function phpwcms_revision_r535() { $status = true; // do former revision check – fallback to r534 if (phpwcms_revision_check_temp('534') !== true) { $status = phpwcms_revision_check('534'); } // change type of some content related fields from TEXT to MEDIUMTEXT // Retrieve Type of profession name $result = _dbQuery("SHOW COLUMNS FROM `" . DB_PREPEND . "phpwcms_profession` WHERE Field='prof_name'"); if (isset($result[0]['Type']) && strpos($result[0]['Type'], '100')) { $update = _dbQuery("ALTER TABLE `" . DB_PREPEND . "phpwcms_profession` CHANGE `prof_name` `prof_name` VARCHAR(255) NOT NULL DEFAULT ''", 'ALTER'); if (!$update) { $status = false; } } // Change profession ' n/a' _dbUpdate('phpwcms_profession', array('prof_name' => 'n/a'), "prof_name=' n/a'"); // Import new professions $result = _dbCount("SELECT COUNT(*) FROM `" . DB_PREPEND . "phpwcms_profession`"); if ($result < 25) { $jobs = array('academic', 'accountant', 'actor', 'administrative services department manager', 'administrator', 'administrator, IT', 'agricultural advisor', 'air steward', 'air-conditioning installer or mechanic', 'aircraft service technician', 'ambulance driver (non paramedic)', 'animal carer (not in farms)', 'animator', 'arable farm manager, field crop or vegetable', 'arable farmer, field crop or vegetable', 'architect', 'architect, landscape', 'artist', 'asbestos removal worker', 'assembler', 'assembly team leader', 'assistant', 'author', 'baker', 'bank clerk (back-office)', 'beauty therapist', 'beverage production process controller', 'biologist', 'blogger', 'boring machine operator', 'bricklayer', 'builder', 'butcher', 'car mechanic', 'career counsellor', 'caretaker', 'carpenter', 'charge nurse', 'check-out operator', 'chef', 'child-carer', 'civil engineering technician', 'civil servant', 'cleaning supervisor', 'clerk', 'climatologist', 'cloak room attendant', 'cnc operator', 'comic book writer', 'community health worker', 'company director', 'computer programmer', 'confectionery maker', 'construction operative', 'cook', 'cooling or freezing installer or mechanic', 'critic', 'database designer', 'decorator', 'dental hygienist', 'dental prosthesis technician', 'dentist', 'department store manager', 'designer', 'designer, graphic', 'designer, industrial', 'designer, interface', 'designer, interior', 'designer, screen', 'designer, web', 'dietician', 'diplomat', 'director', 'display designer', 'doctor', 'domestic housekeeper', 'economist', 'editor', 'education advisor', 'electrical engineer', 'electrical mechanic or fitter', 'electrician', 'engineer', 'engineering maintenance supervisor', 'estate agent', 'executive', 'executive secretary', 'farmer', 'felt roofer', 'filing clerk', 'film director', 'financial clerk', 'financial services manager', 'fire fighter', 'first line supervisor beverages workers', 'first line supervisor of cleaning workers', 'fisherman', 'fishmonger', 'flight attendant', 'floral arranger', 'food scientist', 'garage supervisor', 'garbage man', 'gardener, all other', 'general practitioner', 'geographer', 'geologist', 'hairdresser', 'head groundsman', 'head teacher', 'horse riding instructor', 'hospital nurse', 'hotel manager', 'house painter', 'hr manager', 'it applications programmer', 'it systems administrator', 'jeweller', 'journalist', 'judge', 'juggler', 'kitchen assistant', 'lathe setter-operator', 'lawyer', 'lecturer', 'legal secretary', 'lexicographer', 'library assistant', 'local police officer', 'logistics manager', 'machine tool operator', 'magician', 'makeup artist', 'manager', 'manager, all other health services', 'marketing manager', 'meat processing operator', 'mechanical engineering technician', 'medical laboratory technician', 'medical radiography equipment operator', 'metal moulder', 'metal production process operator', 'meteorologist', 'midwifery professional', 'miner', 'mortgage clerk', 'musical instrument maker', 'musician', 'non-commissioned officer armed forces', 'nurse', 'nursery school teacher', 'nursing aid', 'ophthalmic optician', 'optician', 'painter', 'payroll clerk', 'personal assistant', 'personal carer in an institution for the elderly', 'personal carer in an institution for the handicapped', 'personal carer in private homes', 'personnel clerk', 'pest controller', 'photographer', 'physician assistant', 'pilot', 'pipe fitter', 'plant maintenance mechanic', 'plumber', 'police inspector', 'police officer', 'policy advisor', 'politician', 'porter', 'post secondary education teacher', 'post sorting or distributing clerk', 'power plant operator', 'primary school head', 'primary school teacher', 'printer', 'printing machine operator', 'prison officer / warder', 'product manager', 'professional gambler', 'project manager', 'programmer', 'psychologist', 'puppeteer', 'quality inspector, all other products', 'receptionist', 'restaurant cook', 'road paviour', 'roofer', 'sailor', 'sales assistant, all other', 'sales or marketing manager', 'sales representative', 'sales support clerk', 'salesperson', 'scientist', 'seaman (armed forces)', 'secondary school manager', 'secondary school teacher', 'secretary', 'security guard', 'sheet metal worker', 'ship mechanic', 'shoe repairer, leather repairer', 'shop assistant', 'sign language Interpreter', 'singer', 'social media manager', 'social photographer', 'software analyst', 'software developer', 'software engineer', 'soldier', 'solicitor', 'speech therapist', 'steel fixer', 'stockman', 'structural engineer', 'student', 'surgeon', 'surgical footwear maker', 'swimming instructor', 'system operator', 'tailor', 'tailor, seamstress', 'tax inspector', 'taxi driver', 'teacher', 'telephone operator', 'telephonist', 'theorist', 'tile layer', 'translator', 'transport clerk', 'travel agency clerk', 'travel agent', 'truck driver long distances', 'trucker', 'TV cameraman', 'TV presenter', 'university professor', 'university researcher', 'vet', 'veterinary practitioner', 'vocational education teacher', 'waiter', 'waiting staff', 'web designer', 'web developer', 'webmaster', 'welder, all other', 'wood processing plant operator', 'writer', 'other', 'n/a'); foreach ($jobs as $job) { $sql = 'INSERT IGNORE INTO `' . DB_PREPEND . 'phpwcms_profession` (prof_name) VALUES(' . _dbEscape($job) . ')'; _dbQuery($sql, 'INSERT'); } } return $status; }
