public function before_filter(&$action, &$args)
{
parent::before_filter($action, $args);
// Lock context to user id
$this->owner = $GLOBALS['user'];
$this->context_id = $this->owner->id;
$this->full_access = true;
if (Config::get()->PERSONALDOCUMENT_OPEN_ACCESS) {
$username = Request::username('username', $GLOBALS['user']->username);
$user = User::findByUsername($username);
if ($user && $user->id !== $GLOBALS['user']->id) {
$this->owner = $user;
$this->context_id = $user->id;
$this->full_access = Config::get()->PERSONALDOCUMENT_OPEN_ACCESS_ROOT_PRIVILEDGED && $GLOBALS['user']->perms === 'root';
URLHelper::bindLinkParam('username', $username);
}
}
$this->limit = $GLOBALS['user']->cfg->PERSONAL_FILES_ENTRIES_PER_PAGE ?: Config::get()->ENTRIES_PER_PAGE;
$this->userConfig = DocUsergroupConfig::getUserConfig($GLOBALS['user']->id);
if ($this->userConfig['area_close'] == 1) {
$this->redirect('document/closed/index');
}
if (Request::isPost()) {
CSRFProtection::verifySecurityToken();
}
if (($ticket = Request::get('studip-ticket')) && !check_ticket($ticket)) {
$message = _('Bei der Verarbeitung Ihrer Anfrage ist ein Fehler aufgetreten.') . "\n" . _('Bitte versuchen Sie es erneut.');
PageLayout::postMessage(MessageBox::error($message));
$this->redirect('document/files/index');
}
}
/**
* @param $mod_reference
* @param $module_params
*/
function module_user_tasks_public($mod_reference, $module_params)
{
global $user, $tiki_p_tasks, $prefs;
$smarty = TikiLib::lib('smarty');
$tikilib = TikiLib::lib('tiki');
if ($user && isset($tiki_p_tasks) && $tiki_p_tasks == 'y') {
global $tasklib;
require_once 'lib/tasks/tasklib.php';
$smarty->assign('ownurl', $_SERVER['REQUEST_URI']);
$user_groups = $tasklib->get_groups_to_user_with_permissions($user, 'tiki_p_tasks_receive');
if (isset($_REQUEST['modTasksSearch'])) {
check_ticket('user-prefs');
$user_group = $_REQUEST['user_group'];
$tikilib->set_user_preference($user, 'tasks_modLastSelectedGroup', $user_group);
} else {
$user_group = $tikilib->get_user_preference($user, 'tasks_modLastSelectedGroup', '');
}
$smarty->assign('user_group', $user_group);
if ($user_group == '') {
$public_tasks = array('data' => '');
} else {
$public_tasks = $tasklib->list_tasks($user, '0', '10', NULL, 'priority_asc', false, false, false, false, true, $user_group);
}
$smarty->assign('public_tasks', $public_tasks['data']);
$smarty->assign('user_groups', $user_groups);
$smarty->clear_assign('tpl_module_title');
}
}
/**
* Generic ticket check
*
* @throws AccessDeniedException if ticket is missing or invalid
*/
protected function check_ticket()
{
$ticket = Request::get('studipticket');
if (!$ticket || !check_ticket($ticket)) {
throw new InvalidSecurityTokenException();
}
}
<?php
// (c) Copyright 2002-2013 by authors of the Tiki Wiki CMS Groupware Project
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: include_security.php 51166 2014-05-07 16:00:38Z arildb $
//this script may only be included - so its better to die if called directly.
if (strpos($_SERVER["SCRIPT_NAME"], basename(__FILE__)) !== false) {
header("location: index.php");
exit;
}
if (isset($_REQUEST["security"])) {
check_ticket('admin-inc-security');
}
if (!extension_loaded('mcrypt')) {
global $smarty;
$smarty->assign('no_mcrypt', 'y');
}
ask_ticket('admin-inc-security');
$smarty->assign('footerRow', $info["footerRow"]);
$smarty->assign('parseValues', $info["parseValues"]);
} else {
$smarty->assign('className', 'default');
$smarty->assign('headerRow', '0');
$smarty->assign('footerRow', '0');
$smarty->assign('parseValues', 'n');
$smarty->assign('creator', $user);
$smarty->assign('parentSheetId', 0);
}
}
$cat_type = 'sheet';
// Process the insertion or modification of a sheet here
if (isset($_REQUEST["edit"])) {
$access->check_permission('tiki_p_edit_sheet');
check_ticket('sheet');
// Everything is ok so we proceed to edit the gallery
$smarty->assign('edit_mode', 'y');
$smarty->assign_by_ref('title', $_REQUEST["title"]);
$smarty->assign_by_ref('description', $_REQUEST["description"]);
$smarty->assign_by_ref('className', $_REQUEST["className"]);
