function edit_pic_views_after_edit_file($pid) { global $CONFIG; $hits = get_post_var('hits', $pid); if (is_numeric($hits) && $hits >= 0) { cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET hits = '{$hits}' WHERE pid = {$pid} LIMIT 1"); } }
function load_shared_user_schedules() { global $global_user; global $maindb; // get some values $s_year = get_post_var("year"); $s_semester = get_post_var("semester"); // get the set of usernames and ids $a_queryvars = array("database" => $maindb, "table" => "students", "disabled" => "0"); $s_querystring = "SELECT `username`,`id` FROM `[database]`.`[table]` WHERE `disabled`='[disabled]'"; $user_data = db_query($s_querystring, $a_queryvars); // get the users that shared their schedules with this user $a_queryvars = array("database" => $maindb, "table" => "user_settings", "id" => $global_user->get_id()); $s_querystring = "SELECT GROUP_CONCAT(`user_id`,',') AS `ids` FROM `[database]`.`[table]` WHERE `share_schedule_with` LIKE '%|[id]|%'"; $can_view_db = db_query($s_querystring, $a_queryvars); $can_view_db = explode(",", $can_view_db[0]["ids"]); $can_view = array(); for ($i = 0; $i < count($can_view_db); $i++) { $can_view_db[$i] = intval($can_view_db[$i]); } // get the users that can view this user's schedule $shared_with_db = $global_user->get_schedule_shared_users(); $shared_with = array(); // translate user ids to usernames for ($i = 0; $i < count($user_data); $i++) { $id = intval($user_data[$i]["id"]); $username = $user_data[$i]["username"]; if (in_array($id, $can_view_db)) { $user = user::load_user_by_id($id, FALSE); if ($user !== null) { $can_view[] = $user; } } if (in_array($id, $shared_with_db)) { $shared_with[] = $username; } } // build the return value $retval = new stdClass(); $retval->sharedUsers = new stdClass(); $retval->otherUserSchedules = array(); for ($i = 0; $i < count($shared_with); $i++) { $retval->sharedUsers->{$shared_with}[$i] = TRUE; } for ($i = 0; $i < count($can_view); $i++) { $retval->otherUserSchedules[$i] = new stdClass(); $retval->otherUserSchedules[$i]->username = $can_view[$i]->get_name(); $a_classes = $can_view[$i]->get_user_classes($s_year, $s_semester); $a_crns = array(); for ($j = 0; $j < count($a_classes); $j++) { $a_crns[] = $a_classes[$j]->crn; } $retval->otherUserSchedules[$i]->schedule = $a_crns; } // return the return value return json_encode(array(new command("success", $retval))); }
function enable_account() { global $maindb; global $mysqli; $username = get_post_var("username"); $query = db_query("UPDATE `{$maindb}`.`students` SET `disabled`='0' WHERE `username`='[username]'", array("username" => $username)); if ($query !== FALSE && $mysqli->affected_rows > 0) { return json_encode(array(new command("print success", "The account has been enabled. Reload the page to see the affects of the changes."))); } return json_encode(array(new command("print failure", "Failed to enable account \"{$username}\"."))); }
function gu_sender_test() { // Get current settings, which may not have been saved $use_smtp = is_post_var('use_smtp'); $smtp_server = get_post_var('smtp_server'); $smtp_port = (int) get_post_var('smtp_port'); $smtp_encryption = get_post_var('smtp_encryption'); $smtp_username = get_post_var('smtp_username'); $smtp_password = get_post_var('smtp_password'); $use_sendmail = is_post_var('use_sendmail'); $use_phpmail = is_post_var('use_phpmail'); if (!($use_smtp || $use_sendmail || $use_phpmail)) { return gu_error(t('No method of mail transportation has been configured')); } $test_msg = t('If you have received this email then your settings clearly work!'); // Test SMTP settings first if ($use_smtp) { $mailer = new gu_mailer(); if ($mailer->init(TRUE, $smtp_server, $smtp_port, $smtp_encryption, $smtp_username, $smtp_password, FALSE, FALSE)) { if (!$mailer->send_admin_mail('[' . gu_config::get('collective_name') . '] Testing SMTP', $test_msg)) { return gu_error(t('Unable to send test message using SMTP')); } } else { return gu_error(t('Unable to initialize mailer with the SMTP settings')); } $mailer->disconnect(); } // Test Sendmail next if ($use_sendmail) { $mailer = new gu_mailer(); if ($mailer->init(FALSE, '', '', '', '', '', FALSE, FALSE)) { if (!$mailer->send_admin_mail('[' . gu_config::get('collective_name') . '] Testing Sendmail', $test_msg)) { return gu_error(t('Unable to send test message using Sendmail')); } } else { return gu_error(t('Unable to initialize mailer with Sendmail')); } $mailer->disconnect(); } // Test PHP mail next if ($use_phpmail) { $mailer = new gu_mailer(); if ($mailer->init(FALSE, '', '', '', '', '', FALSE, TRUE)) { if (!$mailer->send_admin_mail('[' . gu_config::get('collective_name') . '] Testing PHP mail', $test_msg)) { return gu_error(t('Unable to send test message using PHP mail')); } } else { return gu_error(t('Unable to initialize mailer with PHP mail')); } $mailer->disconnect(); } gu_success(t('Test messages sent to <br><i>%</i></b>', array(gu_config::get('admin_email')))); }
function check_user_info(&$error) { global $CONFIG; global $lang_register_php, $lang_common, $lang_register_approve_email; global $lang_register_user_login, $lang_errors; $superCage = Inspekt::makeSuperCage(); $user_name = trim(get_post_var('username')); $password = trim(get_post_var('password')); $password_again = trim(get_post_var('password_verification')); $email = trim(get_post_var('email')); $profile1 = $superCage->post->getEscaped('user_profile1'); $profile2 = $superCage->post->getEscaped('user_profile2'); $profile3 = $superCage->post->getEscaped('user_profile3'); $profile4 = $superCage->post->getEscaped('user_profile4'); $profile5 = $superCage->post->getEscaped('user_profile5'); $profile6 = $superCage->post->getEscaped('user_profile6'); $agree_disclaimer = $superCage->post->getEscaped('agree'); $captcha_confirmation = $superCage->post->getEscaped('confirmCode'); $sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_name = '{$user_name}'"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_user_exists'] . '</li>'; return false; } mysql_free_result($result); if (utf_strlen($user_name) < 2) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['username_warning2'] . '</li>'; } if (!empty($CONFIG['global_registration_pw'])) { $global_registration_pw = get_post_var('global_registration_pw'); if ($global_registration_pw != $CONFIG['global_registration_pw']) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pw'] . '</li>'; } elseif ($password == $CONFIG['global_registration_pw']) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_global_pass_same'] . '</li>'; } } if (utf_strlen($password) < 2) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning1'] . '</li>'; } if ($password == $user_name) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_warning2'] . '</li>'; } if ($password != $password_again) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['password_verification_warning1'] . '</li>'; } if (!Inspekt::isEmail($email)) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_warning2'] . '</li>'; } if ($CONFIG['user_registration_disclaimer'] == 2 && $agree_disclaimer != 1) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_disclaimer'] . '</li>'; } // Perform the ban check against email address and username $result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE user_name = '{$user_name}' AND brute_force = 0 LIMIT 1"); if (mysql_num_rows($result)) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['user_name_banned'] . '</li>'; } mysql_free_result($result); $result = cpg_db_query("SELECT null FROM {$CONFIG['TABLE_BANNED']} WHERE email = '{$email}' AND brute_force = 0 LIMIT 1"); if (mysql_num_rows($result)) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['email_address_banned'] . '</li>'; } mysql_free_result($result); // check captcha if ($CONFIG['registration_captcha'] != 0) { if (!captcha_plugin_enabled('register')) { require "include/captcha.inc.php"; if (!PhpCaptcha::Validate($captcha_confirmation)) { $error .