function backend_edit_keywords() { $list = ''; $keyword_id = empty($_POST['keyword_selected_id']) ? 0 : intval($_POST['keyword_selected_id']); // UPDATE keyword if (isset($_POST['send_update'])) { $update = backend_getKeywordPostValues(); if (empty($update['keyword_name'])) { // False, empty Keyword Name $list .= '<p>Proof your input. Keyword name had no value. Value was reset.</p>'; } else { $sql = "UPDATE " . DB_PREPEND . "phpwcms_keyword SET "; $sql .= "keyword_name=" . _dbEscape($update['keyword_name']) . " "; $sql .= "WHERE keyword_id=" . $keyword_id . " "; $sql .= "AND keyword_name!=" . _dbEscape($update['keyword_name']) . " LIMIT 1"; $update['result'] = _dbQuery($sql, 'UPDATE'); } // INSERT keyword } elseif (isset($_POST['send_insert'])) { $insert = backend_getKeywordPostValues(); if (empty($insert['keyword_name'])) { // False, empty Keyword Name $list .= '<p>Proof your input. Keyword name had no value. Value was reset.</p>'; } else { // 1st check if keyword does not exist $sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_keyword "; $sql .= "WHERE keyword_trash=0 AND keyword_name=" . _dbEscape($insert['keyword_name']); $check = _dbQuery($sql); if (empty($check[0])) { $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_keyword SET "; $sql .= "keyword_name=" . _dbEscape($insert['keyword_name']); $insert['result'] = _dbQuery($sql, 'INSERT'); $keyword_id = $insert['result']['INSERT_ID']; } else { $list .= '<p>No new keyword created. Keyword name must be unique.</p>'; } } } $sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_keyword WHERE keyword_trash=0 AND keyword_id=" . $keyword_id . " LIMIT 1"; $keyword = _dbQuery($sql); if (!$keyword) { return '<p>No keyword could be found for the given ID</p>'; } $list .= '<form name="keywordEditing" action="' . html(BE_CURRENT_URL) . '" method="post">' . LF; // edit values $list .= '<div class="inputText">'; $list .= '<label for="keyword_name">Keyword name:</label>'; $list .= '<input type="text" name="keyword_name" id="keyword_name" value="' . html($keyword[0]['keyword_name']) . '" />'; $list .= '</div>' . LF; $list .= '<div class="inputButton">'; $list .= '<button type="submit" name="send_update">Update</button>'; $list .= '<button type="submit" name="send_insert">New</button>'; $list .= '</div>' . LF; // hidden values $list .= '<input type="hidden" name="keyword_selected_id" value="' . $keyword_id . '" />'; $list .= '<input type="hidden" name="keyword_action" value="edit" />'; $list .= LF . '</form>' . LF; return $list; }
function _getFileInfo($value, $limit = '1', $mode = 'hash') { $sql = ''; switch ($mode) { case 'hash': $sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_file WHERE f_aktiv=1 AND "; $sql .= "f_trash=0 AND f_public=1 AND "; $sql .= "f_hash=" . _dbEscape($value); if (!FEUSER_LOGIN_STATUS) { $sql .= ' AND f_granted=0'; } if ($limit) { $sql .= " LIMIT " . $limit; } break; } return _dbQuery($sql); }
function phpwcms_revision_r532() { $status = true; // do former revision check – fallback to r529 if (phpwcms_revision_check_temp('529') !== true) { $status = phpwcms_revision_check('529'); } $result = _dbQuery('SHOW TABLES LIKE ' . _dbEscape(DB_PREPEND . 'phpwcms_redirect')); if (!isset($result[0])) { $sql = "CREATE TABLE IF NOT EXISTS `" . DB_PREPEND . "phpwcms_redirect` (\n\t\t\t\t\t`rid` int(11) unsigned NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t`changed` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\t\t\t\t\t`id` bigint(20) unsigned NOT NULL DEFAULT '0',\n\t\t\t\t\t`aid` bigint(20) unsigned NOT NULL DEFAULT '0',\n\t\t\t\t\t`alias` varchar(255) NOT NULL DEFAULT '',\n\t\t\t\t\t`link` varchar(255) NOT NULL DEFAULT '',\n\t\t\t\t\t`views` bigint(20) unsigned NOT NULL DEFAULT '0',\n\t\t\t\t\t`active` int(1) unsigned NOT NULL DEFAULT '0',\n\t\t\t\t\t`shortcut` int(1) unsigned NOT NULL DEFAULT '0',\n\t\t\t\t\t`type` varchar(255) NOT NULL DEFAULT '',\n\t\t\t\t\t`code` varchar(255) NOT NULL DEFAULT '',\n\t\t\t\t\t`target` varchar(255) NOT NULL DEFAULT '',\n\t\t\t\t\tPRIMARY KEY (`rid`),\n\t\t\t\t\tKEY `id` (`id`,`aid`,`alias`),\n\t\t\t\t\tKEY `active` (`active`),\n\t\t\t\t\tKEY `link` (`link`)\n\t\t\t\t) ENGINE=MyISAM"; if (!empty($GLOBALS['phpwcms']['db_charset'])) { $sql .= ' DEFAULT CHARSET=' . $GLOBALS['phpwcms']['db_charset']; } if (!empty($GLOBALS['phpwcms']['db_collation'])) { $sql .= ' COLLATE=' . $GLOBALS['phpwcms']['db_collation']; } $result = _dbQuery($sql, 'CREATE'); if (!$result) { $status = false; } } return $status; }
if (!isset($_SESSION["pklapp"]) || isset($_GET["all"]) && $_GET["all"] == "close") { $_SESSION["pklapp"] = array(); } if (isset($_GET["pklapp"])) { list($pklapp_id, $pklapp_value) = explode("|", $_GET["pklapp"]); if (intval($pklapp_value)) { $_SESSION["pklapp"][$pklapp_id] = 1; } else { unset($_SESSION["pklapp"][$pklapp_id]); } foreach ($_SESSION["pklapp"] as $pklapp_id => $pklapp_value) { if (!$pklapp_value) { unset($_SESSION["pklapp"][$pklapp_id]); } } mysql_query("UPDATE " . DB_PREPEND . "phpwcms_user SET usr_var_publicfile=" . _dbEscape(serialize($_SESSION["pklapp"])) . " WHERE usr_id=" . $_SESSION["wcs_user_id"], $db); } $_SESSION["list_zaehler"] = 0; //Zähler für die Public-Listenfunktion setzen //Feststellen, ob überhaupt Dateien/Ordner des Users vorhanden sind $sql = "SELECT COUNT(f_id) FROM " . DB_PREPEND . "phpwcms_file WHERE f_public=1 AND f_aktiv=1 AND f_trash=0 LIMIT 1;"; if ($result = mysql_query($sql, $db) or die("error while counting user files")) { if ($row = mysql_fetch_row($result)) { $count_user_files = $row[0]; } mysql_free_result($result); } if (isset($count_user_files) && $count_user_files) { //Wenn überhaupt Public-Dateien vorhanden, dann Listing //Beginn Tabelle für Public Dateilisting echo "<table width=\"538\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n";
