$requested_cats[$value] = true; } } if (empty($archive)) { $news_file = SERVDIR . "/cdata/news.txt"; $comm_file = SERVDIR . "/cdata/comments.txt"; } elseif (is_numeric($archive)) { $news_file = SERVDIR . "/cdata/archives/{$archive}.news.arch"; $comm_file = SERVDIR . "/cdata/archives/{$archive}.comments.arch"; } else { die_stat(false, "Archive variable is invalid"); } if ($subaction == "" or !isset($subaction)) { $user_query = cute_query_string($QUERY_STRING, array("start_from", "archive", "subaction", "id", "ucat")); if (!($handle = opendir(SERVDIR . "/cdata/archives"))) { die_stat(false, "Cannot open directory " . SERVDIR . "/cdata/archives "); } while (false !== ($file = readdir($handle))) { $file_arr = explode(".", $file); if ($file != "." and $file != ".." and $file_arr[1] == "news") { $arch_arr[] = $file_arr[0]; } } closedir($handle); if (is_array($arch_arr)) { $arch_arr = array_reverse($arch_arr); foreach ($arch_arr as $arch_file) { $news_lines = file(SERVDIR . "/cdata/archives/{$arch_file}.news.arch"); $count = count($news_lines); $last = $count - 1; $first_news_arr = explode("|", $news_lines[$last]);
if (!defined('INIT_INSTANCE')) { die('Access restricted'); } if ($member_db[UDB_ACL] != ACL_LEVEL_ADMIN) { msg("error", "Access Denied", "You don't have permission for this section"); } // ******************************************************************************** // Add IP // ******************************************************************************** if ($action == "add" or $action == "quickadd") { if (!empty($add_ip)) { user_addban($add_ip); } // from editcomments if ($action == "quickadd") { die_stat(false, str_replace('%1', $add_ip, lang('The IP %1 is now banned from commenting'))); } } elseif ($action == "remove") { if (empty($remove_ip)) { msg("error", lang('Error!'), lang("The IP or nick cannot be blank"), '#GOBACK'); } user_remove_ban($remove_ip); } // ******************************************************************************** // List all IP // ******************************************************************************** echoheader("options", lang("Blocking IP / Nickname"), make_breadcrumbs('main/options=options/Block IP or nickname')); $c = 0; $iplist = array(); // read all lines $ips = fopen(SERVDIR . '/cdata/ipban.db.php', 'r');
$output = "<select size=1 name=\"{$name}\">\r\n"; foreach ($options as $value => $description) { $output .= "<option value=\"{$value}\""; if ($selected == $value) { $output .= " selected "; } $output .= ">{$description}</option>\n"; } $output .= "</select>"; return $output; } // ---------- show options echoheader("options", lang("System Configuration"), make_breadcrumbs($bc)); echo proc_tpl('options/syscon.top', array('add_fields' => hook('field_options_buttons'))); if (!($handle = opendir(SERVDIR . "/skins"))) { die_stat(false, "Can not open directory ./skins "); } while (false !== ($file = readdir($handle))) { $file_arr = explode(".", $file); if ($file_arr[1] == "skin") { $sys_con_skins_arr[$file_arr[0]] = $file_arr[0]; } elseif ($file_arr[1] == "lang") { $sys_con_langs_arr[$file_arr[0]] = $file_arr[0]; } } closedir($handle); // News if (is_dir(SERVDIR . '/core/ckeditor')) { $ckeditorEnabled = makeDropDown(array("no" => "No", 'ckeditor' => 'CKEditor'), "save_con[use_wysiwyg]", $config_use_wysiwyg); } else { $ckeditorEnabled = makeDropDown(array("no" => "No"), "save_con[use_wysiwyg]", $config_use_wysiwyg);