= '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_errors['captcha_error'] . '</li>'; } } else { $error = CPGPluginAPI::filter('captcha_register_validate', $error); } } if (!$CONFIG['allow_duplicate_emails_addr']) { $sql = "SELECT null FROM {$CONFIG['TABLE_USERS']} WHERE user_email = '{$email}'"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $error = '<li style="list-style-image:url(images/icons/stop.png)">' . $lang_register_php['err_duplicate_email'] . '</li>'; } mysql_free_result($result); } $error = CPGPluginAPI::filter('register_form_validate', $error); if ($error != '') { return false; } if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) { $active = 'NO'; list($usec, $sec) = explode(' ', microtime()); $seed = (double) $sec + (double) $usec * 100000; srand($seed); $act_key = md5(uniqid(rand(), 1)); } else { $active = 'YES'; $act_key = ''; } $encpassword = md5($password); $user_language = $CONFIG['lang']; $sql = "INSERT INTO {$CONFIG['TABLE_USERS']} (user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6, user_language) VALUES (NOW(), '{$active}', '{$act_key}', '{$user_name}', '{$encpassword}', '{$email}', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}', '{$user_language}')"; $result = cpg_db_query($sql); $user_array = array(); $user_array['user_id'] = mysql_insert_id(); $user_array['user_name'] = $user_name; $user_array['user_email'] = $email; $user_array['user_active'] = $active; CPGPluginAPI::action('register_form_submit', $user_array); if ($CONFIG['log_mode']) { log_write('New user "' . $user_name . '" registered', CPG_ACCESS_LOG); } // Create a personal album if corresponding option is enabled if ($CONFIG['personal_album_on_registration'] == 1) { $user_id = mysql_insert_id(); $catid = $user_id + FIRST_USER_CAT; cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`, `owner`) VALUES ('{$user_name}', {$catid}, {$user_id})"); } // Registrations must be activated/verified by the user clicking a link in an email if ($CONFIG['reg_requires_valid_email']) { // Mail the user the activation/verification link $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link); if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_php['confirm_email'], $template_vars)))) { cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__); } msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_common['continue'], 'index.php'); } else { if ($CONFIG['admin_activation']) { // We need admin activation only msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_common['continue'], 'index.php'); } else { // No activation required, account is ready for login msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php'); } } // email notification or actication link to admin if ($CONFIG['reg_notify_admin_email'] || $CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) { if (UDB_INTEGRATION == 'coppermine') { // get default language in which to inform the admins $result = cpg_db_query("SELECT user_id, user_email, user_language FROM {$CONFIG['TABLE_USERS']} WHERE user_group = 1"); while ($row = mysql_fetch_assoc($result)) { if (!empty($row['user_email'])) { $admins[$row['user_id']] = array('email' => $row['user_email'], 'lang' => $row['user_language']); } } } else { //@todo: is it possible to get the language from bridged installs? $admins[] = array('email' => $CONFIG['gallery_admin_email'], 'lang' => 'english'); } foreach ($admins as $admin) { //check if the admin language is available if (file_exists("lang/{$admin['lang']}.php")) { $lang_register_php_def = cpg_get_default_lang_var('lang_register_php', $admin['lang']); $lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email', $admin['lang']); } else { $lang_register_php_def = cpg_get_default_lang_var('lang_register_php'); $lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email'); } // if the admin has to activate the login, give them the link to do so; but only if users don't have to verify their email address if ($CONFIG['admin_activation'] && !$CONFIG['reg_requires_valid_email']) { $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link); cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars))); } elseif ($CONFIG['reg_notify_admin_email']) { // otherwise, email is for information only cpg_mail($admin['email'], sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name)); } } } return true; }
fail('MySQL fetch', $db->error); } // Mitigate timing attacks (probing for valid usernames) if (isset($dummy_salt) && strlen($hash) < 20) { $hash = $dummy_salt; } if ($hasher->CheckPassword($pass, $hash)) { $what = 'Authentication succeeded'; } else { $what = 'Authentication failed'; $op = 'fail'; // Definitely not 'change' } if ($op === 'change') { $stmt->close(); $newpass = get_post_var('newpass'); if (strlen($newpass) > 72) { fail('The new password is too long'); } if (($check = my_pwqcheck($newpass, $pass, $user)) !== 'OK') { fail($check); } $hash = $hasher->HashPassword($newpass); if (strlen($hash) < 20) { fail('Failed to hash new password'); } unset($hasher); ($stmt = $db->prepare('update users set user_password=? where user_name=?')) || fail('MySQL prepare', $db->error); $stmt->bind_param('ss', $hash, $user) || fail('MySQL bind_param', $db->error); $stmt->execute() || fail('MySQL execute', $db->error); $what = 'Password changed';
<?php define('puush', ''); require_once 'config.php'; require_once 'func.php'; // ? $k = get_post_var('k'); // ? $c = get_post_var('c'); // Check for the file if (!isset($_FILES['f'])) { exit('ERR No file provided.'); } // The file they are uploading $file = $_FILES['f']; // Check the size, max 250 MB if ($file['size'] > MAX_FILE_SIZE) { exit('ERR File is too big.'); } // Ensure the image is actually a file and not a friendly virus if (validate_image($file) === FALSE) { exit('ERR Invalid image.'); } // Generate a new file name $ext = get_ext($file['name']); $generated_name = generate_upload_name($ext); // Move the file move_uploaded_file($file['tmp_name'], UPLOAD_DIR . $generated_name . '.' . $ext); // ahem echo '0,' . sprintf(FORMATTED_URL, $generated_name) . ',-1,-1';
function check_user_info(&$error) { global $CONFIG; //, $PHP_SELF; global $lang_register_php, $lang_register_confirm_email, $lang_continue, $lang_register_approve_email, $lang_register_activated_email, $lang_register_user_login; //$CONFIG['admin_activation'] = FALSE; //$CONFIG['admin_activation'] = TRUE; $user_name = trim(get_post_var('username')); $password = trim(get_post_var('password')); $password_again = trim(get_post_var('password_verification')); $email = trim(get_post_var('email')); $profile1 = addslashes($_POST['user_profile1']); $profile2 = addslashes($_POST['user_profile2']); $profile3 = addslashes($_POST['user_profile3']); $profile4 = addslashes($_POST['user_profile4']); $profile5 = addslashes($_POST['user_profile5']); $profile6 = addslashes($_POST['user_profile6']); $sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_name = '" . addslashes($user_name) . "'"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $error = '<li>' . $lang_register_php['err_user_exists']; return false; } mysql_free_result($result); if (utf_strlen($user_name) < 2) { $error .= '<li>' . $lang_register_php['err_uname_short']; } if (utf_strlen($password) < 2) { $error .= '<li>' . $lang_register_php['err_password_short']; } if ($password == $user_name) { $error .= '<li>' . $lang_register_php['err_uname_pass_diff']; } if ($password != $password_again) { $error .= '<li>' . $lang_register_php['err_password_mismatch']; } if (!eregi("^[_\\.0-9a-z\\-]+@([0-9a-z][0-9a-z-]+\\.)+[a-z]{2,6}\$", $email)) { $error .= '<li>' . $lang_register_php['err_invalid_email']; } if ($error != '') { return false; } if (!