<?php /** * phpwcms content management system * * @author Oliver Georgi <*****@*****.**> * @copyright Copyright (c) 2002-2015, Oliver Georgi * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2 * @link http://www.phpwcms.de * **/ // ---------------------------------------------------------------- // obligate check for phpwcms constants if (!defined('PHPWCMS_ROOT')) { die("You Cannot Access This Script Directly, Have a Nice Day."); } // ---------------------------------------------------------------- // Content Type E-Card $SQL .= "acontent_form=" . _dbEscape(serialize($content['reference'])) . " ";
<?php /** * phpwcms content management system * * @author Oliver Georgi <*****@*****.**> * @copyright Copyright (c) 2002-2015, Oliver Georgi * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2 * @link http://www.phpwcms.de * **/ // ---------------------------------------------------------------- // obligate check for phpwcms constants if (!defined('PHPWCMS_ROOT')) { die("You Cannot Access This Script Directly, Have a Nice Day."); } // ---------------------------------------------------------------- // Content Type FAQ $SQL .= "acontent_text=" . _dbEscape($content["faq_question"]) . ", "; $SQL .= "acontent_html=" . _dbEscape($content["faq_answer"]) . ", "; $SQL .= "acontent_form=" . _dbEscape(serialize($content["faq"])) . ", "; $SQL .= "acontent_image=" . _dbEscape($content["image_info"]) . " ";
// Only allowed file extensions if (empty($file_error["file"])) { if (is_string($phpwcms['allowed_upload_ext'])) { $phpwcms['allowed_upload_ext'] = convertStringToArray(strtolower($phpwcms['allowed_upload_ext'])); } if ($fileExt === '') { $file_error["file"] = sprintf($BL['be_fprivup_err9'], implode(', ', $phpwcms['allowed_upload_ext'])); } elseif (is_array($phpwcms['allowed_upload_ext']) && count($phpwcms['allowed_upload_ext']) && !in_array(strtolower($fileExt), $phpwcms['allowed_upload_ext'])) { $file_error["file"] = sprintf($BL['be_fprivup_err8'], strtoupper($fileName), implode(', ', $phpwcms['allowed_upload_ext'])); } } } if (empty($file_error)) { if (isset($file_vars)) { $fileVarsField = ',f_vars'; $fileVarsValue = ',' . _dbEscape(serialize($file_vars)); } else { $fileVarsField = ''; $fileVarsValue = ''; } $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_file (" . "f_pid, f_uid, f_kid, f_aktiv, f_public, f_name, f_created, f_size, f_type, f_ext, " . "f_shortinfo, f_longinfo, f_keywords, f_hash, f_copyright, f_tags, f_granted, f_gallerystatus, f_sort" . $fileVarsField . ") VALUES (" . $file_pid . ", " . intval($_SESSION["wcs_user_id"]) . ", 1, " . $file_aktiv . ", " . $file_public . ", '" . $fileName . "', '" . time() . "', '" . $fileSize . "', '" . aporeplace($fileType) . "', '" . $fileExt . "', '" . aporeplace($file_shortinfo) . "', '" . aporeplace($file_longinfo) . "', '" . aporeplace($file_keys) . "', '" . aporeplace($fileHash) . "', '" . aporeplace($file_copyright) . "', '" . aporeplace($file_tags) . "', " . $file_granted . ", " . $file_gallerydownload . ", " . $file_sort . $fileVarsValue . ")"; if ($result = mysql_query($sql, $db) or die("error while insert file information")) { $new_fileId = mysql_insert_id($db); //Festlegen der aktuellen File-ID $wcs_newfilename = $fileExt ? $fileHash . '.' . $fileExt : $fileHash; // changed for using hashed file names $useruploadpath = PHPWCMS_ROOT . $phpwcms["file_path"]; $usernewfile = $useruploadpath . $wcs_newfilename; if ($dir = @opendir($useruploadpath)) { if (!@move_uploaded_file($_FILES["file"]["tmp_name"], $usernewfile)) { $file_error["upload"] = $BL['be_fprivup_err3'] . ' (1)';
$mime = empty($_GET['type']) ? '' : clean_slweg($_GET['type'], 100); if (!is_mimetype_format($mime)) { $mime = get_mimetype_by_extension(which_ext($file)); } header('Content-Type: ' . $mime); if (BROWSER_OS == 'iOS') { require_once PHPWCMS_ROOT . '/include/inc_lib/functions.file.inc.php'; rangeDownload($file); } else { header('Content-Transfer-Encoding: binary'); if (!isset($_GET['ios'])) { header('Content-Disposition: inline; filename="' . ($phpwcms['sanitize_dlname'] ? phpwcms_remove_accents($filename) : $filename) . '"'); } header('Content-Length: ' . filesize($file)); readfile($file); } $success = true; } } if ($success) { $sql = "UPDATE " . DB_PREPEND . "phpwcms_file SET f_dlfinal=f_dlfinal+1 "; $sql .= "WHERE f_hash=" . _dbEscape($download["f_hash"]) . " LIMIT 1"; _dbQuery($sql, 'UPDATE'); if ($countonly) { headerRedirect(PHPWCMS_URL . PHPWCMS_FILES . $fileinfo['filename']); } } else { headerRedirect('', 404); echo '<h1>404 File Not Found</h1>'; } exit;
<?php /** * phpwcms content management system * * @author Oliver Georgi <*****@*****.**> * @copyright Copyright (c) 2002-2015, Oliver Georgi * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2 * @link http://www.phpwcms.de * **/ // ---------------------------------------------------------------- // obligate check for phpwcms constants if (!defined('PHPWCMS_ROOT')) { die("You Cannot Access This Script Directly, Have a Nice Day."); } // ---------------------------------------------------------------- // Content Type Form Email $SQL .= "acontent_form=" . _dbEscape($content["form"]) . " ";
