protected function _create_home() { global $core, $user; if (_button() && is_ghost()) { $v = $this->__(array('cat' => 1, 'ticket_group' => 0, 'ticket_title', 'ticket_text', 'ticket_username', 'attachments')); $t_contact = $user->v(); if (f($v['ticket_username']) && _auth_get('ticket_create_admin')) { if (!preg_match('#^([a-z0-9\\_\\-]+)$#is', $v['ticket_username'])) { $this->_error('#SIGN_LOGIN_ERROR'); } $sql = 'SELECT * FROM _members WHERE user_username = ? AND user_id <> 1 AND user_active = 1'; if (!($t_contact = _fieldrow(sql_filter($sql, $v['ticket_username'])))) { $this->_error('#SIGN_LOGIN_ERROR'); } } if (!($ticket_status = $core->cache_load('ticket_status_default'))) { $sql = 'SELECT status_id FROM _tickets_status WHERE status_default = 1'; $ticket_status = $core->cache_store(_field($sql, 'status_id', 0)); } $v2 = array('code' => substr(md5(unique_id()), 0, 8), 'childs' => 0, 'parent' => 0, 'deleted' => 0, 'lastreply' => (int) $user->time, 'group' => $v['ticket_group'], 'contact' => $t_contact['user_id'], 'aby' => 0, 'cat' => $v['cat'], 'status' => $ticket_status, 'start' => (int) $user->time, 'end' => 0, 'ip' => $user->i_ip, 'title' => $v['ticket_title'], 'text' => $v['ticket_text']); $sql = 'INSERT INTO _tickets' . _build_array('INSERT', prefix('ticket', $v2)); $v['ticket_id'] = _sql_nextid($sql); $v = array_merge($v, $v2); if (f($v['attachments'])) { $attachments = explode(',', $v['attachments']); $location = XFS . 'space/f/'; if (@is_dir($location)) { @(include XFS . 'core/upload.php'); $upload = new upload(); $umask = umask(0); $i = 0; foreach ($attachments as $row) { if (@file_exists($location . $row)) { $extension = _extension($row); if (preg_match('/\\.(' . $upload->ext_blacklist . ')$/', strtolower($row))) { $extension = 'txt'; } $filepath = _filename('_' . $v['code'] . '_' . $i, $extension); @rename($location . $row, $location . $filepath); $upload->chmod($location . $filepath); $insert_attach = array('ticket' => $v['ticket_id'], 'name' => $filepath, 'mime' => mime_content_type($location . $filepath), 'extension' => $extension, 'size' => filesize($location . $filepath), 'checksum' => md5_file($location . $filepath), 'downloads' => 0, 'time' => time()); $sql = 'INSERT INTO _tickets_attach' . _build_array('INSERT', prefix('attach', $insert_attach)); _sql($sql); $i++; } } @umask($umask); } } if ($v['parent']) { $sql = 'UPDATE _tickets SET ticket_childs = ticket_childs + 1 WHERE ticket_id = ?'; _sql(sql_filter($sql, $v['ticket_parent'])); } if (f($v['ticket_username'])) { $insert_note = array('ticket_id' => (int) $v['ticket_id'], 'user_id' => $user->v('user_id'), 'note_text' => _lang('TICKET_CREATE_STAFF'), 'note_time' => time(), 'note_cc' => 1); $sql = 'INSERT INTO _tickets_notes' . _build_array('INSERT', $insert_note); _sql($sql); } $sql = 'SELECT group_name, group_email FROM _groups WHERE group_id = ?'; $d_group = _fieldrow(sql_filter($sql, $v['ticket_group'])); $ticket_subject = entity_decode($d_group['group_name'] . ' [#' . $v['code'] . ']: ' . $v['ticket_title']); $ticket_message = entity_decode($v['text']); $sql = 'SELECT m.user_email FROM _groups_members gm, _members m WHERE gm.member_group = ? AND gm.member_mod = ? AND gm.member_uid = m.user_id ORDER BY m.user_email'; $group_members = _rowset(sql_filter($sql, $v['group'], 1), false, 'user_email'); // // Common email notification require_once XFS . 'core/emailer.php'; $emailer = new emailer(); $emailer_vars = array('USERNAME' => $t_contact['user_username'], 'FULLNAME' => entity_decode(_fullname($t_contact)), 'SUBJECT' => entity_decode($v['ticket_title']), 'MESSAGE' => $ticket_message, 'TICKET_URL' => _link($this->m(), array('x1' => 'view', 'code' => $v['code']))); $email_from = $d_group['group_email'] . '@' . $core->v('domain'); $user_template = 'ticket_' . $d_group['group_email']; // // Notify ticket creator $emailer->from($email_from); $emailer->set_subject($ticket_subject); $emailer->use_template($user_template); $emailer->email_address($t_contact['user_email']); $emailer->set_decode(true); $emailer->assign_vars($emailer_vars); $emailer->send(); $emailer->reset(); // // Notify group mods $emailer->from($email_from); $emailer->use_template('ticket_tech'); $emailer->set_subject($ticket_subject); foreach ($group_members as $i => $row) { $method = !