} echo str_replace(array('{appID}', '{fbi18n}'), array($config_fb_appid, $config_fb_i18n), read_tpl('fb_comments')); $_CACHE['__first_time__'] = true; } // use static path to all links if (empty($static_path) == false) { $PHP_SELF = $static_path; } // Linked cats if (isset($_GET['cid']) && $_GET['cid']) { $category = $_GET['cid']; } hook('show_news_init'); // Prepare requested categories if (preg_match('/[a-z]/i', $category)) { die_stat(false, "<b>Error</b>!<br>CuteNews has detected that you use \$category = \"" . htmlspecialchars($category) . "\";\n but you can call the categories only with their <b>ID</b> numbers and not with names<br>example:<br>\n <blockquote><?PHP<br>\$category = \"1\";<br>include(\"path/to/show_news.php\");<br>?></blockquote>"); } $requested_cats = array(); $archive = preg_replace('~[^0-9]~', '', $archive); $category = preg_replace("/\\s/", "", $category); $save_archive = $archive; foreach (spsep($category) as $value) { if ($value) { $requested_cats[$value] = true; } } if ($archive) { $news_file = SERVDIR . "/cdata/archives/{$archive}.news.arch"; $comm_file = SERVDIR . "/cdata/archives/{$archive}.comments.arch"; } else { $news_file = SERVDIR . "/cdata/news.txt";
<?php $NotHeaders = true; require_once 'core/init.php'; include 'core/loadenv.php'; // plugin tells us: he is fork, stop if (hook('fork_search', false)) { return; } // Check including $Uri = '//' . dirname($_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); if (strpos($config_http_script_dir, $Uri) !== false && strpos($PHP_SELF, 'search.php') !== false) { die_stat(403, 'Wrong including search.php! Check manual to get more information about this issue.'); } // Autodate if (empty($from_date_day)) { $from_date_day = intval(date('d')); } if (empty($from_date_month)) { $from_date_month = date('m'); } if (empty($from_date_year)) { $from_date_year = 2003; } if (empty($to_date_day)) { $to_date_day = intval(date('d', time() + 3600 * 24)); } if (empty($to_date_month)) { $to_date_month = date('m'); } if (empty($to_date_year)) {
} else { msg('info', lang('Permissions error'), proc_tpl('main/perms')); } } // Check previous versions $data_folder_exists = is_dir(SERVDIR . '/data') ? 1 : 0; // ---------------------------------------- echoheader("home", lang("Welcome")); if (!is_readable(SERVDIR . "/cdata/archives")) { die_stat(false, lang("Cannot open directory `archives` for reading, check if it exists or is properly CHMOD'ed")); } if (!is_readable(SERVDIR . "/cdata/news.txt")) { die_stat(false, lang("Cannot open file news.txt for reading, check if it exists or is properly CHMOD'ed")); } if (!is_readable(SERVDIR . "/cdata/comments.txt")) { die_stat(false, lang("Cannot open file comments.txt for reading, check if it exists or is properly CHMOD'ed")); } // Some Stats $count_postponed_news = 0; $count_unapproved_news = 0; $todaynews = 0; $count_comments = 0; $count_my_news = 0; $count_new_news = 0; $news_db = file(SERVDIR . "/cdata/news.txt"); foreach ($news_db as $line) { $item_db = explode("|", $line); $itemdate = date("d/m/y", $item_db[0]); if ($itemdate == date("d/m/y", time() + $config_date_adjust * 60)) { $todaynews++; if ($item_db[1] == $member_db[UDB_NAME]) {
extract($_COOKIE, EXTR_SKIP); } if (isset($_POST)) { extract($_POST, EXTR_SKIP); } if (isset($_GET)) { extract($_GET, EXTR_SKIP); } //------------------- // Sanitize Variables //------------------- if (isset($template) and $template and !preg_match('/^[_a-zA-Z0-9-]{1,}$/', $template)) { die_stat(503, 'invalid template characters'); } if (isset($archive) and $archive and !preg_match('/^[_a-zA-Z0-9-]{1,}$/', $archive)) { die_stat(503, 'invalid archive characters'); } $a7f89abdcf9324b3 = ""; $phpversion = phpversion(); $config_version_name = "CuteNews v" . VERSION; $config_version_id = VERSION_ID; $comm_start_from = htmlspecialchars($comm_start_from); $start_from = htmlspecialchars($start_from); $archive = htmlspecialchars(trim($archive)); $subaction = htmlspecialchars(trim($subaction)); $id = htmlspecialchars($id); $ucat = htmlspecialchars($ucat); $number = htmlspecialchars($number); $template = htmlspecialchars($template); $show = htmlspecialchars($show); // Only if not exists or PHP_SELF is empty
