function sendmessage()
{
global $set, $contactmessage;
if (!is_intval(trim($_POST['secCode'])) || !is_intval($_SESSION[session_id()])) {
die("Contact - aha! Clever!");
}
if ($_POST['secCode'] != $_SESSION[session_id()]) {
$message = $contactmessage[139];
} else {
if (isset($_POST['text'])) {
$message = $contactmessage[26];
if ($_POST['text'] != "" && $_POST['name'] != "") {
if (extension_loaded("mbstring") && function_exists("mb_encode_mimeheader")) {
mb_language("uni");
mb_internal_encoding("UTF-8");
//org $fromname = '"'. mb_encode_mimeheader($set['fromname']).'" <'.$set['fromemail'].'> ';
$fromname = '"' . mb_encode_mimeheader($set['author']) . '" <' . $set['wemail'] . '> ';
} else {
//org $fromname = $set['fromemail'];
$fromname = $set['author'] . '" <' . $set['wemail'] . '> ';
}
//
$email = html_entity_decode(sanitize($_POST['email']));
$text = html_entity_decode(sanitize($_POST['text']));
$name = html_entity_decode(sanitize($_POST['name']));
$phone = html_entity_decode(sanitize($_POST['phone']));
/* $additional_header = array();
$additional_header[] = 'MIME-Version: 1.0';
$additional_header[] = 'Content-Type: text/plain; charset=utf-8';
$additional_header[] = 'Content-Transfer-Encoding: 7bit ';
$additional_header[] = 'From: ' .$fromname.' '.$email;
*/
//org $to=$set['toemail']."\r\n";
$to = $set['wemail'] . "\r\n";
$subject = $contactmessage[27] . $name . " via Website";
$mailbody = $contactmessage[27] . ": " . $name . "\r\n\r\n" . $contactmessage[31] . ": " . $email . "\r\n";
if ($phone != "") {
$mailbody .= $contactmessage[34] . ": " . $phone . "\r\n";
}
$mailbody .= "\r\n\r\n" . $contactmessage[32] . ":\r\n\r\n" . $text;
$additional_header = 'MIME-Version: 1.0' . "\r\n" . 'Content-Type: text/plain; charset=utf-8' . "\r\n" . 'Content-Transfer-Encoding: 7bit ' . "\r\n" . 'From: ' . $fromname . "\r\n";
if ($email != "") {
$additional_header .= 'Reply-To: ' . $name . '" <' . $email . '> ' . "\r\n";
}
$additional_header .= 'X-Mailer: LightNEasy ';
//org if(!mail($to, $contactmessage[27].$set['fromname'], $contactmessage[27].$name."\r\n".$email."\r\n".$phone."\r\n\r\n\r\n".$text, implode("\r\n", $additional_header) ))
if (!mail($to, $subject, $mailbody, $additional_header)) {
$message = $contactmessage[28];
}
} else {
$message = $contactmessage[29];
}
} else {
$message = $contactmessage[29];
}
}
return $message;
}
foreach ($news['config']['gallery_allowed_ext'] as $ikey => $ivalue) {
$news['config']['gallery_allowed_ext'][$ikey] = _dbEscape($ivalue);
}
$news['config']['gallery_allowed_ext'] = implode(',', $news['config']['gallery_allowed_ext']);
} else {
$news['config']['gallery_allowed_ext'] = '';
}
// start parsing news entries
$news['row_count'] = 1;
$news['total_count'] = 1;
$news['entry_count'] = count($news['result']);
// set new target if necessary
if (empty($news['news_detail_link'])) {
$news['base_href'] = rel_url($news['listing_page'], array('newsdetail'));
} else {
if (is_intval($news['news_detail_link'])) {
$news['news_detail_link'] = 'aid=' . $news['news_detail_link'];
}
$news['base_href'] = rel_url($news['listing_page'], array('newsdetail'), $news['news_detail_link']);
}
foreach ($news['result'] as $key => $value) {
$value['cnt_object'] = @unserialize($value['cnt_object']);
$news['entries'][$key] = getFrontendEditLink('news', $value['cnt_id']);
if (empty($value['cnt_object']['cnt_files']['gallery'])) {
$news['tmpl_gallery_item'] = '';
$news['entries'][$key] .= $news['tmpl_entry'];
} else {
if (empty($news['tmpl_gallery_item'])) {
$news['tmpl_gallery_item'] = get_tmpl_section('GALLERY_ITEM', $news['tmpl_entry']);
}
$news['entries'][$key] .= replace_tmpl_section('GALLERY_ITEM', $news['tmpl_entry']);
function users()
{
global $langmessage, $prefix;
$out = "<h2>{$langmessage['154']}</h2>\n<hr />\n";
if ($_GET['id'] != "" && !is_intval($_GET['id']) || $_GET['pag'] != "" && !is_intval($_GET['pag'])) {
die($langmessage[98]);
}
if ($_GET['action'] == "deleteuser") {
$result = dbquery('SELECT * FROM ' . $prefix . 'users WHERE id=' . $_GET['id']);
if ($row = fetch_array($result)) {
if ($_SESSION['adminlevel'] >= $row['adminlevel']) {
$out .= userform($_GET['id'], $row, true);
}
}
} elseif ($_GET['action'] == "edituser") {
$result = dbquery('SELECT * FROM ' . $prefix . 'users WHERE id=' . $_GET['id']);
if ($row = fetch_array($result)) {
$out .= userform($_GET['id'], $row);
}
} else {
$out .= userform();
}
$out .= "<div style=\"margin-top: 20px;\">\n<table style=\"border: none;\">\n";
$multy = false;
$result = dbquery('SELECT * FROM ' . $prefix . 'users ORDER BY handle');
$pages = num_rows($result);
if ($pages > 25) {
if ($_GET['pag'] == "") {
$_GET['pag'] = 1;
}
$query = "SELECT * FROM " . $prefix . "users ";
if (isset($_GET['letter'])) {
$query .= "WHERE UPPER(SUBSTR(handle,1,1))=\"" . sanitize($_GET['letter']) . "\" ";
}
$query .= "ORDER BY handle limit " . ($_GET['pag'] - 1) * 25 . ", 25";
$result = dbquery($query);
$pagebar = "<tr><td colspan=\"6\" align=\"left\"><a href=\"LightNEasy.php?page=index&do=users";
if (isset($_GET['letter'])) {
$pagebar .= "&letter=" . sanitize($_GET['letter']);
}
$pagebar .= "&pag=";
if ($_GET['pag'] > 1) {
$pagebar .= $_GET['pag'] - 1;
} else {
$pagebar .= $_GET['pag'];
}
$pagebar .= "\"><</a> ";
$result1 = dbquery("SELECT DISTINCT UPPER(SUBSTR(handle,1,1)) as letter FROM " . $prefix . "users ORDER BY handle ASC");
while ($row = fetch_array($result1)) {
$pagebar .= "<a href=\"LightNEasy.php?page=index&do=users&letter=" . $row['letter'] . "&pag=1\">" . $row['letter'] . "</a> ";
}
$pagebar .= " <a href=\"LightNEasy.php?page=index&do=users";
if (isset($_GET['letter'])) {
$pagebar .= "&letter=" . sanitize($_GET['letter']);
}
$pagebar .= "&pag=";
if ($pages > $_GET['pag'] * 25) {
$pagebar .= $_GET['pag'] + 1;
} else {
$pagebar .= $_GET['pag'];