$CONFIG['allow_duplicate_emails_addr']) { $sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_email = '" . addslashes($email) . "'"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $error = '<li>' . $lang_register_php['err_duplicate_email']; return false; } mysql_free_result($result); } if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) { $active = 'NO'; list($usec, $sec) = explode(' ', microtime()); $seed = (double) $sec + (double) $usec * 100000; srand($seed); $act_key = md5(uniqid(rand(), 1)); } else { $active = 'YES'; $act_key = ''; } if ($CONFIG['enable_encrypted_passwords']) { $encpassword = md5($password); } else { $encpassword = $password; } $sql = "INSERT INTO {$CONFIG['TABLE_USERS']} " . "(user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6) " . "VALUES (NOW(), '{$active}', '{$act_key}', '" . addslashes($user_name) . "', '" . addslashes($encpassword) . "', '" . addslashes($email) . "', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}')"; if ($CONFIG['log_mode']) { log_write('New user "' . addslashes($user_name) . '" created on ' . date("F j, Y, g:i a"), CPG_ACCESS_LOG); } $result = cpg_db_query($sql); if ($CONFIG['reg_requires_valid_email']) { if (!$CONFIG['admin_activation'] == 1) { //user gets activation email $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link); if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_confirm_email, $template_vars)))) { cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__); } } if ($CONFIG['admin_activation'] == 1) { msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_continue, 'index.php'); } else { msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_continue, 'index.php'); } } else { msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_continue, 'index.php'); } // email notification to admin if ($CONFIG['reg_notify_admin_email']) { // get default language in which to inform the admin $lang_register_php_def = cpg_get_default_lang_var('lang_register_php'); $lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email'); if ($CONFIG['admin_activation'] == 1) { $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link); cpg_mail('admin', sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars))); } else { cpg_mail('admin', sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name)); } } return true; }
function process_post_data() { global $CONFIG, $lang_errors; $superCage = Inspekt::makeSuperCage(); //Check if the form token is valid if (!checkFormToken()) { cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__); } $field_list = array('group_name', 'group_quota', 'can_rate_pictures', 'can_send_ecards', 'can_post_comments', 'can_upload_pictures', 'pub_upl_need_approval', 'can_create_albums', 'priv_upl_need_approval', 'access_level'); $group_id_array = get_post_var('group_id'); $guests_disabled = $CONFIG['allow_unlogged_access'] == 0; foreach ($group_id_array as $key => $group_id) { // For guest/anonymous group, update the configuration setting 'allow_unlogged_access' if ($group_id == 3) { cpg_config_set('allow_unlogged_access', $superCage->post->getInt('access_level_' . $group_id)); } // For the guest/anonymous group, don't update the database if the settings were disabled if ($group_id == 3 && $guests_disabled) { continue; } $set_statement = ''; foreach ($field_list as $field) { if ($field == 'group_name') { $set_statement .= $field . "='" . $superCage->post->getEscaped($field . '_' . $group_id) . "',"; } else { $set_statement .= $field . "='" . $superCage->post->getInt($field . '_' . $group_id) . "',"; } } $set_statement = substr($set_statement, 0, -1); cpg_db_query("UPDATE {$CONFIG['TABLE_USERGROUPS']} SET {$set_statement} WHERE group_id = '{$group_id}' LIMIT 1"); } }
} // Create and send the e-card if ($superCage->post->keyExists('subject') && $valid_sender_email) { $gallery_url_prefix = $CONFIG['ecards_more_pic_target'] . (substr($CONFIG['ecards_more_pic_target'], -1) == '/' ? '' : '/'); if ($CONFIG['make_intermediate'] && max($row['pwidth'], $row['pheight']) > $CONFIG['picture_width']) { $n_picname = get_pic_url($row, 'normal'); } else { $n_picname = get_pic_url($row, 'fullsize'); } if (!stristr($n_picname, 'http:')) { $n_picname = $gallery_url_prefix . $n_picname; } //output list of reasons checkmarked $reasons = $lang_report_php['reasons_list_heading'] . $LINEBREAK; if ($superCage->post->keyExists('reason')) { foreach (get_post_var('reason') as $value) { $value = $lang_report_php["{$value}"]; $reason_list .= "{$value}, "; } } else { $reasons .= "{$lang_report_php['no_reason_given']}"; } $reason_list = substr($reason_list, 0, -2); //remove trailing comma and space $reasons .= $reason_list; $msg_content = nl2br(strip_tags($message)); $data = array('sn' => $sender_name, 'se' => $sender_email, 'p' => $n_picname, 'su' => $subject, 'm' => $message, 'r' => $reasons, 'c' => $comment, 'cid' => $cid, 'pid' => $pid, 't' => $what); $encoded_data = urlencode(base64_encode(serialize($data))); $params = array('{LANG_DIR}' => $lang_text_dir, '{TITLE}' => sprintf($lang_report_php['report_subject'], $sender_name, $type), '{CHARSET}' => $CONFIG['charset'] == 'language file' ? $lang_charset : $CONFIG['charset'], '{VIEW_REPORT_TGT}' => "{$gallery_url_prefix}displayreport.php?data={$encoded_data}", '{VIEW_REPORT_LNK}' => $lang_report_php['view_report'], '{VIEW_REPORT_LNK_PLAINTEXT}' => $lang_report_php['view_report_plaintext'], '{PIC_URL}' => $n_picname, '{URL_PREFIX}' => $gallery_url_prefix, '{PIC_TGT}' => "{$CONFIG['ecards_more_pic_target']}displayimage.php?pid=" . $pid, '{SUBJECT}' => $subject, '{MESSAGE}' => $msg_content, '{PLAINTEXT_MESSAGE}' => $message, '{SENDER_EMAIL}' => $sender_email, '{SENDER_NAME}' => $sender_name, '{VIEW_MORE_TGT}' => $CONFIG['ecards_more_pic_target'], '{VIEW_MORE_LNK}' => $lang_report_php['view_more_pics'], '{REASON}' => $reasons, '{COMMENT}' => $comment, '{COMMENT_ID}' => $cid, '{VIEW_COMMENT_LNK}' => $lang_report_php['view_comment'], '{COMMENT_TGT}' => "{$CONFIG['ecards_more_pic_target']}displayimage.php?pid={$pid}#comment{$cid}", '{PID}' => $pid); $message = template_eval($template, $params); $plaintext_message = template_eval($template_report_plaintext, $params);
function process_post_data() { global $HTTP_POST_VARS, $CONFIG; global $user_albums_list, $lang_errors; $user_album_set = array(); foreach ($user_albums_list as $album) { $user_album_set[$album['aid']] = 1; } if (!is_array($HTTP_POST_VARS['pid'])) { cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__); } $pid_array =& $HTTP_POST_VARS['pid']; foreach ($pid_array as $pid) { $pid = (int) $pid; $aid = (int) get_post_var('aid', $pid); $title = get_post_var('title', $pid); $caption = get_post_var('caption', $pid); $keywords = get_post_var('keywords', $pid); $user1 = get_post_var('user1', $pid); $user2 = get_post_var('user2', $pid); $user3 = get_post_var('user3', $pid); $user4 = get_post_var('user4', $pid); $delete = isset($HTTP_POST_VARS['delete' . $pid]); $reset_vcount = isset($HTTP_POST_VARS['reset_vcount' . $pid]); $reset_votes = isset($HTTP_POST_VARS['reset_votes' . $pid]); $del_comments = isset($HTTP_POST_VARS['del_comments' . $pid]) || $delete; $query = "SELECT category, filepath, filename FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='{$pid}'"; $result = db_query($query); if (!mysql_num_rows($result)) { cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $pic = mysql_fetch_array($result); mysql_free_result($result); if (!GALLERY_ADMIN_MODE) { if ($pic['category'] != FIRST_USER_CAT + USER_ID) { cpg_die(ERROR, $lang_errors['perm_denied'] . "<br />(picture category = {$pic['category']}/ {$pid})", __FILE__, __LINE__); } if (!isset($user_album_set[$aid])) { cpg_die(ERROR, $lang_errors['perm_denied'] . "<br />(target album = {$aid})", __FILE__, __LINE__); } } $update = "aid = '" . $aid . "'"; $update .= ", title = '" . addslashes($title) . "'"; $update .= ", caption = '" . addslashes($caption) . "'"; $update .= ", keywords = '" . addslashes($keywords) . "'"; $update .= ", user1 = '" . addslashes($user1) . "'"; $update .= ", user2 = '" . addslashes($user2) . "'"; $update .= ", user3 = '" . addslashes($user3) . "'"; $update .= ", user4 = '" . addslashes($user4) . "'"; if (is_movie($pic['filename'])) { $pwidth = get_post_var('pwidth', $pid); $pheight = get_post_var('pheight', $pid); $update .= ", pwidth = " . (int) $pwidth; $update .= ", pheight = " . (int) $pheight; } if ($reset_vcount) { $update .= ", hits = '0'"; } if ($reset_votes) { $update .= ", pic_rating = '0', votes = '0'"; } if (UPLOAD_APPROVAL_MODE) { $approved = get_post_var('approved', $pid); if ($approved == 'YES') { $update .= ", approved = 'YES'"; } elseif ($approved == 'DELETE') { $del_comments = 1; $delete = 1; } } if ($del_comments) { $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='{$pid}'"; $result = db_query($query); } if ($delete) { $dir = $CONFIG['fullpath'] . $pic['filepath']; $file = $pic['filename']; if (!is_writable($dir)) { cpg_die(CRITICAL_ERROR, sprintf($lang_errors['directory_ro'], $dir), __FILE__, __LINE__); } $files = array($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file); foreach ($files as $currFile) { if (is_file($currFile)) { @unlink($currFile); } } $query = "DELETE FROM {$CONFIG['TABLE_PICTURES']} WHERE pid='{$pid}' LIMIT 1"; $result = db_query($query); } else { $query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}' LIMIT 1"; $result = db_query($query); } } }