$i ? 'email_address' : 'cc'; $emailer->{$method}($row); } $emailer->set_decode(true); $emailer->assign_vars($emailer_vars); $emailer->send(); $emailer->reset(); return $this->e(_link($this->m(), array('x1' => 'view', 'code' => $v['code']))); } $sql = 'SELECT group_id, group_name FROM _groups ORDER BY group_name'; _rowset_style($sql, 'groups'); $sql = 'SELECT cat_id, cat_name FROM _tickets_cat WHERE cat_id > 0 AND cat_group IN (??) GROUP BY cat_name ORDER BY cat_group, cat_name'; if (!($cat = _rowset_style(sql_filter($sql, $user->auth_groups()), 'cat', 'cat'))) { _style('no_cat'); } return v_style(array('CHANGE_USER' => sprintf(_lang('TICKET_CHANGE_USER'), _fullname($user->v())))); }
public function home() { global $core, $user; $tree = $this->valid_tree(); $v = $this->__(_array_keys(w('is_comment is_form'), 0)); // Form posting enabled and form submitted if ($v['is_form'] && _button()) { if (!is_ghost()) { _fatal(405); } if (!$tree['tree_form']) { _fatal(); } $sql_fields = 'SELECT form_alias, form_required, form_legend, form_regex, FROM _form_fields WHERE form_tree = ? ORDER BY form_order'; if (!($form = _rowset(sql_filter($sql_fields, $tree['tree_id']), 'form_alias'))) { $form = _rowset(sql_filter($sql_fields, 0), 'form_alias'); } $form['secure'] = array('form_required' => 1, 'form_regex' => '^([a-zA-Z]+)$', 'form_alias' => 'secure', 'form_type' => 'text', 'form_legend' => _lang('XCF_LEGEND')); foreach ($form as $row) { $v = array_merge($v, $this->__(array($row['form_alias']))); if (!f($v[$row['form_alias']])) { if ($row['form_required']) { $this->_error(sprintf(_lang('E_COMMENT_FIELD_EMPTY'), $row['form_legend']), false); } continue; } if (f($row['form_regex']) && !preg_match('#' . $row['form_regex'] . '#is', $v[$row['form_alias']])) { $this->_error(sprintf(_lang('E_COMMENT_FIELD_BAD'), $row['form_legend']), false); if ($row['form_alias'] == 'secure') { $v[$row['form_alias']] = ''; } } } require_once XFS . 'core/xcf.php'; $xcf = new captcha(); if ($xcf->check($v['secure']) === false) { $v['secure'] = ''; $this->_error('#E_COMMENT_INVALID_CAPTCHA'); } unset($xcf); require_once XFS . 'core/emailer.php'; $emailer = new emailer(); $emailer->set_decode(true); $emailer->format('plain'); $emailer->from($v['address']); $emailer->set_subject(_rm_acute($v['subject'])); $emailer->use_template('contact_email'); if (f($core->v('default_email'))) { $tree['tree_form_email'] .= (f($tree['tree_form_email']) ? ';' : '') . $core->v('default_email'); } $form_addresses = array_map('trim', array_unique(explode(';', $tree['tree_form_email']))); foreach ($form_addresses as $i => $address) { $row_f = !$i ? 'email_address' : 'cc'; $emailer->{$row_f}($address); } unset($v['secure']); $content = w(); foreach ($form as $row) { if (!f($v[$row['form_alias']])) { continue; } $content[] = $row['form_legend'] . ":\n" . $v[$row['form_alias']]; } $emailer->assign_vars(array('CONTENT' => implode("\n\n", $content), 'FORM_ARTICLE' => $tree['tree_subject'])); $emailer->send(); $emailer->reset(); $response = array('lang' => _lang('FORM_SUCCESS')); $this->e(json_encode($response)); } // Comment posting enabled and form submitted. if ($v['is_comment'] && _button()) { if (!$tree['tree_allow_comments']) { _fatal(); } $cv = $this->__(w('comment_username comment_address comment_website comment_message comment_security')); $comment_time = time(); if (!$user->v('is_member')) { foreach ($cv as $cv_k => $cv_v) { if (!f($cv_v)) { $this->error('E_COMMENT_FILL_FIELDS'); break; } } if (!$this->errors()) { $sql = 'SELECT comment_time FROM _comments WHERE comment_ip = ? AND comment_status = 0'; if ($row_flood = _fieldrow(sql_filter($sql, $user->ip))) { if ($comment_time - $row_flood['comment_time'] < 30) { $this->error('E_COMMENT_FLOOD_TIME'); } } } // CAPTCHA verification require_once XFS . 'core/xcf.php'; $xcf = new captcha(); if ($xcf->check($cv['comment_security']) === false) { $cv['comment_security'] = ''; $this->error('E_COMMENT_INVALID_CAPTCHA'); } unset($xcf); } if (!$this->errors()) { $approve_comments = !