}
$pagebar .= "\"> ></a></td></tr>\n";
$out .= $pagebar;
$multy = true;
}
while ($row = fetch_array($result)) {
$out .= "<tr><td><a href=\"" . $_SERVER['SCRIPT_NAME'] . "?do=users&action=edituser&id=" . $row['id'] . "\"><img style=\"padding: none; border: none;\" src=\"images/edit.png\" alt=\"edit\" /></a></td>";
$out .= "<td><a href=\"" . $_SERVER['SCRIPT_NAME'] . "?do=users&action=deleteuser&id=" . $row['id'] . "\"><img style=\"padding: none; border: none;\" src=\"images/editdelete.png\" alt=\"delete\" /></a></td>";
$out .= "<td><b>" . decode($row['handle']) . "</b></td><td>" . $row['adminlevel'] . "</td><td>" . $row['ip'] . "</td><td>" . strftime("%m/%d/%y", $row['datejoined']) . "</td></tr>\n";
}
if ($multy) {
$out .= $pagebar;
}
$out .= "</table>\n</div>\n";
return $out;
}
* @copyright Copyright (c) 2002-2015, Oliver Georgi
* @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
* @link http://www.phpwcms.de
*
**/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
// Content Type Search Form
$content["template"] = clean_slweg($_POST['template']);
$content["search"]["result_per_page"] = empty($_POST["csearch_result_per_page"]) ? '' : intval($_POST["csearch_result_per_page"]);
$content["search"]["wordlimit"] = isset($_POST["csearch_wordlimit"]) ? trim($_POST["csearch_wordlimit"]) : '';
$content["search"]["wordlimit"] = is_intval($content["search"]["wordlimit"]) ? intval($content["search"]["wordlimit"]) : '';
$content["search"]["newwin"] = isset($_POST["csearch_newwin"]) ? 1 : 0;
$content["search"]["highlight_result"] = isset($_POST["csearch_highlight"]) ? 1 : 0;
$content["search"]["label_input"] = html_specialchars(clean_slweg($_POST["csearch_label_input"]));
$content["search"]["style_input"] = html_specialchars(clean_slweg($_POST["csearch_style_input"]));
$content["search"]["label_button"] = html_specialchars(clean_slweg($_POST["csearch_label_button"]));
$content["search"]["style_button"] = html_specialchars(clean_slweg($_POST["csearch_style_button"]));
$content["search"]["label_result"] = slweg($_POST["csearch_label_result"]);
$content["search"]["style_result"] = html_specialchars(clean_slweg($_POST["csearch_style_result"]));
$content["search"]["align"] = isset($_POST["csearch_align"]) ? intval($_POST["csearch_align"]) : 0;
$content["search"]["text_intro"] = slweg($_POST["csearch_text_intro"], 65500);
$content["search"]["text_result"] = slweg($_POST["csearch_text_result"], 65500);
$content["search"]["text_noresult"] = slweg($_POST["csearch_text_noresult"], 65500);
$content["search"]["template"] = isset($_POST["csearch_template"]) ? slweg($_POST["csearch_template"]) : '';
$content['search']["text_html"] = empty($_POST['csearch_text_html']) ? 0 : (intval($_POST['csearch_text_html']) ? 1 : 0);
$content["search"]["label_pages"] = slweg($_POST['csearch_label_pages']);
if (!isset($_tmpl['config']['shop_url'])) {
$_tmpl['config']['shop_url'] = _getConfig('shop_pref_id_shop', '_shopPref');
}
if (!isset($_tmpl['config']['cart_url'])) {
$_tmpl['config']['cart_url'] = _getConfig('shop_pref_id_cart', '_shopPref');
}
if (!is_intval($_tmpl['config']['shop_url']) && is_string($_tmpl['config']['shop_url'])) {
$_tmpl['config']['shop_url'] = trim($_tmpl['config']['shop_url']);
} elseif (is_intval($_tmpl['config']['shop_url']) && intval($_tmpl['config']['shop_url'])) {
$_tmpl['config']['shop_url'] = 'aid=' . intval($_tmpl['config']['shop_url']);
} else {
$_tmpl['config']['shop_url'] = $aktion[1] ? 'aid=' . $aktion[1] : 'id=' . $aktion[0];
}
if (!is_intval($_tmpl['config']['cart_url']) && is_string($_tmpl['config']['cart_url'])) {
$_tmpl['config']['cart_url'] = trim($_tmpl['config']['cart_url']);
} elseif (is_intval($_tmpl['config']['cart_url']) && intval($_tmpl['config']['cart_url'])) {
$_tmpl['config']['cart_url'] = 'aid=' . intval($_tmpl['config']['cart_url']);
} else {
$_tmpl['config']['cart_url'] = $aktion[1] ? 'aid=' . $aktion[1] : 'id=' . $aktion[0];
}
if ($_tmpl['config']['shop_wrap']) {
$_tmpl['config']['shop_wrap'] = explode('|', $_tmpl['config']['shop_wrap']);
$_tmpl['config']['shop_wrap'] = array('prefix' => trim($_tmpl['config']['shop_wrap'][0]) . LF, 'suffix' => empty($_tmpl['config']['shop_wrap'][1]) ? '' : LF . trim($_tmpl['config']['shop_wrap'][1]));
} else {
$_tmpl['config']['shop_wrap'] = array('prefix' => '', 'suffix' => '');
}
$_tmpl['config']['price_decimals'] = (int) $_tmpl['config']['price_decimals'];
$_tmpl['config']['vat_decimals'] = (int) $_tmpl['config']['vat_decimals'];
$_tmpl['config']['weight_decimals'] = (int) $_tmpl['config']['weight_decimals'];
if ($_tmpl['config']['shop_css']) {
renderHeadCSS($_tmpl['config']['shop_css']);
| Copyright 2007 - 2011 Fernando Baptista
| http://www.lightneasy.org
+----------------------------------------------------+
| Addon Downloads send module main.php
| Version 3.2.4 SQLite/MySQL
+----------------------------------------------------+
| Released under the terms & conditions of v2 of the
| GNU General Public License. For details refer to
| the included gpl.txt file or visit http://gnu.org
+----------------------------------------------------*/
if (isset($_GET['dlid'])) {
global $set, $prefix, $fuso_s;
// there is a download request
require_once "../../data/database.php";
require_once "../../LightNEasy/common.php";
if (!is_intval($_GET['dlid'])) {
die("Downloads - Aha! Clever!");
}
if ($MySQL == 1) {
$sqldbdb = @mysql_connect($databasehost, $databaselogin, $databasepassword) or die("Error - Could not connect to MySQL server: " . mysql_error());
@mysql_select_db($databasename) or die("Error - Could not open MySQL database " . mysql_error());
} elseif ($MySQL == 0) {
if (!($sqldbdb = @sqlite_open("../../data/{$databasename}.db"))) {
die("Error - Could not open SQLite 2 database");
}
} else {