echo '<div class="fb-comments" data-href="' . $config_http_script_dir . '/router.php?subaction=showfull&id=' . $news_arr[0] . '" data-num-posts="' . $config_fb_comments . '" data-width="' . $config_fb_box_width . '"></div>'; } // Includes for bottom of activenews echo hook('additional_include_activenews'); if ($number and $number == $i) { break; } } // External archive $archive is already used $archives_arr = array(); $used_archives[$archive] = true; // Archives Loop [IF $only_active = false] if ($i < $number and empty($only_active)) { // get archives ids if (!($handle = opendir(SERVDIR . "/cdata/archives"))) { die_stat(false, '<div class="cutenews-warning">' . lang('Can not open directory') . ' ' . SERVDIR . '/cdata/archives</div>'); } while (false !== ($file = readdir($handle))) { if ($file != "." and $file != ".." and substr($file, -9) == 'news.arch') { list($archid) = explode(".", $file); if (empty($used_archives[$archid])) { $archives_arr[$archid] = $archid; } } } closedir($handle); // get max archive id to show if (count($archives_arr) > 0) { $in_use = max($archives_arr); } else { $in_use = false;
} mkdir(SERVDIR . "/cdata/backup/{$backup}", 0777); mkdir(SERVDIR . "/cdata/backup/{$backup}/archives", 0777); if (!copy(SERVDIR . "/cdata/news.txt", SERVDIR . "/cdata/backup/{$backup}/news.txt")) { die_stat(false, lang("Cannot copy news.txt file to") . " ./cdata/backup/{$backup} :("); } if (!copy(SERVDIR . "/cdata/comments.txt", SERVDIR . "/cdata/backup/{$backup}/comments.txt")) { die_stat(false, lang("Cannot copy comments.txt file to") . " ./cdata/backup/{$backup} :("); } if (!($handle = opendir(SERVDIR . "/cdata/archives"))) { die_stat(false, lang("Cannot create file")); } while (false !== ($file = readdir($handle))) { if ($file != "." and $file != "..") { if (!copy(SERVDIR . "/cdata/archives/{$file}", SERVDIR . "/cdata/backup/{$backup}/archives/{$file}")) { die_stat(false, lang("Cannot copy archive file to") . " ./cdata/backup/{$backup}/archives/{$file} :("); } } } closedir($handle); msg("info", lang("Backup"), lang("All news and archives were successfully backed up under directory") . " './cdata/backup/{$backup}'", "#GOBACK"); } elseif ($action == 'userlog') { echoheader("options", lang("User log"), make_breadcrumbs('main/options/=' . lang('User log'))); list($year_s, $month_s, $day_s, $hour_s) = GET('year_s,month_s,day_s,hour_s', 'GET'); list($year_e, $month_e, $day_e, $hour_e) = GET('year_e,month_e,day_e,hour_e', 'GET'); list($per) = GET('per', 'GET'); // make default date filter $year_s = $year_s ? intval($year_s) : date('Y'); $month_s = $month_s ? intval($month_s) : date('m'); $day_s = $day_s ? intval($day_s) : date('d'); $hour_s = $hour_s ? intval($hour_s) : 0;