function edit_custom_course() { $sem = get_post_var("semester"); $year = get_post_var("year"); $crn = get_post_var("crn"); $attribute = get_post_var("attribute"); $value = get_post_var("value"); return edit_custom_course($sem, $year, $crn, $attribute, $value); }
if (is_get_var('token') && is_get_var('ref') && get_get_var('ref') == 'deluser.php') { list($name, $username, $password, $salt, $userProfile, $id, $record_to_del) = explode('[::]', unserialize(base64_decode($_GET['token']))); $user = false; } if (plx_gu_session_authenticate($name, $username, $password, $remember, $user)) { // Redirect to page that referred here - or to the home page $redirect = is_get_var('ref') ? urldecode(get_get_var('ref')) . (is_get_var('token') ? '?token=' . get_get_var('token') : '') : absolute_url('index.php'); header('Location: ' . $redirect); exit; } else { $name = ''; gu_error(t('Incorrect username or password')); } } elseif (is_get_var('action') && get_get_var('action') == 'login') { $username = is_post_var('u') ? get_post_var('u') : ''; $password = is_post_var('p') ? get_post_var('p') : ''; $remember = is_post_var('login_remember'); if (gu_session_authenticate($username, $password, $remember)) { // Redirect to page that referred here - or to the home page $redirect = is_get_var('ref') ? urldecode(get_get_var('ref')) : absolute_url('index.php'); header('Location: ' . $redirect); exit; } else { gu_error(t('Incorrect username or password')); } } elseif (is_get_var('action') && get_get_var('action') == 'logout') { // Invalidate session flag gu_session_set_valid(FALSE); } gu_theme_start(); ?>
function process_post_data() { global $db, $CONFIG; global $user_albums_list; $user_album_set = array(); foreach ($user_albums_list as $album) { $user_album_set[$album['aid']] = 1; } if (!is_array($_POST['pid'])) { cpg_die(_CRITICAL_ERROR, PARAM_MISSING, __FILE__, __LINE__); } $pid_array =& $_POST['pid']; foreach ($pid_array as $pid) { //init.inc $pid = (int)$pid; if (!is_numeric($aid . $pid)) { cpg_die(_CRITICAL_ERROR, PARAM_MISSING, __FILE__, __LINE__); } $aid = get_post_var('aid', $pid); $title = get_post_var('title', $pid); $caption = get_post_var('caption', $pid, 1); $keywords = get_post_var('keywords', $pid); $user1 = get_post_var('user1', $pid); $user2 = get_post_var('user2', $pid); $user3 = get_post_var('user3', $pid); $user4 = get_post_var('user4', $pid); $delete = isset($_POST['delete' . $pid]); $reset_vcount = isset($_POST['reset_vcount' . $pid]); $reset_votes = isset($_POST['reset_votes' . $pid]); $del_comments = isset($_POST['del_comments' . $pid]) || $delete; $query = "SELECT category, filepath, filename FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='{$pid}'"; $result = $db->sql_query($query); if (!$db->sql_numrows($result)) { cpg_die(_CRITICAL_ERROR, NON_EXIST_AP, __FILE__, __LINE__); } $pic = $db->sql_fetchrow($result); $db->sql_freeresult($result); if (!GALLERY_ADMIN_MODE) { if ($pic['category'] != FIRST_USER_CAT + USER_ID) { cpg_die(_ERROR, PERM_DENIED . "<br />(picture category = {$pic['category']}/ {$pid})", __FILE__, __LINE__); } if (!isset($user_album_set[$aid])) { cpg_die(_ERROR, PERM_DENIED . "<br />(target album = {$aid})", __FILE__, __LINE__); } } $update = "aid = '" . $aid . "' "; $update .= ", title = '" . $title . " ' "; $update .= ", caption = '" . $caption . "' "; $update .= ", keywords = '" . $keywords . "' "; $update .= ", user1 = '" . $user1 . "' "; $update .= ", user2 = '" . $user2 . "' "; $update .= ", user3 = '" . $user3 . "' "; $update .= ", user4 = '" . $user4 . "' "; if ($reset_vcount) { $update .= ", hits = '0'"; } if ($reset_votes) { $update .= ", pic_rating = '0', votes = '0'"; } if (UPLOAD_APPROVAL_MODE) { $approved = get_post_var('approved', $pid); if ($approved == '1') { $update .= ", approved = '1'"; } elseif ($approved == 'DELETE') { $del_comments = 1; $delete = 1; } } if ($del_comments) { $result = $db->sql_query("DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='{$pid}'"); } if ($delete) { $dir = $CONFIG['fullpath']; $file = $pic['filename']; if (!is_writable($dir)) { cpg_die(_CRITICAL_ERROR, sprintf(DIRECTORY_RO, $dir), __FILE__, __LINE__); } $files = array($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file); foreach ($files as $currFile) { if (is_file($currFile)) { unlink($currFile); } } $result = $db->sql_query("DELETE FROM {$CONFIG['TABLE_PICTURES']} WHERE pid='{$pid}'"); } else { $result = $db->sql_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}'"); } } speedup_pictures(); }
/* Gutama plugin package * @version 1.6 * @date 01/10/2013 * @author Cyril MAGUIRE */ include_once 'inc/gutuma.php'; include_once 'inc/subscription.php'; // Initialize Gutuma without validation or redirection gu_init(FALSE, FALSE); gu_theme_start('ok'); // If variables have been posted then they may have prefixes $posted_address = ''; $posted_lists = array(); $posted_action = ''; foreach (array_keys($_POST) as $var) { $val = get_post_var($var); if (strpos($var, 'subscribe_address') !== FALSE) { $posted_address = trim($val); } elseif (strpos($var, 'subscribe_list') !== FALSE) { $posted_lists = is_array($val) ? $val : ((int) $val != 0 ? array((int) $val) : array()); } elseif (strpos($var, 'unsubscribe_submit') !== FALSE) { $posted_action = 'unsubscribe'; } elseif (strpos($var, 'subscribe_submit') !== FALSE) { $posted_action = 'subscribe'; } } // Check if we've got what we need to do a posted (un)subscription if ($posted_action != '' && $posted_address != '' && count($posted_lists) > 0) { gu_subscription_process($posted_address, $posted_lists, $posted_action == 'subscribe'); } // Get querystring variables
// If pluxml is used if (isset($_profil['salt'])) { $salt = $_profil['salt']; } else { $salt = gu_config::plx_charAleatoire(); } // If settings already exist, go into update mode $update_mode = gu_config::load(); // Check if everything is already up-to-date $install_success = $update_mode && gu_config::get_version() == GUTUMA_VERSION_NUM; if (!$install_success) { // Run installtion or update script if ($update_mode && is_post_var('update_submit')) { $install_success = gu_update(); } elseif (!$update_mode && is_post_var('install_submit')) { $install_success = gu_install(get_post_var('collective_name'), get_post_var('admin_username'), sha1($salt . md5(get_post_var('admin_password'))), get_post_var('admin_email'), $salt); } } // Get title of page if ($install_success) { $title = t('Finished'); } elseif ($update_mode) { $title = t('Update to Gutuma ') . GUTUMA_VERSION_NAME; } else { $title = t('Install Gutuma ') . GUTUMA_VERSION_NAME; } gu_theme_start(); // Output title echo '<h2>' . $title . '</h2>'; gu_theme_messages(); if ($install_success) {
