コード例 #1
0
ファイル: r535.php プロジェクト: Ideenkarosell/phpwcms
function phpwcms_revision_r535()
{
    $status = true;
    // do former revision check – fallback to r534
    if (phpwcms_revision_check_temp('534') !== true) {
        $status = phpwcms_revision_check('534');
    }
    // change type of some content related fields from TEXT to MEDIUMTEXT
    // Retrieve Type of profession name
    $result = _dbQuery("SHOW COLUMNS FROM `" . DB_PREPEND . "phpwcms_profession` WHERE Field='prof_name'");
    if (isset($result[0]['Type']) && strpos($result[0]['Type'], '100')) {
        $update = _dbQuery("ALTER TABLE `" . DB_PREPEND . "phpwcms_profession` CHANGE `prof_name` `prof_name` VARCHAR(255) NOT NULL DEFAULT ''", 'ALTER');
        if (!$update) {
            $status = false;
        }
    }
    // Change profession ' n/a'
    _dbUpdate('phpwcms_profession', array('prof_name' => 'n/a'), "prof_name=' n/a'");
    // Import new professions
    $result = _dbCount("SELECT COUNT(*) FROM `" . DB_PREPEND . "phpwcms_profession`");
    if ($result < 25) {
        $jobs = array('academic', 'accountant', 'actor', 'administrative services department manager', 'administrator', 'administrator, IT', 'agricultural advisor', 'air steward', 'air-conditioning installer or mechanic', 'aircraft service technician', 'ambulance driver (non paramedic)', 'animal carer (not in farms)', 'animator', 'arable farm manager, field crop or vegetable', 'arable farmer, field crop or vegetable', 'architect', 'architect, landscape', 'artist', 'asbestos removal worker', 'assembler', 'assembly team leader', 'assistant', 'author', 'baker', 'bank clerk (back-office)', 'beauty therapist', 'beverage production process controller', 'biologist', 'blogger', 'boring machine operator', 'bricklayer', 'builder', 'butcher', 'car mechanic', 'career counsellor', 'caretaker', 'carpenter', 'charge nurse', 'check-out operator', 'chef', 'child-carer', 'civil engineering technician', 'civil servant', 'cleaning supervisor', 'clerk', 'climatologist', 'cloak room attendant', 'cnc operator', 'comic book writer', 'community health worker', 'company director', 'computer programmer', 'confectionery maker', 'construction operative', 'cook', 'cooling or freezing installer or mechanic', 'critic', 'database designer', 'decorator', 'dental hygienist', 'dental prosthesis technician', 'dentist', 'department store manager', 'designer', 'designer, graphic', 'designer, industrial', 'designer, interface', 'designer, interior', 'designer, screen', 'designer, web', 'dietician', 'diplomat', 'director', 'display designer', 'doctor', 'domestic housekeeper', 'economist', 'editor', 'education advisor', 'electrical engineer', 'electrical mechanic or fitter', 'electrician', 'engineer', 'engineering maintenance supervisor', 'estate agent', 'executive', 'executive secretary', 'farmer', 'felt roofer', 'filing clerk', 'film director', 'financial clerk', 'financial services manager', 'fire fighter', 'first line supervisor beverages workers', 'first line supervisor of cleaning workers', 'fisherman', 'fishmonger', 'flight attendant', 'floral arranger', 'food scientist', 'garage supervisor', 'garbage man', 'gardener, all other', 'general practitioner', 'geographer', 'geologist', 'hairdresser', 'head groundsman', 'head teacher', 'horse riding instructor', 'hospital nurse', 'hotel manager', 'house painter', 'hr manager', 'it applications programmer', 'it systems administrator', 'jeweller', 'journalist', 'judge', 'juggler', 'kitchen assistant', 'lathe setter-operator', 'lawyer', 'lecturer', 'legal secretary', 'lexicographer', 'library assistant', 'local police officer', 'logistics manager', 'machine tool operator', 'magician', 'makeup artist', 'manager', 'manager, all other health services', 'marketing manager', 'meat processing operator', 'mechanical engineering technician', 'medical laboratory technician', 'medical radiography equipment operator', 'metal moulder', 'metal production process operator', 'meteorologist', 'midwifery professional', 'miner', 'mortgage clerk', 'musical instrument maker', 'musician', 'non-commissioned officer armed forces', 'nurse', 'nursery school teacher', 'nursing aid', 'ophthalmic optician', 'optician', 'painter', 'payroll clerk', 'personal assistant', 'personal carer in an institution for the elderly', 'personal carer in an institution for the handicapped', 'personal carer in private homes', 'personnel clerk', 'pest controller', 'photographer', 'physician assistant', 'pilot', 'pipe fitter', 'plant maintenance mechanic', 'plumber', 'police inspector', 'police officer', 'policy advisor', 'politician', 'porter', 'post secondary education teacher', 'post sorting or distributing clerk', 'power plant operator', 'primary school head', 'primary school teacher', 'printer', 'printing machine operator', 'prison officer / warder', 'product manager', 'professional gambler', 'project manager', 'programmer', 'psychologist', 'puppeteer', 'quality inspector, all other products', 'receptionist', 'restaurant cook', 'road paviour', 'roofer', 'sailor', 'sales assistant, all other', 'sales or marketing manager', 'sales representative', 'sales support clerk', 'salesperson', 'scientist', 'seaman (armed forces)', 'secondary school manager', 'secondary school teacher', 'secretary', 'security guard', 'sheet metal worker', 'ship mechanic', 'shoe repairer, leather repairer', 'shop assistant', 'sign language Interpreter', 'singer', 'social media manager', 'social photographer', 'software analyst', 'software developer', 'software engineer', 'soldier', 'solicitor', 'speech therapist', 'steel fixer', 'stockman', 'structural engineer', 'student', 'surgeon', 'surgical footwear maker', 'swimming instructor', 'system operator', 'tailor', 'tailor, seamstress', 'tax inspector', 'taxi driver', 'teacher', 'telephone operator', 'telephonist', 'theorist', 'tile layer', 'translator', 'transport clerk', 'travel agency clerk', 'travel agent', 'truck driver long distances', 'trucker', 'TV cameraman', 'TV presenter', 'university professor', 'university researcher', 'vet', 'veterinary practitioner', 'vocational education teacher', 'waiter', 'waiting staff', 'web designer', 'web developer', 'webmaster', 'welder, all other', 'wood processing plant operator', 'writer', 'other', 'n/a');
        foreach ($jobs as $job) {
            $sql = 'INSERT IGNORE INTO `' . DB_PREPEND . 'phpwcms_profession` (prof_name) VALUES(' . _dbEscape($job) . ')';
            _dbQuery($sql, 'INSERT');
