public static function redirect($url, $query_parameters = array())
{
$request = RequestModel::currentRequest();
$redirect_host = parse_url($url, PHP_URL_HOST);
// Check that we're redirecting to our own domain, avoids potential security issues...
if (!isValidURL($url)) {
$url = '/';
// fallback
} else {
if ($redirect_host !== HOSTNAME) {
// Remote Domain!
(new Log(SECURITY_LOG))->logMessage("Attempted redirect to external URL: {$url}");
$url = '/';
// fallback
} else {
// URL is OK, modify the existing URL if parameters were specified...
if (!empty($query_parameters)) {
$url = addQueryParams($url, $query_parameters);
}
}
}
// OK to Redirect User?
if (headers_sent($file, $line)) {
// Log Error
(new Log(ERROR_LOG))->logMessage("Unable to redirect, headers already sent in {$file} on line {$line}");
// Ask user for manual redirection...
echo "Unable to redirect automatically, please click this link: <a href=\"{$url}\">{$url}</a>";
} else {
// We're OK to Redirect
header("Location: {$url}");
}
exit;
// terminate
}
/**
fetches infolog.txt and normalize it
*/
function getinfolog()
{
global $_REQUEST;
if (array_key_exists('url', $_REQUEST)) {
$url = $_REQUEST['url'];
} else {
$url = "";
}
if ($url != "") {
//url parameter unset
if (!isValidURL($url)) {
die("Invalid url!");
}
$infolog = file_get_contents($url, false, NULL, -1, 100000);
//retrieve remote infolog.txt
} else {
if (array_key_exists('request', $_REQUEST)) {
$infolog = $_REQUEST['request'];
} else {
return "";
}
}
$infolog = addslashes($infolog);
$infolog = str_replace("\r\n", "\n", $infolog);
//windows linebreaks f'up some things here...
$infolog = str_replace("\n\n", "\n", $infolog);
return stripslashes($infolog);
}
public function updateCarLink($carlink)
{
$error = false;
//text
if (trim($carlink->getText()) == "") {
$phpError["carlinktext"] = "Text is a required field!";
$error = true;
}
//url
if (trim($carlink->getURL()) == "") {
$phpError["carlinkurl"] = "URL is a required field!";
$error = true;
} elseif (!isValidURL(trim($carlink->getURL()))) {
$phpError["carlinkurl"] = "URL link is not valid!";
$error = true;
}
//car
$dalCar = new DALCar();
$nrCars = $dalCar->getCarCount($carlink->getCarId());
if ($nrCars == 0) {
$phpError["carlinkcar"] = "Car was not found!";
$error = true;
}
if ($error == true) {
return $phpError;
} else {
parent::updateCarLink($carlink);
$id = $carlink->getId();
return $id;
}
}
/**
* @since 3.4
*/
function awpcp_maybe_add_http_to_url($url)
{
if (empty($url) || preg_match('#^(https?|s?ftp)://#', $url)) {
return $url;
}
$new_url = sprintf('http://%s', $url);
if (isValidURL($new_url)) {
return $new_url;
} else {
return $url;
}
}
public function updateCarMovie($carmovie)
{
$error = false;
//url
if (trim($carmovie->getUrl()) == "") {
$phpError["carmovieurl"] = "Url is a required field!";
$error = true;
} elseif ($carmovie->getTypeId() == 1) {
if (strtolower(findexts($carmovie->getUrl())) != "wmv" && strtolower(findexts($carmovie->getUrl())) != "mp4") {
$phpError["carmovieurl"] = "LR link must be a wmv or mp4 file!";
$error = true;
}
} elseif ($carmovie->getTypeId() == 2) {
if (strtolower(findexts($carmovie->getUrl())) != "mpg" && strtolower(findexts($carmovie->getUrl())) != "mpeg" && strtolower(findexts($carmovie->getUrl())) != "mov" && strtolower(findexts($carmovie->getUrl())) != "mp4") {
$phpError["carmovieurl"] = "HR link must be mpg, mpeg, mov or mp4 file!";
$error = true;
}
} elseif ($carmovie->getTypeId() == 3) {
if (!isValidURL(trim($carmovie->getUrl()))) {
$phpError["carmovieurl"] = "Not a valid link!";
$error = true;
}
} elseif ($carmovie->getTypeId() == 4) {
//to be defined
} elseif ($carmovie->getTypeId() == 5) {
//to be defined
} else {
$phpError["carmovieurl"] = "Type not found!";
$error = true;
}
//text
if (trim($carmovie->getText()) == "") {
$phpError["carmovietext"] = "Text is a required field!";
$error = true;
}
//car
$dalCar = new DALCar();
$nrCars = $dalCar->getCarCount($carmovie->getCarId());
if ($nrCars == 0) {
$phpError["carmoviecar"] = "Car not found!";
$error = true;
}
if ($error == true) {
return $phpError;
} else {
parent::updateCarMovie($carmovie);
return $carmovie->getId();
}
}
public function updateCar($car)
{
$error = false;
//type
if (trim($car->getType()) == "") {
$phpError["type"] = "Type is a required field!";
$error = true;
}
/* $dalCar = new DALCar();
$nrCars=$dalCar->getCarByTypeExcludeId($car->getType(),$car->getId());
if ($nrCars != 0) {
$phpError["type"] = "This type is allready used!";
$error = true;
}
*/
//previewlink
if (trim($car->getPreviewLink()) == "") {
$phpError["previewlink"] = "Preview link is a required field!";
$error = true;
} elseif (!isValidURL($car->getPreviewLink())) {
$phpError["previewlink"] = "Preview link must be a youtube link!";
$error = true;
}
//releasedate
$date = $car->getReleaseDate();
if (substr($date, 0, 4) == "0000" || substr($date, 5, 2) == "00") {
$phpError["releasedate"] = "Release date is a required field!";
$error = true;
}
//presscontact
$dalPressContact = new DALPressContact();
$nrpresscontacts = $dalPressContact->getPressContactCount($car->getPressContactId());
if ($nrpresscontacts == 0) {
$phpError["presscontact"] = "Presscontact was not found!";
$error = true;
}
if ($error == true) {
return $phpError;
} else {
parent::updateCar($car);
$id = $car->getId();
return $id;
}
}
function Hookyt2rsViewreplacedownloadoptions()
{
// Replace download options
global $ref, $yt2rs_field_id, $baseurl_short, $lang;
$youtube_url = get_data_by_field($ref, $yt2rs_field_id);
if ($youtube_url !== "" && isValidURL($youtube_url)) {
?>
<table cellpadding="0" cellspacing="0">
<tr >
<td>File Information</td>
<td>File Size </td>
<td>Options</td>
</tr>
<tr class="DownloadDBlend">
<td><h2>Online Preview</h2><p>Youtube Video</p></td>
<td>N/A</td>
<td class="DownloadButton HorizontalWhiteNav"><a href="<?php
echo $baseurl_short;
?>
pages/resource_request.php?ref=<?php
echo urlencode($ref);
?>
&k=<?php
echo getval("k", "");
?>
" onClick="return CentralSpaceLoad(this,true);">
<?php
echo $lang["action-request"];
?>
</td>
</tr>
</table>
<?php
return true;
} else {
return false;
}
}
function add_dos_link($link, $target, $title, $method)
{
require_once $PHP_INCLUDE_PATH . "hash.php";
require_once $PHP_INCLUDE_PATH . "validate.php";
if (isValidURL($link) && isValidURL($target)) {
$target = escapeURL($target);
$link = escapeURL($link);
} else {
die("Invalid url entered.");
}
$title = htmlentities($_POST['title']);
if (is_banned_domain($target)) {
die("This domain is disallowed.");
}
$res = exec_query("SELECT * FROM dos_links WHERE link='" . mysql_real_escape_string($link) . "' AND target='" . mysql_real_escape_string($target) . "' AND title='" . mysql_real_escape_string($title) . "' AND use_get=" . $method . ";");
if (mysql_num_rows($res) != 0) {
$row = mysql_fetch_assoc($res);
return $row['hash'];
} else {
$hash = calc_new_hash($link . $target . $title);
$res = insert_new_entry($hash, $link, $title, $target, $method);
return $hash;
}
}
<?php
include_once "/php/settings.php";
include_once "/php/db.php";
include_once "/php/url.php";
if ($_SERVER["REQUEST_METHOD"] === "POST") {
if (empty($_POST)) {
die;
}
// Create a new shortened URL
if (array_key_exists("destURL", $_POST)) {
// Make sure the new destURL is valid.
if (!isValidURL(htmlspecialchars($_POST["destURL"], ENT_QUOTES))) {
$retArray = array("success" => false, "message" => "URL is not valid.");
echo json_encode($retArray, true);
die;
}
$mysqli = connectToDB();
if ($mysqli->connect_errno) {
die("Faild to connect to database:" . PHP_EOL . $mysqli->connect_errno . PHP_EOL . $mysqli->connect_error . PHP_EOL);
}
// Add the new link
if ($shortID = addNewURL($mysqli, $_POST["destURL"])) {
$retArray = array("success" => true, "shortURL" => Settings::$DOMAIN_BASE . Settings::$REDIRECT_PATH . $shortID, "fakeDomain" => Settings::$FAKE_DOMAIN . Settings::$REDIRECT_PATH, "shortID" => $shortID);
echo json_encode($retArray, true);
}
$mysqli->close();
}
die;
} else {
if ($_SERVER["REQUEST_METHOD"] === "GET") {
/**
* Saves the updated alliance preferences.