/** * process_post_data() * * Function to process the form posted */ function process_post_data() { global $CONFIG, $user_albums_list, $lang_errors; $superCage = Inspekt::makeSuperCage(); //Check if the form token is valid if (!checkFormToken()) { cpg_die(ERROR, $lang_errors['invalid_form_token'], __FILE__, __LINE__); } $user_album_set = array(); $result = cpg_db_query("SELECT aid FROM {$CONFIG['TABLE_ALBUMS']} WHERE category = " . (FIRST_USER_CAT + USER_ID) . " OR owner = " . USER_ID . " OR uploads = 'YES'"); while ($row = $result->fetchAssoc()) { $user_album_set[$row['aid']] = 1; } $result->free(); $pid_array = $superCage->post->getInt('pid'); if (!is_array($pid_array)) { cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__); } if ($superCage->post->keyExists('galleryicon')) { $galleryicon = $superCage->post->getInt('galleryicon'); } else { $galleryicon = ''; } foreach ($pid_array as $pid) { $aid = $superCage->post->getInt("aid{$pid}"); $title = get_post_var('title', $pid); $caption = get_post_var('caption', $pid); $keywords = get_post_var('keywords', $pid); $user1 = get_post_var('user1', $pid); $user2 = get_post_var('user2', $pid); $user3 = get_post_var('user3', $pid); $user4 = get_post_var('user4', $pid); $delete = false; $reset_vcount = false; $reset_votes = false; $del_comments = false; $isgalleryicon = $galleryicon === $pid; if ($superCage->post->keyExists('delete' . $pid)) { $delete = $superCage->post->getInt('delete' . $pid); } if ($superCage->post->keyExists('reset_vcount' . $pid)) { $reset_vcount = $superCage->post->getInt('reset_vcount' . $pid); } if ($superCage->post->keyExists('reset_votes' . $pid)) { $reset_votes = $superCage->post->getInt('reset_votes' . $pid); } if ($superCage->post->keyExists('del_comments' . $pid)) { $del_comments = $superCage->post->getInt('del_comments' . $pid); } // We will be selecting pid in the query as we need it in $pic array for the plugin filter $query = "SELECT pid, category, filepath, filename, owner_id FROM {$CONFIG['TABLE_PICTURES']} AS p INNER JOIN {$CONFIG['TABLE_ALBUMS']} AS a ON a.aid = p.aid WHERE pid = {$pid}"; $result = cpg_db_query($query); if (!$result->numRows()) { cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $pic = $result->fetchAssoc(true); if (!GALLERY_ADMIN_MODE && !MODERATOR_MODE && !USER_ADMIN_MODE && !user_is_allowed() && !$CONFIG['users_can_edit_pics']) { if ($pic['category'] != FIRST_USER_CAT + USER_ID) { cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); } if (!isset($user_album_set[$aid])) { cpg_die(ERROR, $lang_errors['perm_denied'], __FILE__, __LINE__); } } cpg_trim_keywords($keywords); $update = "aid = '{$aid}'"; $update .= ", title = '{$title}'"; $update .= ", caption = '{$caption}'"; $update .= ", keywords = '{$keywords}'"; $update .= ", user1 = '{$user1}'"; $update .= ", user2 = '{$user2}'"; $update .= ", user3 = '{$user3}'"; $update .= ", user4 = '{$user4}'"; if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) { cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET galleryicon = 0 WHERE owner_id = {$pic['owner_id']}"); $update .= ", galleryicon = " . $galleryicon; } if (is_movie($pic['filename'])) { $pwidth = $superCage->post->getInt('pwidth' . $pid); $pheight = $superCage->post->getInt('pheight' . $pid); $update .= ", pwidth = " . $pwidth; $update .= ", pheight = " . $pheight; } if ($reset_vcount) { $update .= ", hits = 0"; resetDetailHits($pid); } if ($reset_votes) { $update .= ", pic_rating = 0, votes = 0"; resetDetailVotes($pid); } if (GALLERY_ADMIN_MODE || UPLOAD_APPROVAL_MODE || MODERATOR_MODE) { $approved = ''; if ($superCage->post->keyExists('approved' . $pid)) { $approved = $superCage->post->getAlpha('approved' . $pid); } if ($approved == 'YES') { $update .= ", approved = 'YES'"; } else { $update .= ", approved = 'NO'"; } } if ($del_comments || $delete) { cpg_db_query("DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid = {$pid}"); } if ($delete) { $dir = $CONFIG['fullpath'] . $pic['filepath']; $file = $pic['filename']; if (!is_writable($dir)) { cpg_die(CRITICAL_ERROR, sprintf($lang_errors['directory_ro'], $dir), __FILE__, __LINE__); } $files = array($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['orig_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file); // Check for custom thumbnails for non-images if (!is_image($file)) { $mime_content = cpg_get_type($file); $file_base_name = str_replace('.' . $mime_content['extension'], '', basename($file)); foreach (array('.gif', '.png', '.jpg') as $thumb_extension) { if (file_exists($dir . $CONFIG['thumb_pfx'] . $file_base_name . $thumb_extension)) { // Thumbnail found, check if it's the only file using that thumbnail $count = cpg_db_query("SELECT COUNT(*) FROM {$CONFIG['TABLE_PICTURES']} WHERE filepath = '{$pic['filepath']}' AND filename LIKE '{$file_base_name}.%'")->result(0); if ($count == 1) { unset($files[count($files) - 1]); $files[] = $dir . $CONFIG['thumb_pfx'] . $file_base_name . $thumb_extension; break; } } } } foreach ($files as $currFile) { if (is_file($currFile)) { @unlink($currFile); } } // Plugin filter to be called before deleting a file CPGPluginAPI::action('before_delete_file', $pic); cpg_db_query("DELETE FROM {$CONFIG['TABLE_PICTURES']} WHERE pid = {$pid} LIMIT 1"); cpg_db_query("UPDATE {$CONFIG['TABLE_ALBUMS']} SET thumb = '0' WHERE thumb = '{$pid}'"); // Plugin filter to be called after a file is deleted CPGPluginAPI::action('after_delete_file', $pic); } else { cpg_db_query("UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid = {$pid}"); // Executes after a file update is committed CPGPluginAPI::action('after_edit_file', $pid); } } }
<?php require_once dirname(__FILE__) . "/../../resources/common_functions.php"; require_once dirname(__FILE__) . "/login.php"; require_once dirname(__FILE__) . "/../../objects/command.php"; $s_command = get_post_var("command"); function check_session_expired() { my_session_start(); if (get_session_expired()) { return json_encode(array(new command("alert", "Your session has expired. You are now being redirected to the login screen.\n(change the time it takes to expire under settings)"), new command("load page", "/pages/login/index.php"))); } else { return "[]"; } } if ($s_command == "check_session_expired") { echo check_session_expired(); } else { echo json_encode(array(new command("failure", "bad command"))); }
$name = is_post_var('name') ? trim(get_post_var('name')) : ''; $private = is_post_var('private') ? (bool) get_post_var('private') : false; gu_ajax_list_add($name, $private); break; case 'list_delete': $list = is_post_var('list') ? gu_list::get((int) get_post_var('list'), TRUE) : NULL; gu_ajax_list_delete($list); break; case 'remove_address': $list = is_post_var('list') ? gu_list::get((int) get_post_var('list'), TRUE) : NULL; $address = is_post_var('address') ? get_post_var('address') : ''; $address_id = is_post_var('address_id') ? (int) get_post_var('address_id') : 0; gu_ajax_remove_address($list, $address, $address_id); break; case 'newsletter_delete': $newsletter = is_post_var('newsletter') ? gu_newsletter::get((int) get_post_var('newsletter')) : NULL; gu_ajax_newsletter_delete($newsletter); break; } // If action function hasn't already returned due to error, return now gu_ajax_return(); /** * Called when an error has occured. * @param string $msg The error message to send to the client */ function gu_ajax_error($msg) { gu_error($msg); gu_ajax_return(); } /**