        }
    }
    return $status;
}
コード例 #2
0
function backend_edit_keywords()
{
    $list = '';
    $keyword_id = empty($_POST['keyword_selected_id']) ? 0 : intval($_POST['keyword_selected_id']);
    // UPDATE keyword
    if (isset($_POST['send_update'])) {
        $update = backend_getKeywordPostValues();
        if (empty($update['keyword_name'])) {
            // False, empty Keyword Name
            $list .= '<p>Proof your input. Keyword name had no value. Value was reset.</p>';
        } else {
            $sql = "UPDATE " . DB_PREPEND . "phpwcms_keyword SET ";
            $sql .= "keyword_name=" . _dbEscape($update['keyword_name']) . " ";
            $sql .= "WHERE keyword_id=" . $keyword_id . " ";
            $sql .= "AND keyword_name!=" . _dbEscape($update['keyword_name']) . " LIMIT 1";
            $update['result'] = _dbQuery($sql, 'UPDATE');
        }
        // INSERT keyword
    } elseif (isset($_POST['send_insert'])) {
        $insert = backend_getKeywordPostValues();
        if (empty($insert['keyword_name'])) {
            // False, empty Keyword Name
            $list .= '<p>Proof your input. Keyword name had no value. Value was reset.</p>';
        } else {
            // 1st check if keyword does not exist
            $sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_keyword ";
            $sql .= "WHERE keyword_trash=0 AND keyword_name=" . _dbEscape($insert['keyword_name']);
            $check = _dbQuery($sql);
            if (empty($check[0])) {
                $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_keyword SET ";
                $sql .= "keyword_name=" . _dbEscape($insert['keyword_name']);
                $insert['result'] = _dbQuery($sql, 'INSERT');
                $keyword_id = $insert['result']['INSERT_ID'];
            } else {
                $list .= '<p>No new keyword created. Keyword name must be unique.</p>';
            }
        }
    }
    $sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_keyword WHERE keyword_trash=0 AND keyword_id=" . $keyword_id . " LIMIT 1";
    $keyword = _dbQuery($sql);
    if (!$keyword) {
        return '<p>No keyword could be found for the given ID</p>';
    }
    $list .= '<form name="keywordEditing" action="' . html(BE_CURRENT_URL) . '" method="post">' . LF;
    // edit values
    $list .= '<div class="inputText">';
    $list .= '<label for="keyword_name">Keyword name:</label>';
    $list .= '<input type="text" name="keyword_name" id="keyword_name" value="' . html($keyword[0]['keyword_name']) . '" />';
    $list .= '</div>' . LF;
    $list .= '<div class="inputButton">';
    $list .= '<button type="submit" name="send_update">Update</button>';
    $list .= '<button type="submit" name="send_insert">New</button>';
    $list .= '</div>' . LF;
    // hidden values
    $list .= '<input type="hidden" name="keyword_selected_id" value="' . $keyword_id . '" />';
    $list .= '<input type="hidden" name="keyword_action" value="edit" />';
    $list .= LF . '</form>' . LF;
    return $list;
}
コード例 #3
0
function _getFileInfo($value, $limit = '1', $mode = 'hash')
{
    $sql = '';
    switch ($mode) {
        case 'hash':
            $sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_file WHERE f_aktiv=1 AND ";
            $sql .= "f_trash=0 AND f_public=1 AND ";
            $sql .= "f_hash=" . _dbEscape($value);
            if (!FEUSER_LOGIN_STATUS) {
                $sql .= ' AND f_granted=0';
            }
            if ($limit) {
                $sql .= " LIMIT " . $limit;
            }
            break;
    }
    return _dbQuery($sql);
}
コード例 #4
0
ファイル: r532.php プロジェクト: Ideenkarosell/phpwcms
function phpwcms_revision_r532()
{
    $status = true;
    // do former revision check – fallback to r529
    if (phpwcms_revision_check_temp('529') !== true) {
        $status = phpwcms_revision_check('529');
    }
    $result = _dbQuery('SHOW TABLES LIKE ' . _dbEscape(DB_PREPEND . 'phpwcms_redirect'));
    if (!isset($result[0])) {
        $sql = "CREATE TABLE IF NOT EXISTS `" . DB_PREPEND . "phpwcms_redirect` (\n\t\t\t\t\t`rid` int(11) unsigned NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t`changed` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\t\t\t\t\t`id` bigint(20) unsigned NOT NULL DEFAULT '0',\n\t\t\t\t\t`aid` bigint(20) unsigned NOT NULL DEFAULT '0',\n\t\t\t\t\t`alias` varchar(255) NOT NULL DEFAULT '',\n\t\t\t\t\t`link` varchar(255) NOT NULL DEFAULT '',\n\t\t\t\t\t`views` bigint(20) unsigned NOT NULL DEFAULT '0',\n\t\t\t\t\t`active` int(1) unsigned NOT NULL DEFAULT '0',\n\t\t\t\t\t`shortcut` int(1) unsigned NOT NULL DEFAULT '0',\n\t\t\t\t\t`type` varchar(255) NOT NULL DEFAULT '',\n\t\t\t\t\t`code` varchar(255) NOT NULL DEFAULT '',\n\t\t\t\t\t`target` varchar(255) NOT NULL DEFAULT '',\n\t\t\t\t\tPRIMARY KEY (`rid`),\n\t\t\t\t\tKEY `id` (`id`,`aid`,`alias`),\n\t\t\t\t\tKEY `active` (`active`),\n\t\t\t\t\tKEY `link` (`link`)\n\t\t\t\t) ENGINE=MyISAM";
        if (!empty($GLOBALS['phpwcms']['db_charset'])) {
            $sql .= ' DEFAULT CHARSET=' . $GLOBALS['phpwcms']['db_charset'];
        }
        if (!empty($GLOBALS['phpwcms']['db_collation'])) {
            $sql .= ' COLLATE=' . $GLOBALS['phpwcms']['db_collation'];
        }
        $result = _dbQuery($sql, 'CREATE');
        if (!$result) {
            $status = false;
        }
    }
    return $status;
}
コード例 #5
0
if (!isset($_SESSION["pklapp"]) || isset($_GET["all"]) && $_GET["all"] == "close") {
    $_SESSION["pklapp"] = array();
}
if (isset($_GET["pklapp"])) {
    list($pklapp_id, $pklapp_value) = explode("|", $_GET["pklapp"]);
    if (intval($pklapp_value)) {
        $_SESSION["pklapp"][$pklapp_id] = 1;
    } else {
        unset($_SESSION["pklapp"][$pklapp_id]);
    }
    foreach ($_SESSION["pklapp"] as $pklapp_id => $pklapp_value) {
        if (!$pklapp_value) {
            unset($_SESSION["pklapp"][$pklapp_id]);
        }
    }
    mysql_query("UPDATE " . DB_PREPEND . "phpwcms_user SET usr_var_publicfile=" . _dbEscape(serialize($_SESSION["pklapp"])) . " WHERE usr_id=" . $_SESSION["wcs_user_id"], $db);
}
$_SESSION["list_zaehler"] = 0;
//Zähler für die Public-Listenfunktion setzen
//Feststellen, ob überhaupt Dateien/Ordner des Users vorhanden sind
$sql = "SELECT COUNT(f_id) FROM " . DB_PREPEND . "phpwcms_file WHERE f_public=1 AND f_aktiv=1 AND f_trash=0 LIMIT 1;";
if ($result = mysql_query($sql, $db) or die("error while counting user files")) {