*
* @param boolean $showmember Show member list to everyone
* @param boolean $showhomepage Show homepage to everyone
* @param boolean $open Open applications
* @param string $foundername Founder rank name
* @param integer $memberlistsort Default memer list sort
* @param string $textextern Extern alliance text
* @param string $textintern Intern alliance text
* @param string $logo Logo URL
* @param string $homepage Homepage URL
* @param string $applicationtext Application template
*
* @return Bengine_Game_Controller_Alliance
*/
protected function updateAllyPrefs($showmember, $showhomepage, $open, $foundername, $memberlistsort, $textextern, $textintern, $logo, $homepage, $applicationtext)
{
$foundername = trim($foundername);
$logo = trim($logo);
$homepage = trim($homepage);
Hook::event("UpdateAlliancePreferences");
if ($showmember == 1) {
$showmember = 1;
} else {
$showmember = 0;
}
if ($showhomepage == 1) {
$showhomepage = 1;
} else {
$showhomepage = 0;
}
if ($open == 1) {
$open = 1;
} else {
$open = 0;
}
if (Str::length($foundername) > Core::getOptions()->get("MAX_CHARS_ALLY_NAME")) {
$foundername = "";
}
$further = 1;
if (Str::length($textextern) > Core::getOptions()->get("MAX_ALLIANCE_TEXT_LENGTH")) {
$further = 0;
}
if (Str::length($textintern) > Core::getOptions()->get("MAX_ALLIANCE_TEXT_LENGTH")) {
$further = 0;
}
if ((!isValidImageURL($logo) || Str::length($logo) > 128) && $logo != "") {
$further = 0;
}
if ((!isValidURL($homepage) || Str::length($homepage) > 128) && $homepage != "") {
$further = 0;
}
if (Str::length($applicationtext) > Core::getOptions()->get("MAX_APPLICATION_TEXT_LENGTH")) {
$further = 0;
}
if ($further == 1) {
$spec = array("logo" => $logo, "textextern" => richText($textextern), "textintern" => richText($textintern), "applicationtext" => Str::validateXHTML($applicationtext), "homepage" => $homepage, "showmember" => $showmember, "showhomepage" => $showhomepage, "memberlistsort" => $memberlistsort, "open" => $open, "foundername" => Str::validateXHTML($foundername));
Core::getQuery()->update("alliance", $spec, "aid = ?", array($this->aid));
$this->redirect("game/" . SID . "/Alliance/Manage");
} else {
if (Str::length($textextern) > Core::getOptions()->get("MAX_ALLIANCE_TEXT_LENGTH")) {
Core::getTPL()->assign("externerr", Logger::getMessageField("TEXT_INVALID"));
}
if (Str::length($textintern) > Core::getOptions()->get("MAX_ALLIANCE_TEXT_LENGTH")) {
Core::getTPL()->assign("internerr", Logger::getMessageField("TEXT_INVALID"));
}
if (Str::length($applicationtext) > Core::getOptions()->get("MAX_APPLICATION_TEXT_LENGTH")) {
Core::getTPL()->assign("apperr", Logger::getMessageField("TEXT_INVALID"));
}
if ((!isValidImageURL($logo) || Str::length($logo) > 128) && $logo != "") {
Core::getTPL()->assign("logoerr", Logger::getMessageField("LOGO_INVALID"));
}
if ((!isValidURL($homepage) || Str::length($homepage) > 128) && $homepage != "") {
Core::getTPL()->assign("hperr", Logger::getMessageField("HOMEPAGE_INVALID"));
}
}
return $this;
}
}
$invalid = array();
if (sizeof($_POST) > 0) {
if (!empty($_POST['drugs'])) {
header("Location: {$rootURL}/{$id}");
}
if (empty($_POST['name'])) {
$invalid['name'] = true;
}
if (empty($_POST['email'])) {
$invalid['email'] = true;
} elseif (!isValidEmail($_POST['email'])) {
$invalid['email'] = true;
}
if (empty($_POST['url'])) {
} elseif (!isValidURL($_POST['url'])) {
$invalid['url'] = true;
}
if (empty($_POST['comment'])) {
$invalid['comment'] = true;
}
$vote = $_POST['vote'] == '1' ? 1 : 0;
if (empty($invalid)) {
$time = time();
$ip = $_SERVER['REMOTE_ADDR'];
mysql_query("INSERT INTO errors_comments ( error, name, email, url, comment, posted, ip, vote )\n VALUES ( '{$id}', '{$_POST['name']}', '{$_POST['email']}', '{$_POST['url']}', '{$_POST['comment']}', '{$time}', '{$ip}', '{$vote}' )");
$comment = mysql_insert_id();
if ($vote == 1) {
mysql_query("UPDATE errors\n SET votes = votes + 1\n WHERE id = '{$id}'\n LIMIT 1");
}
header("Location: {$rootURL}/{$id}#comment-{$comment}");
public function get_json()
{
$event_json = array();
$filters = $this->in->exists('filters', 'int') ? $this->in->getArray('filters', 'int') : false;
// parse the feeds
$feeds = $this->pdh->get('calendars', 'idlist', array('feed', $filters));
if (is_array($feeds) && count($feeds) > 0) {
foreach ($feeds as $feed) {
$feedurl = $this->pdh->get('calendars', 'feed', array($feed));
if (isValidURL($feedurl)) {
require_once $this->root_path . 'libraries/icalcreator/iCalcreator.class.php';
$vcalendar = new vcalendar(array('url' => $feedurl));
if (TRUE === $vcalendar->parse()) {
$vcalendar->sort();
while ($comp = $vcalendar->getComponent('vevent')) {
$startdate = $comp->getProperty('dtstart', 1);
$enddate = $comp->getProperty('dtend', 1);
$startdate_out = $startdate['year'] . '-' . $startdate['month'] . '-' . $startdate['day'] . ' ' . (isset($startdate['hour']) ? $startdate['hour'] . ':' . $startdate['min'] : '00:00');
$enddate_out = $enddate['year'] . '-' . $enddate['month'] . '-' . $enddate['day'] . ' ' . (isset($enddate['hour']) ? $enddate['hour'] . ':' . $enddate['min'] : '00:00');
$allday = isset($enddate['hour']) && isset($startdate['hour']) ? false : true;
$eventcolor = $this->pdh->get('calendars', 'color', $feed);
$eventcolor_txt = get_brightness($eventcolor) > 130 ? 'black' : 'white';
$event_json[] = array('eventid' => $calid, 'title' => $comp->getProperty('summary', 1), 'start' => $startdate_out, 'end' => $enddate_out, 'allDay' => $allday, 'note' => $comp->getProperty('description', 1), 'color' => '#' . $eventcolor, 'textColor' => $eventcolor_txt);
}
}
}
}
}
// add the calendar events to the json feed
$calendars = $this->pdh->get('calendars', 'idlist', array('nofeed', $filters));
$caleventids = $this->pdh->get('calendar_events', 'id_list', array(false, $this->in->get('start', 0), $this->in->get('end', 0)));
if (is_array($caleventids) && count($caleventids) > 0) {
foreach ($caleventids as $calid) {
$eventextension = $this->pdh->get('calendar_events', 'extension', array($calid));
$raidmode = $eventextension['calendarmode'];
$eventcolor = $this->pdh->get('calendars', 'color', $this->pdh->get('calendar_events', 'calendar_id', array($calid)));
$eventcolor_txt = get_brightness($eventcolor) > 130 ? 'black' : 'white';
if (in_array($this->pdh->get('calendar_events', 'calendar_id', array($calid)), $calendars)) {
if ($raidmode == 'raid') {
// fetch the attendees
$attendees_raw = $this->pdh->get('calendar_raids_attendees', 'attendees', array($calid));
$attendees = array();
if (is_array($attendees_raw)) {
foreach ($attendees_raw as $attendeeid => $attendeerow) {
$attendees[$attendeerow['signup_status']][$attendeeid] = $attendeerow;
}
}
// Build the guest array
$guests = array();
if (registry::register('config')->get('calendar_raid_guests') == 1) {
$guestarray = registry::register('plus_datahandler')->get('calendar_raids_guests', 'members', array($calid));
if (is_array($guestarray)) {
foreach ($guestarray as $guest_row) {
$guests[] = $guest_row['name'];
}
}
}
// fetch per raid data
$raidcal_status = unserialize($this->config->get('calendar_raid_status'));
$rstatusdata = '';
if (is_array($raidcal_status)) {
foreach ($raidcal_status as $raidcalstat_id) {
if ($raidcalstat_id != 4) {
$actcount = isset($attendees[$raidcalstat_id]) ? count($attendees[$raidcalstat_id]) : 0;
if ($raidcalstat_id == 0) {
$actcount += is_array($guests) ? count($guests) : 0;
}
$rstatusdata .= '<div class="raid_status' . $raidcalstat_id . '">' . $this->user->lang(array('raidevent_raid_status', $raidcalstat_id)) . ': ' . $actcount . '</div>';
}
}
}
$rstatusdata .= '<div class="raid_status_total">' . $this->user->lang('raidevent_raid_required') . ': ' . (isset($eventextension) ? $eventextension['attendee_count'] : 0) . '</div>';
$deadlinedate = $this->pdh->get('calendar_events', 'time_start', array($calid)) - $eventextension['deadlinedate'] * 3600;
$deadline = $deadlinedate > $this->time->time || $this->config->get('calendar_raid_allowstatuschange') == '1' && $this->pdh->get('calendar_raids_attendees', 'status', array($calid, $this->user->id)) > 0 && $this->pdh->get('calendar_raids_attendees', 'status', array($calid, $this->user->id)) != 4 && $this->pdh->get('calendar_events', 'time_end', array($calid)) > $this->time->time ? false : true;
$deadlineflag = $deadline ? '<img src="' . $this->root_path . 'images/calendar/clock_s.png" alt="Deadline" title="' . $this->user->lang('raidevent_raid_deadl_reach') . '" />' : '';
// Build the JSON
$event_json[] = array('title' => $this->in->decode_entity($this->pdh->get('calendar_events', 'name', array($calid))), 'start' => $this->time->date('Y-m-d H:i', $this->pdh->get('calendar_events', 'time_start', array($calid))), 'end' => $this->time->date('Y-m-d H:i', $this->pdh->get('calendar_events', 'time_end', array($calid))), 'closed' => $this->pdh->get('calendar_events', 'raidstatus', array($calid)) == 1 ? true : false, 'editable' => true, 'eventid' => $calid, 'flag' => $deadlineflag . $this->pdh->get('calendar_raids_attendees', 'html_status', array($calid, $this->user->data['user_id'])), 'url' => 'calendar/viewcalraid.php' . $this->SID . '&eventid=' . $calid, 'icon' => $eventextension['raid_eventid'] ? $this->pdh->get('event', 'icon', array($eventextension['raid_eventid'], true, true)) : '', 'note' => $this->pdh->get('calendar_events', 'notes', array($calid)), 'raidleader' => $eventextension['raidleader'] > 0 ? implode(', ', $this->pdh->aget('member', 'name', 0, array($eventextension['raidleader']))) : '', 'rstatusdata' => $rstatusdata, 'color' => '#' . $eventcolor, 'textColor' => $eventcolor_txt);
} else {
$event_json[] = array('eventid' => $calid, 'title' => $this->pdh->get('calendar_events', 'name', array($calid)), 'start' => $this->time->date('Y-m-d H:i', $this->pdh->get('calendar_events', 'time_start', array($calid))), 'end' => $this->time->date('Y-m-d H:i', $this->pdh->get('calendar_events', 'time_end', array($calid))), 'allDay' => $this->pdh->get('calendar_events', 'allday', array($calid)) > 0 ? true : false, 'note' => $this->pdh->get('calendar_events', 'notes', array($calid)), 'color' => '#' . $eventcolor, 'textColor' => $eventcolor_txt);
}
}
}
}
// Output the array as JSON
echo json_encode($event_json);
exit;
}
<?php
require_once 'db.inc.php';
require_once 'facilities.inc.php';
$header = __("Department Contact Listing");
$dept = new Department();
if (!isset($_REQUEST['deptid'])) {
// No soup for you.