function check_user_info(&$error) { // function check_user_info - start global $CONFIG; //, $PHP_SELF; global $lang_register_php, $lang_register_confirm_email, $lang_common, $lang_register_approve_email; global $lang_register_activated_email, $lang_register_user_login, $lang_errors; $superCage = Inspekt::makeSuperCage(); //$CONFIG['admin_activation'] = FALSE; //$CONFIG['admin_activation'] = TRUE; $user_name = trim(get_post_var('username')); $password = trim(get_post_var('password')); $password_again = trim(get_post_var('password_verification')); $email = trim(get_post_var('email')); $profile1 = $superCage->post->getEscaped('user_profile1'); $profile2 = $superCage->post->getEscaped('user_profile2'); $profile3 = $superCage->post->getEscaped('user_profile3'); $profile4 = $superCage->post->getEscaped('user_profile4'); $profile5 = $superCage->post->getEscaped('user_profile5'); $profile6 = $superCage->post->getEscaped('user_profile6'); $agree_disclaimer = $superCage->post->getEscaped('agree'); $captcha_confirmation = $superCage->post->getEscaped('confirmCode'); $sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_name = '" . $user_name . "'"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $error = '<li>' . $lang_register_php['err_user_exists'] . '</li>'; return false; } mysql_free_result($result); if (utf_strlen($user_name) < 2) { $error .= '<li>' . $lang_register_php['err_uname_short'] . '</li>'; } if (!empty($CONFIG['global_registration_pw'])) { $global_registration_pw = get_post_var('global_registration_pw'); if ($global_registration_pw != $CONFIG['global_registration_pw']) { $error .= '<li>' . $lang_register_php['err_global_pw'] . '</li>'; } elseif ($password == $CONFIG['global_registration_pw']) { $error .= '<li>' . $lang_register_php['err_global_pass_same'] . '</li>'; } } if (utf_strlen($password) < 2) { $error .= '<li>' . $lang_register_php['err_password_short'] . '</li>'; } if ($password == $user_name) { $error .= '<li>' . $lang_register_php['err_uname_pass_diff'] . '</li>'; } if ($password != $password_again) { $error .= '<li>' . $lang_register_php['err_password_mismatch'] . '</li>'; } if (!eregi("^[_\\.0-9a-z\\-]+@([0-9a-z][0-9a-z-]+\\.)+[a-z]{2,6}\$", $email)) { $error .= '<li>' . $lang_register_php['err_invalid_email'] . '</li>'; } if ($CONFIG['user_registration_disclaimer'] == 2 && $agree_disclaimer != 1) { $error .= '<li>' . $lang_register_php['err_disclaimer'] . '</li>'; } // check captcha if ($CONFIG['registration_captcha'] != 0) { require "include/captcha.inc.php"; if (!PhpCaptcha::Validate($captcha_confirmation)) { $error .= '<li>' . $lang_errors['captcha_error'] . '</li>'; } } if ($error != '') { return false; } if (!$CONFIG['allow_duplicate_emails_addr']) { $sql = "SELECT user_id " . "FROM {$CONFIG['TABLE_USERS']} " . "WHERE user_email = '" . addslashes($email) . "'"; $result = cpg_db_query($sql); if (mysql_num_rows($result)) { $error = '<li>' . $lang_register_php['err_duplicate_email'] . '</li>'; return false; } mysql_free_result($result); } if ($CONFIG['reg_requires_valid_email'] || $CONFIG['admin_activation']) { $active = 'NO'; list($usec, $sec) = explode(' ', microtime()); $seed = (double) $sec + (double) $usec * 100000; srand($seed); $act_key = md5(uniqid(rand(), 1)); } else { $active = 'YES'; $act_key = ''; } if ($CONFIG['enable_encrypted_passwords']) { $encpassword = md5($password); } else { $encpassword = $password; } $sql = "INSERT INTO {$CONFIG['TABLE_USERS']} " . "(user_regdate, user_active, user_actkey, user_name, user_password, user_email, user_profile1, user_profile2, user_profile3, user_profile4, user_profile5, user_profile6) " . "VALUES (NOW(), '{$active}', '{$act_key}', '{$user_name}', '{$encpassword}', '{$email}', '{$profile1}', '{$profile2}', '{$profile3}', '{$profile4}', '{$profile5}', '{$profile6}')"; if ($CONFIG['log_mode']) { log_write('New user "$user_name" created on ' . date("F j, Y, g:i a"), CPG_ACCESS_LOG); } $result = cpg_db_query($sql); // Create a personal album if corresponding option is enabled if ($CONFIG['personal_album_on_registration'] == 1) { print 'sub<br />'; $catid = mysql_insert_id() + FIRST_USER_CAT; print $catid; cpg_db_query("INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`) VALUES ('{$user_name}', {$catid})"); print "INSERT INTO {$CONFIG['TABLE_ALBUMS']} (`title`, `category`) VALUES ('{$user_name}', {$catid})"; } if ($CONFIG['reg_requires_valid_email']) { if (!$CONFIG['admin_activation'] == 1) { //user gets activation email $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link); if (!cpg_mail($email, sprintf($lang_register_php['confirm_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_confirm_email, $template_vars)))) { cpg_die(CRITICAL_ERROR, $lang_register_php['failed_sending_email'], __FILE__, __LINE__); } } if ($CONFIG['admin_activation'] == 1) { msg_box($lang_register_php['information'], $lang_register_php['thank_you_admin_activation'], $lang_common['continue'], 'index.php'); } else { msg_box($lang_register_php['information'], $lang_register_php['thank_you'], $lang_common['continue'], 'index.php'); } } else { msg_box($lang_register_php['information'], $lang_register_php['acct_active'], $lang_common['continue'], 'index.php'); } // email notification to admin if ($CONFIG['reg_notify_admin_email']) { // get default language in which to inform the admin $lang_register_php_def = cpg_get_default_lang_var('lang_register_php'); $lang_register_approve_email_def = cpg_get_default_lang_var('lang_register_approve_email'); if ($CONFIG['admin_activation'] == 1) { $act_link = rtrim($CONFIG['site_url'], '/') . '/register.php?activate=' . $act_key; $template_vars = array('{SITE_NAME}' => $CONFIG['gallery_name'], '{USER_NAME}' => $user_name, '{ACT_LINK}' => $act_link); cpg_mail('admin', sprintf($lang_register_php_def['notify_admin_request_email_subject'], $CONFIG['gallery_name']), nl2br(strtr($lang_register_approve_email_def, $template_vars))); } else { cpg_mail('admin', sprintf($lang_register_php_def['notify_admin_email_subject'], $CONFIG['gallery_name']), sprintf($lang_register_php_def['notify_admin_email_body'], $user_name)); } } return true; }
$website = get_post_var('website'); $occupation = get_post_var('occupation'); $sql = "UPDATE {$CONFIG['TABLE_USERS']} SET " . "user_location = '{$location}', " . "user_interests = '{$interests}', " . "user_website = '{$website}', " . "user_occupation = '{$occupation}' " . "WHERE user_id = '" . USER_ID . "'"; $result = db_query($sql); $title = sprintf($lang_register_php['x_s_profile'], USER_NAME); $redirect = "index.php"; pageheader($title, "<META http-equiv=\"refresh\" content=\"3;url={$redirect}\">"); msg_box($lang_info, $lang_register_php['update_success'], $lang_continue, $redirect); pagefooter(); ob_end_flush(); exit; } if (isset($HTTP_POST_VARS['change_password']) && USER_ID && !defined('UDB_INTEGRATION')) { $current_pass = get_post_var('current_pass'); $new_pass = get_post_var('new_pass'); $new_pass_again = get_post_var('new_pass_again'); if (strlen($new_pass) < 2) { cpg_die(ERROR, $lang_register_php['err_password_short'], __FILE__, __LINE__); } if ($new_pass != $new_pass_again) { cpg_die(ERROR, $lang_register_php['err_password_mismatch'], __FILE__, __LINE__); } $sql = "UPDATE {$CONFIG['TABLE_USERS']} SET " . "user_password = '******' " . "WHERE user_id = '" . USER_ID . "' AND BINARY user_password = '******'"; $result = db_query($sql); if (!mysql_affected_rows()) { cpg_die(ERROR, $lang_register_php['pass_chg_error'], __FILE__, __LINE__); } setcookie($CONFIG['cookie_name'] . '_pass', md5($HTTP_POST_VARS['new_pass']), time() + 86400, $CONFIG['cookie_path']); $title = sprintf($lang_register_php['x_s_profile'], USER_NAME); $redirect = $PHP_SELF . "?op=edit_profile"; pageheader($title, "<META http-equiv=\"refresh\" content=\"3;url={$redirect}\">");
<?php require_once dirname(__FILE__) . "/../../resources/common_functions.php"; require_once dirname(__FILE__) . "/../../objects/user.php"; require_once dirname(__FILE__) . "/../../objects/command.php"; $action = get_post_var("action"); if ($action == "logout") { my_session_start(); logout_session(); echo json_encode(array(new command("load page", "/pages/login/index.php"))); } else { echo json_encode(array(new command("alert", "unknown parameters"))); }
