$requested_cats[$value] = true;
}
}
if (empty($archive)) {
$news_file = SERVDIR . "/cdata/news.txt";
$comm_file = SERVDIR . "/cdata/comments.txt";
} elseif (is_numeric($archive)) {
$news_file = SERVDIR . "/cdata/archives/{$archive}.news.arch";
$comm_file = SERVDIR . "/cdata/archives/{$archive}.comments.arch";
} else {
die_stat(false, "Archive variable is invalid");
}
if ($subaction == "" or !isset($subaction)) {
$user_query = cute_query_string($QUERY_STRING, array("start_from", "archive", "subaction", "id", "ucat"));
if (!($handle = opendir(SERVDIR . "/cdata/archives"))) {
die_stat(false, "Cannot open directory " . SERVDIR . "/cdata/archives ");
}
while (false !== ($file = readdir($handle))) {
$file_arr = explode(".", $file);
if ($file != "." and $file != ".." and $file_arr[1] == "news") {
$arch_arr[] = $file_arr[0];
}
}
closedir($handle);
if (is_array($arch_arr)) {
$arch_arr = array_reverse($arch_arr);
foreach ($arch_arr as $arch_file) {
$news_lines = file(SERVDIR . "/cdata/archives/{$arch_file}.news.arch");
$count = count($news_lines);
$last = $count - 1;
$first_news_arr = explode("|", $news_lines[$last]);
if (!defined('INIT_INSTANCE')) {
die('Access restricted');
}
if ($member_db[UDB_ACL] != ACL_LEVEL_ADMIN) {
msg("error", "Access Denied", "You don't have permission for this section");
}
// ********************************************************************************
// Add IP
// ********************************************************************************
if ($action == "add" or $action == "quickadd") {
if (!empty($add_ip)) {
user_addban($add_ip);
}
// from editcomments
if ($action == "quickadd") {
die_stat(false, str_replace('%1', $add_ip, lang('The IP %1 is now banned from commenting')));
}
} elseif ($action == "remove") {
if (empty($remove_ip)) {
msg("error", lang('Error!'), lang("The IP or nick cannot be blank"), '#GOBACK');
}
user_remove_ban($remove_ip);
}
// ********************************************************************************
// List all IP
// ********************************************************************************
echoheader("options", lang("Blocking IP / Nickname"), make_breadcrumbs('main/options=options/Block IP or nickname'));
$c = 0;
$iplist = array();
// read all lines
$ips = fopen(SERVDIR . '/cdata/ipban.db.php', 'r');
$output = "<select size=1 name=\"{$name}\">\r\n";
foreach ($options as $value => $description) {
$output .= "<option value=\"{$value}\"";
if ($selected == $value) {
$output .= " selected ";
}
$output .= ">{$description}</option>\n";
}
$output .= "</select>";
return $output;
}
// ---------- show options
echoheader("options", lang("System Configuration"), make_breadcrumbs($bc));
echo proc_tpl('options/syscon.top', array('add_fields' => hook('field_options_buttons')));
if (!($handle = opendir(SERVDIR . "/skins"))) {
die_stat(false, "Can not open directory ./skins ");
}
while (false !== ($file = readdir($handle))) {
$file_arr = explode(".", $file);
if ($file_arr[1] == "skin") {
$sys_con_skins_arr[$file_arr[0]] = $file_arr[0];
} elseif ($file_arr[1] == "lang") {
$sys_con_langs_arr[$file_arr[0]] = $file_arr[0];
}
}
closedir($handle);
// News
if (is_dir(SERVDIR . '/core/ckeditor')) {
$ckeditorEnabled = makeDropDown(array("no" => "No", 'ckeditor' => 'CKEditor'), "save_con[use_wysiwyg]", $config_use_wysiwyg);
} else {
$ckeditorEnabled = makeDropDown(array("no" => "No"), "save_con[use_wysiwyg]", $config_use_wysiwyg);
}
echo str_replace(array('{appID}', '{fbi18n}'), array($config_fb_appid, $config_fb_i18n), read_tpl('fb_comments'));