$user->v('is_member') ? $tree['tree_approve_comments'] : 1; $sql_insert = array('tree' => (int) $tree['tree_id'], 'uid' => (int) $user->v('user_id'), 'username' => $cv['comment_username'], 'email' => $cv['comment_address'], 'website' => $cv['comment_website'], 'ip' => $user->ip, 'status' => (int) $approve_comments, 'time' => (int) $comment_time, 'message' => $cv['comment_message']); $sql = 'INSERT INTO _comments' . _build_array('INSERT', prefix('comment', $sql_insert)); _sql($sql); if ($approve_comments) { $sql = 'UPDATE _tree SET tree_comments = tree_comments + 1 WHERE tree_id = ?'; _sql(sql_filter($sql, $tree['tree_id'])); } // Send new comment email notification for approval. if (!$approve_comments) { unset($cv['comment_security']); require_once XFS . 'core/emailer.php'; $emailer = new emailer(); $emailer->from($cv['comment_address']); $emailer->use_template('comment_approval'); if (f($tree['tree_form_email'])) { $tree['tree_form_email'] = $core->v('default_comments_email'); } foreach (explode(';', $tree['tree_form_email']) as $i => $row) { $row_f = !$i ? 'email_address' : 'cc'; $emailer->{$row_f}($row); } $input = w(); foreach ($cv as $row_k => $row_v) { if (!f($row_v)) { continue; } if ($row_k == 'comment_message') { $row_v = str_replace("\r\n", '<br />', $row_v); } $input[] = '< ' . $row_v; } $emailer->assign_vars(array('U_APPROVAL' => _link(_rewrite($tree), array('x1' => 'comments')), 'INPUT_FIELDS' => implode('<br /><br />', $input), 'FROM_USERNAME' => $cv['comment_username'])); $emailer->send(); $emailer->reset(); } redirect(_link(_rewrite($tree))); } if ($this->errors()) { if (is_ghost()) { $this->e('!'); } _style('comments_error', array('MESSAGE' => $this->get_errors())); } } // if (f($tree['tree_redirect'])) { if (preg_match('#^[a-z0-9\\-\\_]+$#is', $tree['tree_redirect'])) { $tree['tree_redirect'] = _link($tree['tree_redirect']); } redirect($tree['tree_redirect']); } // if ($tree['tree_parent']) { $sql = 'SELECT * FROM _tree WHERE tree_id = ?'; $parent = _fieldrow(sql_filter($sql, $tree['tree_parent'])); if ($tree['tree_level'] > 2) { $sql = 'SELECT * FROM _tree WHERE tree_id = ?'; $subparent = _fieldrow(sql_filter($sql, $parent['tree_parent'])); } } if ($tree['tree_node']) { $sql = 'SELECT * FROM _tree WHERE tree_id = ?'; $node = _fieldrow(sql_filter($sql, $tree['tree_node'])); } // if (@method_exists($this, 'cf_' . _rewrite($tree))) { $this->{'cf_' . _rewrite($tree)}($tree); } // $sql = 'SELECT * FROM _tree WHERE tree_parent = ? AND tree_child_hide = 0 ORDER BY ??'; $childs = _rowset(sql_filter($sql, $tree['tree_id'], $this->child_order($tree))); foreach ($childs as $i => $row) { if (!$i) { $sql = 'SELECT image_id, image_tree, image_extension FROM _images WHERE image_tree IN (??) ORDER BY RAND()'; $images_child = _rowset(sql_filter($sql, _implode(',', array_keys($childs))), 'tree_id'); _style('tree_child1', array('ORDER_URL' => _link($tree['tree_id'], array('order', 0, 0, 0, 0)))); } _style('tree_child.row', array('ITEM' => $row['tree_id'], 'URL' => _link(_rewrite($row)), 'SUBJECT' => $row['tree_subject'], 'CONTENT' => $row['tree_content'], 'EDITED' => _format_date($row['tree_edited']), 'IMAGE' => isset($images_child[$row['tree_id']]) ? $images_child[$row['tree_id']]['image_id'] . '.' . $images_child[$row['tree_id']]['image_extension'] : 'default.gif')); } // Comments if ($tree['tree_allow_comments'] && $tree['tree_comments']) { $sql = 'SELECT c.comment_id, c.comment_username, c.comment_website, c.comment_time, c.comment_message, m.user_username FROM _comments c, _members m WHERE c.comment_tree = ? AND c.comment_status = 1 AND c.comment_uid = m.user_id ORDER BY c.comment_time DESC'; $comments = _rowset(sql_filter($sql, $tree['tree_id'])); foreach ($comments as $i => $row) { if (!$i) { _style('comments'); } _style('comments.row', array('ID' => $row['comment_id'], 'SUSERNAME' => $row['user_username'], 'USERNAME' => $row['comment_username'], 'WEBSITE' => $row['comment_website'], 'TIME' => _format_date($row['comment_time']), 'MESSAGE' => str_replace("\n", '<br />', $row['comment_message']))); } } // if ($this->css_parent($tree)) { $sql = 'SELECT * FROM _tree WHERE tree_parent = ? AND tree_child_hide = 0 ORDER BY ??'; $childs_parent = _rowset(sql_filter($sql, $this->css_var($tree), $this->child_order($tree))); foreach ($childs_parent as $i => $row) { if (!