if (!($sqldbdb = new SQLite3("../../data/{$databasename}.db"))) {
die("Couldn't open SQLite 3 database");
}
}
readsetup();
function asurvey()
{
global $prefix, $sqldbdb, $MySQL, $set, $langmessage;
if (file_exists("addons/survey/lang/lang_" . $set['language'] . ".php")) {
require_once "addons/survey/lang/lang_" . $set['language'] . ".php";
} else {
require_once "addons/survey/lang/lang_en_US.php";
}
// Check if table exists in the database
if ($MySQL == 0) {
if (!($aa = sqlite_fetch_column_types($prefix . "surveynames", $sqldbdb))) {
dbquery("CREATE TABLE " . $prefix . "surveynames ( id INTEGER NOT NULL PRIMARY KEY, surveyid INTEGER NOT NULL, surveyname VARCHAR(80), place INTEGER NOT NULL, adminlevel INTEGER NOT NULL)");
}
if (!($aa = sqlite_fetch_column_types($prefix . "surveyvotes", $sqldbdb))) {
dbquery("CREATE TABLE " . $prefix . "surveyvotes ( id INTEGER NOT NULL PRIMARY KEY, surveyid INTEGER NOT NULL, vote INTEGER NOT NULL, voterid INTEGER NOT NULL)");
}
} else {
dbquery("CREATE TABLE IF NOT EXISTS " . $prefix . "surveynames ( id INTEGER NOT NULL auto_increment, surveyid INTEGER NOT NULL, surveyname VARCHAR(80), place INTEGER NOT NULL, adminlevel INTEGER NOT NULL, PRIMARY KEY (id))");
dbquery("CREATE TABLE IF NOT EXISTS " . $prefix . "surveyvotes ( id INTEGER NOT NULL auto_increment, surveyid INTEGER NOT NULL, vote INTEGER NOT NULL, voterid INTEGER NOT NULL, PRIMARY KEY (id))");
}
if (isset($_POST['surveysubmit'])) {
if ($_POST['surveysubmit'] == "New Survey" && $_POST['surveyname'] != "") {
if (!is_intval($_POST['adminlevel'])) {
die($langmessage[98]);
}
dbquery("INSERT INTO " . $prefix . "surveynames ( id, surveyid, surveyname, place, adminlevel) VALUES ( null, 0, \"" . encode(sanitize($_POST['surveyname'])) . "\", 0, " . $_POST['adminlevel'] . ")");
}
if ($_POST['surveysubmit'] == "Delete Survey" && $_POST['surveyid'] != "") {
if (!is_intval($_POST['surveyid'])) {
die($langmessage[98]);
}
dbquery("DELETE FROM " . $prefix . "surveynames WHERE (id=" . $_POST['surveyid'] . " AND surveyid=0) OR surveyid=" . $_POST['surveyid']);
dbquery("DELETE FROM " . $prefix . "surveyvotes WHERE surveyid=" . $_POST['surveyid']);
}
if ($_POST['surveysubmit'] == "Add Option" && $_POST['option'] != "") {
if (!is_intval($_POST['surveyid']) || !is_intval($_POST['place'])) {
die($langmessage[98]);
}
dbquery("INSERT INTO " . $prefix . "surveynames ( id, surveyid, surveyname, place, adminlevel) VALUES ( null, " . $_POST['surveyid'] . ", \"" . encode(sanitize($_POST['option'])) . "\", " . $_POST['place'] . ", 0)");
}
}
$out .= "<h2>{$surveymessage['15']}</h2>\n<hr />\n";
$out .= "<h3>{$surveymessage['1']}</h3>\n";
$out .= "<form name=\"form1\" method=\"POST\" action=\"\">\n";
$out .= "<table>\n<tr><td>{$surveymessage['2']}: </td><td><input type=\"text\" name=\"surveyname\" value=\"\" size=\"50\" /></td></tr>\n";
$out .= "<tr><td>{$surveymessage['3']}: </td><td><SELECT name=\"adminlevel\">\n";
$out .= "<option value=\"0\">{$langmessage['161']}</option>\n";
$out .= "<option value=\"2\">{$langmessage['162']}</option>\n";
$out .= "<option value=\"3\">{$langmessage['29']}</option>\n";
$out .= "<option value=\"4\">{$langmessage['163']}</option>\n";
$out .= "</SELECT></td></tr>\n";
$out .= "<tr><td><input type=\"hidden\" name=\"surveysubmit\" value=\"New Survey\" /></td>";
$out .= "<td><input type=\"submit\" value=\"{$surveymessage['1']}\" name=\"aaa\" /></td></tr>\n";
$out .= "</table>\n</form>\n";
$out .= "<hr /><h3>{$surveymessage['5']}</h3>\n";
$out .= "<form name=\"form2\" method=\"POST\" action=\"\">\n";
$out .= "<table>\n";
$out .= "<tr><td>{$surveymessage['5']}: </td><td><SELECT name=\"surveyid\">\n";
$output = dbquery("SELECT * FROM " . $prefix . "surveynames WHERE surveyid=0");
$row = fetch_all($output);
$i = 0;
while ($row[$i]['surveyname']) {
$out .= "<option value=\"" . $row[$i]['id'] . "\">" . decode($row[$i]['surveyname']) . "</option>\n";
$i++;
}
$out .= "</SELECT></td></tr>\n";
$out .= "<tr><td><input type=\"hidden\" name=\"surveysubmit\" value=\"Delete Survey\" /></td>";
$out .= "<td><input type=\"submit\" value=\"{$surveymessage['5']}\" name=\"aaa\" /></td></tr>\n";
$out .= "</table>\n</form>\n";
$out .= "<hr /><h3>{$surveymessage['6']}</h3>\n";
$out .= "<form name=\"form1\" method=\"POST\" action=\"\">\n";
$out .= "<table>\n";
$out .= "<tr><td>{$surveymessage['2']}: </td><td><SELECT name=\"surveyid\">\n";
$row = fetch_all(dbquery("SELECT * FROM " . $prefix . "surveynames WHERE surveyid=0"));
$i = 0;
while ($row[$i]['surveyname']) {
$out .= "<option value=\"" . $row[$i]['id'] . "\">" . decode($row[$i]['surveyname']) . "</option>\n";
$i++;
}
$out .= "</SELECT></td></tr>\n";
$out .= "<tr><td>{$surveymessage['7']}: </td><td><input type=\"text\" name=\"place\" size=\"2\" value=\"\" /></td></tr>\n";
$out .= "<tr><td>{$surveymessage['8']}: </td><td><input type=\"text\" name=\"option\" size=\"50\" value=\"\" /></td></tr>\n";
$out .= "<tr><td><input type=\"hidden\" name=\"surveysubmit\" value=\"Add Option\" /></td>";
$out .= "<td><input type=\"submit\" name=\"aaa\" value=\"{$surveymessage['9']}\" /></td></tr>\n";
$out .= "</table>\n</form>\n";
$out .= "<hr /><h3>{$surveymessage['4']}</h3>\n<ul>";
$i = 0;
while ($row[$i]['id']) {
$out .= "<li>" . $row[$i]['id'] . " - " . decode($row[$i]['surveyname']) . "</li>\n";
$row1 = fetch_all(dbquery("SELECT * FROM " . $prefix . "surveynames WHERE surveyid=" . $row[$i]['id']));
$j = 0;
$out .= "<ul>";
while ($row1[$j]['id']) {
$out .= "<li>" . $row1[$j]['surveyname'] . "</li>\n";
$j++;
}
$out .= "</ul>\n";
$i++;
}
$out .= "</ul>\n";
return $out;
}
function update_404redirect()
{
