if ($_CONF['allow_user_themes'] == 1) {
if (isset($_COOKIE[$_CONF['cookie_theme']])) {
$theme = COM_sanitizeFilename($_COOKIE[$_CONF['cookie_theme']], true);
if (is_dir($_CONF['path_themes'] . $theme)) {
$_USER['theme'] = $theme;
$_CONF['path_layout'] = $_CONF['path_themes'] . $theme . '/';
$_CONF['layout_url'] = $_CONF['site_url'] . '/layout/' . $theme;
}
}
}
}
COM_resetSpeedlimit('login');
// we are now fully logged in, let's see if there is someplace we need to go....
if (SESS_isSet('login_referer')) {
$_SERVER['HTTP_REFERER'] = SESS_getVar('login_referer');
SESS_unSet('login_referer');
}
if (!empty($_SERVER['HTTP_REFERER']) && strstr($_SERVER['HTTP_REFERER'], '/users.php') === false && substr($_SERVER['HTTP_REFERER'], 0, strlen($_CONF['site_url'])) == $_CONF['site_url']) {
$indexMsg = $_CONF['site_url'] . '/index.php?msg=';
if (substr($_SERVER['HTTP_REFERER'], 0, strlen($indexMsg)) == $indexMsg) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
} else {
// If user is trying to login - force redirect to index.php
if (strstr($_SERVER['HTTP_REFERER'], 'mode=login') === false) {
// if article - we need to ensure we have the story
if (substr($_SERVER['HTTP_REFERER'], 0, strlen($_CONF['site_url'])) == $_CONF['site_url']) {
echo COM_refresh(COM_sanitizeUrl($_SERVER['HTTP_REFERER']));
} else {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
} else {
/**
* Plugin function that is called after comment form is submitted.
* Needs to at least save the comment and check return value.
* Add any additional logic your plugin may need to perform on comments.
*
* $title comment title
* $comment comment text
* $id Item id to which $cid belongs
* $pid comment parent
* $postmode 'html' or 'text'
*
*/
function _mg_savecomment($title, $comment, $id, $pid, $postmode)
{
global $_CONF, $_MG_CONF, $_TABLES, $LANG03;
$retval = '';
$title = strip_tags($title);
$pid = COM_applyFilter($pid, true);
$postmode = COM_applyFilter($postmode);
$ret = CMT_saveComment($title, $comment, $id, $pid, 'mediagallery', $postmode);
if ($ret > 0) {
$retval = '';
if (SESS_isSet('glfusion.commentpresave.error')) {
$retval = COM_showMessageText(SESS_getVar('glfusion.commentpresave.error'), '', true);
SESS_unSet('glfusion.commentpresave.error');
}
$retval .= CMT_commentform($title, $comment, $id, $pid, 'mediagallery', $LANG03[14], $postmode);
return $retval;
} else {
$comments = DB_count($_TABLES['comments'], array('sid', 'type'), array(DB_escapeString($id), 'mediagallery'));
DB_change($_TABLES['mg_media'], 'media_comments', $comments, 'media_id', DB_escapeString($id));
return COM_refresh($_MG_CONF['site_url'] . "/media.php?s={$id}#comments");
}
}
if (SEC_checkToken()) {
$grp_gl_core = COM_applyFilter($_POST['grp_gl_core'], true);
$grp_default = isset($_POST['chk_grpdefault']) ? 1 : 0;
$grp_applydefault = isset($_POST['chk_applydefault']) ? 1 : 0;
$chk_grpadmin = isset($_POST['chk_grpadmin']) ? COM_applyFilter($_POST['chk_grpadmin']) : '';
$features = array();
$features = isset($_POST['features']) ? $_POST['features'] : array();
$groups = array();
$groups = isset($_POST['groups']) ? $_POST['groups'] : array();
$display .= GROUP_save($grp_id, COM_applyFilter($_POST['grp_name']), $_POST['grp_descr'], $chk_grpadmin, $grp_gl_core, $grp_default, $grp_applydefault, $features, $groups);
} else {
COM_accessLog("User {$_USER['username']} tried to illegally edit group {$grp_id} and failed CSRF checks.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
exit;
}
SESS_unSet('glfusion.user_groups.' . $_USER['uid']);
break;