    if ($row = mysql_fetch_row($result)) {
        $count_user_files = $row[0];
    }
    mysql_free_result($result);
}
if (isset($count_user_files) && $count_user_files) {
    //Wenn überhaupt Public-Dateien vorhanden, dann Listing
    //Beginn Tabelle für Public Dateilisting
    echo "<table width=\"538\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n";
コード例 #6
0
<?php

/**
 * phpwcms content management system
 *
 * @author Oliver Georgi <*****@*****.**>
 * @copyright Copyright (c) 2002-2015, Oliver Georgi
 * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
 * @link http://www.phpwcms.de
 *
 **/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
    die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
// Content Type E-Card
$SQL .= "acontent_form=" . _dbEscape(serialize($content['reference'])) . " ";
コード例 #7
0
ファイル: cnt27.sql.inc.php プロジェクト: EDVLanger/phpwcms
<?php

/**
 * phpwcms content management system
 *
 * @author Oliver Georgi <*****@*****.**>
 * @copyright Copyright (c) 2002-2015, Oliver Georgi
 * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
 * @link http://www.phpwcms.de
 *
 **/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
    die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
// Content Type FAQ
$SQL .= "acontent_text=" . _dbEscape($content["faq_question"]) . ", ";
$SQL .= "acontent_html=" . _dbEscape($content["faq_answer"]) . ", ";
$SQL .= "acontent_form=" . _dbEscape(serialize($content["faq"])) . ", ";
$SQL .= "acontent_image=" . _dbEscape($content["image_info"]) . " ";
コード例 #8
0
     // Only allowed file extensions
     if (empty($file_error["file"])) {
         if (is_string($phpwcms['allowed_upload_ext'])) {
             $phpwcms['allowed_upload_ext'] = convertStringToArray(strtolower($phpwcms['allowed_upload_ext']));
         }
         if ($fileExt === '') {
             $file_error["file"] = sprintf($BL['be_fprivup_err9'], implode(', ', $phpwcms['allowed_upload_ext']));
         } elseif (is_array($phpwcms['allowed_upload_ext']) && count($phpwcms['allowed_upload_ext']) && !in_array(strtolower($fileExt), $phpwcms['allowed_upload_ext'])) {
             $file_error["file"] = sprintf($BL['be_fprivup_err8'], strtoupper($fileName), implode(', ', $phpwcms['allowed_upload_ext']));
         }
     }
 }
 if (empty($file_error)) {
     if (isset($file_vars)) {
         $fileVarsField = ',f_vars';
         $fileVarsValue = ',' . _dbEscape(serialize($file_vars));
     } else {
         $fileVarsField = '';
         $fileVarsValue = '';
     }
     $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_file (" . "f_pid, f_uid, f_kid, f_aktiv, f_public, f_name, f_created, f_size, f_type, f_ext, " . "f_shortinfo, f_longinfo, f_keywords, f_hash, f_copyright, f_tags, f_granted, f_gallerystatus, f_sort" . $fileVarsField . ") VALUES (" . $file_pid . ", " . intval($_SESSION["wcs_user_id"]) . ", 1, " . $file_aktiv . ", " . $file_public . ", '" . $fileName . "', '" . time() . "', '" . $fileSize . "', '" . aporeplace($fileType) . "', '" . $fileExt . "', '" . aporeplace($file_shortinfo) . "', '" . aporeplace($file_longinfo) . "', '" . aporeplace($file_keys) . "', '" . aporeplace($fileHash) . "', '" . aporeplace($file_copyright) . "', '" . aporeplace($file_tags) . "', " . $file_granted . ", " . $file_gallerydownload . ", " . $file_sort . $fileVarsValue . ")";
     if ($result = mysql_query($sql, $db) or die("error while insert file information")) {
         $new_fileId = mysql_insert_id($db);
         //Festlegen der aktuellen File-ID
         $wcs_newfilename = $fileExt ? $fileHash . '.' . $fileExt : $fileHash;
         // changed for using hashed file names
         $useruploadpath = PHPWCMS_ROOT . $phpwcms["file_path"];
         $usernewfile = $useruploadpath . $wcs_newfilename;
         if ($dir = @opendir($useruploadpath)) {
             if (!@move_uploaded_file($_FILES["file"]["tmp_name"], $usernewfile)) {
                 $file_error["upload"] = $BL['be_fprivup_err3'] . ' (1)';
コード例 #9
0
ファイル: download.php プロジェクト: Ideenkarosell/phpwcms
        $mime = empty($_GET['type']) ? '' : clean_slweg($_GET['type'], 100);
        if (!is_mimetype_format($mime)) {
            $mime = get_mimetype_by_extension(which_ext($file));
        }
        header('Content-Type: ' . $mime);
        if (BROWSER_OS == 'iOS') {
            require_once PHPWCMS_ROOT . '/include/inc_lib/functions.file.inc.php';
            rangeDownload($file);
        } else {
            header('Content-Transfer-Encoding: binary');
            if (!isset($_GET['ios'])) {
                header('Content-Disposition: inline; filename="' . ($phpwcms['sanitize_dlname'] ? phpwcms_remove_accents($filename) : $filename) . '"');
            }
            header('Content-Length: ' . filesize($file));
            readfile($file);
        }
        $success = true;
    }
}
if ($success) {
    $sql = "UPDATE " . DB_PREPEND . "phpwcms_file SET f_dlfinal=f_dlfinal+1 ";
    $sql .= "WHERE f_hash=" . _dbEscape($download["f_hash"]) . " LIMIT 1";
    _dbQuery($sql, 'UPDATE');
    if ($countonly) {
        headerRedirect(PHPWCMS_URL . PHPWCMS_FILES . $fileinfo['filename']);
    }
} else {
    headerRedirect('', 404);
    echo '<h1>404 File Not Found</h1>';
}
exit;
コード例 #10
0
<?php

/**
 * phpwcms content management system
 *
 * @author Oliver Georgi <*****@*****.**>
 * @copyright Copyright (c) 2002-2015, Oliver Georgi
 * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
 * @link http://www.phpwcms.de
 *
 **/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
    die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
// Content Type Form Email
$SQL .= "acontent_form=" . _dbEscape($content["form"]) . " ";
コード例 #11
0
ファイル: cnt29.sql.inc.php プロジェクト: EDVLanger/phpwcms
<?php

/**
 * phpwcms content management system
 *
 * @author Oliver Georgi <*****@*****.**>
 * @copyright Copyright (c) 2002-2015, Oliver Georgi
 * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
 * @link http://www.phpwcms.de
 *
 **/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
    die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
// Content Type Images
$SQL .= "acontent_text=" . _dbEscape($content["text"]) . ", ";
$SQL .= "acontent_template=" . _dbEscape($content["image_template"]) . ", ";
$SQL .= "acontent_form=" . _dbEscape(serialize($content['image_list'])) . " ";
コード例 #12
0
ファイル: ajax_connector.php プロジェクト: EDVLanger/phpwcms
     $where = "cat_status=1 AND cat_type NOT IN('module_shop') AND ";