$data = array('error' => array(), 'data' => array('rid' => intval($_POST['rid']), 'alias' => clean_slweg($_POST['alias']), 'id' => trim($_POST['id']) === '' ? '' : intval($_POST['id']), 'aid' => trim($_POST['aid']) === '' || !intval($_POST['aid']) ? '' : intval($_POST['aid']), 'type' => empty($_POST['type']) || !in_array($_POST['type'], array('alias', 'id', 'aid', 'link')) ? '' : clean_slweg($_POST['type']), 'active' => empty($_POST['active']) ? 0 : 1, 'shortcut' => empty($_POST['shortcut']) ? 0 : 1, 'code' => empty($_POST['code']) || !in_array($_POST['code'], array('301', '307', '404', '401', '503')) ? '' : clean_slweg($_POST['code']), 'target' => clean_slweg($_POST['target']), 'changed' => date('Y-m-d H:i:s')));
if (!$data['data']['aid'] && !$data['data']['alias'] && $data['data']['id'] == '' && !isset($_POST['delete_' . md5($data['data']['rid'])])) {
$data['error'][] = $GLOBALS['BL']['be_redirect_error1'];
}
if ($data['data']['type'] && $data['data']['target'] === '') {
$data['error'][] = $GLOBALS['BL']['be_redirect_error2'];
} elseif (($data['data']['type'] == 'id' || $data['data']['type'] == 'aid') && !is_intval($data['data']['target'])) {
$data['error'][] = $GLOBALS['BL']['be_redirect_error3'];
}
if (count($data['error'])) {
$data['data']['active'] = 0;
set_status_message(implode('<br />', $data['error']), 'error');
} else {
$data['error'] = NULL;
$rid = $data['data']['rid'];
unset($data['data']['rid']);
if ($rid) {
// Mark for deletion
if (isset($_POST['delete_' . md5($rid)])) {
$data['data']['active'] = 9;
$result = _dbQuery('DELETE FROM ' . DB_PREPEND . 'phpwcms_redirect WHERE rid=' . $rid, 'DELETE');
} else {
$result = _dbUpdate('phpwcms_redirect', $data['data'], 'rid=' . $rid);
}
} else {
$result = _dbInsert('phpwcms_redirect', $data['data']);
if (isset($result['INSERT_ID'])) {
$rid = $result['INSERT_ID'];
}
}
$data['data']['rid'] = $rid;
if ($result) {
if ($data['data']['active'] == 9) {
set_status_message(str_replace('{ID}', $data['data']['rid'], $GLOBALS['BL']['be_action_deleted']), 'success');
headerRedirect('phpwcms.php?' . get_token_get_string('csrftoken') . '&do=admin&p=14');
} else {
set_status_message($GLOBALS['BL']['be_successfully_saved'], 'success');
}
} else {
set_status_message($GLOBALS['BL']['be_error_while_save'], 'error');
}
}
return $data;
}
function qminimal($a)
{
if (is_intval($a)) {
return (string) $a;
}
return qq($a);
}
function saveprofile()
{
global $message, $prefix;
if (!is_intval($_POST['userid'])) {
die("aha! Naughty!");
}
$handle = encode(sanitize($_POST['handle']));
$password = sanitize($_POST['password']);
$repeatpassword = sanitize($_POST['repeatpassword']);
$email = sanitize(strip_tags($_POST['email']));
$firstname = encode(sanitize(strip_tags($_POST['firstname'])));
$lastname = encode(sanitize(strip_tags($_POST['lastname'])));
$website = sanitize(strip_tags($_POST['website']));
$location = encode(sanitize(strip_tags($_POST['location'])));
$query = "UPDATE " . $prefix . "users SET email=\"{$email}\", firstname=\"{$firstname}\", lastname=\"{$lastname}\", handle=\"{$handle}\", website=\"{$website}\", location=\"{$location}\"";
if ($_POST['password'] != "") {
if ($_POST['password'] == $_POST['repeatpassword']) {
$query .= ", password=\"" . sha1($_POST['password']) . "\"";
} else {
$message = $langmessage[180];
}
}
$query .= " WHERE id=" . $_POST['userid'];
dbquery($query);
}
/**
* Parse matched replacement tag
*/
function parse_match($match = '')
{
$default = array();
$match = trim($match);
// set query defaults
$this->dbReset();
$this->defaultTemplate();
if ($match !== '' && strpos($match, '=') !== FALSE) {
// oh yes fix, in case LF was converted to <br /> by phpwcms
$match = str_replace('<br />', LF, $match);
// result is a normal array
$match = parse_ini_str($match, false);
$default['items'] = isset($match['items']) ? intval($match['items']) : $this->limit;
$default['template'] = empty($match['template']) ? '' : trim($match['template']);
$default['lang'] = empty($match['lang']) ? '' : trim($match['lang']);
$default['tag'] = empty($match['tag']) ? '' : trim($match['tag']);
$default['tagmode'] = empty($match['tagmode']) ? 'OR' : (trim(strtoupper($match['tagmode'])) === 'AND' ? 'AND' : 'OR');
$default['href'] = empty($match['href']) ? '' : trim($match['href']);
$default['place'] = empty($match['place']) ? '' : trim($match['place']);
$default['gettype'] = empty($match['gettype']) ? '' : $match['gettype'];
$default['teaserwords'] = empty($match['teaserwords']) ? 0 : intval($match['teaserwords']);
if (!empty($match['expired'])) {
$match['expired'] = strtolower(trim($match['expired']));
$default['expired'] = in_array($match['expired'], array('hide', 'bottom', 'top')) ? $match['expired'] : '';
} else {
$default['expired'] = '';
}
if (!empty($match['expired_date'])) {
$match['expired_date'] = strtoupper(trim($match['expired_date']));
$default['expired_date'] = in_array($match['expired_date'], array('START', 'END')) ? $match['expired_date'] : 'END';
} else {
$default['expired_date'] = 'END';
}
$default['expired_prefix'] = empty($match['expired_prefix']) ? '' : trim($match['expired_prefix']);
$default['expired_suffix'] = empty($match['expired_suffix']) ? '' : trim($match['expired_suffix']);
} else {
// base format
// 2,main_page.tmpl,de en, href, tag1, tag2 tag2, tag3 : date_start, date_end, place
// [item count,[template[,language(en de - separated by space)[, href, tags, tag, tag, tag]]]]
$match = explode(',', $match, 5);
$default['items'] = intval($match[0]);
$default['lang'] = empty($match[1]) ? '' : $match[1];
$default['template'] = empty($match[2]) ? '' : trim($match[2]);
$default['href'] = empty($match[3]) ? '' : trim($match[3]);
$default['tagmode'] = 'OR';
$default['place'] = '';
$default['gettype'] = '';
$default['teaserwords'] = 0;
$default['expired'] = '';
$default['expired_date'] = 'END';
$default['expired_prefix'] = '';
$default['expired_suffix'] = '';
if (empty($match[4])) {
$default['tag'] = '';
} else {