$smarty->assign_by_ref('headerRow', $_REQUEST["headerRow"]);
$smarty->assign_by_ref('footerRow', $_REQUEST["footerRow"]);
if (isset($_REQUEST['parseValues'])) {
$_REQUEST['parseValues'] = 'y';
} else {
$_REQUEST['parseValues'] = 'n';
}
$smarty->assign_by_ref('parseValues', $_REQUEST['parseValues']);
$gid = $sheetlib->replace_sheet($_REQUEST["sheetId"], $_REQUEST["title"], $_REQUEST["description"], isset($_REQUEST['creator']) ? $_REQUEST['creator'] : $user, $_REQUEST['parentSheetId'], $_REQUEST);
$cat_objid = $gid;
while (!feof($fp)) {
$data .= fread($fp, 8192 * 16);
}
fclose($fp);
if (strlen($data) > 1000000) {
$smarty->assign('msg', tra("File is too big"));
$smarty->display("error.tpl");
die;
}
$size = $_FILES['userfile1']['size'];
$name = $_FILES['userfile1']['name'];
$type = $_FILES['userfile1']['type'];
$notepadlib->replace_note($user, 0, $name, $data);
}
if (isset($_REQUEST["merge"])) {
check_ticket('notepad-list');
$merge = '';
$first = true;
if (!isset($_REQUEST["note"])) {
$smarty->assign('msg', tra("No item indicated"));
$smarty->display("error.tpl");
die;
}
foreach (array_keys($_REQUEST["note"]) as $note) {
$data_c = $notepadlib->get_note($user, $note);
$data = $data_c['data'];
if ($first) {
$first = false;
$merge .= "---------" . tra('merged note:') . $data_c['name'] . "----" . "\n";
$merge .= $data;
} else {
if (!isset($_REQUEST["assign_user"]) || $tiki_p_admin != 'y' && $tiki_p_admin_users != 'y') {
$_REQUEST['assign_user'] = $user;
$userChoice = 'y';
$smarty->assign_by_ref('userChoice', $userChoice);
} else {
if (!$userlib->user_exists($_REQUEST['assign_user'])) {
$smarty->assign('msg', tra("User doesn't exist"));
$smarty->display("error.tpl");
die;
}
$userChoice = '';
$smarty->assign_by_ref('assign_user', $_REQUEST['assign_user']);
}
$assign_user = $_REQUEST["assign_user"];
if (isset($_REQUEST["action"])) {
check_ticket('admin-assign-user');
if (!isset($_REQUEST["group"])) {
$smarty->assign('msg', tra("You have to indicate a group"));
$smarty->display("error.tpl");
die;
}
if ($userChoice == 'y') {
$gps = $userlib->get_groups(0, -1, 'groupName_asc', '', '', '', '', $userChoice);
$groups = array();
foreach ($gps['data'] as $g) {
$groups[$g['groupName']] = $g;
}
} elseif ($tiki_p_admin != 'y') {
$groups = $userlib->get_user_groups_inclusion($user);
}
if ($_REQUEST["action"] == 'assign') {
}
}
if (isset($_REQUEST['imagegallistprefs'])) {
check_ticket('admin-inc-gal');
$pref_toggles = array('gal_list_name', 'gal_list_parent', 'gal_list_description', 'gal_list_created', 'gal_list_lastmodif', 'gal_list_user', 'gal_list_imgs', 'gal_list_visits');
foreach ($pref_toggles as $toggle) {
simple_set_toggle($toggle);
}
}
if (isset($_REQUEST['imagegalcomprefs'])) {
check_ticket('admin-inc-gal');
simple_set_value('image_galleries_comments_per_page');
simple_set_value('image_galleries_comments_default_order');
}
if (isset($_REQUEST['mvimg']) && isset($_REQUEST['move_gallery'])) {
check_ticket('admin-inc-gal');
if ($_REQUEST['mvimg'] == 'to_fs' && $prefs['gal_use_db'] == 'n' || $_REQUEST['mvimg'] == 'to_db' && $prefs['gal_use_db'] == 'y') {
$mvresult = $imagegallib->move_gallery_store($_REQUEST['move_gallery'], $_REQUEST['mvimg']);
$mvmsg = sprintf(tra('moved %d images, %d errors occurred.'), $mvresult['moved_images'], $mvresult['errors']);
if ($mvresult['timeout']) {
$mvmsg .= ' ' . tra('a timeout occurred. Hit the reload button to move the rest');
}
$tikifeedback[]['mes'] = $mvmsg;
}
}
if (!isset($_REQUEST['maxRows'])) {
$_REQUEST['maxRows'] = $prefs['maxRowsGalleries'];
}
if (!isset($_REQUEST['rowImages'])) {
$_REQUEST['rowImages'] = $prefs['rowImagesGalleries'];
}
if (!isset($_REQUEST['referer']) && isset($_SERVER['HTTP_REFERER'])) {
$_REQUEST['referer'] = $_SERVER['HTTP_REFERER'];
}
if (isset($_REQUEST['referer'])) {
$smarty->assign('referer', $_REQUEST['referer']);
}
if (isset($_REQUEST['assign'])) {
$objectName = isset($_REQUEST['objectName']) ? $_REQUEST['objectName'] : NULL;
$objectHref = isset($_REQUEST['objectHref']) ? $_REQUEST['objectHref'] : NULL;
$addedGroups = array();
$deletedGroups = array();