$i) { $sql = 'SELECT image_id, image_tree, image_extension FROM _images WHERE image_tree IN (??) ORDER BY RAND()'; $images_child_parent = _rowset(sql_filter($sql, _implode(',', array_keys($childs_parent))), 'tree_id'); _style('tree_child', array('ORDER_URL' => _link($tree['tree_id'], array('order', 0, 0, 0, 0)))); } _style('tree_child_parent.row', array('ITEM' => $row['tree_id'], 'URL' => _link(_rewrite($row)), 'TITLE' => $row['tree_subject'], 'IMAGE' => isset($images_child_parent[$row['tree_id']]) ? $images_child_parent[$row['tree_id']]['image_id'] . '.' . $images_child_parent[$row['tree_id']]['image_extension'] : 'default.gif')); } } if ($tree['tree_downloads']) { $sql = 'SELECT * FROM _downloads WHERE download_tree = ? ORDER BY download_order'; $downloads = _rowset(sql_filter($sql, $tree['tree_id'])); foreach ($downloads as $i => $row) { if (!$i) { _style('downloads', array('ORDER_URL' => _link($tree['tree_id'], array('orderd', 0, 0, 0, 0)))); } _style('downloads.row', array('ITEM' => $row['download_id'], 'DOWNLOAD' => _link('get', $row['download_alias'] . '.' . $row['download_extension']), 'TITLE' => $row['download_title'])); } } // if ($tree['tree_form']) { $sql = 'SELECT * FROM _form_fields WHERE form_tree = ? ORDER BY form_order'; $form = _rowset(sql_filter($sql, $tree['tree_id']), 'form_alias'); if (!count($form)) { $sql = 'SELECT * FROM _form_fields WHERE form_tree = 0 ORDER BY form_order'; $form = _rowset($sql, 'form_alias'); } $form['secure'] = array('form_required' => 1, 'form_regex' => '^([a-zA-Z]+)$', 'form_alias' => 'secure', 'form_type' => 'text', 'form_legend' => 'Imagen de seguridad'); _style('form', array('URL' => _link(_rewrite($tree)))); foreach ($form as $row) { _style('form.row', array('ALIAS' => $row['form_alias'], 'REQUIRED' => $row['form_required'], 'LEGEND' => _lang($row['form_legend']), 'TYPE' => $row['form_type'], 'PAGE' => $tree['tree_alias'])); foreach ($row as $row_k => $row_v) { if (preg_match('#^form_(alias|type)$#is', $row_k)) { if ($row_k == 'form_alias') { $row_k = 'name'; } _style('form.row.attrib', array('ATTRIB' => str_replace('form_', '', $row_k), 'VALUE' => $row_v)); } } } } $s_css_page = ''; if (@file_exists('./style/css/_tree_' . _rewrite($tree) . '.css')) { $s_css_page = _rewrite($tree) . '/'; } elseif ($this->css_parent($tree)) { if (!f($tree['tree_css_var'])) { $tree['tree_css_var'] = 'parent'; } $ary_css_var = false; switch ($tree['tree_css_var']) { case 'parent': case 'subparent': case 'node': $ary_css_var = ${$tree['tree_css_var']}; break; default: if (is_numb($tree['tree_css_var'])) { $sql = 'SELECT * FROM _tree WHERE tree_id = ?'; if ($css_var_row = _fieldrow(sql_filter($sql, $tree['tree_css_var']))) { $ary_css_var = $css_var_row; } } break; } if ($ary_css_var !== false) { $s_css_page = _rewrite($ary_css_var) . '/'; } } v_style(array('S_IMAGES' => $core->v('address') . 'container/images/a_' . ($this->css_parent($tree) ? $this->css_var($tree) : $tree['tree_id']) . '/', 'V_TREE' => $tree['tree_id'], 'V_CSS' => $s_css_page, 'V_SUBJECT' => $tree['tree_subject'], 'V_CONTENT' => _message($tree['tree_content']), 'V_COMMENTS' => $tree['tree_comments'], 'V_ALLOW_COMMENTS' => $tree['tree_allow_comments'], 'V_ALLOW_FORM' => $tree['tree_form'], 'U_COMMENTS' => _link(_rewrite($tree)), 'U_XCF' => _link(_rewrite($tree) . '-xs.jpg', false, false))); $tree['tree_subject'] = strip_tags($tree['tree_subject']); // if ($tree['tree_alias'] != 'home') { if ($node['tree_id'] != $parent['tree_id']) { $this->navigation($node['tree_subject'], _rewrite($node)); } if ($tree['tree_level'] > 2) { if ($parent['tree_id'] && $node['tree_id'] && $tree['tree_level'] > 3) { $this->navigation('...'); } $this->navigation($subparent['tree_subject'], _rewrite($subparent)); } if ($parent['tree_id']) { $this->navigation($parent['tree_subject'], _rewrite($parent)); } $this->navigation($tree['tree_subject'], _rewrite($tree)); } if ($user->v('is_member')) { $tree['tree_cp'] = 1; $i = 0; $auth_tree = array('create', 'modify', 'remove'); foreach ($auth_tree as $row) { if (_auth_get('cp_' . $row)) { if (!$i) { _style('auth'); } _style('auth.row', array('U_AUTH' => _link('cp', array($row, _rewrite($tree))), 'V_NAME' => _lang('CP_AUTH_' . $row))); $i++; } } } // $this->_template('tree'); if (f($tree['tree_template']) && @file_exists('./style/custom/' . $tree['tree_template'] . '.htm')) { $this->_template('custom/' . $tree['tree_template']); } // TODO: 304 header response header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $tree['tree_edited']) . ' GMT'); return; }
