social_follow_user']} WHERE ssid = " . (int) $service['service_id'] . " AND uid=" . (int) $uid;
                DB_query($sql, 1);
            }
        }
        if ($newuser == 0) {
            PLG_profileSave('', $uid);
        } else {
            PLG_createUser($uid);
        }
        if ($userChanged) {
            PLG_userInfoChanged($uid);
        }
        CACHE_remove_instance('mbmenu');
        $errors = DB_error();
        if (empty($errors)) {
            echo PLG_afterSaveSwitch($_CONF['aftersave_user'], "{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}", 'user', 21);
        } else {
            $retval .= COM_siteHeader('menu', $LANG28[22]);
            $retval .= COM_errorLog('Error in USER_save() in ' . $_CONF['site_admin_url'] . '/user.php');
            $retval .= COM_siteFooter();
            echo $retval;
            exit;
        }
    } else {
        $retval = COM_siteHeader('menu', $LANG28[1]);
        $retval .= COM_errorLog($LANG28[10]);
        if (DB_count($_TABLES['users'], 'uid', $uid) > 0) {
            $retval .= USER_edit($uid);
        } else {
            $retval .= USER_edit();
        }
        $retval .= COM_siteFooter();
        echo $retval;
        exit;
    }
    if ($_USER_VERBOSE) {
        COM_errorLog("***************leaving USER_save()*****************", 1);
    }
    return $retval;
}