case 'delete':
if (!isset($grp_id) || empty($grp_id) || $grp_id == 0) {
COM_errorLog('Attempted to delete group, grp_id empty or null, value =' . $grp_id);
$display .= COM_refresh($_CONF['site_admin_url'] . '/group.php');
} elseif (SEC_checkToken()) {
$display .= GROUP_delete($grp_id);
} else {
COM_accessLog("User {$_USER['username']} tried to illegally delete group {$grp_id} and failed CSRF checks.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
}
break;
case 'savegroup':
if (SEC_checkToken()) {
$grp_members = $_POST['groupmembers'];
/**
* article: saves a comment
*
* @param string $title comment title
* @param string $comment comment text
* @param string $id Item id to which $cid belongs
* @param int $pid comment parent
* @param string $postmode 'html' or 'text'
* @return mixed false for failure, HTML string (redirect?) for success
*/
function plugin_savecomment_article($title, $comment, $id, $pid, $postmode)
{
global $_CONF, $_TABLES, $LANG03, $_USER;
$retval = '';
$commentcode = DB_getItem($_TABLES['stories'], 'commentcode', "(sid = '" . DB_escapeString($id) . "') AND (draft_flag = 0) AND (date <= NOW())" . COM_getPermSQL('AND'));
if (!isset($commentcode) || $commentcode != 0) {
return COM_refresh($_CONF['site_url'] . '/index.php');
}
$ret = CMT_saveComment($title, $comment, $id, $pid, 'article', $postmode);
if ($ret > 0) {
// failure
$msg = '';
if (SESS_isSet('glfusion.commentpresave.error')) {
$msg = COM_showMessageText(SESS_getVar('glfusion.commentpresave.error'), '', 1, 'error');
SESS_unSet('glfusion.commentpresave.error');
} else {
if (empty($title) || empty($comment)) {
$msg = COM_showMessageText($LANG03[12], '', 1, 'error');
}
}
$retval .= $msg . CMT_commentForm($title, $comment, $id, $pid, 'article', $LANG03[14], $postmode);
} else {
// success
$comments = DB_count($_TABLES['comments'], array('type', 'sid'), array('article', $id));
DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $id);
COM_olderStuff();
// update comment count in Older Stories block
$retval = COM_refresh(COM_buildUrl($_CONF['site_url'] . "/article.php?story={$id}#comments"));
}
return $retval;
}
/**
* Returns message number if set
*
* @return int $msg message number to display or 0
*/
function COM_getMessage()
{
$msg = 0;
if (isset($_POST['msg'])) {
$msg = COM_applyFilter($_POST['msg'], true);
} elseif (isset($_GET['msg'])) {
$msg = COM_applyFilter($_GET['msg'], true);
} elseif (SESS_isSet('glfusion.infomessage')) {
$msg = COM_applyFilter(SESS_getVar('glfusion.infomessage'), true);
SESS_unSet('glfusion.infomessage');
}
return $msg;
}
function FF_saveTopic($forumData, $postData, $action)
{
global $_CONF, $_TABLES, $_FF_CONF, $_USER, $LANG03, $LANG_GF01, $LANG_GF02;
$retval = '';
$uploadErrors = '';
$msg = '';
$errorMessages = '';
$email = '';
$forumfiles = array();
$okToSave = true;
$dt = new Date('now', $_USER['tzid']);
$date = $dt->toUnix();
$REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
if (COM_isAnonUser()) {
$uid = 1;
} else {
$uid = $_USER['uid'];
}
// verify postmode is allowed
if (strtolower($postData['postmode']) == 'html') {
if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) {
$postData['postmode'] = 'html';
} else {
$postData['postmode'] = 'text';
}
}
// is forum readonly?
if ($forumData['is_readonly'] == 1) {
// Check if this user has moderation rights now to allow a post to a locked topic
if (!forum_modPermission($forumData['forum'], $uid, 'mod_edit')) {
_ff_accessError();
}
}
if ($action == 'saveedit') {
// does the forum match the forum id of the posted data?