<?php /** * phpwcms content management system * * @author Oliver Georgi <*****@*****.**> * @copyright Copyright (c) 2002-2015, Oliver Georgi * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2 * @link http://www.phpwcms.de * **/ // ---------------------------------------------------------------- // obligate check for phpwcms constants if (!defined('PHPWCMS_ROOT')) { die("You Cannot Access This Script Directly, Have a Nice Day."); } // ---------------------------------------------------------------- // Content Type Images $SQL .= "acontent_text=" . _dbEscape($content["text"]) . ", "; $SQL .= "acontent_template=" . _dbEscape($content["image_template"]) . ", "; $SQL .= "acontent_form=" . _dbEscape(serialize($content['image_list'])) . " ";
$where = "cat_status=1 AND cat_type NOT IN('module_shop') AND "; $where .= "cat_name LIKE '%" . _dbEscape(preg_replace('/[^\\w\\- ]/', '', $value), false) . "%'"; $result = _dbGet('phpwcms_categories', 'cat_name', $where, 'cat_name', 'cat_name', 20); if (isset($result[0])) { if ($jquery) { $data = $result; } else { foreach ($result as $value) { $data[] = utf8_encode($value['cat_name']); } } } break; case 'newstags': $where = "cat_status=1 AND cat_type='news' AND "; $where .= "cat_name LIKE '%" . _dbEscape(preg_replace('/[^\\w\\- ]/', '', $value), false) . "%'"; $result = _dbGet('phpwcms_categories', 'cat_name', $where, 'cat_name', 'cat_name', 20); if (isset($result[0])) { if ($jquery) { $data = $result; } else { foreach ($result as $value) { $data[] = utf8_encode($value['cat_name']); } } } break; case 'lang': $data = is_array($phpwcms['allowed_lang']) && count($phpwcms['allowed_lang']) ? $phpwcms['allowed_lang'] : array($phpwcms['default_lang']); sort($data); break;
<input type="hidden" name="cblock" value="CPSET" /> <input type="hidden" name="csorting" value="0" /> <input type="hidden" name="cbefore" value="" /> <input type="hidden" name="ctab_title" value="" /> <input type="hidden" name="ctab_number" value="" /> <input type="hidden" name="ctitle" value="" /> <input type="hidden" name="csubtitle" value="" /> <input type="hidden" name="cpaginate_title" value="" /> <input type="hidden" name="cpaginate_page" value="" /> <?php // normal contentpart edit mode } else { // Detect Template if (!empty($content['article']['acat_template'])) { $content['current_template'] = _dbGet('phpwcms_template', '*', 'template_trash=0 AND template_id=' . _dbEscape($content['article']['acat_template']), '', '', 1); } if (!isset($content['current_template'][0])) { $content['current_template'] = _dbGet('phpwcms_template', '*', 'template_trash=0 AND template_default=1', '', '', 1); } if (!isset($content['current_template'][0])) { $content['current_template'] = _dbGet('phpwcms_template', '*', 'template_trash=0', '', 'template_default DESC', 1); } $content['blocks'] = array(); if (isset($content['current_template'][0]['template_var'])) { $content['template_name'] = html($content['current_template'][0]['template_name']); if ($content['current_template'][0]['template_default']) { $content['template_name'] .= ' (' . $BL['be_admin_tmpl_default'] . ')'; } $content['current_template'] = unserialize($content['current_template'][0]['template_var']); if (!empty($content['current_template']['customblock'])) {
require_once PHPWCMS_ROOT . '/include/inc_lib/general.inc.php'; checkLogin(); validate_csrf_tokens(); require_once PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php'; if ($_SESSION["wcs_user_admin"] == 1) { //Wenn Benutzer Admin-Rechte hat //Löschen eines Benutzers if (isset($_GET["del"])) { $ui = explode(":", clean_slweg($_GET["del"])); $user_id = intval($ui[0]); $user_email = ''; if (isset($ui[1])) { $user_email = $ui[1]; } if ($user_id != $_SESSION["wcs_user_id"]) { $sql = "UPDATE " . DB_PREPEND . "phpwcms_user SET " . "usr_login='******', " . "usr_pass='******', " . "usr_email='', " . "usr_admin=0, " . "usr_aktiv=9 " . "WHERE usr_id=" . $user_id . " AND " . "usr_email=" . _dbEscape($user_email); if ($result = mysql_query($sql, $db)) { if (is_valid_email($user_email)) { @mail($user_email, "your account", "YOUR PHPWCMS ACCOUNT WAS DELETED\n \ncontact the admin if you have any question.\n\nSee you at " . $phpwcms["site"], "From: " . $phpwcms["admin_email"] . "\nReply-To: " . $phpwcms["admin_email"] . "\n"); } } } } if (isset($_GET["aktiv"])) { $ui = explode(":", clean_slweg($_GET["aktiv"])); $user_id = intval($ui[0]); $user_aktiv = !empty($ui[1]) ? 1 : 0; if ($user_id != $_SESSION["wcs_user_id"]) { $sql = "UPDATE " . DB_PREPEND . "phpwcms_user SET usr_aktiv=" . $user_aktiv . " WHERE usr_id=" . $user_id . ";"; mysql_query($sql, $db) or die("error"); }
function search() { $this->now = now(); if (empty($this->search_words)) { return NULL; } $cnt_ts_livedate = 'IF(UNIX_TIMESTAMP(pc.cnt_livedate) > 0, UNIX_TIMESTAMP(pc.cnt_livedate), pc.cnt_created)'; $cnt_ts_killdate = 'IF(UNIX_TIMESTAMP(pc.cnt_killdate) > 0, UNIX_TIMESTAMP(pc.cnt_killdate), pc.cnt_created + 31536000)'; $sql = 'SELECT pc.*, '; $sql .= $cnt_ts_livedate . ' AS cnt_ts_livedate, '; $sql .= $cnt_ts_killdate . ' AS cnt_ts_killdate '; $sql .= 'FROM ' . DB_PREPEND . 'phpwcms_content pc '; $sql_where = 'WHERE '; $sql_where .= 'pc.cnt_status=1 AND '; $sql_where .= "pc.cnt_module='news' AND "; $sql_where .= $cnt_ts_livedate . ' < ' . $this->now . ' AND '; $sql_where .= '(' . $cnt_ts_killdate . ' > ' . $this->now . ' OR cnt_archive_status = 1) '; $sql_group = ''; // choose by category if (count($this->search_category)) { $cat_sql = array(); // and/or/not mode switch ($this->search_andor) { case 'AND': $news_andor = ' AND '; $news_compare = '='; break; case 'NOT': $news_andor = ' AND '; $news_compare = '!='; break; default: //OR $news_andor = ' OR '; $news_compare = '='; } foreach ($this->search_category as $value) { $cat_sql[] = 'pcat.cat_name' . $news_compare . _dbEscape($value); } $sql .