if (!isset($_REQUEST['checked'])) {
$_REQUEST['checked'] = array();
}
$old_watches = $tikilib->get_groups_watching($_REQUEST['objectId'], $_REQUEST['watch_event'], $objectType);
check_ticket('object_watches');
foreach ($all_groups as $g) {
if (in_array($g, $_REQUEST['checked']) && !in_array($g, $old_watches)) {
$tikilib->add_group_watch($g, $_REQUEST['watch_event'], $_REQUEST['objectId'], $objectType, $objectName, $objectHref);
$addedGroups[] = $g;
} elseif (!in_array($g, $_REQUEST['checked']) && in_array($g, $old_watches)) {
$tikilib->remove_group_watch($g, $_REQUEST['watch_event'], $_REQUEST['objectId'], $objectType);
$deletedGroups[] = $g;
}
$smarty->assign_by_ref('addedGroups', $addedGroups);
$smarty->assign_by_ref('deletedGroups', $deletedGroups);
$group_watches = $_REQUEST['checked'];
}
if ($objectType == 'Category') {
$addedGroupsDesc = array();
$deletedGroupsDesc = array();
$smarty->assign('contentId', $_REQUEST["contentId"]);
$smarty->assign('pId', 0);
$info = $dcslib->get_content($_REQUEST["contentId"]);
$smarty->assign('description', $info["description"]);
if (isset($_REQUEST["remove"])) {
$access->check_authenticity();
$dcslib->remove_programmed_content($_REQUEST["remove"]);
}
$smarty->assign('data', '');
$smarty->assign('publishDate', $tikilib->now);
//Use 12- or 24-hour clock for $publishDate time selector based on admin and user preferences
$userprefslib = TikiLib::lib('userprefs');
$smarty->assign('use_24hr_clock', $userprefslib->get_user_clock_pref($user));
$smarty->assign('actual', '');
if (isset($_REQUEST["save"])) {
check_ticket('edit-programmed-content');
if ($_REQUEST['content_type'] == 'page') {
$content = 'page:' . $_REQUEST['page_name'];
} else {
$content = $_REQUEST['data'];
}
if (!empty($_REQUEST['Time_Meridian'])) {
$_REQUEST['Time_Hour'] = date('H', strtotime($_REQUEST['Time_Hour'] . ':00 ' . $_REQUEST['Time_Meridian']));
}
$publishDate = TikiLib::make_time($_REQUEST["Time_Hour"], $_REQUEST["Time_Minute"], 0, $_REQUEST["Date_Month"], $_REQUEST["Date_Day"], $_REQUEST["Date_Year"]);
$id = $dcslib->replace_programmed_content($_REQUEST["pId"], $_REQUEST["contentId"], $publishDate, $content, $_REQUEST['content_type']);
$smarty->assign('data', $_REQUEST["data"]);
$smarty->assign('publishDate', $publishDate);
$smarty->assign('pId', $id);
$_REQUEST['edit'] = $id;
}
$usermoduleslib->assign_user_module($_REQUEST["module"], $_REQUEST["position"], $_REQUEST["order"], $user);
}
if (isset($_REQUEST["up"])) {
check_ticket('user-modules');
$usermoduleslib->up_user_module($_REQUEST["up"], $user);
}
if (isset($_REQUEST["down"])) {
check_ticket('user-modules');
$usermoduleslib->down_user_module($_REQUEST["down"], $user);
}
if (isset($_REQUEST["left"])) {
check_ticket('user-modules');
$usermoduleslib->set_column_user_module($_REQUEST["left"], $user, 'l');
}
if (isset($_REQUEST["right"])) {
check_ticket('user-modules');
$usermoduleslib->set_column_user_module($_REQUEST["right"], $user, 'r');
}
$orders = array();
for ($i = 1; $i < 50; $i++) {
$orders[] = $i;
}
$smarty->assign_by_ref('orders', $orders);
$assignables = $usermoduleslib->get_user_assignable_modules($user);
if (count($assignables) > 0) {
$smarty->assign('canassign', 'y');
} else {
$smarty->assign('canassign', 'n');
}
$modules = $usermoduleslib->get_user_assigned_modules($user);
$smarty->assign('modules_l', $usermoduleslib->get_user_assigned_modules_pos($user, 'l'));
if (isset($_REQUEST['mapg'])) {
check_ticket('g-admin-roles');
if ($_REQUEST['op'] == 'add') {
$users = $userlib->get_group_users($_REQUEST['group']);
foreach ($users as $a_user) {
$roleManager->map_user_to_role($_REQUEST['pid'], $a_user, $_REQUEST['role']);
}
} else {
$users = $userlib->get_group_users($_REQUEST['group']);
foreach ($users as $a_user) {
$roleManager->remove_mapping($a_user, $_REQUEST['role']);
}
}
}
if (isset($_REQUEST['save_map'])) {
check_ticket('g-admin-roles');
if (isset($_REQUEST['user']) && isset($_REQUEST['role'])) {
foreach ($_REQUEST['user'] as $a_user) {
foreach ($_REQUEST['role'] as $role) {
$roleManager->map_user_to_role($_REQUEST['pid'], $a_user, $role);