header('Location: ' . redirect());
exit;
}
$deptID = intval($_REQUEST['deptid']);
$contactList = $person->GetPeopleByDepartment($deptID);
$dept->DeptID = $deptID;
$dept->GetDeptByID();
if (isset($config->ParameterArray['UserLookupURL']) && isValidURL($config->ParameterArray['UserLookupURL'])) {
$el = 1;
//enable displaying lookup options
} else {
$el = 0;
//default to not showing lookup options
}
$subheader = $dept->Name;
?>
<!doctype html>
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=Edge">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta http-equiv="CACHE-CONTROL" content="NO-CACHE">
<meta http-equiv="EXPIRES" content="Mon, 01 Jan 1997 01:00:00 GMT">
function do_kml()
{
// emits JS for kml-type files in noted directory - added 5/23/08
$dir = "./kml_files";
// required as directory
if (is_dir($dir)) {
$dh = opendir($dir);
$temp = explode("/", $_SERVER['REQUEST_URI']);
$temp[count($temp) - 1] = substr($dir, 2);
// home subdir
$server_str = "http://" . $_SERVER['SERVER_NAME'] . ":" . $_SERVER['SERVER_PORT'] . implode("/", $temp) . "/";
while (false !== ($filename = readdir($dh))) {
switch (get_ext($filename)) {
// drop all other types, incl directories
case "kml":
case "kmz":
case "xml":
$url = $server_str . $filename;
echo "\tmap.addOverlay(new GGeoXml(\"" . $url . "\"));\n";
break;
// ---------------------------------
// ---------------------------------
case "txt":
$the_addr = "{$dir}/{$filename}";
$lines = file($the_addr);
foreach ($lines as $line_num => $line) {
// Loop through our array.
if (isValidURL(trim($line))) {
echo "\n\t map.addOverlay(new GGeoXml(\"" . trim($line) . "\"));\n";
}
}
break;
// --------------------------------
}
// end switch ()
}
// end while ()
}
// end is_dir()
}
function save_changes($redir, $current_tab)
{
global $contentManager, $db, $addslashes, $msg, $stripslashes;
$_POST['pid'] = intval($_POST['pid']);
$_POST['cid'] = intval($_POST['cid']);
$_POST['alternatives'] = intval($_POST['alternatives']);
$_POST['title'] = trim($_POST['title']);
$_POST['head'] = trim($_POST['head']);
$_POST['use_customized_head'] = isset($_POST['use_customized_head']) ? $_POST['use_customized_head'] : 0;
// $_POST['body_text'] = $stripslashes(trim($_POST['body_text'])); //this line breaks LaTex
$_POST['body_text'] = trim($_POST['body_text']);
$_POST['weblink_text'] = trim($_POST['weblink_text']);
$_POST['formatting'] = intval($_POST['formatting']);
$_POST['keywords'] = $stripslashes(trim($_POST['keywords']));
$_POST['test_message'] = trim($_POST['test_message']);
$_POST['allow_test_export'] = intval($_POST['allow_test_export']);
//if weblink is selected, use it
if ($_POST['formatting'] == CONTENT_TYPE_WEBLINK) {
$url = $_POST['weblink_text'];
$validated_url = isValidURL($url);
if (!validated_url || $validated_url !== $url) {
$msg->addError(array('INVALID_INPUT', _AT('weblink')));
} else {
$_POST['body_text'] = $url;
$content_type_pref = CONTENT_TYPE_WEBLINK;
}
} else {
$content_type_pref = CONTENT_TYPE_CONTENT;
}
if (!($release_date = generate_release_date())) {
$msg->addError('BAD_DATE');
}
if ($_POST['title'] == '') {
$msg->addError(array('EMPTY_FIELDS', _AT('title')));
}
if (!$msg->containsErrors()) {
$orig_body_text = $_POST['body_text'];
// used to populate a4a tables
/*
$_POST['title'] = $addslashes($_POST['title']);
$_POST['body_text'] = $addslashes($_POST['body_text']);
$_POST['head'] = $addslashes($_POST['head']);
$_POST['keywords'] = $addslashes($_POST['keywords']);
$_POST['test_message'] = $addslashes($_POST['test_message']);
*/
// add or edit content
if ($_POST['cid']) {
/* editing an existing page */
$err = $contentManager->editContent($_POST['cid'], $_POST['title'], $_POST['body_text'], $_POST['keywords'], $_POST['related'], $_POST['formatting'], $release_date, $_POST['head'], $_POST['use_customized_head'], $_POST['test_message'], $_POST['allow_test_export'], $content_type_pref);
$cid = $_POST['cid'];
} else {
/* insert new */
$cid = $contentManager->addContent($_SESSION['course_id'], $_POST['pid'], $_POST['ordering'], $_POST['title'], $_POST['body_text'], $_POST['keywords'], $_POST['related'], $_POST['formatting'], $release_date, $_POST['head'], $_POST['use_customized_head'], $_POST['test_message'], $_POST['allow_test_export'], $content_type_pref);
$_POST['cid'] = $cid;
$_REQUEST['cid'] = $cid;
}
// re-populate a4a tables based on the new content
populate_a4a($cid, $orig_body_text, $_POST['formatting']);
} else {
return;
}
/* insert glossary terms */
if (is_array($_POST['glossary_defs']) && ($num_terms = count($_POST['glossary_defs']))) {
global $glossary, $glossary_ids, $msg;
foreach ($_POST['glossary_defs'] as $w => $d) {
$old_w = $w;
$key = in_array_cin($w, $glossary_ids);
$w = urldecode($w);
$d = $addslashes($d);
if ($key !== false && ($glossary[$old_w] != $d || isset($_POST['related_term'][$old_w]))) {
$w = addslashes($w);
$related_id = intval($_POST['related_term'][$old_w]);
$sql = "UPDATE %sglossary SET definition='%s', related_word_id=%d WHERE word_id=%d AND course_id=%d";
$result = queryDB($sql, array(TABLE_PREFIX, $d, $related_id, $key, $_SESSION['course_id']));
$glossary[$old_w] = $d;
} else {
if ($key === false && $d != '') {
$w = addslashes($w);
$related_id = intval($_POST['related_term'][$old_w]);
$sql = "INSERT INTO %sglossary VALUES (NULL, %d, '%s', '%s', %d)";
$result = queryDB($sql, array(TABLE_PREFIX, $_SESSION['course_id'], $w, $d, $related_id));
$glossary[$old_w] = $d;
}
}
}
}
if (isset($_GET['tab'])) {
$current_tab = intval($_GET['tab']);
}
if (isset($_POST['current_tab'])) {
$current_tab = intval($_POST['current_tab']);
}
// adapted content: save primary content type
if (isset($_POST['use_post_for_alt'])) {
// 1. delete old primary content type
$sql = "DELETE FROM %sprimary_resources_types\n\t\t WHERE primary_resource_id in \n\t\t (SELECT DISTINCT primary_resource_id \n\t\t FROM %sprimary_resources\n\t\t WHERE content_id=%d\n\t\t AND language_code='%s')";
$result = queryDB($sql, array(TABLE_PREFIX, TABLE_PREFIX, $cid, $_SESSION['lang']));
// 2. insert the new primary content type
$sql = "SELECT pr.primary_resource_id, rt.type_id\n\t\t FROM %sprimary_resources pr, \n\t\t %sresource_types rt\n\t\t WHERE pr.content_id = %d\n\t\t AND pr.language_code = '%s'";
$all_types_result = queryDB($sql, array(TABLE_PREFIX, TABLE_PREFIX, $cid, $_SESSION['lang']));
foreach ($all_types_result as $type) {
if (isset($_POST['alt_' . $type['primary_resource_id'] . '_' . $type['type_id']])) {
$sql = "INSERT INTO %sprimary_resources_types (primary_resource_id, type_id)\n\t\t\t\t VALUES (%d, %d)";
$result = queryDB($sql, array(TABLE_PREFIX, $type['primary_resource_id'], $type['type_id']));
}
}
}
//Add test to this content - @harris
$sql = "SELECT * FROM %scontent_tests_assoc WHERE content_id=%d";
$rows_content_tests = queryDB($sql, array(TABLE_PREFIX, $_POST['cid']));
$db_test_array = array();
foreach ($rows_content_tests as $row) {
$db_test_array[] = $row['test_id'];
}
if (is_array($_POST['tid']) && sizeof($_POST['tid']) > 0) {
$toBeDeleted = array_diff($db_test_array, $_POST['tid']);
$toBeAdded = array_diff($_POST['tid'], $db_test_array);
//Delete entries
if (!empty($toBeDeleted)) {
$tids = implode(",", $toBeDeleted);
$sql = "DELETE FROM %scontent_tests_assoc WHERE content_id=%d AND test_id IN (%s)";
$result = queryDB($sql, array(TABLE_PREFIX, $_POST['cid'], $tids));
}
//Add entries
if (!empty($toBeAdded)) {
foreach ($toBeAdded as $i => $tid) {
$tid = intval($tid);
$sql = "INSERT INTO %scontent_tests_assoc SET content_id=%d, test_id=%d";
$result = queryDB($sql, array(TABLE_PREFIX, $_POST['cid'], $tid));
}
}
} else {
$sql = "DELETE FROM %scontent_tests_assoc WHERE content_id=%d";
$result = queryDB($sql, array(TABLE_PREFIX, $_POST['cid']));
}
//End Add test
// add pre-tests
$sql = "DELETE FROM %scontent_prerequisites WHERE content_id=%d AND type='%s'";
$result = queryDB($sql, array(TABLE_PREFIX, $_POST['cid'], CONTENT_PRE_TEST));
if (is_array($_POST['pre_tid']) && sizeof($_POST['pre_tid']) > 0) {
foreach ($_POST['pre_tid'] as $i => $tid) {
$tid = intval($tid);
$sql = "INSERT INTO %scontent_prerequisites SET content_id=%d, type='%s', item_id=%d";