protected function _like_home() { global $bio; if (!is_ghost()) { _fatal(); } $v = $this->__(array('ref' => 0)); if (!$v['ref']) { _fatal(); } if (!$bio->v('auth_member')) { _login(); } // like_time $sql = 'SELECT * FROM _reference WHERE ref_id = ?'; if (!($ref = _fieldrow(sql_filter($sql, $v['ref'])))) { _fatal(); } $sql = 'SELECT like_id FROM _reference_likes WHERE like_ref = ? AND like_uid = ?'; if (!_field(sql_filter($sql, $ref['ref_id'], $bio->v('bio_id')), 'like_id', 0)) { $sql_insert = array('ref' => $ref['ref_id'], 'uid' => $bio->v('bio_id')); sql_put('_reference_likes', prefix('like', $sql_insert)); } return $this->e('~OK'); }
protected function _permission_remove() { if (!is_ghost()) { _fatal(); } $v = $this->__(array('bio' => 0)); $sql = 'SELECT bio_id FROM _bio WHERE bio_id = ?'; if (!sql_field(sql_filter($sql, $v->bio), 'bio_id', 0)) { _fatal(); } $sql = 'SELECT auth_bio FROM _bio_auth WHERE auth_assoc = ? AND auth_bio = ?'; if (!sql_field(sql_filter($sql, $v->bio), 'auth_bio', 0)) { _fatal(); } $sql = 'DELETE FROM _bio_auth WHERE auth_assoc = ? AND auth_bio = ?'; sql_query(sql_filter($sql, $this->a('bio_id'), $v->bio)); redirect(_link('alias', array('alias' => $bio->v('bio_alias'), 'x1' => $this->x(1), 'x2' => $this->x(2)))); }
function xs_startup() { global $core, $user; if (empty($this->xs_started)) { $this->xs_started = 1; // Adding current template $tpl = $this->root . '/'; if (substr($tpl, 0, 2) === './') { $tpl = substr($tpl, 2, strlen($tpl)); } // Adding predefined variables $this->vars += array('LANG' => $core->v('default_lang'), 'TEMPLATE' => $tpl, 'TEMPLATE_NAME' => $this->tpl, 'S_SERVER' => $core->v('address'), 'S_STYLE' => $core->v('address') . 'style/', 'S_LIB' => LIBD, 'S_VISUAL' => LIBD . 'visual/', '_SELF' => _page(), 'SCRIPT_TYPE' => ' type="text/javascript"', 'CDATA_BEGIN' => '//<![CDATA[' . "\n", 'CDATA_END' => '//]]>' . "\n", 'IS_GHOST' => is_ghost(), 'IS_MEMBER' => (int) $user->v('is_member'), 'S_USERNAME' => _fullname($user->v()), 'S_TIME' => time()); } }
protected function _publish_home() { global $bio; $v = $this->__(w('address key subject content playing f 0 p 0')); // TODO: Implement bio authorization $this->_bio_publish($v->address, $v->key); // if (!$v->forum && !$v->post) { $warning->now(); } if ($v->forum) { if (empty($v->subject)) { $this->_error('NO_TOPIC_SUBJECT'); } $sql = 'SELECT * FROM _board_forums WHERE forum_id = ?'; if (!($forum = sql_fieldrow(sql_filter($sql, $v->forum)))) { $warning->now(); } $v->subject = _subject($v->subject); } else { $sql = 'SELECT * FROM _board_posts WHERE post_id = ?'; if (!($post = sql_fieldrow(sql_filter($sql, $v->post)))) { $warning->now(); } $sql = 'SELECT * FROM _board_topics WHERE topic_id = ?'; if (!($topic = sql_fieldrow(sql_filter($sql, $post->post_topic)))) { $warning->now(); } } if ($v->forum) { if ($forum->forum_locked && !$this->auth_forum($forum, 'create')) { $warning->now(); } } if (empty($v->content)) { $this->_error('NO_TOPIC_CONTENT'); } $v->content = _prepare($v->content); // Start insert transaction sql_transaction(); $sql_commit = false; if ($v->forum) { // Insert topic $sql_insert = array('forum' => $v->forum, 'subject' => $v->subject, 'author' => $bio->v('bio_id'), 'time' => time(), 'active' => $bio->v('bio_confirmed')); $v->topic_next = sql_put('_board_topics', prefix('topic', $sql_insert)); // Insert post $sql_insert = array('forum' => $v->forum, 'topic' => $v->topic_next, 'parent' => 0, 'bio' => $bio->v('bio_id'), 'time' => time(), 'active' => $bio->v('bio_confirmed'), 'message' => $v->content, 'playing' => $v->playing); $v->post_next = sql_put('_board_posts', prefix('post', $sql_insert)); if ($v->topic_next && $v->post_next) { $sql_commit = true; } } else { $sql_insert = array('forum' => $topic->topic_forum, 'topic' => $topic->topic_id, 'parent' => $v->post, 'bio' => $bio->v('bio_id'), 'time' => time(), 'active' => $bio->v('bio_confirmed'), 'message' => $v->content, 'playing' => $v->playing); $v->post_next = sql_put('_board_posts', prefix('post', $sql_insert)); $sql_update = w(); $sql = 'UPDATE _board_topics SET topic_replies = topic_replies + 1' . sql_build('UPDATE', $sql_update) . sql_filter(' WHERE topic_id = ?', $topic->topic_id); $updated = sql_affected($sql); if ($v->post_next && $updated) { $sql_commit = true; } } if (!