}
}
}
}
// list mappings
if (!isset($_REQUEST["sort_mode"])) {
$sort_mode = 'name_asc';
} else {
$sort_mode = $_REQUEST["sort_mode"];
}
if (!isset($_REQUEST["offset"])) {
$smarty->assign('mail_site', $_SERVER['SERVER_NAME']);
$subject = $smarty->fetch('mail/share_subject.tpl');
}
}
$smarty->assign('subject', $subject);
if (isset($_REQUEST['send'])) {
if (!empty($_REQUEST['comment'])) {
$smarty->assign('comment', $_REQUEST['comment']);
}
if (!empty($_REQUEST['share_token_notification'])) {
$smarty->assign('share_token_notification', $_REQUEST['share_token_notification']);
}
if (!empty($_REQUEST['how_much_time_access'])) {
$smarty->assign('how_much_time_access', $_REQUEST['how_much_time_access']);
}
check_ticket('share');
if (empty($user) && $prefs['feature_antibot'] == 'y' && !$captchalib->validate()) {
$errors[] = $captchalib->getErrors();
} else {
if ($report == 'y') {
$email = !empty($prefs['feature_site_report_email']) ? $prefs['feature_site_report_email'] : (!empty($prefs['sender_email']) ? $prefs['sender_email'] : '');
if (empty($email)) {
$errors[] = tra("The mail can't be sent. Contact the administrator");
}
$_REQUEST['addresses'] = $email;
$_REQUEST['do_email'] = 1;
}
if (isset($_REQUEST['do_email']) and $_REQUEST['do_email'] == 1) {
// send
// Fix for multi adresses with autocomplete funtionnality
if (substr($_REQUEST['addresses'], -2) == ', ') {
$menulib->remove_menu($_REQUEST['remove']);
}
if (isset($_REQUEST['save'])) {
$access->check_ticket();
if (!isset($_REQUEST['icon'])) {
$_REQUEST['icon'] = null;
}
$_REQUEST['use_items_icons'] = isset($_REQUEST['use_items_icons']) && $_REQUEST['use_items_icons'] == 'on' ? 'y' : 'n';
$_REQUEST['parse'] = isset($_REQUEST['parse']) && $_REQUEST['parse'] == 'on' ? 'y' : 'n';
$menulib->replace_menu($_REQUEST['menuId'], $_REQUEST['name'], $_REQUEST['description'], $_REQUEST['type'], $_REQUEST['icon'], $_REQUEST['use_items_icons'], $_REQUEST['parse']);
$_REQUEST['menuId'] = 0;
$smarty->assign('menuId', 0);
$smarty->assign('info', array('name' => '', 'description' => '', 'type' => 'd', 'icon' => null, 'use_items_icons' => 'n', 'parse' => 'n'));
}
if (isset($_REQUEST['clone']) && $_REQUEST['menuId'] > 0) {
check_ticket('admin-menus');
$menulib->clone_menu($_REQUEST['menuId']);
}
if (isset($_REQUEST['reset'])) {
$access->check_authenticity(tra('Are you sure you want to reset the Application Menu to the current system default?'));
$menulib->reset_app_menu();
}
if (!isset($_REQUEST['sort_mode'])) {
$sort_mode = 'name_desc';
} else {
$sort_mode = $_REQUEST['sort_mode'];
}
$smarty->assign_by_ref('sort_mode', $sort_mode);
if (!isset($_REQUEST['offset'])) {
$offset = 0;
} else {
$questions = TextToQuestions($_REQUEST['input_data']);
foreach ($questions as $question) {
$question_text = $question->getQuestion();
$id = $quizlib->replace_quiz_question(0, $question_text, 'o', $_REQUEST['quizId'], 0);
$temp_max = $question->getChoiceCount();
for ($i = 0; $i < $temp_max; $i++) {
$a = $question->GetChoice($i);
$b = $question->GetCorrect($i);
$quizlib->replace_question_option(0, $a, $b, $id);
}
}
$smarty->assign('question', '');
$smarty->assign('questionId', 0);
}
if (isset($_REQUEST['useQuestion'])) {
check_ticket('edit-quiz-question');
$info = $quizlib->get_quiz_question($_REQUEST['usequestionid']);
$qid = $quizlib->replace_quiz_question(0, $info['question'], $info['type'], $_REQUEST['quizId'], $_REQUEST['position']);
$options = $quizlib->list_quiz_question_options($info['questionId'], 0, -1, 'points_desc', '');
foreach ($options['data'] as $opt) {
$quizlib->replace_question_option(0, $opt['optionText'], $opt['points'], $qid);
}
}
if (!isset($_REQUEST['sort_mode'])) {
$sort_mode = 'position_asc';
} else {
$sort_mode = $_REQUEST['sort_mode'];
}
if (!isset($_REQUEST['offset'])) {
$offset = 0;
} else {
<?php
// (c) Copyright 2002-2012 by authors of the Tiki Wiki CMS Groupware Project
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: include_metrics.php 39469 2012-01-12 21:13:48Z changi67 $
//this script may only be included - so its better to die if called directly.