if ($forumData['forum'] != 0 && $forumData['forum'] != $postData['forum']) {
_ff_accessError();
}
$editid = COM_applyFilter($postData['editid'], true);
$forum = COM_applyFilter($postData['forum'], true);
$editAllowed = false;
if (forum_modPermission($forumData['forum'], $_USER['uid'], 'mod_edit')) {
$editAllowed = true;
} else {
if ($_FF_CONF['allowed_editwindow'] > 0) {
$t1 = DB_getItem($_TABLES['ff_topic'], 'date', "id=" . (int) $postData['id']);
$t2 = $_FF_CONF['allowed_editwindow'];
$time = time();
if (time() - $t2 < $t1) {
$editAllowed = true;
}
} else {
$editAllowed = true;
}
}
if ($postData['editpid'] < 1 && trim($postData['subject']) == '') {
$retval .= FF_BlockMessage('', $LANG_GF02['msg18'], false);
$okToSave = false;
} elseif (!$editAllowed) {
$link = $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . (int) $postData['$id'];
$retval .= _ff_alertMessage('', $LANG_GF02['msg189'], sprintf($LANG_GF02['msg187'], $link));
$okToSave = false;
}
} else {
if (!COM_isAnonUser() && $_FF_CONF['use_sfs']) {
$email = isset($_USER['email']) ? $_USER['email'] : '';
}
}
if (isset($postData['name']) && $postData['name'] != '') {
$name = _ff_preparefordb(@htmlspecialchars(strip_tags(trim(COM_checkWords(USER_sanitizeName($postData['name'])))), ENT_QUOTES, COM_getEncodingt()), 'text');
$name = urldecode($name);
} else {
$okToSave = false;
$errorMessages .= $LANG_GF02['invalid_name'] . '<br />';
}
// speed limit check
if (!SEC_hasRights('forum.edit')) {
COM_clearSpeedlimit($_FF_CONF['post_speedlimit'], 'forum');
$last = COM_checkSpeedlimit('forum');
if ($last > 0) {
$errorMessages .= sprintf($LANG_GF01['SPEEDLIMIT'], $last, $_FF_CONF['post_speedlimit']) . '<br/>';
$okToSave = false;
}
}
// standard edit checks
if (strlen(trim($postData['name'])) < $_FF_CONF['min_username_length'] || strlen(trim($postData['subject'])) < $_FF_CONF['min_subject_length'] || strlen(trim($postData['comment'])) < $_FF_CONF['min_comment_length']) {
$errorMessages .= $LANG_GF02['msg18'] . '<br/>';
$okToSave = false;
}
// CAPTCHA check
if (function_exists('plugin_itemPreSave_captcha') && $okToSave == true) {
if (!isset($postData['captcha'])) {
$postData['captcha'] = '';
}
$msg = plugin_itemPreSave_captcha('forum', $postData['captcha']);
if ($msg != '') {
$errorMessages .= $msg . '<br/>';
$okToSave = false;
}
}
$status = 0;
if (isset($postData['disable_bbcode']) && $postData['disable_bbcode'] == 1) {
$status += DISABLE_BBCODE;
}
if (isset($postData['disable_smilies']) && $postData['disable_smilies'] == 1) {
$status += DISABLE_SMILIES;
}
if (isset($postData['disable_urlparse']) && $postData['disable_urlparse'] == 1) {
$status += DISABLE_URLPARSE;
}
// spamx check
if ($_FF_CONF['use_spamx_filter'] == 1 && $okToSave == true) {
SESS_unSet('spamx_msg');
// clear out the message.
// Check for SPAM
$spamcheck = '<h1>' . $postData['subject'] . '</h1><p>' . FF_formatTextBlock($postData['comment'], $postData['postmode'], 'preview', $status) . '</p>';
$result = PLG_checkforSpam($spamcheck, $_CONF['spamx']);
// Now check the result and redirect to index.php if spam action was taken
if ($result > 0) {
// then tell them to get lost ...