$result = queryDB($sql, array(TABLE_PREFIX, $_POST['cid'], CONTENT_PRE_TEST, $tid));
}
}
if (isset($_SESSION['associated_forum']) && !$msg->containsErrors()) {
if ($_SESSION['associated_forum'] == 'none') {
$sql = "DELETE FROM %scontent_forums_assoc WHERE content_id=%d";
queryDB($sql, array(TABLE_PREFIX, $_POST['cid']));
} else {
$sql = "DELETE FROM %scontent_forums_assoc WHERE content_id=%d";
queryDB($sql, array(TABLE_PREFIX, $_POST['cid']));
$associated_forum = $_SESSION['associated_forum'];
for ($i = 0; $i < count($associated_forum); $i++) {
$sql = "INSERT INTO %scontent_forums_assoc SET content_id=%d,forum_id=%d";
queryDB($sql, array(TABLE_PREFIX, $_POST['cid'], $associated_forum[$i]));
}
}
unset($_SESSION['associated_forum']);
}
if (!$msg->containsErrors() && $redir) {
$_SESSION['save_n_close'] = $_POST['save_n_close'];
$msg->addFeedback('ACTION_COMPLETED_SUCCESSFULLY');
header('Location: ' . basename($_SERVER['PHP_SELF']) . '?cid=' . $cid . SEP . 'close=' . $addslashes($_POST['save_n_close']) . SEP . 'tab=' . $addslashes($_POST['current_tab']) . SEP . 'displayhead=' . $addslashes($_POST['displayhead']) . SEP . 'alternatives=' . $addslashes($_POST['alternatives']));
exit;
} else {
return;
}
}
public function get_json()
{
$event_json = array();
$filters = $this->in->exists('filters', 'int') ? $this->in->getArray('filters', 'int') : false;
$range_start = $this->time->fromformat($this->in->get('start', ''), 'Y-m-d');
$range_end = $this->time->fromformat($this->in->get('end', ''), 'Y-m-d');
$filterby = $this->in->get('filterby', 'all');
// parse the feeds
$feeds = $this->pdh->get('calendars', 'idlist', array('feed', $filters));
if (is_array($feeds) && count($feeds) > 0) {
foreach ($feeds as $feed) {
$feedurl = $this->pdh->get('calendars', 'feed', array($feed));
if (isValidURL($feedurl)) {
require_once $this->root_path . 'libraries/icalcreator/iCalcreator.class.php';
$vcalendar = new vcalendar(array('url' => $feedurl));
if (TRUE === $vcalendar->parse()) {
$vcalendar->sort();
while ($comp = $vcalendar->getComponent('vevent')) {
$startdate = $comp->getProperty('dtstart', 1);
$enddate = $comp->getProperty('dtend', 1);
// set the date for the events
$allday = isset($enddate['hour']) && isset($startdate['hour']) ? false : true;
if ($allday) {
$startdate_out = sprintf("%04d", $startdate['year']) . '-' . sprintf("%02d", $startdate['month']) . '-' . sprintf("%02d", $startdate['day']) . ' 00:00';
$enddate_out = sprintf("%04d", $enddate['year']) . '-' . sprintf("%02d", $enddate['month']) . '-' . sprintf("%02d", $enddate['day'] - 1) . ' 00:00';
} else {
$startdate_out = sprintf("%04d", $startdate['year']) . '-' . sprintf("%02d", $startdate['month']) . '-' . sprintf("%02d", $startdate['day']) . ' ' . (isset($startdate['hour']) ? sprintf("%02d", $startdate['hour']) . ':' . sprintf("%02d", $startdate['min']) : '00:00');
$enddate_out = sprintf("%04d", $enddate['year']) . '-' . $enddate['month'] . '-' . $enddate['day'] . ' ' . (isset($enddate['hour']) ? $enddate['hour'] . ':' . $enddate['min'] : '00:00');
}
// build the event colours
$eventcolor = $this->pdh->get('calendars', 'color', $feed);
$eventcolor_txt = get_brightness($eventcolor) > 130 ? 'black' : 'white';
$event_json[] = array('eventid' => $calid, 'title' => $comp->getProperty('summary', 1), 'start' => $startdate_out, 'end' => $enddate_out, 'allDay' => $allday, 'note' => $comp->getProperty('description', 1), 'color' => $eventcolor . ' !important', 'textColor' => $eventcolor_txt . ' !important');
}
}
}
}
}
// add the calendar events to the json feed
$calendars = $this->pdh->get('calendars', 'idlist', array('nofeed', $filters));
$caleventids = $this->pdh->get('calendar_events', 'id_list', array(false, $range_start, $range_end, false, $filterby));
if (is_array($caleventids) && count($caleventids) > 0) {
foreach ($caleventids as $calid) {
$eventextension = $this->pdh->get('calendar_events', 'extension', array($calid));
$raidmode = $eventextension['calendarmode'];
$eventcolor = $this->pdh->get('calendars', 'color', $this->pdh->get('calendar_events', 'calendar_id', array($calid)));
$eventcolor_txt = get_brightness($eventcolor) > 130 ? 'black' : 'white';
if (in_array($this->pdh->get('calendar_events', 'calendar_id', array($calid)), $calendars)) {
if ($raidmode == 'raid') {
// fetch the attendees
$attendees_raw = $this->pdh->get('calendar_raids_attendees', 'attendees', array($calid));
$attendees = array();
if (is_array($attendees_raw)) {
foreach ($attendees_raw as $attendeeid => $attendeerow) {
$attendees[$attendeerow['signup_status']][$attendeeid] = $attendeerow;
}
}
// Build the guest array
$guests = array();
if (registry::register('config')->get('calendar_raid_guests') == 1) {
$guestarray = registry::register('plus_datahandler')->get('calendar_raids_guests', 'members', array($calid));
if (is_array($guestarray)) {
foreach ($guestarray as $guest_row) {
$guests[] = $guest_row['name'];
}
}
}
// fetch per raid data
$raidcal_status = $this->config->get('calendar_raid_status');
$rstatusdata = '';
if (is_array($raidcal_status)) {
foreach ($raidcal_status as $raidcalstat_id) {
if ($raidcalstat_id != 4) {
$actcount = isset($attendees[$raidcalstat_id]) ? count($attendees[$raidcalstat_id]) : 0;
if ($raidcalstat_id == 0) {
$actcount += is_array($guests) ? count($guests) : 0;
}
$rstatusdata .= '<div class="raid_status' . $raidcalstat_id . '">' . $this->user->lang(array('raidevent_raid_status', $raidcalstat_id)) . ': ' . $actcount . '</div>';
}
}
}
$rstatusdata .= '<div class="raid_status_total">' . $this->user->lang('raidevent_raid_required') . ': ' . (isset($eventextension) ? $eventextension['attendee_count'] : 0) . '</div>';
$deadlinedate = $this->pdh->get('calendar_events', 'time_start', array($calid)) - $eventextension['deadlinedate'] * 3600;
$deadline = $deadlinedate > $this->time->time || $this->config->get('calendar_raid_allowstatuschange') == '1' && $this->pdh->get('calendar_raids_attendees', 'status', array($calid, $this->user->id)) > 0 && $this->pdh->get('calendar_raids_attendees', 'status', array($calid, $this->user->id)) != 4 && $this->pdh->get('calendar_events', 'time_end', array($calid)) > $this->time->time ? false : true;
$deadlineflag = $deadline ? '<i class="fa fa-lock fa-lg" title="' . $this->user->lang('raidevent_raid_deadl_reach') . '"></i>' : '';
// Build the JSON
$event_json[] = array('type' => 'raid', 'eventid' => $calid, 'editable' => $this->user->check_auth('a_cal_revent_conf', false) || $this->check_permission($calid) ? true : false, 'title' => $this->in->decode_entity($this->pdh->get('calendar_events', 'name', array($calid))), 'url' => $this->routing->build('calendarevent', $this->pdh->get('calendar_events', 'name', array($calid)), $calid), 'start' => $this->time->date('Y-m-d H:i', $this->pdh->get('calendar_events', 'time_start', array($calid))), 'end' => $this->time->date('Y-m-d H:i', $this->pdh->get('calendar_events', 'time_end', array($calid))), 'closed' => $this->pdh->get('calendar_events', 'raidstatus', array($calid)) == 1 ? true : false, 'flag' => $deadlineflag . $this->pdh->get('calendar_raids_attendees', 'html_status', array($calid, $this->user->data['user_id'])), 'icon' => $eventextension['raid_eventid'] ? $this->pdh->get('event', 'icon', array($eventextension['raid_eventid'], true)) : '', 'note' => $this->pdh->get('calendar_events', 'notes', array($calid)), 'raidleader' => $eventextension['raidleader'] > 0 ? implode(', ', $this->pdh->aget('member', 'name', 0, array($eventextension['raidleader']))) : '', 'rstatusdata' => $rstatusdata, 'color' => $eventcolor . ' !important', 'textColor' => $eventcolor_txt . ' !important');
} else {
// check if the event is private
if (!$this->pdh->get('calendar_events', 'private_userperm', array($calid))) {
continue;
}
$alldayevents = $this->pdh->get('calendar_events', 'allday', array($calid)) > 0 ? true : false;