if (strpos($_SERVER["SCRIPT_NAME"], basename(__FILE__)) !== false) {
header("location: index.php");
exit;
}
check_ticket('admin-inc-metrics');
ask_ticket('admin-inc-metrics');
if ($prefs['change_password'] != 'y') {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("Permission denied"));
$smarty->display("error.tpl");
die;
}
if (!isset($_REQUEST["user"])) {
$_REQUEST["user"] = '';
}
if (!isset($_REQUEST["oldpass"])) {
$_REQUEST["oldpass"] = '';
}
$smarty->assign('userlogin', $_REQUEST["user"]);
$smarty->assign('oldpass', $_REQUEST["oldpass"]);
if (isset($_REQUEST["change"])) {
check_ticket('change-password');
// Check that pass and pass2 match, otherwise display error and exit
if ($_REQUEST["pass"] != $_REQUEST["pass2"]) {
$smarty->assign('msg', tra("The passwords do not match"));
$smarty->display("error.tpl");
die;
}
// Check that new password is different from old password, otherwise display error and exit
if ($_REQUEST["pass"] == $_REQUEST["oldpass"]) {
$smarty->assign('msg', tra("You can not use the same password again"));
$smarty->display("error.tpl");
die;
}
$polerr = $userlib->check_password_policy($_REQUEST["pass"]);
if (strlen($polerr) > 0) {
$smarty->assign('msg', $polerr);
<?php
// (c) Copyright 2002-2013 by authors of the Tiki Wiki CMS Groupware Project
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: tiki-search_stats.php 44444 2013-01-05 21:24:24Z changi67 $
require_once 'tiki-setup.php';
include_once 'lib/search/searchstatslib.php';
//get_strings tra('Search Stats')
$access->check_feature('feature_search_stats');
$access->check_permission('tiki_p_admin');
if (isset($_REQUEST["clear"])) {
check_ticket('search-stats');
$searchstatslib->clear_search_stats();
}
if (!isset($_REQUEST["sort_mode"])) {
$sort_mode = 'hits_desc';
} else {
$sort_mode = $_REQUEST["sort_mode"];
}
if (!isset($_REQUEST["offset"])) {
$offset = 0;
} else {
$offset = $_REQUEST["offset"];
}
$smarty->assign_by_ref('offset', $offset);
if (isset($_REQUEST["find"])) {
$find = $_REQUEST["find"];
} else {
$find = '';
<?php
// $Header: /cvsroot/tikiwiki/tiki/tiki-admin_include_community.php,v 1.1.2.7 2005/04/25 09:34:06 lfagundes Exp $
// Copyright (c) 2002-2005, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
//this script may only be included - so its better to die if called directly.
if (strpos($_SERVER["SCRIPT_NAME"], basename(__FILE__)) !== false) {
header("location: index.php");
exit;
}
if (isset($_REQUEST["mouseoverfeatures"])) {
check_ticket('admin-inc-community');
simple_set_toggle("feature_community_mouseover");
simple_set_toggle("feature_community_mouseover_name");
simple_set_toggle("feature_community_mouseover_picture");
simple_set_toggle("feature_community_mouseover_friends");
simple_set_toggle("feature_community_mouseover_score");
simple_set_toggle("feature_community_mouseover_country");
simple_set_toggle("feature_community_mouseover_email");
simple_set_toggle("feature_community_mouseover_lastlogin");
simple_set_toggle("feature_community_mouseover_distance");
}
/* This is desired future feature
if (isset($_REQUEST["friendshipfeatures"])) {
check_ticket('admin-inc-community');
simple_set_toggle("feature_community_friends_permission");
simple_set_int("feature_community_friends_permission_dep");
}
*/
<?php
// (c) Copyright 2002-2013 by authors of the Tiki Wiki CMS Groupware Project
//
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// $Id: include_blogs.php 44444 2013-01-05 21:24:24Z changi67 $
// This script may only be included - so its better to die if called directly.