$errorMessages .= $LANG_GF02['spam_detected'];
if (SESS_isSet('spamx_msg')) {
$errorMessages .= '<br>' . SESS_getVar('spamx_msg') . '<br>';
SESS_unSet('spamx_msg');
}
$okToSave = false;
}
}
if ($_FF_CONF['use_sfs'] == 1 && COM_isAnonUser() && function_exists('plugin_itemPreSave_spamx')) {
$spamCheckData = array('username' => $postData['name'], 'email' => $email, 'ip' => $REMOTE_ADDR);
$msg = plugin_itemPreSave_spamx('forum', $spamCheckData);
if ($msg) {
$errorMessages .= $msg;
$okToSave = false;
}
}
if ($okToSave == false) {
$retval .= _ff_alertMessage($errorMessages, $LANG_GF01['ERROR'], ' ');
return array(false, $retval);
}
if ($okToSave == true) {
if (!isset($postData['postmode_switch'])) {
$postData['postmode_switch'] = 0;
}
$postmode = _ff_chkpostmode($postData['postmode'], $postData['postmode_switch']);
// validate postmode
if ($postmode == 'html' || $postmode == 'HTML') {
if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) {
$postmode = 'html';
} else {
$postmode = 'text';
}
}
$subject = _ff_preparefordb(strip_tags($postData['subject']), 'text');
$comment = _ff_preparefordb($postData['comment'], $postmode);
$mood = isset($postData['mood']) ? COM_applyFilter($postData['mood']) : '';
$id = COM_applyFilter($postData['id'], true);
$forum = COM_applyFilter($postData['forum'], true);
$notify = isset($postData['notify']) ? COM_applyFilter($postData['notify']) : '';
// If user has moderator edit rights only
$locked = 0;
$sticky = 0;
if (isset($postData['modedit']) && $postData['modedit'] == 1) {
if (isset($postData['locked_switch']) && $postData['locked_switch'] == 1) {
$locked = 1;
}
if (isset($postData['sticky_switch']) && $postData['sticky_switch'] == 1) {
$sticky = 1;
}
}
if ($action == 'savetopic') {
$fields = "forum,name,email,date,lastupdated,subject,comment,postmode,ip,mood,uid,pid,sticky,locked,status";
$sql = "INSERT INTO {$_TABLES['ff_topic']} ({$fields}) ";
$sql .= "VALUES (" . (int) $forum . "," . "'" . DB_escapeString($name) . "'," . "'" . DB_escapeString($email) . "'," . "'" . DB_escapeString($date) . "'," . "'" . DB_escapeString($date) . "'," . "'" . $subject . "'," . "'" . $comment . "'," . "'" . DB_escapeString($postmode) . "'," . "'" . DB_escapeString($REMOTE_ADDR) . "'," . "'" . DB_escapeString($mood) . "'," . (int) $uid . "," . "0," . (int) $sticky . "," . (int) $locked . "," . (int) $status . ")";
DB_query($sql);
// Find the id of the last inserted topic
list($lastid) = DB_fetchArray(DB_query("SELECT max(id) FROM {$_TABLES['ff_topic']} "));
$savedPostID = $lastid;
$topicPID = $lastid;
/* Check for any uploaded files - during add of new topic */
$uploadErrors = _ff_check4files($lastid);
// Check and see if there are no [file] bbcode tags in content and reset the show_inline value
// This is needed in case user had used the file bbcode tag and then removed it
$imagerecs = '';
$imagerecs = implode(',', $forumfiles);
$sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $lastid . " ";
if ($imagerecs != '') {
$sql .= "AND id NOT IN ({$imagerecs})";
}
DB_query($sql);
// Update forums record
DB_query("UPDATE {$_TABLES['ff_forums']} SET post_count=post_count+1, topic_count=topic_count+1, last_post_rec=" . (int) $lastid . " WHERE forum_id=" . (int) $forum);
if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $lastid)) {
DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $lastid);
}
DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0");
} else {
if ($action == 'savereply') {
$fields = "name,email,date,subject,comment,postmode,ip,mood,uid,pid,forum,status";
$sql = "INSERT INTO {$_TABLES['ff_topic']} ({$fields}) ";
$sql .= "VALUES (" . "'" . DB_escapeString($name) . "'," . "'" . DB_escapeString($email) . "'," . "'" . DB_escapeString($date) . "'," . "'{$subject}'," . "'{$comment}'," . "'" . DB_escapeString($postmode) . "'," . "'" . DB_escapeString($REMOTE_ADDR) . "'," . "'" . DB_escapeString($mood) . "'," . (int) $uid . "," . (int) $id . "," . (int) $forum . "," . (int) $status . ")";