$event_json[] = array('type' => 'event', 'eventid' => $calid, 'editable' => $this->user->check_auth('a_cal_revent_conf', false) || $this->check_permission($calid) ? true : false, 'url' => $this->routing->build('calendarevent', $this->pdh->get('calendar_events', 'name', array($calid)), $calid) . 'eventdetails', 'title' => $this->pdh->get('calendar_events', 'name', array($calid)), 'start' => $this->time->date('Y-m-d H:i', $this->pdh->get('calendar_events', 'time_start', array($calid))), 'end' => $this->time->date('Y-m-d H:i', $this->pdh->get('calendar_events', 'time_end', array($calid, $alldayevents))), 'allDay' => $alldayevents, 'note' => $this->pdh->get('calendar_events', 'notes', array($calid)), 'color' => $eventcolor, 'textColor' => $eventcolor_txt, 'isowner' => $this->pdh->get('calendar_events', 'is_owner', array($calid)), 'isinvited' => $this->pdh->get('calendar_events', 'is_invited', array($calid)), 'joinedevent' => $this->pdh->get('calendar_events', 'joined_invitation', array($calid)), 'author' => $this->pdh->get('calendar_events', 'creator', array($calid)), 'attendees' => $this->pdh->get('calendar_events', 'sharedevent_attendees', array($calid)));
}
}
}
}
// birthday calendar
if ($this->config->get('calendar_show_birthday') && $this->user->check_auth('u_userlist', false)) {
$birthday_y = $this->time->date('Y', $range_end);
$birthdays = $this->pdh->get('user', 'birthday_list');
if (is_array($birthdays)) {
foreach ($birthdays as $birthday_uid => $birthday_ts) {
$birthday_month = $this->time->date('m', $birthday_ts);
if ($birthday_month >= $this->time->date('m', $range_start) && $birthday_month <= $this->time->date('m', $range_end)) {
$event_json[] = array('type' => 'birthday', 'className' => 'cal_birthday', 'title' => $this->pdh->get('user', 'name', array($birthday_uid)), 'start' => $birthday_y . '-' . $this->time->date('m-d', $birthday_ts), 'end' => $birthday_y . '-' . $this->time->date('m-d', $birthday_ts), 'allDay' => true, 'textColor' => '#000000', 'backgroundColor' => '#E8E8E8', 'borderColor' => '#7F7F7F');
}
}
}
}
// hooks
if ($this->hooks->isRegistered('calendar')) {
$arrHooksData = $this->hooks->process('calendar', array('start' => $range_start, 'end' => $range_end), false);
if (count($arrHooksData) > 0) {
$event_json = array_merge($arrHooksData, $event_json);
}
}
// Output the array as JSON
echo json_encode($event_json);
exit;
}
/**
* Generic comment adding routine. Called by album objects or image objects
* to add comments.
*
* Returns a code for the success of the comment add:
* 0: Bad entry
* 1: Marked for moderation
* 2: Successfully posted
*
* @param string $name Comment author name
* @param string $email Comment author email
* @param string $website Comment author website
* @param string $comment body of the comment
* @param string $code Captcha code entered
* @param string $code_ok Captcha md5 expected
* @param string $type 'albums' if it is an album or 'images' if it is an image comment
* @param object $receiver the object (image or album) to which to post the comment
* @param string $ip the IP address of the comment poster
* @param bool $private set to true if the comment is for the admin only
* @param bool $anon set to true if the poster wishes to remain anonymous
* @return int
*/
function postComment($name, $email, $website, $comment, $code, $code_ok, $receiver, $ip, $private, $anon)
{
global $_zp_captcha;
$result = commentObjectClass($receiver);
list($type, $class) = $result;
$receiver->getComments();
$name = trim($name);
$email = trim($email);
$website = trim($website);
$admins = getAdministrators();
$admin = array_shift($admins);
$key = $admin['pass'];
// Let the comment have trailing line breaks and space? Nah...
// Also (in)validate HTML here, and in $name.
$comment = trim($comment);
if (getOption('comment_email_required') && (empty($email) || !is_valid_email_zp($email))) {
return -2;
}
if (getOption('comment_name_required') && empty($name)) {
return -3;
}
if (getOption('comment_web_required') && (empty($website) || !isValidURL($website))) {
return -4;
}
if (getOption('Use_Captcha')) {
if (!$_zp_captcha->checkCaptcha($code, $code_ok)) {
return -5;
}
}
if (empty($comment)) {
return -6;
}
if (!empty($website) && substr($website, 0, 7) != "http://") {
$website = "http://" . $website;
}
$goodMessage = 2;
$gallery = new gallery();
if (!(false === ($requirePath = getPlugin('spamfilters/' . UTF8ToFileSystem(getOption('spam_filter')) . ".php", false)))) {
require_once $requirePath;
$spamfilter = new SpamFilter();
$goodMessage = $spamfilter->filterMessage($name, $email, $website, $comment, isImageClass($receiver) ? $receiver->getFullImage() : NULL, $ip);
}
if ($goodMessage) {
if ($goodMessage == 1) {
$moderate = 1;
} else {
$moderate = 0;
}
if ($private) {
$private = 1;
} else {
$private = 0;
}
if ($anon) {
$anon = 1;
} else {
$anon = 0;
}
$receiverid = $receiver->id;
// Update the database entry with the new comment
query("INSERT INTO " . prefix("comments") . " (`ownerid`, `name`, `email`, `website`, `comment`, `inmoderation`, `date`, `type`, `ip`, `private`, `anon`) VALUES " . ' ("' . $receiverid . '", "' . mysql_real_escape_string($name) . '", "' . mysql_real_escape_string($email) . '", "' . mysql_real_escape_string($website) . '", "' . mysql_real_escape_string($comment) . '", "' . $moderate . '", NOW()' . ', "' . $type . '", "' . $ip . '", "' . $private . '", "' . $anon . '")');
if ($moderate) {
$action = "placed in moderation";
} else {
// add to comments array and notify the admin user
$newcomment = array();
$newcomment['name'] = $name;
$newcomment['email'] = $email;
$newcomment['website'] = $website;
$newcomment['comment'] = $comment;
$newcomment['date'] = time();
$receiver->comments[] = $newcomment;
$action = "posted";
}
// switch added for zenpage support
$class = get_class($receiver);
switch ($class) {
case "Albums":
$on = $receiver->name;
$url = "album=" . urlencode($receiver->name);
$ur_album = getUrAlbum($receiver);
break;
case "ZenpageNews":
$on = $receiver->getTitlelink();
$url = "p=" . ZENPAGE_NEWS . "&title=" . urlencode($receiver->getTitlelink());
break;
case "ZenpagePage":
$on = $receiver->getTitlelink();
$url = "p=" . ZENPAGE_PAGES . "&title=" . urlencode($receiver->getTitlelink());
break;
default:
// all image types
$on = $receiver->getAlbumName() . " about " . $receiver->getTitle();
$url = "album=" . urlencode($receiver->album->name) . "&image=" . urlencode($receiver->filename);
$album = $receiver->getAlbum();
$ur_album = getUrAlbum($album);
break;
}
if (getOption('email_new_comments')) {
$last_comment = fetchComments(1);
$last_comment = $last_comment[0]['id'];
$message = gettext("A comment has been {$action} in your album") . " {$on}\n" . "\n" . "Author: " . $name . "\n" . "Email: " . $email . "\n" . "Website: " . $website . "\n" . "Comment:\n" . $comment . "\n" . "\n" . "You can view all comments about this image here:\n" . "http://" . $_SERVER['SERVER_NAME'] . WEBPATH . "/index.php?{$url}\n" . "\n" . "You can edit the comment here:\n" . "http://" . $_SERVER['SERVER_NAME'] . WEBPATH . "/" . ZENFOLDER . "/admin-comments.php?page=editcomment&id={$last_comment}\n";
$emails = array();
$admin_users = getAdministrators();
foreach ($admin_users as $admin) {
// mail anyone else with full rights
if ($admin['rights'] & ADMIN_RIGHTS && $admin['rights'] & COMMENT_RIGHTS && !empty($admin['email'])) {
$emails[] = $admin['email'];
unset($admin_users[$admin['id']]);
}
}
// take out for zenpage comments since there are no album admins
if ($type === "images" or $type === "albums") {
$id = $ur_album->getAlbumID();
$sql = "SELECT `adminid` FROM " . prefix('admintoalbum') . " WHERE `albumid`={$id}";
$result = query_full_array($sql);
foreach ($result as $anadmin) {
$admin = $admin_users[$anadmin['adminid']];
if (!empty($admin['email'])) {
$emails[] = $admin['email'];
}
}
}
zp_mail("[" . get_language_string(getOption('gallery_title'), getOption('locale')) . "] Comment posted on {$on}", $message, "", $emails);
}
}
return $goodMessage;
}
function validate_extra_fields_form($category = 0)
{
$fields = awpcp_get_extra_fields_by_category($category, array('context' => 'details'));
$data = array();
foreach ($fields as $field) {
$data[$field->field_name] = awpcp_post_param("awpcp-{$field->field_name}");
}
$errors = array();
foreach ($fields as $field) {
// a Field is required if the Required checkbox has been marked or the
// Missing validator being assigned to that field.