if (strpos($_SERVER['SCRIPT_NAME'], basename(__FILE__)) !== false) {
header('location: index.php');
exit;
}
if (isset($_REQUEST['bloglistconf'])) {
check_ticket('admin-inc-blogs');
}
if (isset($_REQUEST['blogcomprefs'])) {
check_ticket('admin-inc-blogs');
}
ask_ticket('admin-inc-blogs');
$smarty->assign_by_ref('blogs', $blogs['data']);
$smarty->assign('hasImage', 'n');
$smarty->assign('imageName', '');
$smarty->assign('imageType', '');
}
if (isset($_REQUEST["removeZone"])) {
$area = 'delbannerzone';
if ($feature_ticketlib2 != 'y' or isset($_POST['daconfirm']) and isset($_SESSION["ticket_{$area}"])) {
key_check($area);
$bannerlib->banner_remove_zone($_REQUEST["removeZone"]);
} else {
key_get($area);
}
}
// Now assign if the set button was pressed
if (isset($_REQUEST["save"]) || isset($_REQUEST["create_zone"])) {
check_ticket('edit-banner');
$fromDate = mktime(0, 0, 0, $_REQUEST["fromDate_Month"], $_REQUEST["fromDate_Day"], $_REQUEST["fromDate_Year"]);
$toDate = mktime(0, 0, 0, $_REQUEST["toDate_Month"], $_REQUEST["toDate_Day"], $_REQUEST["toDate_Year"]);
$fromTime = '' . $_REQUEST["fromTimeHour"] . $_REQUEST["fromTimeMinute"] . '';
$toTime = '' . $_REQUEST["toTimeHour"] . $_REQUEST["toTimeMinute"] . '';
$smarty->assign('fromDate', $fromDate);
$smarty->assign('toDate', $toDate);
$smarty->assign('fromTime', $_REQUEST["fromTimeHour"] . ':' . $_REQUEST["fromTimeMinute"]);
$smarty->assign('toTime', $_REQUEST["toTimeHour"] . ':' . $_REQUEST["toTimeMinute"]);
$smarty->assign('client', $_REQUEST["client"]);
$smarty->assign('maxImpressions', $_REQUEST["maxImpressions"]);
$smarty->assign('HTMLData', $_REQUEST["HTMLData"]);
$smarty->assign('fixedURLData', $_REQUEST["fixedURLData"]);
$smarty->assign('textData', $_REQUEST["textData"]);
if (isset($_REQUEST["zone"])) {
$smarty->assign('zone', $_REQUEST["zone"]);
$menulib->remove_menu_option($id);
}
$maxPos = $menulib->get_max_option($_REQUEST['menuId']);
$smarty->assign('position', $maxPos + 10);
}
if (isset($_REQUEST["save"])) {
if (!isset($_REQUEST['groupname'])) {
$_REQUEST['groupname'] = '';
} elseif (is_array($_REQUEST['groupname'])) {
$_REQUEST['groupname'] = implode(',', $_REQUEST['groupname']);
}
if (!isset($_REQUEST['level'])) {
$_REQUEST['level'] = 0;
}
include_once 'lib/modules/modlib.php';
check_ticket('admin-menu-options');
$menulib->replace_menu_option($_REQUEST["menuId"], $_REQUEST["optionId"], $_REQUEST["name"], $_REQUEST["url"], $_REQUEST["type"], $_REQUEST["position"], $_REQUEST["section"], $_REQUEST["perm"], $_REQUEST["groupname"], $_REQUEST['level'], $_REQUEST['icon']);
$modlib->clear_cache();
$smarty->assign('position', $_REQUEST["position"] + 10);
$smarty->assign('name', '');
$smarty->assign('optionId', 0);
$smarty->assign('url', '');
$smarty->assign('section', '');
$smarty->assign('perm', '');
$smarty->assign('groupname', '');
$smarty->assign('userlevel', 0);
$smarty->assign('type', 'o');
$smarty->assign('icon', '');
$cookietab = 1;
}
if (!isset($_REQUEST["sort_mode"])) {
$info = $minicallib->minical_get_event($user, $_REQUEST["eventId"]);
$info['start'] += $tikilib->get_site_time_difference($user);
$ev_pdate = $info['start'];
$ev_pdate_h = $info['start'];
} else {
$info = array();
$info['title'] = '';
$info['topicId'] = 0;
$info['description'] = '';
$info['start'] = mktime(date("H"), date("i"), date("s"), date("m", $pdate), date("d", $pdate), date("Y", $pdate));
$info['duration'] = 60 * 60;
}
$smarty->assign('ev_pdate', $ev_pdate);
$smarty->assign('ev_pdate_h', $ev_pdate_h);
if (isset($_REQUEST['save'])) {
check_ticket('minical');
$start = mktime($_REQUEST['Time_Hour'], $_REQUEST['Time_Minute'], 0, $_REQUEST['Date_Month'], $_REQUEST['Date_Day'], $_REQUEST['Date_Year']);
$start -= $tikilib->get_site_time_difference($user);
$minicallib->minical_replace_event($user, $_REQUEST["eventId"], $_REQUEST["title"], $_REQUEST["description"], $start, $_REQUEST['duration_hours'] * 60 * 60 + $_REQUEST['duration_minutes'] * 60, $_REQUEST['topicId']);
$info = array();
$info['title'] = '';
$info['topicId'] = 0;
$info['description'] = '';
$info['start'] = mktime(date("h"), date("i"), date("s"), date("m", $pdate), date("d", $pdate), date("Y", $pdate));
$info['duration'] = 60 * 60;
$_REQUEST["eventId"] = 0;
}