$_CACHE['__first_time__'] = true;
}
// use static path to all links
if (empty($static_path) == false) {
$PHP_SELF = $static_path;
}
// Linked cats
if (isset($_GET['cid']) && $_GET['cid']) {
$category = $_GET['cid'];
}
hook('show_news_init');
// Prepare requested categories
if (preg_match('/[a-z]/i', $category)) {
die_stat(false, "<b>Error</b>!<br>CuteNews has detected that you use \$category = \"" . htmlspecialchars($category) . "\";\n but you can call the categories only with their <b>ID</b> numbers and not with names<br>example:<br>\n <blockquote><?PHP<br>\$category = \"1\";<br>include(\"path/to/show_news.php\");<br>?></blockquote>");
}
$requested_cats = array();
$archive = preg_replace('~[^0-9]~', '', $archive);
$category = preg_replace("/\\s/", "", $category);
$save_archive = $archive;
foreach (spsep($category) as $value) {
if ($value) {
$requested_cats[$value] = true;
}
}
if ($archive) {
$news_file = SERVDIR . "/cdata/archives/{$archive}.news.arch";
$comm_file = SERVDIR . "/cdata/archives/{$archive}.comments.arch";
} else {
$news_file = SERVDIR . "/cdata/news.txt";
<?php
$NotHeaders = true;
require_once 'core/init.php';
include 'core/loadenv.php';
// plugin tells us: he is fork, stop
if (hook('fork_search', false)) {
return;
}
// Check including
$Uri = '//' . dirname($_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
if (strpos($config_http_script_dir, $Uri) !== false && strpos($PHP_SELF, 'search.php') !== false) {
die_stat(403, 'Wrong including search.php! Check manual to get more information about this issue.');
}
// Autodate
if (empty($from_date_day)) {
$from_date_day = intval(date('d'));
}
if (empty($from_date_month)) {
$from_date_month = date('m');
}
if (empty($from_date_year)) {
$from_date_year = 2003;
}
if (empty($to_date_day)) {
$to_date_day = intval(date('d', time() + 3600 * 24));
}
if (empty($to_date_month)) {
$to_date_month = date('m');
}
if (empty($to_date_year)) {
} else {
msg('info', lang('Permissions error'), proc_tpl('main/perms'));
}
}
// Check previous versions
$data_folder_exists = is_dir(SERVDIR . '/data') ? 1 : 0;
// ----------------------------------------
echoheader("home", lang("Welcome"));
if (!is_readable(SERVDIR . "/cdata/archives")) {
die_stat(false, lang("Cannot open directory `archives` for reading, check if it exists or is properly CHMOD'ed"));
}
if (!is_readable(SERVDIR . "/cdata/news.txt")) {
die_stat(false, lang("Cannot open file news.txt for reading, check if it exists or is properly CHMOD'ed"));
}
if (!is_readable(SERVDIR . "/cdata/comments.txt")) {
die_stat(false, lang("Cannot open file comments.txt for reading, check if it exists or is properly CHMOD'ed"));
}
// Some Stats
$count_postponed_news = 0;
$count_unapproved_news = 0;
$todaynews = 0;
$count_comments = 0;
$count_my_news = 0;
$count_new_news = 0;
$news_db = file(SERVDIR . "/cdata/news.txt");
foreach ($news_db as $line) {
$item_db = explode("|", $line);
$itemdate = date("d/m/y", $item_db[0]);
if ($itemdate == date("d/m/y", time() + $config_date_adjust * 60)) {
$todaynews++;
if ($item_db[1] == $member_db[UDB_NAME]) {
extract($_COOKIE, EXTR_SKIP);
}
if (isset($_POST)) {
extract($_POST, EXTR_SKIP);
}
if (isset($_GET)) {
extract($_GET, EXTR_SKIP);
}
//-------------------
// Sanitize Variables
//-------------------
if (isset($template) and $template and !preg_match('/^[_a-zA-Z0-9-]{1,}$/', $template)) {
die_stat(503, 'invalid template characters');
}
if (isset($archive) and $archive and !preg_match('/^[_a-zA-Z0-9-]{1,}$/', $archive)) {
die_stat(503, 'invalid archive characters');
}