$required = $field->required || $field->field_validation == 'missing';
// skip unused fields for current category
if (!in_array($category, $field->field_category) && !in_array('root', $field->field_category)) {
continue;
}
$validation = $field->field_validation;
$label = $field->field_label;
$values = (array) awpcp_array_data($field->field_name, '', $data);
foreach ($values as $k => $item) {
if ($required && empty($item)) {
$errors[$field->field_name] = sprintf(__('%s is required.', 'awpcp-extra-fields'), $label);
continue;
} else {
if (!$required && empty($item)) {
continue;
}
}
if ($validation == 'missing') {
if (empty($item)) {
$errors[$field->field_name] = sprintf(__('%s is required.', 'awpcp-extra-fields'), $label);
}
} elseif ($validation == 'url') {
if (!isValidURL($item)) {
$message = __("%s is badly formatted. Valid URL format required. Include http://", 'awpcp-extra-fields');
$errors[$field->field_name] = sprintf($message, $label);
}
} elseif ($validation == 'email') {
if (!eregi("^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$", $item)) {
$message = __("%s is badly formatted. Valid Email format required.", 'awpcp-extra-fields');
$errors[$field->field_name] = sprintf($message, $label);
}
} elseif ($validation == 'numericdeci') {
if (!is_numeric($item)) {
$message = __("%s must be a number.", 'awpcp-extra-fields');
$errors[$field->field_name] = sprintf($message, $label);
}
} elseif ($validation == 'numericnodeci') {
if (!ctype_digit($item)) {
$message = __("%s must be a number. Decimal values not allowed.", 'awpcp-extra-fields');
$errors[$field->field_name] = sprintf($message, $label);
}
}
}
}
return $errors;
}
{
return preg_match('|^http(s)?://[a-z0-9-]+(.[a-z0-9-]+)*(:[0-9]+)?(/.*)?$|i', $url);
}
// example of how to modify HTML contents
include '../simple_html_dom.php';
$url = 'http://www.emag.ro/';
// get DOM from URL or file
$html = file_get_html($url);
// remove all image
foreach ($html->find('link') as $e) {
if (!isValidURL($e->href)) {
$e->href = $url . $e->href;
}
}
foreach ($html->find('script') as $e) {
if (!isValidURL($e->src)) {
$e->src = $url . $e->src;
}
}
echo $html;
die;
// remove all image
foreach ($html->find('img') as $e) {
$e->outertext = '';
}
// replace all input
foreach ($html->find('input') as $e) {
$e->outertext = '[INPUT]';
}
// dump contents
echo $html;
//get car brand
$carbrand = $blCarBrand->getCarBrand($car->getCarBrandId());
//movies
$carmovielistlr = $blCarMovie->getLRCarMoviesByCar($car->getId());
$carmovielistyt = $blCarMovie->getYoutubeCarMoviesByCar($car->getId());
if (!isValidURL($car->getPreviewLink())) {
if ($html == false) {
$carpreviewlink = SUBFOLDER . $carbrand->getMovieFolder() . $car->getMovieFolder() . "/" . $car->getPreviewLink();
} else {
$carpreviewlink = MOVIEFOLDERROOT . $car->getMovieFolder() . "/" . $car->getPreviewLink();
}
} else {
$carpreviewlink = $car->getPreviewLink();
}
if ($carmovielistlr != null) {
if (!isValidURL($carmovielistlr[0]->getUrl())) {
if ($html == false) {
$carlrlink = SUBFOLDER . $carbrand->getMovieFolder() . $car->getMovieFolder() . "/" . $carmovielistlr[0]->getUrl();
} else {
$carlrlink = MOVIEFOLDERROOT . $car->getMovieFolder() . "/" . $carmovielistlr[0]->getUrl();
}
} else {
$carlrlink = $carmovielistlr[0]->getUrl();
}
}
//picture check (otherwise use carbrand pic)
if ($picture == null) {
//brand
$picture = $blCarPicture->getCarPicture($carbrand->getLogo());
}
if ($html == false) {
/**
* @param array $data Normalized array with Ad details. All fields are expected
* to be present: isset($data['param']) === true
* @param array $errors
* @return boolean true if data validates, false otherwise
*/
protected function validate_details($data = array(), $edit = false, $payment_term = null, &$errors = array())
{
global $hasextrafieldsmodule;
// $edit = !empty($data['ad_id']);
$is_moderator = awpcp_current_user_is_moderator();
$user_id = awpcp_array_data('user_id', 0, $data);
$user_payment_term = awpcp_array_data('user_payment_term', '', $data);
if (get_awpcp_option('freepay') == 1 && $user_id > 0 && empty($user_payment_term) && !$edit) {
$errors['user_payment_term'] = __('You did not select a Payment Term. Please select a Payment Term for this Ad.', 'AWPCP');
}
$start_date = strtotime($data['start_date']);
if ($edit && $is_moderator && empty($data['start_date'])) {
$errors['start_date'] = __('Please enter a start date for the Ad.', 'AWPCP');
}
$end_date = strtotime($data['end_date']);
if ($edit && $is_moderator && empty($data['end_date'])) {
$errors['end_date'] = __('Please enter an end date for the Ad.', 'AWPCP');
}
if ($edit && $is_moderator && $start_date > $end_date) {
$errors['start_date'] = __('The start date must occur before the end date.', 'AWPCP');
}
// Check for ad title
if (empty($data['ad_title'])) {
$errors['ad_title'] = __("You did not enter a title for your Ad", "AWPCP");
}
// Check for ad details
if (empty($data['ad_details'])) {
$errors['ad_details'] = __("You did not enter any text for your Ad. Please enter some text for your Ad.", "AWPCP");
}
// Check for ad category
if (empty($data['ad_category']) && $edit) {
$errors['ad_category'] = __("You did not select a category for your Ad. Please select a category for your Ad.", "AWPCP");
}
// If website field is checked and required make sure website value was entered
if (get_awpcp_option('displaywebsitefield') == 1 && get_awpcp_option('displaywebsitefieldreqop') == 1) {
if (empty($data['websiteurl'])) {
$errors['websiteurl'] = __("You did not enter your website address. Your website address is required.", "AWPCP");
}
}
//If they have submitted a website address make sure it is correctly formatted
if (!empty($data['websiteurl']) && !isValidURL($data['websiteurl'])) {
$errors['websiteurl'] = __("Your website address is not properly formatted. Please make sure you have included the http:// part of your website address", "AWPCP");
}
// Check for ad poster's name
if (empty($data['ad_contact_name'])) {
$errors['ad_contact_name'] = __("You did not enter your name. Your name is required.", "AWPCP");
}
// Check for ad poster's email address
if (empty($data['ad_contact_email'])) {
$errors['ad_contact_email'] = __("You did not enter your email. Your email is required.", "AWPCP");
}
// Check if email address entered is in a valid email address format
if (!awpcp_is_valid_email_address($data['ad_contact_email'])) {
$errors['ad_contact_email'] = __("The email address you entered was not a valid email address. Please check for errors and try again.", "AWPCP");
} else {
if (!awpcp_is_email_address_allowed($data['ad_contact_email'])) {
$message = __('The email address you entered is not allowed in this website. Please use an email address from one of the following domains: %s.', 'AWPCP');
$domains_whitelist = explode("\n", get_awpcp_option('ad-poster-email-address-whitelist'));
$domains_list = '<strong>' . implode('</strong>, <strong>', $domains_whitelist) . '</strong>';
$errors['ad_contact_email'] = sprintf($message, $domains_list);
}
}
// If phone field is checked and required make sure phone value was entered
if (get_awpcp_option('displayphonefield') == 1 && get_awpcp_option('displayphonefieldreqop') == 1) {
if (empty($data['ad_contact_phone'])) {
$errors['ad_contact_phone'] = __("You did not enter your phone number. Your phone number is required.", "AWPCP");
}
}
$region_fields = array();
foreach ($data['regions'] as $region) {
foreach ($region as $type => $value) {
if (!empty($value)) {
$region_fields[$type] = true;
}
}
}
// If country field is checked and required make sure country value was entered
if ($payment_term->regions > 0 && get_awpcp_option('displaycountryfield') == 1 && get_awpcp_option('displaycountryfieldreqop') == 1) {