// check for start/end date
$match[4] = explode(':', $match[4], 2);
if (isset($match[4][1])) {
$match[4][1] = explode(',', $match[4][1], 3);
if (!empty($match[4][1][0])) {
$match['date_start'] = $match[4][1][0];
} else {
$match['date_start'] = 'TODAY';
}
if (!empty($match[4][1][1])) {
$match['date_end'] = $match[4][1][1];
} else {
$match['date_end'] = 365 * 24 * 60 * 60 - 1;
// + 365 days - 1 second
}
if (!empty($match[4][1][2])) {
$default['place'] = trim($match[4][1][2]);
}
}
}
}
// check for limit
if (isset($_POST[$this->getbasis . 'limit'])) {
$default['items'] = intval(clean_slweg($_POST[$this->getbasis . 'limit']));
$this->session = true;
} elseif (isset($_GET[$this->getbasis . 'limit'])) {
$default['items'] = intval(clean_slweg($_GET[$this->getbasis . 'limit']));
$this->session = true;
} elseif (!empty($_SESSION['pcal']['limit'])) {
$default['items'] = $_SESSION['pcal']['limit'];
}
// check for place to search
if (isset($_POST[$this->getbasis . 'place'])) {
$default['place'] = clean_slweg($_POST[$this->getbasis . 'place']);
$this->session = true;
} elseif (isset($_GET[$this->getbasis . 'place'])) {
$default['place'] = clean_slweg($_GET[$this->getbasis . 'place']);
$this->session = true;
} elseif (!empty($_SESSION['pcal']['place'])) {
$default['place'] = $_SESSION['pcal']['place'];
}
// custom start date
if (isset($_POST[$this->getbasis . 'start'])) {
if (empty($_POST[$this->getbasis . 'start'])) {
$match['date_start'] = $_POST[$this->getbasis . 'start_year'] . '-' . $_POST[$this->getbasis . 'start_month'] . '-' . $_POST[$this->getbasis . 'start_day'] . ' 00:00:00';
} else {
$match['date_start'] = $_POST[$this->getbasis . 'start'];
}
$match['date_start'] = clean_slweg($match['date_start']);
$this->session = true;
} elseif (isset($_GET[$this->getbasis . 'start'])) {
if (empty($_GET[$this->getbasis . 'start'])) {
$match['date_start'] = $_GET[$this->getbasis . 'start_year'] . '-' . $_GET[$this->getbasis . 'start_month'] . '-' . $_GET[$this->getbasis . 'start_day'] . ' 00:00:00';
} else {
$match['date_start'] = $_GET[$this->getbasis . 'start'];
}
$match['date_start'] = clean_slweg($match['date_start']);
$this->session = true;
} elseif (!empty($_SESSION['pcal']['date_start'])) {
$match['date_start'] = $_SESSION['pcal']['date_start'];
}
// custom end date
if (isset($_POST[$this->getbasis . 'end'])) {
if (empty($_POST[$this->getbasis . 'end'])) {
$match['date_end'] = $_POST[$this->getbasis . 'end_year'] . '-' . $_POST[$this->getbasis . 'end_month'] . '-' . $_POST[$this->getbasis . 'end_day'] . ' 23:59:59';
} else {
$match['date_end'] = $_POST[$this->getbasis . 'end'];
}
$match['date_end'] = clean_slweg($match['date_end']);
$this->session = true;
} elseif (isset($_GET[$this->getbasis . 'end'])) {
if (empty($_GET[$this->getbasis . 'end'])) {
$match['date_end'] = $_GET[$this->getbasis . 'end_year'] . '-' . $_GET[$this->getbasis . 'end_month'] . '-' . $_GET[$this->getbasis . 'end_day'] . ' 23:59:59';
} else {
$match['date_end'] = $_GET[$this->getbasis . 'end'];
}
$this->session = true;
} elseif (!empty($_SESSION['pcal']['date_end'])) {
$match['date_end'] = $_SESSION['pcal']['date_end'];
}
// set custom defined start/end date
if (!empty($match['date_start'])) {
$match['date_start'] = trim($match['date_start']);
if (strtoupper($match['date_start']) == 'TODAY') {
$this->date_start = mktime(0, 0, 0, $this->current_date['mon'], $this->current_date['mday'], $this->current_date['year']);
} elseif (strtoupper($match['date_start']) == 'WEEKSTART') {
$this->date_start = strtotime((intval(date('w', $this->current_date[0])) === 1 ? 'Today' : 'last Monday') . ' 00:00:00');
} elseif (strtoupper($match['date_start']) == 'MONTHSTART') {
$this->date_start = mktime(0, 0, 0, $this->current_date['mon'], 1, $this->current_date['year']);
} elseif (strtoupper($match['date_start']) == 'YEARSTART') {
$this->date_start = mktime(0, 0, 0, 1, 1, $current_date['year']);
} else {
$match['date_start'] = phpwcms_strtotime($match['date_start']);
if ($match['date_start']) {
$this->date_start = $match['date_start'];
}
}
}
if (!empty($match['date_end'])) {
$match['date_end'] = strtoupper(trim($match['date_end']));
if (is_intval($match['date_end'])) {
$this->date_end = ceil($this->date_start + $match['date_end'] * 24 * 3600);
// Get Seconds of this day and match against 23:59:59
$today_hours = date('G', $this->date_end) * 3600;
$today_minutes = intval(date('i', $this->date_end)) * 60;
$today_seconds = intval(date('s', $this->date_end));
$total_seconds = $today_hours + $today_minutes + $today_seconds;
$this->date_end += 24 * 3600 - $total_seconds - 1;
} elseif ($match['date_end'] == 'TODAY') {
$this->date_end = mktime(23, 59, 59, $this->current_date['mon'], $this->current_date['mday'], $this->current_date['year']);
} elseif ($match['date_end'] == 'WEEKEND') {
$this->date_end = strtotime('next Sunday 23:59:59');
} elseif (preg_match('/(\\d+)\\s{0,1}(DAY|DAYS|WEEK|WEEKS|MONTH|MONTHS)/', $match['date_end'], $add)) {
$this->date_end = strtotime('+' . $add[1] . ' ' . $add[2] . ' 23:59:59', $this->date_start);
} elseif (strtoupper($match['date_end']) == 'MONTHEND') {
$this->date_end = mktime(23, 59, 59, $this->current_date['mon'], intval(date('t', $this->current_date[0])), $this->current_date['year']);
} elseif (strtoupper($match['date_end']) == 'YEAREND') {
$this->date_end = mktime(23, 59, 59, 12, 31, $current_date['year']);
} else {
if (strlen($match['date_end']) < 12 && preg_match('/[0-9\\-]/', $match['date_end']) && strpos($match['date_end'], ':') === false) {
$match['date_end'] .= ' 23:59:59';
}
$match['date_end'] = phpwcms_strtotime($match['date_end']);
if ($match['date_end']) {
$this->date_end = $match['date_end'];
}
}
}
if ($this->date_end <= $this->date_start) {