$pos = $superCage->get->getInt('pos'); $sender_name = get_post_var('sender_name', USER_NAME ? USER_NAME : (isset($USER['name']) ? $USER['name'] : '')); if (USER_ID) { $USER_DATA = array_merge($USER_DATA, $cpg_udb->get_user_infos(USER_ID)); } if ($USER_DATA['user_email']) { $sender_email = $USER_DATA['user_email']; $sender_box = $sender_email; } else { $sender_email = get_post_var('sender_email', $USER['email'] ? $USER['email'] : ''); $sender_box = "<input type=\"text\" class=\"textinput\" value=\"{$sender_email}\" name=\"sender_email\" style=\"width: 100%;\" />"; } $recipient_name = get_post_var('recipient_name'); $recipient_email = get_post_var('recipient_email'); $greetings = get_post_var('greetings'); $message = get_post_var('message'); $sender_email_warning = ''; $recipient_email_warning = ''; // Get picture thumbnail url $result = cpg_db_query("SELECT url_prefix, filepath, filename, title, caption, pwidth, pheight FROM {$CONFIG['TABLE_PICTURES']} AS p WHERE pid='{$pid}' {$FORBIDDEN_SET}"); if (!$result->numRows()) { cpg_die(ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $row = $result->fetchAssoc(true); $thumb_pic_url = get_pic_url($row, 'thumb'); $normal_pic_url = get_pic_url($row, 'normal'); if (strpos($normal_pic_url, 'thumb_nopic.png') > 0) { $normal_pic_url = get_pic_url($row, 'fullsize'); } $pic_title = $row['title']; $pic_caption = $row['caption'];
if ($newsletter->is_sending()) { gu_success(t('Newsletter sent to first batch of recipients')); } else { gu_success(t('Newsletter sent to all recipients')); } } } $newsletter = new gu_newsletter(); $is_modified = FALSE; } } elseif (is_post_var('attach_submit') && $_FILES['attach_file']['name'] != '') { if ($newsletter->store_attachment($_FILES['attach_file']['tmp_name'], $_FILES['attach_file']['name'])) { gu_success(t('Attachment <b><i>%</i></b> added', array($_FILES['attach_file']['name']))); } } elseif (is_post_var('remove_submit')) { $attachment = get_post_var('msg_attachments'); if ($newsletter->delete_attachment($attachment)) { gu_success(t('Attachment <i>%</i> removed', array($attachment))); } } elseif (is_post_var('save_submit')) { if ($newsletter->save()) { $is_modified = FALSE; gu_success(t('Newsletter saved as draft')); } } // Get all newsletters as mailbox $mailbox = gu_newsletter::get_mailbox(); // Get list of attachments $attachments = $newsletter->get_attachments(); if (!$preview_mode) { // Only enable the TinyMCE compressor if zlib compression is disabled on the server
function process_post_data() { global $db, $CONFIG; $field_list = array('group_name', 'group_quota', 'can_rate_pictures', 'can_send_ecards', 'can_post_comments', 'can_upload_pictures', 'pub_upl_need_approval', 'can_create_albums', 'priv_upl_need_approval'); $group_id_array = get_post_var('group_id'); foreach ($group_id_array as $key => $group_id) { $set_statment = ''; foreach ($field_list as $field) { if (!isset($_POST[$field . '_' . $group_id])) { cpg_die(_CRITICAL_ERROR, PARAM_MISSING . " ({$field}_{$group_id})", __FILE__, __LINE__); } if ($field == 'group_name') { $set_statment .= $field . "='" . $_POST[$field . '_' . $group_id] . "',"; } else { $set_statment .= $field . "='" . intval($_POST[$field . '_' . $group_id]) . "',"; } } $set_statment = substr($set_statment, 0, -1); $db->sql_query("UPDATE {$CONFIG['TABLE_USERGROUPS']} SET {$set_statment} WHERE group_id = '{$group_id}'"); } }
function process_post_data() { global $_POST, $xoopsModuleConfig, $xoopsDB; global $user_albums_list, $xoopsModule, $myts; $user_album_set = array(); foreach ($user_albums_list as $album) { $user_album_set[$album['aid']] = 1; } if (!is_array($_POST['pid'])) { redirect_header('index.php', 2, _MD_PARAM_MISSING); } $pid_array =& $_POST['pid']; foreach ($pid_array as $pid) { $pid = (int) $pid; $aid = (int) get_post_var('aid', $pid); $title = get_post_var('title', $pid); $caption = get_post_var('caption', $pid); $keywords = get_post_var('keywords', $pid); $user1 = get_post_var('user1', $pid); $user2 = get_post_var('user2', $pid); $user3 = get_post_var('user3', $pid); $user4 = get_post_var('user4', $pid); $delete = isset($_POST['delete' . $pid]); $reset_vcount = isset($_POST['reset_vcount' . $pid]); $reset_votes = isset($_POST['reset_votes' . $pid]); $del_comments = isset($_POST['del_comments' . $pid]) || $delete; $query = "SELECT category, filepath, filename, owner_id FROM " . $xoopsDB->prefix("xcgal_pictures") . ", " . $xoopsDB->prefix("xcgal_albums") . " WHERE " . $xoopsDB->prefix("xcgal_pictures") . ".aid = " . $xoopsDB->prefix("xcgal_albums") . ".aid AND pid='{$pid}'"; $result = $xoopsDB->query($query); if (!$xoopsDB->getRowsNum($result)) { redirect_header('index.php', 2, _MD_NON_EXIST_AP); } $pic = $xoopsDB->fetchArray($result); $xoopsDB->freeRecordSet($result); if (!USER_IS_ADMIN) { if ($pic['category'] != FIRST_USER_CAT + USER_ID) { redirect_header('index.php', 2, _MD_PERM_DENIED . "<br />(picture category = {$pic['category']}/ {$pid})"); } if (!isset($user_album_set[$aid])) { redirect_header('index.php', 2, _MD_PERM_DENIED . "<br />(target album = {$aid})"); } } $update = "aid = '" . $aid . "'"; $update .= ", title = '" . $myts->makeTboxData4Save($title) . "'"; $update .= ", caption = '" . $myts->makeTareaData4Save($caption, 0) . "'"; $update .= ", keywords = '" . $myts->makeTboxData4Save($keywords) . "'"; $update .= ", user1 = '" . $myts->makeTboxData4Save($user1) . "'"; $update .= ", user2 = '" . $myts->makeTboxData4Save($user2) . "'"; $update .= ", user3 = '" . $myts->makeTboxData4Save($user3) . "'"; $update .= ", user4 = '" . $myts->makeTboxData4Save($user4) . "'"; if ($reset_vcount) { $update .= ", hits = '0'"; } if ($reset_votes) { $update .= ", pic_rating = '0', votes = '0'"; } if (UPLOAD_APPROVAL_MODE) { $approved = get_post_var('approved', $pid); if ($approved == 'YES') { $update .= ", approved = 'YES'"; } elseif ($approved == 'DELETE') { $del_comments = 1; $delete = 1; } } if ($del_comments) { //$query = "DELETE FROM ".$xoopsDB->prefix("xcgal_comments")." WHERE pid='$pid'"; //$result =$xoopsDB->query($query); xoops_comment_delete($xoopsModule->getVar('mid'), $pid); } if ($delete) { $dir = $xoopsModuleConfig['fullpath'] . $pic['filepath']; $file = $pic['filename']; if (!is_writable($dir)) { redirect_header('index.php', 2, sprintf(_MD_DIRECTORY_RO, $dir)); } $files = array($dir . $file, $dir . $xoopsModuleConfig['normal_pfx'] . $file, $dir . $xoopsModuleConfig['thumb_pfx'] . $file); foreach ($files as $currFile) { if (is_file($currFile)) { @unlink($currFile); } } $query = "DELETE FROM " . $xoopsDB->prefix("xcgal_pictures") . " WHERE pid='{$pid}' LIMIT 1"; $result = $xoopsDB->query($query); } else { $query = "UPDATE " . $xoopsDB->prefix("xcgal_pictures") . " SET {$update} WHERE pid='{$pid}' LIMIT 1"; $result = $xoopsDB->query($query); if ($pic['owner_id'] != 0) { $submitter = new XoopsUser($pic['owner_id']); $submitter->incrementPost(); } } } }
$script_create = 'gu_gadgets_create_basic_form(' . $gadget_list . ', "' . $gadget_btn_text . '", "' . $gadget_prefix . '")'; $script_write = '<script type="text/javascript">gu_gadgets_write_basic_form(' . $gadget_list . ', "' . $gadget_btn_text . '", "' . $gadget_prefix . '")</script>'; $gadget_params = array('list', 'btn_text', 'prefix'); $gadget_requires_import = FALSE; break; case 'ajax_link': $gadget_text = is_post_var('gadget_text') ? get_post_var('gadget_text') : t('Subscribe to my newsletter'); $script_create = 'gu_gadgets_create_ajax_link(' . $gadget_list . ', "' . $gadget_text . '")'; $script_write = '<script type="text/javascript">gu_gadgets_write_ajax_link(' . $gadget_list . ', "' . $gadget_text . '")</script>'; $gadget_params = array('list', 'text'); $gadget_requires_import = TRUE; break; case 'ajax_form': $gadget_btn_text = is_post_var('gadget_btn_text') ? get_post_var('gadget_btn_text') : t('Subscribe'); $gadget_email_hint = is_post_var('gadget_email_hint') ? get_post_var('gadget_email_hint') : t('Your email'); $gadget_prefix = is_post_var('gadget_prefix') ? get_post_var('gadget_prefix') : 'gu_'; $script_create = 'gu_gadgets_create_ajax_form(' . $gadget_list . ', "' . $gadget_btn_text . '", "' . $gadget_email_hint . '", "' . $gadget_prefix . '")'; $script_write = '<script type="text/javascript">gu_gadgets_write_ajax_form(' . $gadget_list . ', "' . $gadget_btn_text . '", "' . $gadget_email_hint . '", "' . $gadget_prefix . '")</script>'; $gadget_params = array('list', 'btn_text', 'email_hint', 'prefix'); $gadget_requires_import = TRUE; break; } } function create_list_control($name, $value, $all_option) { global $lists; $html = '<select id="' . $name . '" name="' . $name . '">'; if ($all_option) { $html .= '<option value="0" ' . ($value == 0 ? 'selected="selected"' : '') . '>(' . t('All') . ')</option>'; } foreach ($lists as $l) {