if (!awpcp_array_data('country', false, $region_fields)) {
$errors['regions'] = __("You did not enter your country. Your country is required.", "AWPCP");
}
}
// If state field is checked and required make sure state value was entered
if ($payment_term->regions > 0 && get_awpcp_option('displaystatefield') == 1 && get_awpcp_option('displaystatefieldreqop') == 1) {
if (!awpcp_array_data('state', false, $region_fields)) {
$errors['regions'] = __("You did not enter your state. Your state is required.", "AWPCP");
}
}
// If city field is checked and required make sure city value was entered
if ($payment_term->regions > 0 && get_awpcp_option('displaycityfield') == 1 && get_awpcp_option('displaycityfieldreqop') == 1) {
if (!awpcp_array_data('city', false, $region_fields)) {
$errors['regions'] = __("You did not enter your city. Your city is required.", "AWPCP");
}
}
// If county/village field is checked and required make sure county/village value was entered
if ($payment_term->regions > 0 && get_awpcp_option('displaycountyvillagefield') == 1 && get_awpcp_option('displaycountyvillagefieldreqop') == 1) {
if (!awpcp_array_data('county', false, $region_fields)) {
$errors['regions'] = __("You did not enter your county/village. Your county/village is required.", "AWPCP");
}
}
// If price field is checked and required make sure a price has been entered
if (get_awpcp_option('displaypricefield') == 1 && get_awpcp_option('displaypricefieldreqop') == 1) {
if (strlen($data['ad_item_price']) === 0 || $data['ad_item_price'] === false) {
$errors['ad_item_price'] = __("You did not enter the price of your item. The item price is required.", "AWPCP");
}
}
// Make sure the item price is a numerical value
if (get_awpcp_option('displaypricefield') == 1 && strlen($data['ad_item_price']) > 0) {
if (!is_numeric($data['ad_item_price'])) {
$errors['ad_item_price'] = __("You have entered an invalid item price. Make sure your price contains numbers only. Please do not include currency symbols.", "AWPCP");
}
}
if ($hasextrafieldsmodule == 1) {
// backward compatibility with old extra fields
if (function_exists('validate_extra_fields_form')) {
$_errors = validate_extra_fields_form($data['ad_category']);
} else {
if (function_exists('validate_x_form')) {
$_errors = validate_x_form();
}
}
if (isset($_errors) && !empty($_errors)) {
$errors = array_merge($errors, (array) $_errors);
}
}
// Terms of service required and accepted?
if (!$edit && !$is_moderator && get_awpcp_option('requiredtos') && empty($data['terms-of-service'])) {
$errors['terms-of-service'] = __("You did not accept the terms of service", "AWPCP");
}
if (!$edit && !is_admin() && get_awpcp_option('captcha-enabled')) {
$captcha = awpcp_create_captcha(get_awpcp_option('captcha-provider'));
$error = '';
if (!$captcha->validate($error)) {
$errors['captcha'] = $error;
}
}
if (get_awpcp_option('useakismet')) {
$spam_filter = awpcp_listing_spam_filter();
if ($spam_filter->is_spam($data)) {
$errors[] = __("Your Ad was flagged as spam. Please contact the administrator of this site.", "AWPCP");
}
}
return count(array_filter($errors)) === 0;
}
<div>
<div>The site has no default car set to display on the index page.
</div>
</div>';
} else {
$prefix = "";
$html = true;
////////////////
//index page////
////////////////
//default car
$defaultcar = $blCar->getCar($site->getDefaultCarId());
//default car brand
$defaultcarbrand = $blCarBrand->getCarBrand($defaultcar->getCarBrandId());
//movies
if (!isValidURL($defaultcar->getPreviewLink())) {
$defaultcarpreviewlink = MOVIEFOLDERROOT . $car->getMovieFolder() . "/" . $defaultcar->getPreviewLink();
} else {
$url = getYoutubeEmbedLink($defaultcar->getPreviewLink());
$defaultcarpreviewlink = $url;
}
//default car ytlink
$carmovielistyt = $blCarMovie->getYoutubeCarMoviesByCar($defaultcar->getId());
if ($carmovielistyt != null) {
$url = getYoutubeEmbedLink($carmovielistyt[0]->getUrl());
$defaultcarytlink = $url;
}
//default car press contact
if ($presscontactoverwrite == null) {
$defaultcarcontact = $blPressContact->getPressContact($defaultcar->getPressContactId());
} else {
echo '<div id="mov-' . $ytitem->getId() . '" style="display:none;z-index:100">
<object style="margin:10px"
classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000"
data="' . $url . '&autoplay=1"
width="545" height="441">
<param name="movie" value="' . $url . '&autoplay=1" />
</object>
</div>';
}
}
echo '</td>
<td style="width:163px;vertical-align:top">';
if ($carmovielisthr != null) {
echo '<span class="file_link"> Broadcast media file</span><br />';
foreach ($carmovielisthr as $hritem) {
if (!isValidURL($hritem->getUrl())) {
if ($html == false) {
$hrlink = SUBFOLDER . $carbrand->getMovieFolder() . $car->getMovieFolder() . "/" . $hritem->getUrl();
} else {
$hrlink = MOVIEFOLDERROOT . $car->getMovieFolder() . "/" . $hritem->getUrl();
}
} else {
$hrlink = $hritem->getUrl();
}
echo '<span class="file_link"><a class="style9" href="../' . $hrlink . '">• ' . $hritem->getText() . '</a></span><br />';
}
}
echo '
</td>
</tr>';
}
<?php
function isValidURL($url)
{
return preg_match('|^http(s)?://[a-z0-9-]+(.[a-z0-9-]+)*(:[0-9]+)?(/.*)?$|i', $url);
}
if (isValidURL($_GET['url'])) {
$header = "Accept-language: en\r\n" . "P3P: policyref=\"" . "http://" . $_SERVER['HTTP_HOST'] . "/policy.xml\"\r\n";
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$body = file_get_contents('php://input');
// Création d'un flux
$opts = array('http' => array('method' => "POST", 'header' => $header . "Content-Type: application/json\r\n", 'content' => $body));
} else {
// Création d'un flux
$opts = array('http' => array('method' => "GET", 'header' => $header));
}
$context = stream_context_create($opts);
echo file_get_contents($_GET['url'], false, $context);
} else {
echo "Not valid url";
}
protected function generateTabForKey($tabKey, $features, &$tabJavascripts)
{
switch ($tabKey) {
case 'map':
if ($this->isMapDrivenUI()) {
return false;
} else {
$this->initializeStaticMap();
return true;
}
case 'nearby':
if (count($features) == 1) {
$feature = end($features);
$geometry = $feature->getGeometry();
$center = $geometry->getCenterCoordinate();
$currentId = $feature->getId();
$currentTitle = $feature->getTitle();
} elseif (isset($this->args['lat'], $this->args['lon'])) {
$center = array('lat' => $this->args['lat'], 'lon' => $this->args['lon']);
} else {
return false;
}
$mapSearch = $this->getSearchClass($this->args);
// defaults values for proximity search
$feedData = $this->getMergedConfigData();
$tolerance = isset($feedData['NEARBY_THRESHOLD']) ? $feedData['NEARBY_THRESHOLD'] : 1000;
$maxItems = isset($feedData['NEARBY_ITEMS']) ? $feedData['NEARBY_ITEMS'] : 0;
$searchResults = $mapSearch->searchByProximity($center, $tolerance, $maxItems);
$places = array();
if ($searchResults) {
foreach ($searchResults as $result) {
if ($result->getId() !== $currentId || $result->getTitle() !== $currentTitle) {
$aPlace = $this->linkForItem($result);
$places[] = $aPlace;
}
}
$this->assign('nearbyResults', $places);
}
return count($places) > 0;
case 'info':
if (count($features) != 1) {
return false;
}
$feature = end($features);
// handle embedded photo
$photoURL = $feature->getField('PhotoURL');
// embedded photo url
if (isset($photoURL) && $photoURL && $photoURL != 'Null') {
$tabJavascripts[$tabKey] = "loadImage(photoURL,'photo');";
$this->assign('photoURL', $photoURL);
$this->addInlineJavascript("var photoURL = '{$photoURL}';");
}
$fields = $feature->getFields();
if (count($fields) == 1) {
$details = current(array_values($fields));
$displayDetailsAsList = false;
} else {
$details = array();