$smarty->assign('eventId', $_REQUEST["eventId"]);
$smarty->assign('info', $info);
//Check here the interval for the calendar
if (!isset($_REQUEST['view'])) {
$smarty->assign('url_base', $foo["path"] . "?galleryId={$galleryId}&sort_mode={$sort_mode}" . ($popup ? '&popup=y' : '') . '&imageId=');
$smarty->assign('url_show', $tikilib->httpPrefix() . $foo2);
$imagegallib->add_image_hit($imageId);
$info = $imagegallib->get_image_info($imageId);
$maxgal = $gal_info['maxRows'] * $gal_info['rowImages'];
$smarty->assign('offset', $maxgal ? $offset - $offset % $maxgal : 0);
//$smarty->assign_by_ref('theme',$gal_info["theme"]);
//$smarty->assign('use_theme','y');
if ($prefs['feature_gal_slideshow'] != 'n') {
$headerlib->add_jsfile('lib/imagegals/imagegallib.js', 50);
$listImgId = implode(',', $listImgId);
$smarty->assign('listImgId', $listImgId);
}
// Everybody can browse images
if (isset($_REQUEST["move_image"])) {
check_ticket('browse-image');
if ($tiki_p_admin_galleries != 'y' && (!$user || $user != $gal_info["user"])) {
$smarty->assign('errortype', 401);
$smarty->assign('msg', tra("You do not have permission to move images from this gallery"));
$smarty->display("error.tpl");
die;
}
if (isset($_REQUEST["newname"]) and $_REQUEST["newname"] != $info["name"]) {
if ($imagegallib->edit_image($imageId, $_REQUEST['newname'], $info['description'], $info['lat'], $info['lon'])) {
$info['name'] = $_REQUEST['newname'];
}
}
$imagegallib->move_image($imageId, $_REQUEST["newgalleryId"]);
$info['galleryId'] = $_REQUEST["newgalleryId"];
}
$smarty->assign_by_ref('owner', $gal_info["user"]);
if (isset($_REQUEST["section_events"]) && $_REQUEST["section_events"] == 'on') {
$info["section_events"] = 'y';
} else {
$info["section_events"] = 'n';
}
if (isset($_REQUEST["section_cms"]) && $_REQUEST["section_cms"] == 'on') {
$info["section_cms"] = 'y';
} else {
$info["section_cms"] = 'n';
}
$info["content"] = $_REQUEST["content"];
$info["name"] = $_REQUEST["name"];
$smarty->assign('info', $info);
}
if (isset($_REQUEST["save"])) {
check_ticket('admin-content-templates');
$tid = $templateslib->replace_template($_REQUEST["templateId"], $_REQUEST["name"], $_REQUEST["content"]);
$smarty->assign("templateId", '0');
$info["name"] = '';
$info["content"] = '';
$info["section_cms"] = 'n';
$info["section_wiki"] = 'n';
$info["section_newsletters"] = 'n';
$info["section_events"] = 'n';
$info["section_html"] = 'n';
$smarty->assign('info', $info);
if (isset($_REQUEST["section_html"]) && $_REQUEST["section_html"] == 'on') {
$templateslib->add_template_to_section($tid, 'html');
} else {
$templateslib->remove_template_from_section($tid, 'html');
}
if (isset($_REQUEST["comments_reply_threadId"]) && !empty($_REQUEST["comments_reply_threadId"])) {
$reply_info = $commentslib->get_comment($_REQUEST["comments_reply_threadId"]);
$in_reply_to = $reply_info["message_id"];
} else {
$in_reply_to = '';
}
// Remove HTML tags and empty lines at the end of the posted comment
$_REQUEST["comments_data"] = rtrim(strip_tags($_REQUEST["comments_data"]));
if ($tiki_p_forum_autoapp != 'y' && ($forum_info['approval_type'] == 'queue_all' || !$user && $forum_info['approval_type'] == 'queue_anon')) {
$smarty->assign('was_queued', 'y');
$_REQUEST['was_queued'] = 'y';
$qId = $commentslib->replace_queue(0, $_REQUEST['forumId'], $comments_objectId, $parent_id, $user, $_REQUEST["comments_title"], $_REQUEST["comments_data"], 'n', '', '', $thread_info['title'], $in_reply_to);
// PROCESS ATTACHMENT HERE
if ($qId && isset($_FILES['userfile1']) && !empty($_FILES['userfile1']['name'])) {
if (is_uploaded_file($_FILES['userfile1']['tmp_name'])) {
check_ticket('view-forum');
$fp = fopen($_FILES['userfile1']['tmp_name'], "rb");
$commentslib->add_thread_attachment($forum_info, $qId, $fp, '', $_FILES['userfile1']['name'], $_FILES['userfile1']['type'], $_FILES['userfile1']['size']);
} else {
$smarty->assign('msg', $tikilib->uploaded_file_error($_FILES['userfile1']['error']));
$smarty->display("error.tpl");
die;
}
}
//END ATTACHMENT PROCESSING
} else {
$smarty->assign('was_queued', 'n');
$_REQUEST['was_queued'] = 'n';
if ($_REQUEST["comments_threadId"] == 0) {
$message_id = '';
if (isset($_REQUEST["anonymous_name"])) {
$smarty->assign('faq_info', $faq_info);
if (!isset($_REQUEST["sort_mode"])) {