$this->date_end = mktime(0, 0, 0, $this->current_date['mon'], $this->current_date['mday'], $this->current_date['year'] + 1) - 1;
}
$this->limit = $default['items'];
$this->limit_item = $default['items'];
$this->href = $default['href'];
$this->gettype = $default['gettype'];
$this->teaserwords = $default['teaserwords'];
$this->expired = $default['expired'];
$this->expired_date = $default['expired_date'];
$this->expired_prefix = $default['expired_prefix'];
$this->expired_suffix = $default['expired_suffix'];
if ($default['template'] !== '') {
$default['template'] = preg_replace('/[\\/\\:]/', '', $default['template']);
if (is_file(PHPWCMS_TEMPLATE . 'calendar/' . $default['template'])) {
$default['template'] = file_get_contents(PHPWCMS_TEMPLATE . 'calendar/' . $default['template']);
if ($default['template']) {
$default['template'] = str_replace('{STARTDATE', '{LIVEDATE', $default['template']);
$default['template'] = str_replace('{ENDDATE', '{KILLDATE', $default['template']);
$this->template = $default['template'];
}
}
}
$where = array();
if ($default['lang'] !== '') {
$default['lang'] = str_replace(',', ' ', preg_replace('/[^a-z\\-]/', '', strtolower($default['lang'])));
$default['lang'] = array_intersect(convertStringToArray($default['lang'], ' '), $GLOBALS['phpwcms']['allowed_lang']);
if (count($default['lang'])) {
$this->where_lang = "calendar_lang IN ('" . implode("','", $default['lang']) . "')";
$where[] = $this->where_lang;
}
}
if ($default['place'] !== '') {
$places = convertStringToArray(strtolower($default['place']), ',');
$place_items = array();
foreach ($places as $place) {
$place_items[] = 'calendar_where LIKE ' . _dbEscape('%' . $place . '%');
}
if (count($place_items)) {
$this->where_place = '(' . implode(' OR ', $place_items) . ')';
$where[] = $this->where_place;
}
}
if ($default['tag'] !== '') {
$default['tag'] = convertStringToArray(strtolower($default['tag']), ',');
if (count($default['tag'])) {
$tag_where = array();
foreach ($default['tag'] as $tag) {
$tag_where[] = "cat_name='" . aporeplace($tag) . "'";
}
if (count($tag_where)) {
$this->where_tag = '(' . implode(' ' . $default['tagmode'] . ' ', $tag_where) . ')';
$where[] = $this->where_tag;
$this->join_on = 'LEFT JOIN ' . DB_PREPEND . 'phpwcms_categories ON cat_pid=calendar_id';
$this->group_by = 'calendar_id';
}
}
}
$this->where = implode(' AND ', $where);
$this->datetime_start = date('Y-m-d H:i:s', $this->date_start);
$this->datetime_end = date('Y-m-d H:i:s', $this->date_end);
$this->place = $default['place'];
$this->getDate();
if ($this->session && session_id()) {
$this->session = array('date_start' => $this->datetime_start, 'date_end' => $this->datetime_end, 'place' => $default['place'], 'limit' => $default['items']);
$_SESSION['pcal'] = isset($_SESSION['pcal']) ? array_merge($_SESSION['pcal'], $this->session) : $this->session;
}
return $default;
}
$content['news']['news_detail_link'] = clean_slweg($_POST['news_detail_link']);
if (!count($content['news']['news_lang']) || isset($content['news']['news_lang'][0]) && $content['news']['news_lang'][0] == '') {
$content['news']['news_lang'] = array();
}
if (empty($content['news']['news_sort']) || $content['news']['news_sort'] > 10) {
$content['news']['news_sort'] = 9;
}
if (empty($content['news']['news_paginate_count'])) {
$content['news']['news_paginate_count'] = $content['news']['news_paginate'] ? 10 : '';
}
if ($content['news']['news_paginate_basis'] > 4) {
$content['news']['news_paginate_basis'] = 3;
}
if (empty($content['news']['news_limit'])) {
$content['news']['news_limit'] = '';
}
if (empty($content['news']['news_skip'])) {
$content['news']['news_skip'] = '';
}
if ($content['news']['news_archive'] > 3) {
$content['news']['news_sort'] = 1;
}
if (!in_array($content['news']['news_andor'], array('OR', 'AND', 'NOT'))) {
$content['news']['news_andor'] = 'OR';
}
if (is_intval($content['news']['news_detail_link'])) {
$content['news']['news_detail_link'] = intval($content['news']['news_detail_link']) ? intval($content['news']['news_detail_link']) : '';
}
if (is_intval($content['news']['news_archive_link'])) {
$content['news']['news_archive_link'] = intval($content['news']['news_archive_link']) ? intval($content['news']['news_archive_link']) : '';
}
unlink($target_path);
}
$imagename = encode(sanitize($_POST['imagename']));
if (move_uploaded_file($_FILES['uploadedfile']['tmp_name'], $target_path)) {
@chmod($target_path, 0644);
dbquery("INSERT INTO " . $prefix . "images ( id, file, name ) VALUES (null, \"" . basename($_FILES['uploadedfile']['name']) . "\", \"{$imagename}\" )");
$message = $gallerymessage[124] . basename($_FILES['uploadedfile']['name']) . $gallerymessage[125];
} else {
$message = $gallerymessage[123];
}
}
unset($_GET['do']);
}
if ($_POST['submit'] == "Submit Settings") {
$message = "";
if (!is_intval($_POST['maxfilesize']) || !is_intval($_POST['thumbnailwidth'])) {
die($langmessage[98]);
}
if (!($fp = fopen("addons/gallery/settings.php", "w"))) {
die($langmessage[55]);
}
fwrite($fp, "<?php\n\$maxfilesize=" . $_POST['maxfilesize'] . ";\n\$thumbnailwidth=" . $_POST['thumbnailwidth'] . ";\n?>\n");
fclose($fp);
$message = $langmessage[150];
}
function images()
{
global $gallerymessage, $max_upload_image_size, $prefix;
$out = "<h2>{$gallerymessage['7']}</h2>\n<hr />\n<div align=\"center\">\n";
if ($_GET['do'] == "gallery" && $_GET['action'] == "delete" && $_GET['name'] != "") {
$out .= deleteimage($_GET['name']);
function auploads()
{
global $prefix, $langmessage, $set;
if (file_exists("addons/uploads/lang/lang_" . $set['language'] . ".php")) {
require_once "addons/uploads/lang/lang_" . $set['language'] . ".php";
} else {
require_once "addons/uploads/lang/lang_en_US.php";
}
require_once "addons/uploads/settings.php";
$message = "";
if ($_POST['submitupload'] == "Transfer upload") {