$sql_commit) { sql_transaction('rollback'); $this->_error('ROLLBACK_MESSAGE'); } sql_transaction('commit'); if (is_ghost() && $v->post) { if ($bio->v('bio_confirmed')) { $response = array('show' => 1, 'parent' => $v->post, 'post' => $v->post_next, 'content' => _message($v->content), 'time' => _format_date(), 'profile' => array('link' => _link_bio($bio->v('bio_alias')), 'name' => $bio->v('bio_name'))); } else { $response = array('show' => 0, 'legend' => _lang('PUBLISH_TOPIC_GUEST')); } $this->output(json_encode($response)); } return redirect(_link('board', array('topic', $v->topic))); }
protected function _attend_home() { global $bio; if (!is_ghost()) { _fatal(); } if (!$bio->v('auth_member')) { _login(); } $v = $this->__(_array_keys(w('event option'), 0)); if (!$v['event'] || !$v['option']) { _fatal(); } $sql = 'SELECT event_id FROM _events WHERE event_id = ?'; if (!_fieldrow($sql, $v['event'])) { _fatal(); } $sql = 'SELECT type_id FROM _events_attend_type WHERE type_id = ?'; if (!_fieldrow(sql_filter($sql, $v['option']))) { _fatal(); } $sql = 'SELECT attend_id FROM _events_attend WHERE attend_event = ? AND attend_uid = ?'; if ($attend_id = _field(sql_filter($sql, $v['event'], $bio->v('bio_id')), 'attend_id', 0)) { $sql = 'UPDATE _events SET attend_option = ? WHERE attend_id = ?'; _sql(sql_filter($sql, $v['option'], $attend_id)); } else { $sql_insert = array('attend_event' => $v['event'], 'attend_uid' => $bio->v('bio_id'), 'attend_option' => $v['option'], 'attend_time' => time()); sql_put('_events_attend', $sql_insert); } return $this->e('~OK'); }
function redirect($url, $i = true) { global $warning; sql_close(); $url = trim($url); // Prevent external domain injection if ($i === true) { if (strpos($url, '://') !== false) { $url_path = parse_url($url, PHP_URL_HOST); if ($url_path === false || $url_path != get_host()) { $warning->fatal(); } } else { if (f($url) && substr($url, 0, 1) === '/') { $url = substr($url, 1); } $url = _link() . $url; } } $head = 'Location: ' . $url; if (is_ghost()) { echo $head; } else { header($head); } exit; }
function home() { global $core, $user, $style; $tree = $this->valid_tree(); $v = $this->__(array('is_comment' => 0)); // Comment posting enabled and form submitted. if ($v['is_comment'] && $this->submit) { if (!$tree['tree_allow_comments']) { _fatal(); } $cv = $this->__(array('comment_username', 'comment_address', 'comment_website', 'comment_message', 'comment_security')); $comment_time = time(); if (!$user->d('is_member')) { foreach ($cv as $cv_k => $cv_v) { if (empty($cv_v)) { $this->error('E_COMMENT_FILL_FIELDS'); break; } } if (!$this->errors()) { $sql = "SELECT comment_time\n\t\t\t\t\t\tFROM _comments\n\t\t\t\t\t\tWHERE comment_ip = '" . $this->_escape($user->ip) . "'\n\t\t\t\t\t\t\tAND comment_status = 0"; if ($row_flood = $this->_fieldrow($sql)) { if ($comment_time - $row_flood['comment_time'] < 30) { $this->error('E_COMMENT_FLOOD_TIME'); } } } // CAPTCHA verification include XFS . 'core/xcf.php'; $xcf = new captcha(); if ($xcf->check($cv['comment_security']) === false) { $cv['comment_security'] = ''; $this->error('E_COMMENT_INVALID_CAPTCHA'); } unset($xcf); } if (!$this->errors()) { $approve_comments = !$user->d('is_member') ? $tree['tree_approve_comments'] : 1; $sql_insert = array('tree' => (int) $tree['tree_id'], 'uid' => (int) $user->d('user_id'), 'username' => $cv['comment_username'], 'email' => $cv['comment_address'], 'website' => $cv['comment_website'], 'ip' => $user->ip, 'status' => (int) $approve_comments, 'time' => (int) $comment_time, 'message' => $cv['comment_message']); $sql = 'INSERT INTO _comments' . $this->_build_array('INSERT', ksql('comment', $sql_insert)); $this->_sql($sql); if ($approve_comments) { $sql = 'UPDATE _tree SET tree_comments = tree_comments + 1 WHERE tree_id = ' . (int) $tree['tree_id']; $this->_sql($sql); } // Send new comment email notification for approval. if (!$approve_comments) { unset($cv['comment_security']); include XFS . 