$a7f89abdcf9324b3 = "";
$phpversion = phpversion();
$config_version_name = "CuteNews v" . VERSION;
$config_version_id = VERSION_ID;
$comm_start_from = htmlspecialchars($comm_start_from);
$start_from = htmlspecialchars($start_from);
$archive = htmlspecialchars(trim($archive));
$subaction = htmlspecialchars(trim($subaction));
$id = htmlspecialchars($id);
$ucat = htmlspecialchars($ucat);
$number = htmlspecialchars($number);
$template = htmlspecialchars($template);
$show = htmlspecialchars($show);
// Only if not exists or PHP_SELF is empty
echo '<div class="fb-comments" data-href="' . $config_http_script_dir . '/router.php?subaction=showfull&id=' . $news_arr[0] . '" data-num-posts="' . $config_fb_comments . '" data-width="' . $config_fb_box_width . '"></div>';
}
// Includes for bottom of activenews
echo hook('additional_include_activenews');
if ($number and $number == $i) {
break;
}
}
// External archive $archive is already used
$archives_arr = array();
$used_archives[$archive] = true;
// Archives Loop [IF $only_active = false]
if ($i < $number and empty($only_active)) {
// get archives ids
if (!($handle = opendir(SERVDIR . "/cdata/archives"))) {
die_stat(false, '<div class="cutenews-warning">' . lang('Can not open directory') . ' ' . SERVDIR . '/cdata/archives</div>');
}
while (false !== ($file = readdir($handle))) {
if ($file != "." and $file != ".." and substr($file, -9) == 'news.arch') {
list($archid) = explode(".", $file);
if (empty($used_archives[$archid])) {
$archives_arr[$archid] = $archid;
}
}
}
closedir($handle);
// get max archive id to show
if (count($archives_arr) > 0) {
$in_use = max($archives_arr);
} else {
$in_use = false;
}
mkdir(SERVDIR . "/cdata/backup/{$backup}", 0777);
mkdir(SERVDIR . "/cdata/backup/{$backup}/archives", 0777);
if (!copy(SERVDIR . "/cdata/news.txt", SERVDIR . "/cdata/backup/{$backup}/news.txt")) {
die_stat(false, lang("Cannot copy news.txt file to") . " ./cdata/backup/{$backup} :(");
}
if (!copy(SERVDIR . "/cdata/comments.txt", SERVDIR . "/cdata/backup/{$backup}/comments.txt")) {
die_stat(false, lang("Cannot copy comments.txt file to") . " ./cdata/backup/{$backup} :(");
}
if (!($handle = opendir(SERVDIR . "/cdata/archives"))) {
die_stat(false, lang("Cannot create file"));
}
while (false !== ($file = readdir($handle))) {
if ($file != "." and $file != "..") {
if (!copy(SERVDIR . "/cdata/archives/{$file}", SERVDIR . "/cdata/backup/{$backup}/archives/{$file}")) {
die_stat(false, lang("Cannot copy archive file to") . " ./cdata/backup/{$backup}/archives/{$file} :(");
}
}
}
closedir($handle);
msg("info", lang("Backup"), lang("All news and archives were successfully backed up under directory") . " './cdata/backup/{$backup}'", "#GOBACK");
} elseif ($action == 'userlog') {
echoheader("options", lang("User log"), make_breadcrumbs('main/options/=' . lang('User log')));
list($year_s, $month_s, $day_s, $hour_s) = GET('year_s,month_s,day_s,hour_s', 'GET');
list($year_e, $month_e, $day_e, $hour_e) = GET('year_e,month_e,day_e,hour_e', 'GET');
list($per) = GET('per', 'GET');
// make default date filter
$year_s = $year_s ? intval($year_s) : date('Y');
$month_s = $month_s ? intval($month_s) : date('m');
$day_s = $day_s ? intval($day_s) : date('d');
$hour_s = $hour_s ? intval($hour_s) : 0;
}
$time = time() + $config_date_adjust * 60;
//----------------------------------
// Hook comment checker
// if hook return TRUE, exit
//----------------------------------
if (hook('add_comment_checker', FALSE)) {
return FALSE;
}
//----------------------------------
// Add The Comment ... Go Go GO!