DB_query($sql);
// Find the id of the last inserted topic
list($lastid) = DB_fetchArray(DB_query("SELECT max(id) FROM {$_TABLES['ff_topic']} "));
$savedPostID = $lastid;
$topicPID = $id;
/* Check for any uploaded files - during adding reply post */
$uploadErrors = _ff_check4files($lastid);
// Check and see if there are no [file] bbcode tags in content and reset the show_inline value
// This is needed in case user had used the file bbcode tag and then removed it
$imagerecs = '';
$imagerecs = implode(',', $forumfiles);
$sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $lastid;
if ($imagerecs != '') {
$sql .= " AND id NOT IN ({$imagerecs})";
}
DB_query($sql);
DB_query("UPDATE {$_TABLES['ff_topic']} SET replies=replies+1, lastupdated='" . DB_escapeString($date) . "',last_reply_rec=" . (int) $lastid . " WHERE id=" . (int) $id);
DB_query("UPDATE {$_TABLES['ff_forums']} SET post_count=post_count+1, last_post_rec=" . (int) $lastid . " WHERE forum_id=" . (int) $forum);
if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $lastid)) {
DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $id);
}
DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0");
} elseif ($action == 'saveedit') {
$sql = "UPDATE {$_TABLES['ff_topic']} SET " . "subject='{$subject}'," . "comment='{$comment}'," . "postmode='" . DB_escapeString($postmode) . "'," . "mood='" . DB_escapeString($mood) . "'," . "sticky=" . (int) $sticky . "," . "locked=" . (int) $locked . "," . "status=" . (int) $status . " " . "WHERE (id=" . (int) $editid . ")";
DB_query($sql);
/* Check for any uploaded files - during save of edit */
$uploadErrors = _ff_check4files($editid);
// Check and see if there are no [file] bbcode tags in content and reset the show_inline value
// This is needed in case user had used the file bbcode tag and then removed it
$imagerecs = '';
$imagerecs = implode(',', $forumfiles);
$sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $editid . " ";
if ($imagerecs != '') {
$sql .= "AND id NOT IN ({$imagerecs})";
}
DB_query($sql);
$topicPID = DB_getITEM($_TABLES['ff_topic'], "pid", "id=" . (int) $editid);
if ($topicPID == 0) {
$topicPID = $editid;
}
$savedPostID = $editid;
if ($postData['silentedit'] != 1) {
DB_query("UPDATE {$_TABLES['ff_topic']} SET lastupdated='" . DB_escapeString($date) . "' WHERE id=" . (int) $topicPID);
//Remove any lastviewed records in the log so that the new updated topic indicator will appear
DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0");
}
if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $editid)) {
DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $topicPID);
}
$topicparent = $topicPID;
}
}
COM_updateSpeedLimit('forum');
PLG_itemSaved($savedPostID, 'forum');
CACHE_remove_instance('forumcb');
if (!COM_isAnonUser()) {
//NOTIFY - Checkbox variable in form set to "on" when checked and they don't already have subscribed to forum or topic
$nid = -$topicPID;
$currentForumNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id=0 AND uid=" . (int) $uid);
$currentTopicNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id='" . DB_escapeString($topicPID) . "' AND uid=" . (int) $uid);
$currentTopicUnNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id='" . DB_escapeString($nid) . "' AND uid=" . (int) $uid);
$forum_name = DB_getItem($_TABLES['ff_forums'], 'forum_name', 'forum_id=' . (int) $forum);
$topic_name = $subject;
if ($notify == 'on' and ($currentForumNotifyRecID < 1 and $currentTopicNotifyRecID < 1)) {
$sql = "INSERT INTO {$_TABLES['subscriptions']} (type,category,category_desc,id,id_desc,uid,date_added) ";
$sql .= "VALUES ('forum','" . DB_escapeString($forum) . "','" . DB_escapeString($forum_name) . "','" . DB_escapeString($topicPID) . "','" . $subject . "'," . (int) $uid . ",now() )";
DB_query($sql);