'core/emailer.php'; $emailer = new emailer(); $emailer->from($cv['comment_address']); $emailer->use_template('comment_approval'); if (empty($tree['tree_form_email'])) { $tree['tree_form_email'] = $core->v('default_comments_email'); } foreach (explode(';', $tree['tree_form_email']) as $i => $row) { $row_f = !$i ? 'email_address' : 'cc'; $emailer->{$row_f}($row); } $input = array(); foreach ($cv as $row_k => $row_v) { if (empty($row_v)) { continue; } if ($row_k == 'comment_message') { $row_v = str_replace("\r\n", '<br />', $row_v); } $input[] = '< ' . $row_v; } $emailer->assign_vars(array('U_APPROVAL' => _link($this->alias_id($tree), array('x1' => 'comments')), 'INPUT_FIELDS' => implode('<br /><br />', $input), 'FROM_USERNAME' => $cv['comment_username'])); $emailer->send(); $emailer->reset(); } redirect(_link($this->alias_id($tree))); } if ($this->errors()) { if (is_ghost()) { $this->e('!'); } $style->assign_block_vars('comments_error', array('MESSAGE' => $this->get_errors())); } } // if (!empty($tree['tree_redirect'])) { if (preg_match('#^[a-z0-9\\-\\_]+$#is', $tree['tree_redirect'])) { $tree['tree_redirect'] = _link($tree['tree_redirect']); } redirect($tree['tree_redirect']); } // if ($tree['tree_parent']) { $sql = 'SELECT * FROM _tree WHERE tree_id = ' . (int) $tree['tree_parent']; $parent = $this->_fieldrow($sql); if ($tree['tree_level'] > 2) { $sql = 'SELECT * FROM _tree WHERE tree_id = ' . (int) $parent['tree_parent']; $subparent = $this->_fieldrow($sql); } } if ($tree['tree_node']) { $sql = 'SELECT * FROM _tree WHERE tree_id = ' . (int) $tree['tree_node']; $node = $this->_fieldrow($sql); } // if (@method_exists($this, 'cf_' . $this->alias_id($tree))) { $this->{'cf_' . $this->alias_id($tree)}($tree); } // $sql = 'SELECT * FROM _tree WHERE tree_parent = ' . (int) $tree['tree_id'] . ' AND tree_child_hide = 0 ORDER BY ' . $this->child_order($tree); $childs = $this->_rowset($sql); foreach ($childs as $i => $row) { if (!$i) { $sql = 'SELECT image_id, image_tree, image_extension FROM _images WHERE image_tree IN (' . implode(',', array_keys($childs)) . ') ORDER BY RAND()'; $images_child = $this->_rowset($sql, 'tree_id'); $style->assign_block_vars('tree_child', array('ORDER_URL' => _link($tree['tree_id'], array('order', 0, 0, 0, 0)))); } $style->assign_block_vars('tree_child.row', array('ITEM' => $row['tree_id'], 'URL' => _link($this->alias_id($row)), 'SUBJECT' => $row['tree_subject'], 'CONTENT' => $row['tree_content'], 'EDITED' => $user->format_date($row['tree_edited']), 'IMAGE' => isset($images_child[$row['tree_id']]) ? $images_child[$row['tree_id']]['image_id'] . '.' . $images_child[$row['tree_id']]['image_extension'] : 'default.gif')); } // Comments if ($tree['tree_allow_comments'] && $tree['tree_comments']) { $sql = 'SELECT c.comment_id, c.comment_username, c.comment_website, c.comment_time, c.comment_message, m.user_username FROM _comments c, _members m WHERE c.comment_tree = ' . (int) $tree['tree_id'] . ' AND c.comment_status = 1 AND c.comment_uid = m.user_id ORDER BY c.comment_time DESC'; $comments = $this->_rowset($sql); foreach ($comments as $i => $row) { if (!$i) { $style->assign_block_vars('comments', array()); } $style->assign_block_vars('comments.row', array('ID' => $row['comment_id'], 'SUSERNAME' => $row['user_username'], 'USERNAME' => $row['comment_username'], 'WEBSITE' => $row['comment_website'], 'TIME' => $user->format_date($row['comment_time']), 'MESSAGE' => str_replace("\n", '<br />', $row['comment_message']))); } } // if ($this->css_parent($tree)) { $sql = 'SELECT * FROM _tree WHERE tree_parent = ' . (int) $this->css_var($tree) . ' AND tree_child_hide = 0 ORDER BY ' . $this->child_order($tree); $childs_parent = $this->_rowset($sql); foreach ($childs_parent as $i => $row) { if (!$i) { $sql = 'SELECT image_id, image_tree, image_extension FROM _images WHERE image_tree IN (' . implode(',', array_keys($childs_parent)) . ') ORDER BY RAND()'; $images_child_parent = $this->_rowset($sql, 'tree_id'); $style->assign_block_vars('tree_child', array('ORDER_URL' => _link($tree['tree_id'], array('order', 0, 0, 0, 0)))); } $style->assign_block_vars('tree_child_parent.row', array('ITEM' => $row['tree_id'], 'URL' => _link($this->alias_id($row)), 'TITLE' => $row['tree_subject'], 'IMAGE' => isset($images_child_parent[$row['tree_id']]) ? $images_child_parent[$row['tree_id']]['image_id'] . '.' . $images_child_parent[$row['tree_id']]['image_extension'] : 'default.gif')); } } if ($tree['tree_downloads']) { $sql = 'SELECT * FROM _downloads WHERE download_tree = ' . (int) $tree['tree_id'] . ' ORDER BY download_order'; $downloads = $this->_rowset($sql); foreach ($downloads as $i => $row) { if (!