     $where .= "cat_name LIKE '%" . _dbEscape(preg_replace('/[^\\w\\- ]/', '', $value), false) . "%'";
     $result = _dbGet('phpwcms_categories', 'cat_name', $where, 'cat_name', 'cat_name', 20);
     if (isset($result[0])) {
         if ($jquery) {
             $data = $result;
         } else {
             foreach ($result as $value) {
                 $data[] = utf8_encode($value['cat_name']);
             }
         }
     }
     break;
 case 'newstags':
     $where = "cat_status=1 AND cat_type='news' AND ";
     $where .= "cat_name LIKE '%" . _dbEscape(preg_replace('/[^\\w\\- ]/', '', $value), false) . "%'";
     $result = _dbGet('phpwcms_categories', 'cat_name', $where, 'cat_name', 'cat_name', 20);
     if (isset($result[0])) {
         if ($jquery) {
             $data = $result;
         } else {
             foreach ($result as $value) {
                 $data[] = utf8_encode($value['cat_name']);
             }
         }
     }
     break;
 case 'lang':
     $data = is_array($phpwcms['allowed_lang']) && count($phpwcms['allowed_lang']) ? $phpwcms['allowed_lang'] : array($phpwcms['default_lang']);
     sort($data);
     break;
コード例 #13
0
		<input type="hidden" name="cblock" value="CPSET" />
		<input type="hidden" name="csorting" value="0" />
		<input type="hidden" name="cbefore" value="" />
		<input type="hidden" name="ctab_title" value="" />
		<input type="hidden" name="ctab_number" value="" />
		<input type="hidden" name="ctitle" value="" />
		<input type="hidden" name="csubtitle" value="" />
		<input type="hidden" name="cpaginate_title" value="" />
		<input type="hidden" name="cpaginate_page" value="" />

<?php 
    // normal contentpart edit mode
} else {
    // Detect Template
    if (!empty($content['article']['acat_template'])) {
        $content['current_template'] = _dbGet('phpwcms_template', '*', 'template_trash=0 AND template_id=' . _dbEscape($content['article']['acat_template']), '', '', 1);
    }
    if (!isset($content['current_template'][0])) {
        $content['current_template'] = _dbGet('phpwcms_template', '*', 'template_trash=0 AND template_default=1', '', '', 1);
    }
    if (!isset($content['current_template'][0])) {
        $content['current_template'] = _dbGet('phpwcms_template', '*', 'template_trash=0', '', 'template_default DESC', 1);
    }
    $content['blocks'] = array();
    if (isset($content['current_template'][0]['template_var'])) {
        $content['template_name'] = html($content['current_template'][0]['template_name']);
        if ($content['current_template'][0]['template_default']) {
            $content['template_name'] .= ' (' . $BL['be_admin_tmpl_default'] . ')';
        }
        $content['current_template'] = unserialize($content['current_template'][0]['template_var']);
        if (!empty($content['current_template']['customblock'])) {
コード例 #14
0
ファイル: act_user.php プロジェクト: Ideenkarosell/phpwcms
require_once PHPWCMS_ROOT . '/include/inc_lib/general.inc.php';
checkLogin();
validate_csrf_tokens();
require_once PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php';
if ($_SESSION["wcs_user_admin"] == 1) {
    //Wenn Benutzer Admin-Rechte hat
    //Löschen eines Benutzers
    if (isset($_GET["del"])) {
        $ui = explode(":", clean_slweg($_GET["del"]));
        $user_id = intval($ui[0]);
        $user_email = '';
        if (isset($ui[1])) {
            $user_email = $ui[1];
        }
        if ($user_id != $_SESSION["wcs_user_id"]) {
            $sql = "UPDATE " . DB_PREPEND . "phpwcms_user SET " . "usr_login='******', " . "usr_pass='******', " . "usr_email='', " . "usr_admin=0, " . "usr_aktiv=9 " . "WHERE usr_id=" . $user_id . " AND " . "usr_email=" . _dbEscape($user_email);
            if ($result = mysql_query($sql, $db)) {
                if (is_valid_email($user_email)) {
                    @mail($user_email, "your account", "YOUR PHPWCMS ACCOUNT WAS DELETED\n \ncontact the admin if you have any question.\n\nSee you at " . $phpwcms["site"], "From: " . $phpwcms["admin_email"] . "\nReply-To: " . $phpwcms["admin_email"] . "\n");
                }
            }
        }
    }
    if (isset($_GET["aktiv"])) {
        $ui = explode(":", clean_slweg($_GET["aktiv"]));
        $user_id = intval($ui[0]);
        $user_aktiv = !empty($ui[1]) ? 1 : 0;
        if ($user_id != $_SESSION["wcs_user_id"]) {
            $sql = "UPDATE " . DB_PREPEND . "phpwcms_user SET usr_aktiv=" . $user_aktiv . " WHERE usr_id=" . $user_id . ";";
            mysql_query($sql, $db) or die("error");
        }
コード例 #15
0
 function search()
 {
     $this->now = now();
     if (empty($this->search_words)) {
         return NULL;
     }
     $cnt_ts_livedate = 'IF(UNIX_TIMESTAMP(pc.cnt_livedate) > 0, UNIX_TIMESTAMP(pc.cnt_livedate), pc.cnt_created)';
     $cnt_ts_killdate = 'IF(UNIX_TIMESTAMP(pc.cnt_killdate) > 0, UNIX_TIMESTAMP(pc.cnt_killdate), pc.cnt_created + 31536000)';
     $sql = 'SELECT pc.*, ';
     $sql .= $cnt_ts_livedate . ' AS cnt_ts_livedate, ';
     $sql .= $cnt_ts_killdate . ' AS cnt_ts_killdate ';
     $sql .= 'FROM ' . DB_PREPEND . 'phpwcms_content pc ';
     $sql_where = 'WHERE ';
     $sql_where .= 'pc.cnt_status=1 AND ';
     $sql_where .= "pc.cnt_module='news' AND ";
     $sql_where .= $cnt_ts_livedate . ' < ' . $this->now . ' AND ';
     $sql_where .= '(' . $cnt_ts_killdate . ' > ' . $this->now . ' OR cnt_archive_status = 1) ';
     $sql_group = '';
     // choose by category
     if (count($this->search_category)) {
         $cat_sql = array();
         // and/or/not mode
         switch ($this->search_andor) {
             case 'AND':
                 $news_andor = ' AND ';
                 $news_compare = '=';
                 break;
             case 'NOT':
                 $news_andor = ' AND ';
                 $news_compare = '!=';
                 break;
             default:
                 //OR
                 $news_andor = ' OR ';
                 $news_compare = '=';
         }
         foreach ($this->search_category as $value) {
             $cat_sql[] = 'pcat.cat_name' . $news_compare . _dbEscape($value);
         }
         $sql .= "LEFT JOIN " . DB_PREPEND . "phpwcms_categories pcat ON (pcat.cat_type='news' AND pcat.cat_pid=pc.cnt_id) ";
         $sql_where .= 'AND (' . implode($news_andor, $cat_sql) . ') ';
         $sql_group = 'GROUP BY pc.cnt_id ';
     }
     // language selection
     if (count($this->search_language)) {