= "LEFT JOIN " . DB_PREPEND . "phpwcms_categories pcat ON (pcat.cat_type='news' AND pcat.cat_pid=pc.cnt_id) "; $sql_where .= 'AND (' . implode($news_andor, $cat_sql) . ') '; $sql_group = 'GROUP BY pc.cnt_id '; } // language selection if (count($this->search_language)) { $sql_where .= "AND pc.cnt_lang IN ('" . str_replace('#', "','", _dbEscape(implode('#', $this->search_language), false)) . "') "; } $sql .= $sql_where; $sql .= $sql_group; $sql = trim($sql); $data = _dbQuery($sql); $search_target_url_test = strtolower(substr($this->search_target_url, 0, 4)); if ($search_target_url_test !== 'http' && $search_target_url_test !== '{sit') { // expected alias here or aid=123 or id=123 if ($this->search_highlight) { $this->search_target_url = rel_url(array('newsdetail' => '___NEWSDETAIL__', 'highlight' => '___HIGHLIGHT__'), array('searchstart', 'searchwords'), $this->search_target_url); } else { $this->search_target_url = rel_url(array('newsdetail' => '___NEWSDETAIL__'), array('highlight', 'searchstart', 'searchwords'), $this->search_target_url); } $search_replace_newsdetail = true; } else { $search_replace_newsdetail = strpos($this->search_target_url, '___NEWSDETAIL__') !== false ? true : false; $this->search_target_url = html_specialchars($this->search_target_url); } if ($this->search_highlight_words && is_array($this->search_highlight_words)) { $s_highlight_words = rawurlencode(implode(' ', $this->search_highlight_words)); } else { $s_highlight_words = ''; } foreach ($data as $value) { $s_result = array(); $s_text = $value['cnt_text'] . ', ' . $value['cnt_teasertext'] . ', ' . $value['cnt_place'] . ', '; $s_text .= $value['cnt_subtitle'] . ', ' . $value['cnt_title']; if ($this->search_username) { $s_text .= ', ' . $value['cnt_editor']; } $value['cnt_object'] = @unserialize($value['cnt_object']); if (!empty($value['cnt_object']['cnt_searchoff'])) { continue; } if (isset($value['cnt_object']['cnt_category'])) { if ($this->search_keyword) { $s_text .= ' ' . $value['cnt_object']['cnt_category']; } if ($this->search_caption) { $s_text .= ' ' . $value['cnt_object']['cnt_image']['caption']; $s_text .= ' ' . $value['cnt_object']['cnt_files']['caption']; } } $s_text = preg_replace('/<script[^>]*>.*?<\\/script>/is', '', $s_text); // strip all <script> Tags $s_text = str_replace(array('~', '|', ':', 'http', '//', '_blank', ' '), ' ', $s_text); $s_text = clean_search_text($s_text); preg_match_all('/' . $this->search_words . '/is', $s_text, $s_result); $s_count = count($s_result[0]); //set search_result to 0 if ($s_count && SEARCH_TYPE_AND) { $s_and_or = array(); foreach ($s_result[0] as $svalue) { $s_and_or[strtolower($svalue)] = 1; } $s_and_or = count($s_and_or); if ($s_and_or != $this->search_word_count) { $s_count = 0; } } if ($s_count) { $id = $this->search_result_entry; $this->search_results[$id]["id"] = $value['cnt_id']; $this->search_results[$id]["cid"] = 0; $this->search_results[$id]["rank"] = $s_count; if ($this->search_highlight) { $this->search_results[$id]["title"] = highlightSearchResult(html($value['cnt_title']), $this->search_highlight_words); $this->search_results[$id]["subtitle"] = highlightSearchResult(html($value['cnt_subtitle']), $this->search_highlight_words); } else { $this->search_results[$id]["title"] = html($value['cnt_title']); $this->search_results[$id]["subtitle"] = html($value['cnt_subtitle']); } $this->search_results[$id]["date"] = $value['cnt_ts_livedate']; $this->search_results[$id]["user"] = html($value['cnt_editor']); $value['detail_link'] = date('Ymd', $value['cnt_ts_livedate']) . '-' . $value['cnt_id'] . '_'; //$crow['acontent_aid'] $value['detail_link'] .= empty($value['cnt_alias']) ? $value['cnt_id'] : urlencode($value['cnt_alias']); if (strpos($this->search_target_url, '___NEWSDETAIL__') !== false) { $this->search_results[$id]['link'] = str_replace(array('___NEWSDETAIL__', '___HIGHLIGHT__'), array($value['detail_link'], $s_highlight_words), $this->search_target_url); } else { $this->search_results[$id]['link'] = $this->search_target_url . '&newsdetail=' . $value['detail_link']; if ($this->search_highlight) { $this->search_results[$id]['link'] .= '&highlight=' . $s_highlight_words; } } $s_text = trim(trim(str_replace(', ,', ',', $s_text)), ' ,'); $s_text = html(getCleanSubString($s_text, $this->search_wordlimit, $this->ellipse_sign, 'word'), false); if ($this->search_highlight) { $s_text = highlightSearchResult($s_text, $this->search_highlight_words); } $this->search_results[$id]["text"] = $s_text; $this->search_results[$id]["image"] = false; if ($this->image_render && !empty($value['cnt_object']['cnt_image']['id'])) { $value['cnt_object']['cnt_image'] = _dbGet('phpwcms_file', 'f_id AS `id`, f_hash AS `hash`, f_ext AS `ext`, f_name AS `name`', 'f_id=' . _dbEscape($value['cnt_object']['cnt_image']['id']) . ' AND f_trash=0 AND f_aktiv=1 AND f_public=1'); if (isset($value['cnt_object']['cnt_image'][0]['id'])) { $this->search_results[$id]["image"] = $value['cnt_object']['cnt_image'][0]; } } $this->search_result_entry++; } } }
<?php /** * phpwcms content management system * * @author Oliver Georgi <*****@*****.**> * @copyright Copyright (c) 2002-2015, Oliver Georgi * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2 * @link http://www.phpwcms.de * **/ // ---------------------------------------------------------------- // obligate check for phpwcms constants if (!defined('PHPWCMS_ROOT')) { die("You Cannot Access This Script Directly, Have a Nice Day."); } // ---------------------------------------------------------------- // Content Type Code $SQL .= "acontent_text = " . _dbEscape($content["code"]) . ", "; $SQL .= "acontent_template = " . _dbEscape($content["template"]) . " ";