} elseif ($notify == 'on' and $currentTopicUnNotifyRecID > 1) {
// Had un-subcribed to topic and now wants to subscribe
DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE sub_id=" . (int) $currentTopicUnNotifyRecID);
} elseif ($notify == '' and $currentTopicNotifyRecID > 1) {
// Subscribed to topic - but does not want to be notified anymore
DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($topicPID) . "'");
} elseif ($notify == '' and $currentForumNotifyRecID > 1) {
// Subscribed to forum - but does not want to be notified about this topic
DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($topicPID) . "'");
DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($nid) . "'");
DB_query("INSERT INTO {$_TABLES['subscriptions']} (type,category,category_desc,id,id_desc,uid,date_added) VALUES ('forum','" . DB_escapeString($forum) . "','" . DB_escapeString($forum_name) . "','" . DB_escapeString($nid) . "','" . $subject . "'," . (int) $uid . ",now() )");
}
}
if ($action != 'saveedit') {
_ff_chknotifications($forum, $savedPostID, $uid);
}
$link = $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . $topicPID . '&topic=' . $savedPostID . '#' . $savedPostID;
if ($uploadErrors != '') {
$autorefresh = false;
} else {
$autorefresh = true;
}
$retval .= FF_statusMessage($uploadErrors . $LANG_GF02['msg19'], $link, $LANG_GF02['msg19'], false, '', $autorefresh);
} else {
$retval .= _ff_alertMessage($LANG_GF02['msg18']);
}
return array(true, $retval);
}
function _rebuild_data()
{
global $_CONF;
$method = '';
if (SESS_isSet('glfusion.auth.method')) {
$method = SESS_getVar('glfusion.auth.method');
SESS_unSet('glfusion.auth.method');
}
$postdata = '';
if (SESS_isSet('glfusion.auth.post')) {
$postdata = SESS_getVar('glfusion.auth.post');
SESS_unSet('glfusion.auth.post');
}
$getdata = '';
if (SESS_isSet('glfusion.auth.get')) {
$getdata = SESS_getVar('glfusion.auth.get');
SESS_unSet('glfusion.auth.get');
}
$filedata = '';
if (SESS_isSet('glfusion.auth.file')) {
$filedata = SESS_getVar('glfusion.auth.file');
SESS_unSet('glfusion.auth.file');
$file_array = unserialize($filedata);
}
$filedata = '';
if (empty($_FILES) && isset($file_array) && is_array($file_array)) {
foreach ($file_array as $fkey => $file) {
if (isset($file['name']) && is_array($file['name'])) {
foreach ($file as $key => $data) {
foreach ($data as $offset => $value) {
if ($key == 'tmp_name') {
$filename = COM_sanitizeFilename(basename($value), true);
$value = $_CONF['path_data'] . 'temp/' . $filename;
if ($filename == '') {
$value = '';
}
$_FILES[$fkey]['_data_dir'][$offset] = true;
}
$_FILES[$fkey][$key][$offset] = $value;
if (!isset($_FILES[$fkey]['tmp_name']) || !isset($_FILES[$fkey]['tmp_name'][$offset]) || !file_exists($_FILES[$fkey]['tmp_name'][$offset])) {
$_FILES[$fkey]['tmp_name'][$offset] = '';
$_FILES[$fkey]['error'][$offset] = 4;
}
}
}
} else {
foreach ($file as $key => $value) {
if ($key == 'tmp_name') {
$filename = COM_sanitizeFilename(basename($value), true);
$value = $_CONF['path_data'] . 'temp/' . $filename;
if ($filename == '') {
$value = '';
}
// set _data_dir attribute to key upload class to not use move_uploaded_file()
$_FILES[$fkey]['_data_dir'] = true;
}
$_FILES[$fkey][$key] = $value;
}
if (!file_exists($_FILES[$fkey]['tmp_name'])) {
$_FILES[$fkey]['tmp_name'] = '';
$_FILES[$fkey]['error'] = 4;
}
}
}
}
$_POST = array();
$_GET = array();
$_SERVER['REQUEST_METHOD'] = $method;
$_POST = unserialize($postdata);
$_GET = unserialize($getdata);
// refresh the token (easier to create new one than try to fake referer)
if (@array_key_exists(CSRF_TOKEN, $_POST) || @array_key_exists(CSRF_TOKEN, $_GET)) {
$newToken = SEC_createToken();
$_POST[CSRF_TOKEN] = $newToken;
$_GET[CSRF_TOKEN] = $newToken;
}
if (!isset($_GET) || !is_array($_GET)) {
$_GET = array();
}
if (!isset($_POST) || !is_array($_POST)) {
$_POST = array();
}
$_REQUEST = array_merge($_GET, $_POST);
return;
}