} $time = time() + $config_date_adjust * 60; //---------------------------------- // Hook comment checker // if hook return TRUE, exit //---------------------------------- if (hook('add_comment_checker', FALSE)) { return FALSE; } //---------------------------------- // Add The Comment ... Go Go GO! //---------------------------------- $old_comments = file($comm_file); $new_comments = fopen($comm_file, "w"); if (!$new_comments) { die_stat(503, lang('System error. Try again')); } flock($new_comments, LOCK_EX); $found = FALSE; foreach ($old_comments as $old_comments_line) { $old_comments_arr = explode("|>|", $old_comments_line); if ($old_comments_arr[0] == $id) { $old_comments_arr[1] = trim($old_comments_arr[1]); fwrite($new_comments, "{$old_comments_arr['0']}|>|{$old_comments_arr['1']}{$time}|{$name}|{$mail}|{$ip}|{$comments}||\n"); $found = TRUE; } else { // if we do not have the news ID in the comments.txt we are not doing anything (see comment below) (must make sure the news ID is valid) fwrite($new_comments, $old_comments_line); } } // If id news for comment not found, add new id
// ******************************************************************************** // Include System Module // ******************************************************************************** //name of mod //access $system_modules = array('addnews' => 'user', 'editnews' => 'user', 'main' => 'user', 'options' => 'user', 'images' => 'user', 'editusers' => 'admin', 'editcomments' => 'admin', 'tools' => 'admin', 'ipban' => 'admin', 'about' => 'user', 'categories' => 'admin', 'massactions' => 'user', 'help' => 'user', 'debug' => 'admin', 'wizards' => 'admin', 'update' => 'user', 'rating' => 'user'); list($system_modules, $mod, $stop) = hook('system_modules_expand', array($system_modules, $mod, false)); // Plugin tells us: don't show anything, stop if ($stop == false) { if ($mod == false) { require SERVDIR . "/inc/main.php"; } elseif ($system_modules[$mod]) { if ($mod == 'rating') { require SERVDIR . "/inc/ratings.php"; } elseif ($member_db[UDB_ACL] == ACL_LEVEL_COMMENTER and $mod != 'options' and $mod != 'update') { relocation($config_http_script_dir . "/index.php?mod=options&action=personal"); } elseif ($system_modules[$mod] == "user") { require SERVDIR . "/inc/" . $mod . ".php"; } elseif ($system_modules[$mod] == "admin" and $member_db[UDB_ACL] == ACL_LEVEL_ADMIN) { require SERVDIR . "/inc/" . $mod . ".php"; } elseif ($system_modules[$mod] == "admin" and $member_db[UDB_ACL] != ACL_LEVEL_ADMIN) { msg("error", lang("Access denied"), "Only admin can access this module"); } else { die("Module access must be set to <b>user</b> or <b>admin</b>"); } } else { add_to_log($username, 'Module ' . htmlspecialchars($mod) . ' not valid'); die_stat(false, htmlspecialchars($mod) . " is NOT a valid module"); } } } exec_time();
include 'core/init.php'; include 'core/loadenv.php'; require_once SERVDIR . '/skins/' . $config_skin . '.skin.php'; // plugin tells us: he is fork, stop if (hook('fork_register', false)) { return; } // Check if CuteNews is not installed $fp = fopen(SERVDIR . "/cdata/users.db.php", 'r'); fgets($fp); $user = trim(fgets($fp)); fclose($fp); if ($user == false) { if (!file_exists(SERVDIR . "/inc/install.php")) { die_stat(false, '<h2>Error!</h2>CuteNews detected that you do not have users in your users.db.php file and wants to run the install module.<br>However, the install module (<b>./inc/install.php</b>) can not be located, please reupload this file and make sure you set the proper permissions so the installation can continue.'); } require SERVDIR . "/inc/install.php"; die; } $register_level = $config_registration_level; $user_arr = user_search($regusername); // sanitize if ($action == "doregister") { if ($config_allow_registration != "yes") { msg("error", lang('Error!'), lang("User registration is disabled"), '#GOBACK'); } if (!$regusername) { msg("error", lang('Error!'), lang("Username can not be blank"), '#GOBACK'); } if (!$regpassword) {