$i) { $style->assign_block_vars('downloads', array('ORDER_URL' => _link($tree['tree_id'], array('orderd', 0, 0, 0, 0)))); } $style->assign_block_vars('downloads.row', array('ITEM' => $row['download_id'], 'DOWNLOAD' => _link('get', $row['download_alias'] . '.' . $row['download_extension']), 'TITLE' => $row['download_title'])); } } // if ($tree['tree_form']) { $style->assign_block_vars('form', array('URL' => _link($this->alias_id($tree), 'form'))); } $s_css_page = ''; if (@file_exists('./style/css/_tree_' . $this->alias_id($tree) . '.css')) { $s_css_page = $this->alias_id($tree) . '/'; } elseif ($this->css_parent($tree)) { if (empty($tree['tree_css_var'])) { $tree['tree_css_var'] = 'parent'; } $ary_css_var = false; switch ($tree['tree_css_var']) { case 'parent': case 'subparent': case 'node': $ary_css_var = ${$tree['tree_css_var']}; break; default: if (is_numeric($tree['tree_css_var'])) { $sql = 'SELECT * FROM _tree WHERE tree_id = ' . (int) $tree['tree_css_var']; if ($css_var_row = $this->_fieldrow($sql)) { $ary_css_var = $css_var_row; } } break; } if ($ary_css_var !== false) { $s_css_page = $this->alias_id($ary_css_var) . '/'; } } //$tree['tree_content'] = $this->parse($tree['tree_content']); $tv = array('ADI' => $core->v('address') . 'container/images/a_' . ($this->css_parent($tree) ? $this->css_var($tree) : $tree['tree_id']) . '/', 'V_TREE' => $tree['tree_id'], 'V_CSS' => $s_css_page, 'V_SUBJECT' => $tree['tree_subject'], 'V_CONTENT' => $tree['tree_content'], 'V_COMMENTS' => $tree['tree_comments'], 'V_ALLOW_COMMENTS' => $tree['tree_allow_comments'], 'U_COMMENTS' => _link($this->alias_id($tree)), 'U_XCF' => _link($this->alias_id($tree) . '-xs.jpg', false, false)); $this->as_vars($tv); $tree['tree_subject'] = strip_tags($tree['tree_subject']); // if ($tree['tree_alias'] != 'home') { if ($node['tree_id'] != $parent['tree_id']) { $this->navigation($node['tree_subject'], $this->alias_id($node)); } if ($tree['tree_level'] > 2) { if ($parent['tree_id'] && $node['tree_id'] && $tree['tree_level'] > 3) { $this->navigation('...'); } $this->navigation($subparent['tree_subject'], $this->alias_id($subparent)); } if ($parent['tree_id']) { $this->navigation($parent['tree_subject'], $this->alias_id($parent)); } $this->navigation($tree['tree_subject'], $this->alias_id($tree)); } if ($user->d('is_member')) { $i = 0; $auth_tree = array('create', 'modify', 'remove'); foreach ($auth_tree as $row) { if ($user->auth_get('cp_' . $row)) { if (!$i) { $style->assign_block_vars('auth', array()); } $lang = 'CP_AUTH_' . strtoupper($row); $style->assign_block_vars('auth.row', array('U_LINK' => _link('cp', array($row, $this->alias_id($tree, false, false, false))), 'V_NAME' => _lang($lang))); $i++; } } } // $this->template = 'tree'; if (!empty($tree['tree_template']) && @file_exists('./style/pages/' . $tree['tree_template'] . '.htm')) { $this->template = 'pages/' . $tree['tree_template']; } // TODO: 304 header response header('Last-Modified: ' . gmdate('D, d M Y H:i:s', $tree['tree_edited']) . ' GMT'); return; }
protected function _tab_home() { if (!is_ghost()) { redirect(_link($this->m())); } global $user; $v = $this->__(array('uid' => 0, 'tag')); if (!$v['uid'] || !f($v['tag'])) { $this->_error('#FATAL_ERROR'); } $tabs = $this->init_tabs(); if (!isset($tabs[$v['tag']])) { $this->_error('#FATAL_ERROR'); } $tab_auth = $tabs[$v['tag']]['tab_function'] == 'general' ? 'search' : 'tab_' . $tabs[$v['tag']]['tab_function']; if (!_auth_get('contacts_' . $tab_auth)) { _fatal(); } $sql = 'SELECT * FROM _members WHERE user_id = ?'; if (!($uid = _fieldrow(sql_filter($sql, $v['uid'])))) { $this->_error('#TICKET_NOT_MEMBER'); } $f = '_tab_function_' . $tabs[$v['tag']]['tab_function']; if (!method_exists($this, $f)) { $this->_error('#FATAL_ERROR'); } $this->{$f}($v, $uid); $this->e('!'); v_style(array('TAG' => $v['tag'], 'V_UID' => $v['uid'])); return $this->_template('contacts.search.ajax'); }