if (!is_intval($_POST['cat']) || !is_intval($_POST['fileid'])) {
die($uploadsmessage[16]);
}
dbquery("UPDATE " . $prefix . "downloads SET ex=" . $_POST['cat'] . " WHERE reg=" . $_POST['fileid']);
$filename = sanitize($_POST['filename']);
rename("./uploads/" . $filename, "./downloads/" . $filename);
}
if ($_POST['submitupload'] == "savesettings") {
if (!is_intval($_POST['adminlevel']) || !is_intval($_POST['maxsize'])) {
die($langmessage[98]);
}
$adminlevel = $_POST['adminlevel'];
$max_upload_file_size = $_POST['maxsize'];
if (!($fp = fopen("addons/uploads/settings.php", "w"))) {
die($langmessage[55]);
}
fwrite($fp, "<?php\n\$adminlevel=" . $_POST['adminlevel'] . ";\n\$max_upload_file_size={$max_upload_file_size};\n?>\n");
fclose($fp);
$message = $langmessage[150];
}
if ($message != "") {
$out .= "<h3 style=\"color: red;\">" . $message . "</h3>\n";
}
$out .= "<h2>{$uploadsmessage['1']}</h2>\n<hr />\n";
$out .= "<h3>{$uploadsmessage['18']}</h3>\n";
$out .= "<form name=\"formn\" method=\"POST\" action=\"\">\n";
$out .= "<table><tr><td>{$uploadsmessage['17']}:</td><td><SELECT name=\"adminlevel\">\n";
$out .= "<option value=\"1\"";
if ($adminlevel == 1) {
$out .= " SELECTED";
}
$out .= ">{$langmessage['161']}</option>\n";
$out .= "<option value=\"2\"";
if ($adminlevel == 2) {
$out .= " SELECTED";
}
$out .= ">{$langmessage['162']}</option>\n";
$out .= "<option value=\"3\"";
if ($adminlevel == 3) {
$out .= " SELECTED";
}
$out .= ">{$langmessage['29']}</option>\n";
$out .= "<option value=\"4\"";
if ($adminlevel == 4) {
$out .= " SELECTED";
}
$out .= ">{$langmessage['163']}</option>\n";
$out .= "</SELECT></td></tr>\n";
$out .= "<tr><td>{$uploadsmessage['20']}:</td><td><input type=\"text\" name=\"maxsize\" value=\"{$max_upload_file_size}\" /></td></tr>\n";
$out .= "<tr><td><input type=\"hidden\" name=\"submitupload\" value=\"savesettings\" /></td>";
$out .= "<td><input type=\"submit\" name=\"aaa\" value=\"{$uploadsmessage['19']}\" /></td></tr>\n";
$out .= "</table>\n</form>\n";
$cat = fetch_array(dbquery("SELECT * FROM " . $prefix . "downloadscat WHERE nome=\"Uploads\""));
$result = dbquery("SELECT * FROM " . $prefix . "downloads WHERE ex=" . $cat['id'] . " ORDER BY reg DESC");
$out .= "<hr /><h3>{$uploadsmessage['14']}</h3>\n";
$out .= "<form name=\"formm\" method=\"POST\" action=\"\">\n";
if (num_rows($result)) {
$out .= "<table cellspacing=\"5\">\n";
while ($row = fetch_array($result)) {
$out .= "<form name=\"form" . $row['reg'] . "\" method=\"post\" action=\"\">\n";
$out .= "<tr><td><input type=\"hidden\" name=\"submitupload\" value=\"Transfer upload\" />";
$out .= "<input type=\"hidden\" name=\"fileid\" value=" . $row['reg'] . " />";
$out .= "<input type=\"hidden\" name=\"filename\" value=" . $row['file'] . " />";
$out .= "<input type=\"submit\" name=\"aaa\" value=\"{$uploadsmessage['15']}\" /></td>\n";
$out .= "<td><select name=\"cat\">\n";
$output = dbquery("SELECT * FROM " . $prefix . "downloadscat WHERE nome <> \"Uploads\"");
$i = 0;
while ($row1 = fetch_array($output)) {
$out .= "<option value=\"" . $row1['id'] . "\">" . $row1['nome'] . "</option>\n";
$i++;
}
$out .= "</select></td>\n";
$out .= "<td><a href=\"addons/downloads/send.php?cat=" . $cat['id'] . "&dlid=" . $row['reg'] . "\">" . decode($row['nome']) . "</a></td><td>" . $row['file'] . "</td>\n";
$out .= "<td>" . $row['downloads'] . "</td><td>" . $row['ex'] . "</td></tr>\n</form>\n";
}
$out .= "</table>\n";
} else {
$out .= "<p>{$uploadsmessage['4']}</p>\n";
}
return $out;
}
// store cookie for 1 year
}
$_phpwcms_home['homeCntType'] = clean_slweg($_POST['homeCntType']);
@setcookie('homeCntType', $_phpwcms_home['homeCntType'], time() + 31536000);
// store cookie for 1 year
$_SESSION['phpwcms_backend_search'] = '';
}
// set if user has admin rights
$_usql = $_SESSION["wcs_user_admin"] ? '' : 'AND article_uid=' . intval($_SESSION["wcs_user_id"]) . ' ';
// first list last edited articles
$_asql_1 = "SELECT *, DATE_FORMAT(acontent_tstamp, '%d/%m/%Y %H:%i') AS acontent_changed FROM " . DB_PREPEND . "phpwcms_articlecontent t1 ";
$_asql_1 .= "LEFT JOIN " . DB_PREPEND . "phpwcms_article t2 ON ";
$_asql_1 .= "t1.acontent_aid = t2.article_id ";
$_asql_1 .= 'WHERE t1.acontent_trash=0 AND t2.article_deleted=0 ';
$_asql_1 .= $_usql;
if (is_intval($_phpwcms_home['homeCntType'])) {
$_asql_1 .= ' AND t1.acontent_type=' . _dbEscape($_phpwcms_home['homeCntType']);
}
if (!empty($_SESSION['phpwcms_backend_search'])) {
$_asql_1 .= " AND (";
$_asql_1 .= "\tCONCAT(t1.acontent_title,t1.acontent_subtitle,t1.acontent_text,t1.acontent_html) LIKE '%" . _dbEscape($_SESSION['phpwcms_backend_search'], FALSE) . "%'";
$_asql_1 .= " OR ";
$_asql_1 .= "\tCONCAT(t2.article_title,t2.article_subtitle,t2.article_summary) LIKE '%" . _dbEscape($_SESSION['phpwcms_backend_search'], FALSE) . "%'";
$_asql_1 .= " ) ";
$_be_search = $BL['be_ctype_search'] . ': ' . html($_SESSION['phpwcms_backend_search']);
} else {
$_be_search = $BL['be_last_edited'];
}
$_asql_1 .= ' ORDER BY acontent_tstamp DESC LIMIT ' . $_phpwcms_home['homeMaxCntParts'];
$_last10_articlecontent = _dbQuery($_asql_1);
$_asql_1 = "SELECT article_id, article_cid, article_title, article_subtitle, article_aktiv, article_uid, ";
if ($target_image) {
if (!empty($phpwcms['cmsimage_redirect'])) {
headerRedirect(PHPWCMS_URL . PHPWCMS_IMAGES . $target_image, 301);
}
header('Content-Type: ' . get_mimetype_by_extension($ext));
header('Content-Disposition: inline');
@readfile(PHPWCMS_THUMB . $target_image);
exit;
}
}
// uncached transparent GIF
phpwcms_empty_gif();
} else {
$data[0] = preg_replace('/[^0-9xgsXGSctrlb\\-]/', '', $data[0]);
}
if (is_intval($hash)) {
@session_start();
$file_public = empty($_SESSION["wcs_user_id"]) ? 'f_public=1' : '(f_public=1 OR f_uid=' . intval($_SESSION["wcs_user_id"]) . ')';