$detailConfig = $this->loadPageConfigFile('detail', 'detailConfig');
if (isset($detailConfig['details'], $detailConfig['details']['suppress'])) {
$suppress = $detailConfig['details']['suppress'];
}
foreach ($fields as $name => $value) {
if (!isset($suppress) || !in_array($name, $suppress)) {
$aDetail = array('label' => $name, 'title' => $value);
if (isValidURL($value)) {
$aDetail['url'] = $value;
$aDetail['class'] = 'external';
}
$details[] = $aDetail;
}
}
$displayDetailsAsList = true;
}
$this->assign('displayDetailsAsList', $displayDetailsAsList);
$this->assign('details', $details);
return is_array($details) ? count($details) > 0 : strlen(trim($details));
case 'links':
$externalLinks = array();
if (count($features) == 1) {
$feature = end($features);
$geometry = $feature->getGeometry();
$center = $geometry->getCenterCoordinate();
} elseif (isset($this->args['lat'], $this->args['lon'])) {
$center = array('lat' => $this->args['lat'], 'lon' => $this->args['lon']);
} else {
return false;
}
$centerText = $center['lat'] . ',' . $center['lon'];
$externalLinks[] = array('title' => $this->getLocalizedString('VIEW_IN_GOOGLE_MAPS'), 'url' => 'http://maps.google.com?q=loc:' . $centerText, 'class' => 'external');
$directionsURL = $this->getMapDevice()->pageSupportsDynamicMap() ? 'http://maps.google.com?daddr=' . $centerText : 'http://maps.google.com/m/directions?daddr=' . $centerText;
$externalLinks[] = array('title' => $this->getLocalizedString('GET_DIRECTIONS_FROM_GOOGLE'), 'url' => $directionsURL, 'urlID' => 'directionsLink', 'class' => 'external');
$tabJavascripts[$tabKey] = "addDirectionsLink();";
$this->assign('externalLinks', $externalLinks);
return count($externalLinks) > 0;
default:
break;
}
return false;
}
if (!preg_match("/^[a-zA-Z0-9._-]+\$/", $game)) {
$msg = _addons_message_error_game . "<br>";
$error = true;
} else {
$stmt = $mysqli->prepare("SELECT id FROM templates WHERE name = ?");
$stmt->bind_param('i', $game);
$stmt->execute();
$stmt->bind_result($template_id);
$stmt->fetch();
$stmt->close();
if (check_template($template_id)) {
$msg = _message_addon_error;
$error = true;
}
}
if (isValidURL($url) == false) {
$msg = _addons_message_error_url;
$error = true;
}
if ($error == false) {
$stmt = $mysqli->prepare("SELECT id FROM templates WHERE name = ?");
$stmt->bind_param('i', $game);
$stmt->execute();
$stmt->bind_result($template_id);
$stmt->fetch();
$stmt->close();
$stmt = $mysqli->prepare("INSERT INTO addons(game_id,name,url,path,folder) VALUES (?, ?, ?, ?, ?)");
$stmt->bind_param('issss', $template_id, $name, $url, $path, $folder);
$stmt->execute();
$stmt->close();
msg_okay(_addon_message_added);
$images = array();
if (isset($_GET['url'])) {
$url = $_GET['url'];
$parts = explode('/', trim($url));
/**
* this flag is to check whether user has entered the http or https in the beginning of URL or not
* @var boolean
*/
$flag = $parts[0] == 'http:' || $parts[0] == 'https:' ? true : false;
if (!$flag) {
$url = 'http://' . $url;
}
/**
* check whether URL entered by user is correct or not
*/
if (!isValidURL($url)) {
$final_response = array('url_searched' => $url, 'valid_url' => false, 'success' => false);
} else {
$final_response['valid_url'] = true;
/**
* check if there is a trailing slash (/) or not, if there is one, remove it
*/
if (substr($url, strlen($url) - 1) == '/') {
$url = rtrim($url, "/");
}
$parts = explode('/', $url);
/**
* parent domain name called, if there is a subdomain, it would also be included here
* @var string
*/
$Root = $parts[0] . '//' . $parts[2];
}
if (defined('AT_FORCE_GET_FILE') && AT_FORCE_GET_FILE) {
$course_base_href = 'get.php/';
} else {
$course_base_href = 'content/' . $_SESSION['course_id'] . '/';
}
if ($content_row['content_path']) {
$content_base_href .= $content_row['content_path'] . '/';
}
require AT_INCLUDE_PATH . 'header.inc.php';
?>
<div class="row">
<?php
echo '<h2>' . AT_print($stripslashes($_POST['title']), 'content.title') . '</h2>';
if ($_POST['formatting'] == CONTENT_TYPE_WEBLINK) {
$url = $_POST['weblink_text'];
$validated_url = isValidURL($url);
if (!validated_url || $validated_url !== $url) {
$msg->addError(array('INVALID_INPUT', _AT('weblink')));
$msg->printErrors();
} else {
echo format_content($url, $_POST['formatting'], array());
}
} else {
echo format_content($stripslashes($_POST['body_text']), $_POST['formatting'], $_POST['glossary_defs']);
}
?>
</div>
<?php
require AT_INCLUDE_PATH . 'footer.inc.php';
if (isset($long_description)) {
$long_description = $_POST['long_description'];
} else {
$long_description = NULL;
}
$url = $_POST['url'];
$status = 'pending';
function validate()
{
if (strlen($_POST['title']) > 0 && strlen($_POST['short_description']) > 0 && strlen($_POST['name']) > 0 || (strlen($_POST['long_description']) > 0 || strlen($_POST['url']) > 0) && !(strlen($_POST['long_description'] > 0) && strlen($_POST['url']) > 0)) {
return true;
} else {
return false;
}
}
if (validate() && email_validation($email) && isValidURL($url)) {
$sql = "INSERT INTO \r\n\t\t\t\t\t\t\t\tnews (\r\n\t\t\t\t\t\t\t\t\t\tID, \r\n\t\t\t\t\t\t\t\t\t\ttitle, \r\n\t\t\t\t\t\t\t\t\t\tsub_title, \r\n\t\t\t\t\t\t\t\t\t\tdate, \r\n\t\t\t\t\t\t\t\t\t\tshort_disc, \r\n\t\t\t\t\t\t\t\t\t\tlong_disc, \r\n\t\t\t\t\t\t\t\t\t\turl, \r\n\t\t\t\t\t\t\t\t\t\tstatus\r\n\t\t\t\t\t\t\t\t\t\t) \r\n\t\t\t\t\t\t\t\tVALUES (\r\n\t\t\t\t\t\t\t\t\t\tNULL, \r\n\t\t\t\t\t\t\t\t\t\t'{$title}', \r\n\t\t\t\t\t\t\t\t\t\t'{$subtitle}', \r\n\t\t\t\t\t\t\t\t\t\t'{$date}', \r\n\t\t\t\t\t\t\t\t\t\t'{$short_description}',\r\n\t\t\t\t\t\t\t\t\t\t'{$long_description}', \r\n\t\t\t\t\t\t\t\t\t\t'{$url}', \r\n\t\t\t\t\t\t\t\t\t\t'{$status}'\r\n\t\t\t\t\t\t\t\t\t\t)";
mysql_query($sql);
if (mysql_affected_rows($conn) > 0) {
$success_message = "Your request has been added successfully";
}
echo '<span class="green_message">' . $success_message . '</span>';
// send the confirmation email
$email_to = $email;
$email_bcc = "";
$email_subject = "News/event request confirmation";
$email_from = '"EES"' . '<*****@*****.**>';
$email_message = "";
$email_message .= "<p style='font-size:16px; color:#003300; text-shadow:1px 1px 1px #E3FFE3'>";
$email_message .= "Your news/event request has been succussfully added. A moderator will approve your request shortly." . "</p><br />";
sendEmail($email_from, $email_to, $email_subject, $email_message, $email_bcc);
} elseif ($typeid == 5) {
$carmovielist = $blCarMovie->getIPhoneCarMoviesByCar($_GET["id"]);
} else {
$carmovielist = $blCarMovie->getLRCarMoviesByCar($_GET["id"]);
}
$moviecolumns = "";
$nr = 1;
if ($carmovielist == null) {
echo "No movies.";
} else {
foreach ($carmovielist as $carmovie) {
$moviecolumns .= "Text: ";
$moviecolumns .= " <input id=\"movietext" . $carmovie->getId() . "\" type=\"text\" value=\"" . $carmovie->getText() . "\" size=\"30\"/>";
$moviecolumns .= " Link: ";
$color = "";
if (!isValidURL($carmovie->getUrl())) {
$car = $blCar->getCar($carmovie->getCarId());
$carbrand = $blCarBrand->getCarBrand($car->getCarBrandId());
if ($car->getMovieFolder() != "") {
$filelocation = $carbrand->getMovieFolder() . $car->getMovieFolder() . "/" . $carmovie->getUrl();
} else {
$filelocation = $carbrand->getMovieFolder() . $carmovie->getUrl();
}
if (!file_exists(getcwd() . $filelocation)) {
$color = "background-color:#B9352F;color:#fff";
}
}
$moviecolumns .= "<input id=\"movielink" . $carmovie->getId() . "\" type=\"text\" value=\"" . $carmovie->getUrl() . "\" style=\"{$color}\" size=\"30\"/>";
//youtube links do not have a browse button
if ($typeid != 3) {
$moviecolumns .= " - <a href=\"javascript:browseMovie(" . $typeid . "," . $carmovie->getId() . ")\" class=\"link\" >Browse</a>";