         $sql_where .= "AND pc.cnt_lang IN ('" . str_replace('#', "','", _dbEscape(implode('#', $this->search_language), false)) . "') ";
     }
     $sql .= $sql_where;
     $sql .= $sql_group;
     $sql = trim($sql);
     $data = _dbQuery($sql);
     $search_target_url_test = strtolower(substr($this->search_target_url, 0, 4));
     if ($search_target_url_test !== 'http' && $search_target_url_test !== '{sit') {
         // expected alias here or aid=123 or id=123
         if ($this->search_highlight) {
             $this->search_target_url = rel_url(array('newsdetail' => '___NEWSDETAIL__', 'highlight' => '___HIGHLIGHT__'), array('searchstart', 'searchwords'), $this->search_target_url);
         } else {
             $this->search_target_url = rel_url(array('newsdetail' => '___NEWSDETAIL__'), array('highlight', 'searchstart', 'searchwords'), $this->search_target_url);
         }
         $search_replace_newsdetail = true;
     } else {
         $search_replace_newsdetail = strpos($this->search_target_url, '___NEWSDETAIL__') !== false ? true : false;
         $this->search_target_url = html_specialchars($this->search_target_url);
     }
     if ($this->search_highlight_words && is_array($this->search_highlight_words)) {
         $s_highlight_words = rawurlencode(implode(' ', $this->search_highlight_words));
     } else {
         $s_highlight_words = '';
     }
     foreach ($data as $value) {
         $s_result = array();
         $s_text = $value['cnt_text'] . ', ' . $value['cnt_teasertext'] . ', ' . $value['cnt_place'] . ', ';
         $s_text .= $value['cnt_subtitle'] . ', ' . $value['cnt_title'];
         if ($this->search_username) {
             $s_text .= ', ' . $value['cnt_editor'];
         }
         $value['cnt_object'] = @unserialize($value['cnt_object']);
         if (!empty($value['cnt_object']['cnt_searchoff'])) {
             continue;
         }
         if (isset($value['cnt_object']['cnt_category'])) {
             if ($this->search_keyword) {
                 $s_text .= ' ' . $value['cnt_object']['cnt_category'];
             }
             if ($this->search_caption) {
                 $s_text .= ' ' . $value['cnt_object']['cnt_image']['caption'];
                 $s_text .= ' ' . $value['cnt_object']['cnt_files']['caption'];
             }
         }
         $s_text = preg_replace('/<script[^>]*>.*?<\\/script>/is', '', $s_text);
         // strip all <script> Tags
         $s_text = str_replace(array('~', '|', ':', 'http', '//', '_blank', '&nbsp;'), ' ', $s_text);
         $s_text = clean_search_text($s_text);
         preg_match_all('/' . $this->search_words . '/is', $s_text, $s_result);
         $s_count = count($s_result[0]);
         //set search_result to 0
         if ($s_count && SEARCH_TYPE_AND) {
             $s_and_or = array();
             foreach ($s_result[0] as $svalue) {
                 $s_and_or[strtolower($svalue)] = 1;
             }
             $s_and_or = count($s_and_or);
             if ($s_and_or != $this->search_word_count) {
                 $s_count = 0;
             }
         }
         if ($s_count) {
             $id = $this->search_result_entry;
             $this->search_results[$id]["id"] = $value['cnt_id'];
             $this->search_results[$id]["cid"] = 0;
             $this->search_results[$id]["rank"] = $s_count;
             if ($this->search_highlight) {
                 $this->search_results[$id]["title"] = highlightSearchResult(html($value['cnt_title']), $this->search_highlight_words);
                 $this->search_results[$id]["subtitle"] = highlightSearchResult(html($value['cnt_subtitle']), $this->search_highlight_words);
             } else {
                 $this->search_results[$id]["title"] = html($value['cnt_title']);
                 $this->search_results[$id]["subtitle"] = html($value['cnt_subtitle']);
             }
             $this->search_results[$id]["date"] = $value['cnt_ts_livedate'];
             $this->search_results[$id]["user"] = html($value['cnt_editor']);
             $value['detail_link'] = date('Ymd', $value['cnt_ts_livedate']) . '-' . $value['cnt_id'] . '_';
             //$crow['acontent_aid']
             $value['detail_link'] .= empty($value['cnt_alias']) ? $value['cnt_id'] : urlencode($value['cnt_alias']);
             if (strpos($this->search_target_url, '___NEWSDETAIL__') !== false) {
                 $this->search_results[$id]['link'] = str_replace(array('___NEWSDETAIL__', '___HIGHLIGHT__'), array($value['detail_link'], $s_highlight_words), $this->search_target_url);
             } else {
                 $this->search_results[$id]['link'] = $this->search_target_url . '&amp;newsdetail=' . $value['detail_link'];
                 if ($this->search_highlight) {
                     $this->search_results[$id]['link'] .= '&amp;highlight=' . $s_highlight_words;
                 }
             }
             $s_text = trim(trim(str_replace(', ,', ',', $s_text)), ' ,');
             $s_text = html(getCleanSubString($s_text, $this->search_wordlimit, $this->ellipse_sign, 'word'), false);
             if ($this->search_highlight) {
                 $s_text = highlightSearchResult($s_text, $this->search_highlight_words);
             }
             $this->search_results[$id]["text"] = $s_text;
             $this->search_results[$id]["image"] = false;
             if ($this->image_render && !empty($value['cnt_object']['cnt_image']['id'])) {
                 $value['cnt_object']['cnt_image'] = _dbGet('phpwcms_file', 'f_id AS `id`, f_hash AS `hash`, f_ext AS `ext`, f_name AS `name`', 'f_id=' . _dbEscape($value['cnt_object']['cnt_image']['id']) . ' AND f_trash=0 AND f_aktiv=1 AND f_public=1');
                 if (isset($value['cnt_object']['cnt_image'][0]['id'])) {
                     $this->search_results[$id]["image"] = $value['cnt_object']['cnt_image'][0];
                 }
             }
             $this->search_result_entry++;
         }
     }
 }
コード例 #16
0
ファイル: cnt11.sql.inc.php プロジェクト: EDVLanger/phpwcms
<?php

/**
 * phpwcms content management system
 *
 * @author Oliver Georgi <*****@*****.**>
 * @copyright Copyright (c) 2002-2015, Oliver Georgi
 * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
 * @link http://www.phpwcms.de
 *
 **/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
    die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
// Content Type Code
$SQL .= "acontent_text = " . _dbEscape($content["code"]) . ", ";