$sort_mode = 'position_asc,questionId_asc';
} else {
$sort_mode = $_REQUEST["sort_mode"];
}
if (isset($_REQUEST["find"])) {
$find = $_REQUEST["find"];
} else {
$find = '';
}
$smarty->assign('find', $find);
$channels = $faqlib->list_faq_questions($_REQUEST["faqId"], 0, -1, 'position_asc,questionId_asc', $find);
$smarty->assign_by_ref('channels', $channels["data"]);
if (isset($_REQUEST["sugg"])) {
check_ticket('view-faq');
if ($tiki_p_suggest_faq == 'y') {
if (empty($user) && $prefs['feature_antibot'] == 'y' && !$captchalib->validate()) {
$error = $captchalib->getErrors();
$smarty->assign('error', $error);
// Save the pending question and answer if antibot code is wrong
$smarty->assign('pendingquestion', $_REQUEST["suggested_question"]);
$smarty->assign('pendinganswer', $_REQUEST["suggested_answer"]);
} else {
if (!empty($_REQUEST["suggested_question"])) {
$faqlib->add_suggested_faq_question($_REQUEST["faqId"], $_REQUEST["suggested_question"], $_REQUEST["suggested_answer"], $user);
} else {
$error = tra('You must suggest a question; please try again.');
$smarty->assign('error', $error);
// Save the pending answer if question is empty
$smarty->assign('pendinganswer', $_REQUEST["suggested_answer"]);
if ($prefs['feature_wysiwyg'] == 'y' && ($prefs['wysiwyg_default'] == 'y' && !isset($_REQUEST['wysiwyg'])) || isset($_REQUEST['wysiwyg']) && $_REQUEST['wysiwyg'] == 'y') {
$smarty->assign('wysiwyg', 'y');
$is_wysiwyg = true;
} else {
$smarty->assign('wysiwyg', 'n');
$is_wysiwyg = false;
}
if ($postId > 0) {
if (empty($data["data"])) {
$data["data"] = '';
}
$smarty->assign('post_info', $data);
$smarty->assign('data', $data['data']);
$smarty->assign('parsed_data', $tikilib->parse_data($data['data'], array('is_html' => $is_wysiwyg)));
$smarty->assign('blogpriv', $data['priv']);
check_ticket('blog');
$post_images = $bloglib->get_post_images($postId);
$smarty->assign_by_ref('post_images', $post_images);
$cat_type = 'blog post';
$cat_objid = $postId;
if (isset($_REQUEST['lang'])) {
$cat_lang = $_REQUEST['lang'];
}
}
include_once 'freetag_list.php';
$smarty->assign('preview', 'n');
if ($tiki_p_admin != 'y') {
if ($tiki_p_use_HTML != 'y') {
$_REQUEST["allowhtml"] = 'off';
}
}
$info["publishDate"] = $tikilib->now;
}
$smarty->assign('title', $info["title"]);
$smarty->assign('active', $info["active"]);
$smarty->assign('publishDate', $info["publishDate"]);
if (isset($_REQUEST["remove"])) {
$area = 'delpoll';
if ($prefs['feature_ticketlib2'] != 'y' or isset($_POST['daconfirm']) and isset($_SESSION["ticket_{$area}"])) {
key_check($area);
$polllib->remove_poll($_REQUEST["remove"]);
} else {
key_get($area);
}
}
if (isset($_REQUEST["save"])) {
check_ticket('admin-polls');
$publishDate = mktime($_REQUEST["Time_Hour"], $_REQUEST["Time_Minute"], 0, $_REQUEST["Date_Month"], $_REQUEST["Date_Day"], $_REQUEST["Date_Year"]);
$pid = $polllib->replace_poll($_REQUEST["pollId"], $_REQUEST["title"], $_REQUEST["active"], $publishDate);
$cat_type = 'poll';
$cat_objid = $pid;
$cat_desc = substr($_REQUEST["title"], 0, 200);
$cat_name = $_REQUEST["title"];
$cat_href = "tiki-poll_results.php?pollId=" . $cat_objid;
include_once "categorize.php";
}
if (isset($_REQUEST['addPoll']) && !empty($_REQUEST['poll_template']) && !empty($_REQUEST['pages'])) {
global $wikilib;
include_once 'lib/wiki/wikilib.php';
global $categlib;
include_once 'lib/categories/categlib.php';
$cat_type = 'wiki page';
$_SESSION['show_submitted'] = true;
} else {
$_SESSION['show_submitted'] = false;
}
if (isset($_REQUEST['show_shared'])) {
$_SESSION['show_shared'] = true;
} else {
$_SESSION['show_shared'] = false;
}
if (isset($_REQUEST['show_admin'])) {
$_SESSION['show_admin'] = true;
} else {
$_SESSION['show_admin'] = false;
}
if (isset($_REQUEST['tasks_maxRecords'])) {
check_ticket('user-prefs');
$tikilib->set_user_preference($user, 'tasks_maxRecords', $_REQUEST['tasks_maxRecords']);
}
}
if ($task_admin and isset($_REQUEST["admin_mode"]) and $task_admin) {
$admin_mode = true;
$_SESSION['admin_mode'] = true;
}
if ($task_admin and isset($_REQUEST["admin_mode_off"])) {
$admin_mode = false;
$_SESSION['admin_mode'] = false;
}
if ($_SESSION['admin_mode'] and $task_admin) {
$admin_mode = true;
$smarty->assign('admin_mode', $admin_mode);
} else {