<!DOCTYPE html> <?php require_once dirname(__FILE__) . "/login.php"; if (check_logged_in()) { header('Location: /pages/classes/main.php'); } else { echo manage_output(draw_login_page(get_post_var('session_expired'))); }
function process_post_data() { global $CONFIG; $superCage = Inspekt::makeSuperCage(); $field_list = array('group_name', 'group_quota', 'can_rate_pictures', 'can_send_ecards', 'can_post_comments', 'can_upload_pictures', 'pub_upl_need_approval', 'can_create_albums', 'priv_upl_need_approval', 'upload_form_config', 'custom_user_upload', 'num_file_upload', 'num_URI_upload'); $group_id_array = get_post_var('group_id'); $upload_form_config = 0; foreach ($group_id_array as $key => $group_id) { $set_statment = ''; foreach ($field_list as $field) { //if (!isset($_POST[$field . '_' . $group_id])) cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'] . " ({$field}_{$group_id})", __FILE__, __LINE__); //set the 'upload_form_config' entry $numFile = $superCage->post->getInt('num_file_upload_' . $group_id); $numURI = $superCage->post->getInt('num_URI_upload_' . $group_id); // case File upload boxes=1 and URI upload boxes=0 => single uploads (0) if ($numFile == 1 && $numURI == 0) { $upload_form_config = 0; } // case File upload boxes>1 and URI upload boxes=0 => multi file uploads (1) if ($numFile > 1 && $numURI == 0) { $upload_form_config = 1; } // case File upload boxes=0 and URI upload boxes>0 => multi uri uploads (2) if ($numFile == 0 && $numURI > 0) { $upload_form_config = 2; } // case File upload boxes>0 and URI upload boxes>0 => File and URI uploads (3) if ($numFile > 0 && $numURI > 0) { $upload_form_config = 3; } // case File upload boxes=0 and URI upload boxes=0 => input error, default to single uploads (0) if ($numFile == 0 && $numURI == 0) { $upload_form_config = 0; } if ($field == 'group_name') { $set_statment .= $field . "='" . $superCage->post->getEscaped($field . '_' . $group_id) . "',"; } else { if ($field == 'upload_form_config') { $set_statment .= $field . "='" . $upload_form_config . "',"; } else { $set_statment .= $field . "='" . $superCage->post->getInt($field . '_' . $group_id) . "',"; } } } $set_statment = substr($set_statment, 0, -1); cpg_db_query("UPDATE {$CONFIG['TABLE_USERGROUPS']} SET {$set_statment} WHERE group_id = '{$group_id}' LIMIT 1"); } }
/** * process_post_data() * * Function to process the form posted */ function process_post_data() { global $CONFIG; global $user_albums_list, $lang_errors; $superCage = Inspekt::makeSuperCage(); $user_album_set = array(); foreach ($user_albums_list as $album) { $user_album_set[$album['aid']] = 1; } $pid = $superCage->post->getInt('pid'); if (!is_array($pid)) { cpg_die(CRITICAL_ERROR, $lang_errors['param_missing'], __FILE__, __LINE__); } $pid_array = $pid; if ($superCage->post->keyExists('galleryicon')) { $galleryincon = $superCage->post->getInt('galleyicon'); } else { $galleryicon = ''; } foreach ($pid_array as $pid) { $aid = $superCage->post->getInt("aid{$pid}"); $title = get_post_var('title', $pid); $caption = get_post_var('caption', $pid); $keywords = get_post_var('keywords', $pid); $user1 = get_post_var('user1', $pid); $user2 = get_post_var('user2', $pid); $user3 = get_post_var('user3', $pid); $user4 = get_post_var('user4', $pid); $delete = false; $reset_vcount = false; $reset_votes = false; $del_comments = false; $isgalleryicon = $galleryicon === $pid; if ($superCage->post->keyExists('delete' . $pid)) { $delete = $superCage->post->getInt('delete' . $pid); } if ($superCage->post->keyExists('reset_vcount' . $pid)) { $reset_vcount = $superCage->post - getInt('reset_vcount' . $pid); } if ($superCage->post->keyExists('reset_votes' . $pid)) { $reset_votes = $superCage->post->getInt('reset_votes' . $pid); } if ($superCage->post->keyExists('del_comments' . $pid)) { $del_comments = $superCage->post->getInt('del_comments' . $pid) || $delete; } // OVI //$query = "SELECT category, filepath, filename, owner_id FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='$pid'"; $query = "SELECT {$CONFIG['TABLE_PICTURES']}.aid, category, filepath, filename, owner_id, total_filesize FROM {$CONFIG['TABLE_PICTURES']}, {$CONFIG['TABLE_ALBUMS']} WHERE {$CONFIG['TABLE_PICTURES']}.aid = {$CONFIG['TABLE_ALBUMS']}.aid AND pid='{$pid}'"; $result = cpg_db_query($query); if (!mysql_num_rows($result)) { cpg_die(CRITICAL_ERROR, $lang_errors['non_exist_ap'], __FILE__, __LINE__); } $pic = mysql_fetch_array($result); mysql_free_result($result); if (!GALLERY_ADMIN_MODE && !MODERATOR_MODE && !USER_ADMIN_MODE && !user_is_allowed() && !$CONFIG['users_can_edit_pics']) { if ($pic['category'] != FIRST_USER_CAT + USER_ID) { cpg_die(ERROR, $lang_errors['perm_denied'] . "<br />(picture category = {$pic['category']}/ {$pid})", __FILE__, __LINE__); } if (!isset($user_album_set[$aid])) { cpg_die(ERROR, $lang_errors['perm_denied'] . "<br />(target album = {$aid})", __FILE__, __LINE__); } } $update = "aid = '{$aid}'"; $update .= ", title = '{$title}'"; $update .= ", caption = '{$caption}'"; $update .= ", keywords = '{$keywords}'"; $update .= ", user1 = '{$user1}'"; $update .= ", user2 = '{$user2}'"; $update .= ", user3 = '{$user3}'"; $update .= ", user4 = '{$user4}'"; if ($isgalleryicon && $pic['category'] > FIRST_USER_CAT) { $sql = 'UPDATE ' . $CONFIG['TABLE_PICTURES'] . ' SET galleryicon=0 WHERE owner_id=' . $pic['owner_id'] . ';'; cpg_db_query($sql); $update .= ", galleryicon = " . addslashes($galleryicon); } if (is_movie($pic['filename'])) { $pwidth = $superCage->post->getInt('pwidth' . $pid); $pheight = $superCage->post->getInt('pheight' . $pid); $update .= ", pwidth = " . $pwidth; $update .= ", pheight = " . $pheight; } if ($reset_vcount) { $update .= ", hits = '0'"; resetDetailHits($pid); } if ($reset_votes) { $update .= ", pic_rating = '0', votes = '0'"; resetDetailVotes($pid); } if (GALLERY_ADMIN_MODE || UPLOAD_APPROVAL_MODE || MODERATOR_MODE) { if ($superCage->post->keyExists('approved' . $pid)) { $approved = $superCage->post->getAlpha('approved' . $pid); } if ($approved) { $update .= ", approved = 'YES'"; } else { $update .= ", approved = 'NO'"; } } if ($del_comments) { $query = "DELETE FROM {$CONFIG['TABLE_COMMENTS']} WHERE pid='{$pid}'"; $result = cpg_db_query($query); } if ($delete) { $dir = $CONFIG['fullpath'] . $pic['filepath']; $file = $pic['filename']; if (!is_writable($dir)) { cpg_die(CRITICAL_ERROR, sprintf($lang_errors['directory_ro'], $dir), __FILE__, __LINE__); } ///////// OVI $picture_id = $pid; $owner_id = $pic['owner_id']; $imageContainer = new FileContainer($picture_id, $owner_id); $imageContainer->original_path = $dir . $file; // check $imageContainer->total_filesize = $pic['total_filesize']; ///////// OVI /* // OVI $files = array ($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['orig_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file); foreach ($files as $currFile){ if (is_file($currFile)) @unlink($currFile); } */ ///////// OVI $files = array($dir . $file, $dir . $CONFIG['normal_pfx'] . $file, $dir . $CONFIG['orig_pfx'] . $file, $dir . $CONFIG['thumb_pfx'] . $file); foreach ($files as $currFile) { if ($currFile != $dir . $file) { $imageContainer->thumb_paths[] = $currFile; } if (is_file($currFile)) { @unlink($currFile); } } ///////// OVI ///// OVI global $storage; $storage->delete_file($imageContainer); ///// OVI $query = "DELETE FROM {$CONFIG['TABLE_PICTURES']} WHERE pid='{$pid}' LIMIT 1"; $result = cpg_db_query($query); } else { $query = "UPDATE {$CONFIG['TABLE_PICTURES']} SET {$update} WHERE pid='{$pid}' LIMIT 1"; $result = cpg_db_query($query); } } }