$SQL .= "acontent_template = " . _dbEscape($content["template"]) . " ";
コード例 #17
0
ファイル: general.inc.php プロジェクト: EDVLanger/phpwcms
function checkLogin($mode = 'REDIRECT')
{
    $sql = "UPDATE " . DB_PREPEND . "phpwcms_userlog SET logged_in=0, logged_change='" . time() . "' ";
    $sql .= "WHERE logged_in=1 AND (" . time() . "-logged_change) > " . intval($GLOBALS['phpwcms']["max_time"]);
    _dbQuery($sql, 'UPDATE');
    checkLoginCount();
    if (empty($_SESSION["wcs_user"])) {
        @session_destroy();
        $ref_url = '';
        if (!empty($_SERVER['QUERY_STRING'])) {
            $ref_url = '?ref=' . rawurlencode(PHPWCMS_URL . 'phpwcms.php?' . xss_clean($_SERVER['QUERY_STRING']));
        }
        if ($mode == 'REDIRECT') {
            // check again if user was logged in and this is a valid redirect request
            $sql = 'SELECT COUNT(*)  FROM ' . DB_PREPEND . 'phpwcms_userlog WHERE ';
            $sql .= "logged_ip=" . _dbEscape(getRemoteIP()) . " AND ";
            $sql .= '( ' . time() . ' - logged_change ) < 3600';
            $ref_url = _dbCount($sql) > 0 ? get_login_file() . $ref_url : '';
            headerRedirect(PHPWCMS_URL . $ref_url);
        } else {
            return false;
        }
    }
    return true;
}
コード例 #18
0
ファイル: general.inc.php プロジェクト: Ideenkarosell/phpwcms
function logout_user($reason = '', $type = '')
{
    $sql = "UPDATE " . DB_PREPEND . "phpwcms_userlog SET logged_change=" . _dbEscape(time()) . ", logged_in=0 ";
    $sql .= "WHERE logged_user="******"wcs_user"]) . " AND logged_in=1";
    _dbQuery($sql, 'UPDATE');
    $_SESSION = array();
    @session_destroy();
    $login_url = PHPWCMS_URL . get_login_file();
    $get_parameter = array();
    if ($reason) {
        $get_parameter[] = 'reason=' . rawurlencode($reason);
    }
    if ($type) {
        $get_parameter[] = 'type=' . rawurlencode($type);
    }
    if (count($get_parameter)) {
        $login_url .= '?' . implode('&', $get_parameter);
    }
    headerRedirect($login_url, 401);
}
コード例 #19
0
ファイル: default.inc.php プロジェクト: EDVLanger/phpwcms
function checkLoginCount()
{
    $check = 0;
    if (!empty($_SESSION["wcs_user"])) {
        $sql = "SELECT COUNT(*) FROM " . DB_PREPEND . "phpwcms_userlog WHERE logged_user="******"wcs_user"]) . " AND logged_in=1";
        if (!empty($phpwcms['Login_IPcheck'])) {
            $sql .= " AND logged_ip=" . _dbEscape(getRemoteIP());
        }
        $check = _dbCount($sql);
        if ($check) {
            $sql = "UPDATE " . DB_PREPEND . "phpwcms_userlog SET logged_change=" . time() . " WHERE ";
            $sql .= "logged_user="******"wcs_user"]) . " AND logged_in=1";
            _dbQuery($sql, 'UPDATE');
        } else {
            destroyBackendSessionData();
        }
    }
    return $check;
}
コード例 #20
0
                $file_error["keywords"][$key] = 1;
            }
        }
    }
    //if(isEmpty($file_shortinfo)) $file_error["shortinfo"] = 1;
    if (empty($file_name)) {
        $file_error["name"] = 1;
    } else {
        //Wenn Dateiname keine Erweiterung hat, dann Extension anhängen
        if (trim(strtolower(FileExtension($file_name))) != trim($file_ext)) {
            $file_name .= "." . $file_ext;
        }
    }
    //Eintragen der aktualisierten Verzeichnisinfos
    if (!isset($file_error)) {
        $sql = "UPDATE " . DB_PREPEND . "phpwcms_file SET " . "f_name='" . aporeplace($file_name) . "', " . "f_pid=" . $file_pid . ", " . "f_aktiv=" . $file_aktiv . ", " . "f_public=" . $file_public . ", " . "f_shortinfo='" . aporeplace($file_shortinfo) . "', " . "f_longinfo='" . aporeplace($file_longinfo) . "', " . "f_keywords='" . $file_keys . "', " . "f_created='" . time() . "', " . "f_copyright='" . aporeplace($file_copyright) . "', " . "f_tags='" . aporeplace($file_tags) . "', " . "f_granted=" . $file_granted . ", " . "f_gallerystatus=" . $file_gallerydownload . ", " . (isset($file_vars) ? 'f_vars=' . _dbEscape(serialize($file_vars)) . ',' : '') . "f_sort=" . $file_sort . " " . "WHERE f_kid=1 AND f_id=" . $file_id;
        if (empty($_SESSION["wcs_user_admin"])) {
            $sql .= " AND f_uid=" . intval($_SESSION["wcs_user_id"]);
        }
        if ($result = mysql_query($sql, $db)) {
            // store tags
            _dbSaveCategories($file_tags, 'file', $file_id, ',');
            //headerRedirect(PHPWCMS_URL."phpwcms.php?do=files&f=0");
        } else {
            $file_error["save_failed"] = 1;
        }
    }
}
//Ende Auswerten Formular
//Wenn ID angegeben, dann -> oder aber Root Verzeichnis
if ($file_id) {
コード例 #21
0
<?php

/**
 * phpwcms content management system
 *
 * @author Oliver Georgi <*****@*****.**>
 * @copyright Copyright (c) 2002-2015, Oliver Georgi
 * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
 * @link http://www.phpwcms.de
 *
 **/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
    die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
// ensure max allowed packet is big enough
_dbSetVar('max_allowed_packet', 16 * 1024 * 1024, '<');
// Form
$SQL .= "acontent_form=" . _dbEscape(serialize($content['form'])) . " ";
コード例 #22
0
 $guestbook['nav'] = preg_replace('/{LAST:(.*?)}/s', $guestbook['last_replace'], $guestbook['nav']);
 $guestbook['nav'] = preg_replace_callback('/{PAGE:(\\d+):(.*?)}/s', 'guestbook_pages', $guestbook['nav']);
 // archive (form)
 if (!(strpos($guestbook['nav'], '{ARCHIVE') === false)) {
     preg_match('/{ARCHIVE:(.*?)}/s', $guestbook['nav'], $guestbook['archiveval']);
     $guestbook['archiveval'] = explode('|', $guestbook['archiveval'][1]);
     $guestbook['archive'] = '<form name="guestbookarchive" id="guestbookarchive" method="post" action="index.php?id=' . implode(',', $aktion) . '">';
     $guestbook['archive'] .= '<select name="showarchive" id="showarchive" onchange="document.guestbookarchive.submit();">';
     if (!isset($guestbook['archiveval'][1]) || !$guestbook['archiveval'][1]) {
         $guestbook['archiveval'][1] = 'all entries';
     }
     $guestbook['archive'] .= '<option value="">' . $guestbook['archiveval'][1] . "</option>\n";
     if (empty($guestbook['archiveval'][0])) {
         $guestbook['archiveval'][0] = '%m/%Y';
     }
     $guestbook['asql'] = "SELECT DISTINCT FROM_UNIXTIME(guestbook_created," . _dbEscape($guestbook['archiveval'][0]);
     $guestbook['asql'] .= ") AS guestbook_date FROM " . DB_PREPEND . "phpwcms_guestbook WHERE guestbook_cid=";
     $guestbook['asql'] .= $guestbook['cid'] . " AND guestbook_trashed=0 ORDER BY guestbook_created DESC";