//----------------------------------
$old_comments = file($comm_file);
$new_comments = fopen($comm_file, "w");
if (!$new_comments) {
die_stat(503, lang('System error. Try again'));
}
flock($new_comments, LOCK_EX);
$found = FALSE;
foreach ($old_comments as $old_comments_line) {
$old_comments_arr = explode("|>|", $old_comments_line);
if ($old_comments_arr[0] == $id) {
$old_comments_arr[1] = trim($old_comments_arr[1]);
fwrite($new_comments, "{$old_comments_arr['0']}|>|{$old_comments_arr['1']}{$time}|{$name}|{$mail}|{$ip}|{$comments}||\n");
$found = TRUE;
} else {
// if we do not have the news ID in the comments.txt we are not doing anything (see comment below) (must make sure the news ID is valid)
fwrite($new_comments, $old_comments_line);
}
}
// If id news for comment not found, add new id
// ********************************************************************************
// Include System Module
// ********************************************************************************
//name of mod //access
$system_modules = array('addnews' => 'user', 'editnews' => 'user', 'main' => 'user', 'options' => 'user', 'images' => 'user', 'editusers' => 'admin', 'editcomments' => 'admin', 'tools' => 'admin', 'ipban' => 'admin', 'about' => 'user', 'categories' => 'admin', 'massactions' => 'user', 'help' => 'user', 'debug' => 'admin', 'wizards' => 'admin', 'update' => 'user', 'rating' => 'user');
list($system_modules, $mod, $stop) = hook('system_modules_expand', array($system_modules, $mod, false));
// Plugin tells us: don't show anything, stop
if ($stop == false) {
if ($mod == false) {
require SERVDIR . "/inc/main.php";
} elseif ($system_modules[$mod]) {
if ($mod == 'rating') {
require SERVDIR . "/inc/ratings.php";
} elseif ($member_db[UDB_ACL] == ACL_LEVEL_COMMENTER and $mod != 'options' and $mod != 'update') {
relocation($config_http_script_dir . "/index.php?mod=options&action=personal");
} elseif ($system_modules[$mod] == "user") {
require SERVDIR . "/inc/" . $mod . ".php";
} elseif ($system_modules[$mod] == "admin" and $member_db[UDB_ACL] == ACL_LEVEL_ADMIN) {
require SERVDIR . "/inc/" . $mod . ".php";
} elseif ($system_modules[$mod] == "admin" and $member_db[UDB_ACL] != ACL_LEVEL_ADMIN) {
msg("error", lang("Access denied"), "Only admin can access this module");
} else {
die("Module access must be set to <b>user</b> or <b>admin</b>");
}
} else {
add_to_log($username, 'Module ' . htmlspecialchars($mod) . ' not valid');
die_stat(false, htmlspecialchars($mod) . " is NOT a valid module");
}
}
}
exec_time();
include 'core/init.php';
include 'core/loadenv.php';
require_once SERVDIR . '/skins/' . $config_skin . '.skin.php';
// plugin tells us: he is fork, stop
if (hook('fork_register', false)) {
return;
}
// Check if CuteNews is not installed
$fp = fopen(SERVDIR . "/cdata/users.db.php", 'r');
fgets($fp);
$user = trim(fgets($fp));
fclose($fp);
if ($user == false) {
if (!file_exists(SERVDIR . "/inc/install.php")) {
die_stat(false, '<h2>Error!</h2>CuteNews detected that you do not have users in your users.db.php file and wants to run the install module.<br>However, the install module (<b>./inc/install.php</b>) can not be located, please reupload this file and make sure you set the proper permissions so the installation can continue.');
}
require SERVDIR . "/inc/install.php";
die;
}
$register_level = $config_registration_level;
$user_arr = user_search($regusername);
// sanitize
if ($action == "doregister") {
if ($config_allow_registration != "yes") {
msg("error", lang('Error!'), lang("User registration is disabled"), '#GOBACK');
}
if (!$regusername) {
msg("error", lang('Error!'), lang("Username can not be blank"), '#GOBACK');
}
if (!$regpassword) {