function checkLogin($mode = 'REDIRECT') { $sql = "UPDATE " . DB_PREPEND . "phpwcms_userlog SET logged_in=0, logged_change='" . time() . "' "; $sql .= "WHERE logged_in=1 AND (" . time() . "-logged_change) > " . intval($GLOBALS['phpwcms']["max_time"]); _dbQuery($sql, 'UPDATE'); checkLoginCount(); if (empty($_SESSION["wcs_user"])) { @session_destroy(); $ref_url = ''; if (!empty($_SERVER['QUERY_STRING'])) { $ref_url = '?ref=' . rawurlencode(PHPWCMS_URL . 'phpwcms.php?' . xss_clean($_SERVER['QUERY_STRING'])); } if ($mode == 'REDIRECT') { // check again if user was logged in and this is a valid redirect request $sql = 'SELECT COUNT(*) FROM ' . DB_PREPEND . 'phpwcms_userlog WHERE '; $sql .= "logged_ip=" . _dbEscape(getRemoteIP()) . " AND "; $sql .= '( ' . time() . ' - logged_change ) < 3600'; $ref_url = _dbCount($sql) > 0 ? get_login_file() . $ref_url : ''; headerRedirect(PHPWCMS_URL . $ref_url); } else { return false; } } return true; }
function logout_user($reason = '', $type = '') { $sql = "UPDATE " . DB_PREPEND . "phpwcms_userlog SET logged_change=" . _dbEscape(time()) . ", logged_in=0 "; $sql .= "WHERE logged_user="******"wcs_user"]) . " AND logged_in=1"; _dbQuery($sql, 'UPDATE'); $_SESSION = array(); @session_destroy(); $login_url = PHPWCMS_URL . get_login_file(); $get_parameter = array(); if ($reason) { $get_parameter[] = 'reason=' . rawurlencode($reason); } if ($type) { $get_parameter[] = 'type=' . rawurlencode($type); } if (count($get_parameter)) { $login_url .= '?' . implode('&', $get_parameter); } headerRedirect($login_url, 401); }
function checkLoginCount() { $check = 0; if (!empty($_SESSION["wcs_user"])) { $sql = "SELECT COUNT(*) FROM " . DB_PREPEND . "phpwcms_userlog WHERE logged_user="******"wcs_user"]) . " AND logged_in=1"; if (!empty($phpwcms['Login_IPcheck'])) { $sql .= " AND logged_ip=" . _dbEscape(getRemoteIP()); } $check = _dbCount($sql); if ($check) { $sql = "UPDATE " . DB_PREPEND . "phpwcms_userlog SET logged_change=" . time() . " WHERE "; $sql .= "logged_user="******"wcs_user"]) . " AND logged_in=1"; _dbQuery($sql, 'UPDATE'); } else { destroyBackendSessionData(); } } return $check; }
$file_error["keywords"][$key] = 1; } } } //if(isEmpty($file_shortinfo)) $file_error["shortinfo"] = 1; if (empty($file_name)) { $file_error["name"] = 1; } else { //Wenn Dateiname keine Erweiterung hat, dann Extension anhängen if (trim(strtolower(FileExtension($file_name))) != trim($file_ext)) { $file_name .= "." . $file_ext; } } //Eintragen der aktualisierten Verzeichnisinfos if (!isset($file_error)) { $sql = "UPDATE " . DB_PREPEND . "phpwcms_file SET " . "f_name='" . aporeplace($file_name) . "', " . "f_pid=" . $file_pid . ", " . "f_aktiv=" . $file_aktiv . ", " . "f_public=" . $file_public . ", " . "f_shortinfo='" . aporeplace($file_shortinfo) . "', " . "f_longinfo='" . aporeplace($file_longinfo) . "', " . "f_keywords='" . $file_keys . "', " . "f_created='" . time() . "', " . "f_copyright='" . aporeplace($file_copyright) . "', " . "f_tags='" . aporeplace($file_tags) . "', " . "f_granted=" . $file_granted . ", " . "f_gallerystatus=" . $file_gallerydownload . ", " . (isset($file_vars) ? 'f_vars=' . _dbEscape(serialize($file_vars)) . ',' : '') . "f_sort=" . $file_sort . " " . "WHERE f_kid=1 AND f_id=" . $file_id; if (empty($_SESSION["wcs_user_admin"])) { $sql .= " AND f_uid=" . intval($_SESSION["wcs_user_id"]); } if ($result = mysql_query($sql, $db)) { // store tags _dbSaveCategories($file_tags, 'file', $file_id, ','); //headerRedirect(PHPWCMS_URL."phpwcms.php?do=files&f=0"); } else { $file_error["save_failed"] = 1; } } } //Ende Auswerten Formular //Wenn ID angegeben, dann -> oder aber Root Verzeichnis if ($file_id) {
<?php /** * phpwcms content management system * * @author Oliver Georgi <*****@*****.**> * @copyright Copyright (c) 2002-2015, Oliver Georgi * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2 * @link http://www.phpwcms.de * **/ // ---------------------------------------------------------------- // obligate check for phpwcms constants if (!defined('PHPWCMS_ROOT')) { die("You Cannot Access This Script Directly, Have a Nice Day."); } // ---------------------------------------------------------------- // ensure max allowed packet is big enough _dbSetVar('max_allowed_packet', 16 * 1024 * 1024, '<'); // Form $SQL .= "acontent_form=" . _dbEscape(serialize($content['form'])) . " ";
$guestbook['nav'] = preg_replace('/{LAST:(.*?)}/s', $guestbook['last_replace'], $guestbook['nav']); $guestbook['nav'] = preg_replace_callback('/{PAGE:(\\d+):(.*?)}/s', 'guestbook_pages', $guestbook['nav']); // archive (form) if (!(strpos($guestbook['nav'], '{ARCHIVE') === false)) { preg_match('/{ARCHIVE:(.*?)}/s', $guestbook['nav'], $guestbook['archiveval']); $guestbook['archiveval'] = explode('|', $guestbook['archiveval'][1]); $guestbook['archive'] = '<form name="guestbookarchive" id="guestbookarchive" method="post" action="index.php?id=' . implode(',', $aktion) . '">'; $guestbook['archive'] .= '<select name="showarchive" id="showarchive" onchange="document.guestbookarchive.submit();">'; if (!isset($guestbook['archiveval'][1]) || !$guestbook['archiveval'][1]) { $guestbook['archiveval'][1] = 'all entries'; } $guestbook['archive'] .= '<option value="">' . $guestbook['archiveval'][1] . "</option>\n"; if (empty($guestbook['archiveval'][0])) { $guestbook['archiveval'][0] = '%m/%Y'; } $guestbook['asql'] = "SELECT DISTINCT FROM_UNIXTIME(guestbook_created," . _dbEscape($guestbook['archiveval'][0]); $guestbook['asql'] .= ") AS guestbook_date FROM " . DB_PREPEND . "phpwcms_guestbook WHERE guestbook_cid="; $guestbook['asql'] .= $guestbook['cid'] . " AND guestbook_trashed=0 ORDER BY guestbook_created DESC"; if ($guestbook['result'] = mysql_query($guestbook['asql'], $db)) { while ($guestbook['row'] = mysql_fetch_row($guestbook['result'])) { $guestbook['row'][0] = html_specialchars($guestbook['row'][0]); $guestbook['archive'] .= '<option value="' . $guestbook['row'][0] . '"'; if ($guestbook['archiveselect'] == $guestbook['row'][0]) { $guestbook['archive'] .= ' selected="selected"'; } $guestbook['archive'] .= '>' . $guestbook['row'][0] . "</option>\n"; } mysql_free_result($guestbook['result']); } $guestbook['archive'] .= '</select>'; $guestbook['archive'] .= '<input type="hidden" name="archivedate" value="' . html_specialchars($guestbook['archiveval'][0]) . '" />';