     if ($guestbook['result'] = mysql_query($guestbook['asql'], $db)) {
         while ($guestbook['row'] = mysql_fetch_row($guestbook['result'])) {
             $guestbook['row'][0] = html_specialchars($guestbook['row'][0]);
             $guestbook['archive'] .= '<option value="' . $guestbook['row'][0] . '"';
             if ($guestbook['archiveselect'] == $guestbook['row'][0]) {
                 $guestbook['archive'] .= ' selected="selected"';
             }
             $guestbook['archive'] .= '>' . $guestbook['row'][0] . "</option>\n";
         }
         mysql_free_result($guestbook['result']);
     }
     $guestbook['archive'] .= '</select>';
     $guestbook['archive'] .= '<input type="hidden" name="archivedate" value="' . html_specialchars($guestbook['archiveval'][0]) . '" />';
コード例 #23
0
     switch ($content['alink']['alink_andor']) {
         case 'AND':
             $content['alink']['alink_andor'] = ' AND ';
             $content['alink']['alink_compare'] = '=';
             break;
         case 'NOT':
             $content['alink']['alink_andor'] = ' AND ';
             $content['alink']['alink_compare'] = '!=';
             break;
         default:
             //OR
             $content['alink']['alink_andor'] = ' OR ';
             $content['alink']['alink_compare'] = '=';
     }
     foreach ($content['alink']['alink_category'] as $value) {
         $content['alink']['tags_sql'][] = 'pcat.cat_name' . $content['alink']['alink_compare'] . _dbEscape($value);
     }
     // JOIN with tags/categories for articles
     $alink_sql .= "LEFT JOIN " . DB_PREPEND . "phpwcms_categories pcat ON (pcat.cat_type='article' AND pcat.cat_pid=ar.article_id) ";
     $content['alink']['tags_where'] = 'AND (' . implode($content['alink']['alink_andor'], $content['alink']['tags_sql']) . ') ';
     // group by article ID
     $content['alink']['tags_group_by'] = ' GROUP BY ar.article_id';
 }
 $alink_sql .= 'WHERE ar.article_aktiv=1 AND ar.article_deleted=0 AND ar.article_noteaser=0 ';
 if (!PREVIEW_MODE) {
     $alink_sql .= 'AND ar.article_begin < NOW() AND ar.article_end > NOW() ';
 }
 // add possible WHERE clauses when tags/categories are used
 $alink_sql .= $content['alink']['tags_where'];
 if (empty($content['alink']['alink_type'])) {
     if (!empty($content['alink']['alink_unique']) && count($content['UNIQUE_ALINK'])) {
コード例 #24
0
 }
 if (empty($form_newletter_setting['name_field'])) {
     $form_newletter_setting['name_field'] = $form_newletter_setting['email_field'];
 }
 $form_newletter_setting['hash'] = preg_replace('/[^a-z0-9]/i', '', shortHash($form_newletter_setting['email_field'] . time()));
 // create SQL query to populate recipient into recipients db
 $form_newletter_setting['sql'] = 'INSERT INTO ' . DB_PREPEND . 'phpwcms_address ';
 $form_newletter_setting['sql'] .= '(address_key, address_email, address_name, address_verified, ';
 $form_newletter_setting['sql'] .= 'address_subscription, address_url1, address_url2) VALUES (';
 $form_newletter_setting['sql'] .= _dbEscape($form_newletter_setting['hash']) . ", ";
 $form_newletter_setting['sql'] .= _dbEscape($form_newletter_setting['email_field']) . ", ";
 $form_newletter_setting['sql'] .= _dbEscape($form_newletter_setting['name_field']) . ", ";
 $form_newletter_setting['sql'] .= (empty($form_newletter_setting['double_optin']) ? 1 : 0) . ", ";
 $form_newletter_setting['sql'] .= _dbEscape(serialize($form_newletter_setting['selection'])) . ", ";
 $form_newletter_setting['sql'] .= _dbEscape(empty($form_newletter_setting['url_subscribe']) ? '' : $form_newletter_setting['url_subscribe']) . ", ";
 $form_newletter_setting['sql'] .= _dbEscape(empty($form_newletter_setting['url_unsubscribe']) ? '' : $form_newletter_setting['url_unsubscribe']);
 $form_newletter_setting['sql'] .= ')';
 // save recipient in db and send verify message in case of double opt-in
 $form_newletter_setting['query_result'] = @_dbQuery($form_newletter_setting['sql'], 'INSERT');
 // now send opt-in email
 if (!empty($form_newletter_setting['double_optin'])) {
     if (empty($cnt_form['verifyemail'])) {
         if (empty($form_newletter_setting['optin_template']) || !is_file(PHPWCMS_TEMPLATE . 'inc_cntpart/newsletter/email/' . trim($form_newletter_setting['optin_template']))) {
             $cnt_form['verifyemail'] = file_get_contents(PHPWCMS_TEMPLATE . 'inc_cntpart/newsletter/email/default.opt-in.txt');
         } else {
             $cnt_form['verifyemail'] = file_get_contents(PHPWCMS_TEMPLATE . 'inc_cntpart/newsletter/email/' . trim($form_newletter_setting['optin_template']));
             if (trim($cnt_form['verifyemail']) === '') {
                 $cnt_form['verifyemail'] = file_get_contents(PHPWCMS_TEMPLATE . 'inc_cntpart/newsletter/email/default.opt-in.txt');
             }
         }
         if (trim($cnt_form['verifyemail']) === '') {
コード例 #25
0
ファイル: cnt12.sql.inc.php プロジェクト: EDVLanger/phpwcms
<?php

/**
 * phpwcms content management system
 *
 * @author Oliver Georgi <*****@*****.**>
 * @copyright Copyright (c) 2002-2015, Oliver Georgi
 * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
 * @link http://www.phpwcms.de
 *
 **/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
    die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
// Content Type Newsletter Subscription
$SQL .= "acontent_newsletter=" . _dbEscape(serialize($content["newsletter"])) . " ";
コード例 #26
0
                 $aktion[4] = $row[0]['aktion4'];
                 define('PHPWCMS_ALIAS', $alias);
                 $content['404error']['status'] = false;
             } elseif ($alias == $indexpage['acat_alias']) {
                 define('PHPWCMS_ALIAS', $alias);
                 $content['404error']['status'] = false;
             }
         }
     }
     if ($content['404error']['status']) {
         // ToDo: maybe Check against structure/article alias and redirect
         $content['404error']['where'] = sprintf('alias LIKE %s', _dbEscape($content['404error']['alias']));
         $content['404error']['alias'] = $content['404error']['redirect_url'];
     }
 } else {
     $content['404error']['where'] = sprintf('id=%d AND aid=%d AND alias LIKE %s', $content['404error']['id'], $content['404error']['aid'], _dbEscape($content['404error']['alias']));
 }
 if ($content['404error']['status']) {
     // does the combination still exists in the database
     $content['404error']['result'] = _dbGet('phpwcms_redirect', '*', $content['404error']['where']);