switch ($content['alink']['alink_andor']) { case 'AND': $content['alink']['alink_andor'] = ' AND '; $content['alink']['alink_compare'] = '='; break; case 'NOT': $content['alink']['alink_andor'] = ' AND '; $content['alink']['alink_compare'] = '!='; break; default: //OR $content['alink']['alink_andor'] = ' OR '; $content['alink']['alink_compare'] = '='; } foreach ($content['alink']['alink_category'] as $value) { $content['alink']['tags_sql'][] = 'pcat.cat_name' . $content['alink']['alink_compare'] . _dbEscape($value); } // JOIN with tags/categories for articles $alink_sql .= "LEFT JOIN " . DB_PREPEND . "phpwcms_categories pcat ON (pcat.cat_type='article' AND pcat.cat_pid=ar.article_id) "; $content['alink']['tags_where'] = 'AND (' . implode($content['alink']['alink_andor'], $content['alink']['tags_sql']) . ') '; // group by article ID $content['alink']['tags_group_by'] = ' GROUP BY ar.article_id'; } $alink_sql .= 'WHERE ar.article_aktiv=1 AND ar.article_deleted=0 AND ar.article_noteaser=0 '; if (!PREVIEW_MODE) { $alink_sql .= 'AND ar.article_begin < NOW() AND ar.article_end > NOW() '; } // add possible WHERE clauses when tags/categories are used $alink_sql .= $content['alink']['tags_where']; if (empty($content['alink']['alink_type'])) { if (!empty($content['alink']['alink_unique']) && count($content['UNIQUE_ALINK'])) {
} if (empty($form_newletter_setting['name_field'])) { $form_newletter_setting['name_field'] = $form_newletter_setting['email_field']; } $form_newletter_setting['hash'] = preg_replace('/[^a-z0-9]/i', '', shortHash($form_newletter_setting['email_field'] . time())); // create SQL query to populate recipient into recipients db $form_newletter_setting['sql'] = 'INSERT INTO ' . DB_PREPEND . 'phpwcms_address '; $form_newletter_setting['sql'] .= '(address_key, address_email, address_name, address_verified, '; $form_newletter_setting['sql'] .= 'address_subscription, address_url1, address_url2) VALUES ('; $form_newletter_setting['sql'] .= _dbEscape($form_newletter_setting['hash']) . ", "; $form_newletter_setting['sql'] .= _dbEscape($form_newletter_setting['email_field']) . ", "; $form_newletter_setting['sql'] .= _dbEscape($form_newletter_setting['name_field']) . ", "; $form_newletter_setting['sql'] .= (empty($form_newletter_setting['double_optin']) ? 1 : 0) . ", "; $form_newletter_setting['sql'] .= _dbEscape(serialize($form_newletter_setting['selection'])) . ", "; $form_newletter_setting['sql'] .= _dbEscape(empty($form_newletter_setting['url_subscribe']) ? '' : $form_newletter_setting['url_subscribe']) . ", "; $form_newletter_setting['sql'] .= _dbEscape(empty($form_newletter_setting['url_unsubscribe']) ? '' : $form_newletter_setting['url_unsubscribe']); $form_newletter_setting['sql'] .= ')'; // save recipient in db and send verify message in case of double opt-in $form_newletter_setting['query_result'] = @_dbQuery($form_newletter_setting['sql'], 'INSERT'); // now send opt-in email if (!empty($form_newletter_setting['double_optin'])) { if (empty($cnt_form['verifyemail'])) { if (empty($form_newletter_setting['optin_template']) || !is_file(PHPWCMS_TEMPLATE . 'inc_cntpart/newsletter/email/' . trim($form_newletter_setting['optin_template']))) { $cnt_form['verifyemail'] = file_get_contents(PHPWCMS_TEMPLATE . 'inc_cntpart/newsletter/email/default.opt-in.txt'); } else { $cnt_form['verifyemail'] = file_get_contents(PHPWCMS_TEMPLATE . 'inc_cntpart/newsletter/email/' . trim($form_newletter_setting['optin_template'])); if (trim($cnt_form['verifyemail']) === '') { $cnt_form['verifyemail'] = file_get_contents(PHPWCMS_TEMPLATE . 'inc_cntpart/newsletter/email/default.opt-in.txt'); } } if (trim($cnt_form['verifyemail']) === '') {
<?php /** * phpwcms content management system * * @author Oliver Georgi <*****@*****.**> * @copyright Copyright (c) 2002-2015, Oliver Georgi * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2 * @link http://www.phpwcms.de * **/ // ---------------------------------------------------------------- // obligate check for phpwcms constants if (!defined('PHPWCMS_ROOT')) { die("You Cannot Access This Script Directly, Have a Nice Day."); } // ---------------------------------------------------------------- // Content Type Newsletter Subscription $SQL .= "acontent_newsletter=" . _dbEscape(serialize($content["newsletter"])) . " ";
$aktion[4] = $row[0]['aktion4']; define('PHPWCMS_ALIAS', $alias); $content['404error']['status'] = false; } elseif ($alias == $indexpage['acat_alias']) { define('PHPWCMS_ALIAS', $alias); $content['404error']['status'] = false; } } } if ($content['404error']['status']) { // ToDo: maybe Check against structure/article alias and redirect $content['404error']['where'] = sprintf('alias LIKE %s', _dbEscape($content['404error']['alias'])); $content['404error']['alias'] = $content['404error']['redirect_url']; } } else { $content['404error']['where'] = sprintf('id=%d AND aid=%d AND alias LIKE %s', $content['404error']['id'], $content['404error']['aid'], _dbEscape($content['404error']['alias'])); } if ($content['404error']['status']) { // does the combination still exists in the database $content['404error']['result'] = _dbGet('phpwcms_redirect', '*', $content['404error']['where']); if (isset($content['404error']['result'][0])) { $content['404error']['result'] = $content['404error']['result'][0]; _dbUpdate('phpwcms_redirect', array('views' => intval($content['404error']['result']['views']) + 1), 'rid=' . $content['404error']['result']['rid']); // Test for redirect if ($content['404error']['result']['active'] == 1) { // HTTP Status // 301, 302 (default), 307, 401, 404, 503 $content['404error']['result']['code'] = empty($content['404error']['result']['code']) ? 302 : intval($content['404error']['result']['code']); // Redirect to Home // home (empty), alias, id, aid, link if (empty($content['404error']['result']['type'])) {
<?php /** * phpwcms content management system * * @author Oliver Georgi <*****@*****.**> * @copyright Copyright (c) 2002-2015, Oliver Georgi * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2 * @link http://www.phpwcms.de * **/ session_start(); $phpwcms = array(); require_once '../../include/config/conf.inc.php'; require_once '../inc_lib/default.inc.php'; require_once PHPWCMS_ROOT . '/include/inc_lib/helper.session.php'; require_once PHPWCMS_ROOT . '/include/inc_lib/dbcon.inc.php'; require_once PHPWCMS_ROOT . '/include/inc_lib/general.inc.php'; checkLogin(); validate_csrf_tokens(); require_once PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php'; $chat_message = clean_slweg(trim($_POST['chatmsg'])); $chatlist = intval($_POST['chatlist']); if ($chat_message) { $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_chat (chat_uid, chat_name, chat_text, chat_cat) "; $sql .= "VALUES (" . $_SESSION['wcs_user_id'] . "," . _dbEscape($_SESSION['wcs_user']) . "," . _dbEscape($chat_message) . ",0)"; _dbQuery($sql, 'INSERT'); } headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=chat&p=1&l=' . $chatlist . '&' . get_token_get_string('csrftoken'));
// now try to find 1st file having same named and replace it if related mark is set if ($ftp["replace"]) { $rsql = "SELECT * FROM " . DB_PREPEND . "phpwcms_file WHERE "; $rsql .= "f_name=" . _dbEscape($file_name) . " AND f_kid=1 "; $rsql .= "AND f_pid=" . $ftp["dir"] . " AND f_trash=0 AND f_id != " . $new_fileId . " LIMIT 1"; $rrow = _dbQuery($rsql); if (isset($rrow[0]['f_id'])) { $rrow = $rrow[0]; $oldFileID = $rrow['f_id']; $oldFileHash = $rrow['f_hash']; $oldFileNewHash = md5($file_name . microtime() . time()); // now update new file by old file information of same named $nsql = "UPDATE " . DB_PREPEND . "phpwcms_file SET "; $nsql .= "f_refid=" . $oldFileID . ", f_trash=5, f_size=" . $rrow['f_size'] . ', '; $nsql .= "f_type=" . _dbEscape($rrow['f_type']) . ", f_changed=" . now() . ', '; $nsql .= "f_hash=" . _dbEscape($oldFileNewHash) . " WHERE f_id=" . $new_fileId; if (_dbQuery($nsql, 'UPDATE')) { // yepp both files are updated in db // now change hash of file storage files rename($useruploadpath . $oldFileHash . $_file_extension, $useruploadpath . $oldFileNewHash . $_file_extension); rename($usernewfile, $useruploadpath . $oldFileHash . $_file_extension); // update file size of old file with new filesize _dbUpdate('phpwcms_file', array('f_type' => $file_type, 'f_size' => $file_size, 'f_changed' => now()), 'f_id=' . $oldFileID); // empty temp images directory $thumbnails = returnFileListAsArray(PHPWCMS_THUMB, 'jpg,jpeg,gif,png'); if (is_array($thumbnails) && count($thumbnails)) { foreach ($thumbnails as $thumbnail) { @unlink(PHPWCMS_THUMB . $thumbnail['filename']); } } }
// need some additional functions include_once PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php'; // set import sort counter $article_sort_counter = _dbGet('phpwcms_article', 'article_sort', 'article_cid=' . _dbEscape($feedimport_result['cnt_object']['structure_level_id']), '', 'article_sort DESC', 1); if (isset($article_sort_counter[0])) { $article_sort_counter = $article_sort_counter[0]['article_sort'] + 10; } else { $article_sort_counter = 100; } foreach ($rss_obj->get_items() as $rssvalue) { $article_unique_hash = md5($feedimport_result['cnt_text'] . $rssvalue->get_title() . $rssvalue->get_date('U')); // check against crossreference table $sql = 'SELECT * FROM ' . DB_PREPEND . 'phpwcms_crossreference c '; $sql .= 'LEFT JOIN ' . DB_PREPEND . 'phpwcms_article a '; $sql .= 'ON c.cref_rid=a.article_id '; $sql .= "WHERE c.cref_type='feed_to_article_import' AND c.cref_str=" . _dbEscape('feedimport_' . $article_unique_hash) . ' AND '; $sql .= 'a.article_deleted=0 LIMIT 1'; if (_dbQuery($sql, 'COUNT') > 0) { continue; } $article_title = html_entity_decode($rssvalue->get_title(), ENT_COMPAT, PHPWCMS_CHARSET); $article_alias = proof_alias(0, $article_title, 'ARTICLE'); $article_begin = $rssvalue->get_date('U'); $article_end = now() + 3600 * 24 * 365 * 10; $article_summary = $rssvalue->get_description(); $article_content = $rssvalue->get_content(); $article_description = preg_replace('/\\s+/', ' ', html_entity_decode(strip_tags($article_summary), ENT_COMPAT, PHPWCMS_CHARSET)); list($article_description) = explode("\n", wordwrap($article_description, 250), 2); list($article_description) = explode("-- ", $article_description, 2); $article_description = preg_replace('/(.*?\\.).+?$/', '$1', $article_description); $article_author = $rssvalue->get_author();
<?php /** * phpwcms content management system * * @author Oliver Georgi <*****@*****.**> * @copyright Copyright (c) 2002-2015, Oliver Georgi * @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2 * @link http://www.phpwcms.de * **/ // ---------------------------------------------------------------- // obligate check for phpwcms constants if (!defined('PHPWCMS_ROOT')) { die("You Cannot Access This Script Directly, Have a Nice Day."); } // ---------------------------------------------------------------- // Content Type Map $SQL .= "acontent_form=" . _dbEscape(serialize($content["map"])) . " ";