     if (isset($content['404error']['result'][0])) {
         $content['404error']['result'] = $content['404error']['result'][0];
         _dbUpdate('phpwcms_redirect', array('views' => intval($content['404error']['result']['views']) + 1), 'rid=' . $content['404error']['result']['rid']);
         // Test for redirect
         if ($content['404error']['result']['active'] == 1) {
             // HTTP Status
             // 301, 302 (default), 307, 401, 404, 503
             $content['404error']['result']['code'] = empty($content['404error']['result']['code']) ? 302 : intval($content['404error']['result']['code']);
             // Redirect to Home
             // home (empty), alias, id, aid, link
             if (empty($content['404error']['result']['type'])) {
コード例 #27
0
ファイル: act_addchat.php プロジェクト: Ideenkarosell/phpwcms
<?php

/**
 * phpwcms content management system
 *
 * @author Oliver Georgi <*****@*****.**>
 * @copyright Copyright (c) 2002-2015, Oliver Georgi
 * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
 * @link http://www.phpwcms.de
 *
 **/
session_start();
$phpwcms = array();
require_once '../../include/config/conf.inc.php';
require_once '../inc_lib/default.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/helper.session.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/dbcon.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/general.inc.php';
checkLogin();
validate_csrf_tokens();
require_once PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php';
$chat_message = clean_slweg(trim($_POST['chatmsg']));
$chatlist = intval($_POST['chatlist']);
if ($chat_message) {
    $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_chat (chat_uid, chat_name, chat_text, chat_cat) ";
    $sql .= "VALUES (" . $_SESSION['wcs_user_id'] . "," . _dbEscape($_SESSION['wcs_user']) . "," . _dbEscape($chat_message) . ",0)";
    _dbQuery($sql, 'INSERT');
}
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=chat&p=1&l=' . $chatlist . '&' . get_token_get_string('csrftoken'));
コード例 #28
0
ファイル: act_ftptakeover.php プロジェクト: EDVLanger/phpwcms
 // now try to find 1st file having same named and replace it if related mark is set
 if ($ftp["replace"]) {
     $rsql = "SELECT * FROM " . DB_PREPEND . "phpwcms_file WHERE ";
     $rsql .= "f_name=" . _dbEscape($file_name) . " AND f_kid=1 ";
     $rsql .= "AND f_pid=" . $ftp["dir"] . " AND f_trash=0 AND f_id != " . $new_fileId . " LIMIT 1";
     $rrow = _dbQuery($rsql);
     if (isset($rrow[0]['f_id'])) {
         $rrow = $rrow[0];
         $oldFileID = $rrow['f_id'];
         $oldFileHash = $rrow['f_hash'];
         $oldFileNewHash = md5($file_name . microtime() . time());
         // now update new file by old file information of same named
         $nsql = "UPDATE " . DB_PREPEND . "phpwcms_file SET ";
         $nsql .= "f_refid=" . $oldFileID . ", f_trash=5, f_size=" . $rrow['f_size'] . ', ';
         $nsql .= "f_type=" . _dbEscape($rrow['f_type']) . ", f_changed=" . now() . ', ';
         $nsql .= "f_hash=" . _dbEscape($oldFileNewHash) . " WHERE f_id=" . $new_fileId;
         if (_dbQuery($nsql, 'UPDATE')) {
             // yepp both files are updated in db
             // now change hash of file storage files
             rename($useruploadpath . $oldFileHash . $_file_extension, $useruploadpath . $oldFileNewHash . $_file_extension);
             rename($usernewfile, $useruploadpath . $oldFileHash . $_file_extension);
             // update file size of old file with new filesize
             _dbUpdate('phpwcms_file', array('f_type' => $file_type, 'f_size' => $file_size, 'f_changed' => now()), 'f_id=' . $oldFileID);
             // empty temp images directory
             $thumbnails = returnFileListAsArray(PHPWCMS_THUMB, 'jpg,jpeg,gif,png');
             if (is_array($thumbnails) && count($thumbnails)) {
                 foreach ($thumbnails as $thumbnail) {
                     @unlink(PHPWCMS_THUMB . $thumbnail['filename']);
                 }
             }
         }
コード例 #29
0
 // need some additional functions
 include_once PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php';
 // set import sort counter
 $article_sort_counter = _dbGet('phpwcms_article', 'article_sort', 'article_cid=' . _dbEscape($feedimport_result['cnt_object']['structure_level_id']), '', 'article_sort DESC', 1);
 if (isset($article_sort_counter[0])) {
     $article_sort_counter = $article_sort_counter[0]['article_sort'] + 10;
 } else {
     $article_sort_counter = 100;
 }
 foreach ($rss_obj->get_items() as $rssvalue) {
     $article_unique_hash = md5($feedimport_result['cnt_text'] . $rssvalue->get_title() . $rssvalue->get_date('U'));
     // check against crossreference table
     $sql = 'SELECT * FROM ' . DB_PREPEND . 'phpwcms_crossreference c ';
     $sql .= 'LEFT JOIN ' . DB_PREPEND . 'phpwcms_article a ';
     $sql .= 'ON c.cref_rid=a.article_id ';
     $sql .= "WHERE c.cref_type='feed_to_article_import' AND c.cref_str=" . _dbEscape('feedimport_' . $article_unique_hash) . ' AND ';
     $sql .= 'a.article_deleted=0 LIMIT 1';
     if (_dbQuery($sql, 'COUNT') > 0) {
         continue;
     }
     $article_title = html_entity_decode($rssvalue->get_title(), ENT_COMPAT, PHPWCMS_CHARSET);
     $article_alias = proof_alias(0, $article_title, 'ARTICLE');
     $article_begin = $rssvalue->get_date('U');
     $article_end = now() + 3600 * 24 * 365 * 10;
     $article_summary = $rssvalue->get_description();
     $article_content = $rssvalue->get_content();
     $article_description = preg_replace('/\\s+/', ' ', html_entity_decode(strip_tags($article_summary), ENT_COMPAT, PHPWCMS_CHARSET));
     list($article_description) = explode("\n", wordwrap($article_description, 250), 2);
     list($article_description) = explode("-- ", $article_description, 2);
     $article_description = preg_replace('/(.*?\\.).+?$/', '$1', $article_description);
     $article_author = $rssvalue->get_author();
コード例 #30
0
ファイル: cnt51.sql.inc.php プロジェクト: EDVLanger/phpwcms
<?php

/**
 * phpwcms content management system
 *
 * @author Oliver Georgi <*****@*****.**>
 * @copyright Copyright (c) 2002-2015, Oliver Georgi
 * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
 * @link http://www.phpwcms.de
 *
 **/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
    die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
// Content Type Map
$SQL .= "acontent_form=" . _dbEscape(serialize($content["map"])) . " ";