require_once PHPWCMS_ROOT . '/include/inc_lib/dbcon.inc.php';
$sql = 'SELECT f_hash, f_ext FROM ' . DB_PREPEND . 'phpwcms_file WHERE ';
$sql .= 'f_id=' . intval($hash) . " AND ";
if (substr($phpwcms['image_library'], 0, 2) == 'gd') {
$sql .= "f_ext IN ('jpg','jpeg','png','gif','bmp') AND ";
}
$sql .= 'f_trash=0 AND f_aktiv=1 AND ' . $file_public;
$hash = _dbQuery($sql);
if (isset($hash[0]['f_hash'])) {
$ext = $hash[0]['f_ext'];
$hash = $hash[0]['f_hash'];
} else {
$hash = '';
if ($result = mysql_query($SQL, $db) or die("error while updating content: " . $SQL)) {
if ($content["update_type"]) {
//If content part type was changed
$sql = "UPDATE " . DB_PREPEND . "phpwcms_articlecontent SET";
$sql .= " acontent_type=" . $content["target_type"];
$sql .= " WHERE acontent_id=" . $content["id"];
$sql .= " AND acontent_aid=" . $content["aid"];
mysql_query($sql, $db) or die("error while updating content type info");
}
change_articledate($content["aid"]);
//update article date too
update_cache();
// set cache timeout = 0
if (empty($_POST['SubmitClose'])) {
// cnt teaser has some special filter options
if (isset($_POST['teaser_filter_category']) && is_intval($_POST['teaser_filter_category'])) {
$_SESSION['teaser_filter_category'] = intval($_POST['teaser_filter_category']);
}
if (!empty($_POST['teaser_filter_category_by_tags'])) {
$_SESSION['teaser_filter_category_by_tags'] = true;
}
headerRedirect(PHPWCMS_URL . "phpwcms.php?do=articles&p=2&s=1&aktion=2&id=" . $content["aid"] . "&acid=" . $content["id"]);
} else {
headerRedirect(PHPWCMS_URL . "phpwcms.php?do=articles&p=2&s=1&id=" . $content["aid"]);
}
}
}
//end update/insert
}
//end error check
}
function get_structurelevel_single_article_alias($article_cid = 0)
{
if (!is_intval($article_cid)) {
return '';
}
global $content;
if (empty($content['struct'][$article_cid]['acat_articlecount'])) {
$sql = 'SELECT COUNT(article_id) FROM ' . DB_PREPEND . 'phpwcms_article ';
$sql .= 'WHERE article_cid=' . $article_cid . ' AND article_aktiv=1 AND article_deleted=0';
if (!PREVIEW_MODE) {
$sql .= ' AND article_begin < NOW() AND article_end > NOW()';
}
$content['struct'][$article_cid]['acat_articlecount'] = _dbCount($sql);
}
// reset article alias/ID
if ($content['struct'][$article_cid]['acat_articlecount'] === 1) {
return empty($content['struct'][$article_cid]['acat_alias']) ? 'id=' . $article_cid : $content['struct'][$article_cid]['acat_alias'];
}
return '';
}
$crow["acontent_template"] = '';
}
$crow['template'] = array('header' => get_tmpl_section('SEARCH_HEADER', $crow["acontent_template"]), 'footer' => get_tmpl_section('SEARCH_FOOTER', $crow["acontent_template"]), 'item_space' => get_tmpl_section('SEARCH_ITEM_SPACER', $crow["acontent_template"]), 'item' => get_tmpl_section('SEARCH_ITEM', $crow["acontent_template"]), 'pagination' => trim(get_tmpl_section('SEARCH_PAGINATE', $crow["acontent_template"])), 'text' => '', 'form' => '', 'image_render' => false);
if (!empty($_POST["search_input_field"]) || !empty($_GET['searchwords'])) {
$s_run = 0;
// check search
// remove unsecure replacement tags
$content["search_word"] = empty($_POST["search_input_field"]) ? rawurldecode($_GET['searchwords']) : $_POST["search_input_field"];
$content["search_word"] = clean_slweg($content["search_word"]);
$content["search_word"] = clean_replacement_tags($content["search_word"]);
$content["search_word"] = cleanUpSpecialHtmlEntities($content["search_word"]);
// split all search words
$content["search_word"] = explode(' ', $content["search_word"]);
$content["search_word"] = array_unique($content["search_word"]);
$content['search']['highlight_result'] = empty($content["search"]['highlight_result']) ? false : true;
$content['search']['wordlimit'] = isset($content["search"]['wordlimit']) && is_intval($content["search"]['wordlimit']) ? intval($content["search"]['wordlimit']) : 35;
$content["search"]["result_per_page"] = empty($content["search"]['result_per_page']) ? 15 : $content["search"]['result_per_page'];
if ($content["search"]["result_per_page"] == -1) {
$content["search"]["result_per_page"] = 100000;
}
if (!isset($content["search"]["show_always"])) {
$content["search"]["show_always"] = 1;
}
if (!isset($content["search"]["show_top"])) {
$content["search"]["show_top"] = 1;
}
if (!isset($content["search"]["show_bottom"])) {
$content["search"]["show_bottom"] = 1;
}
if (!isset($content["search"]["show_next"])) {
$content["search"]["show_next"] = 1;
function deletecomment()
{
global $prefix, $newsmessage;
if (!is_intval($_POST['newsid']) || !is_intval($_POST['id'])) {
return $newsmessage[3];
}
if ($_SESSION['adminlevel'] > 3) {
dbquery("DELETE FROM " . $prefix . "comments WHERE newsid=" . $_POST['newsid'] . " AND id=" . $_POST['newsid']);
return $newsmessage[175];
} else {
return $newsmessage[2];
}
}
if (isset($_response->status) && $_response->status == 'OK' && isset($_response->results[0]->address_components)) {
foreach ($_response->results[0]->address_components as $_component) {
// Test agains delivery country code
if (isset($_component->types[0]) && $_component->types[0] === 'country' && strtolower($_component->short_name) !== $subtotal['shipping_distance_details']['country_code']) {
$subtotal['shipping_distance_details']['foreign'] = true;
$_SESSION[CART_KEY]['distance_details']['foreign'] = true;
}
}
}
}
}
}
}
}
}
} elseif (isset($_SESSION[CART_KEY]['distance']) && is_intval($_SESSION[CART_KEY]['distance'])) {
$subtotal['shipping_distance'] = $_SESSION[CART_KEY]['distance'];
$subtotal['shipping_distance_details'] = array_merge($subtotal['shipping_distance_details'], $_SESSION[CART_KEY]['distance_details']);
}
}
foreach (_getConfig('shop_pref_shipping', '_shopPref') as $item_key => $row) {
// calculate shipping costs based on weight
if ($subtotal['shipping_calc_type'] === 0) {
// do nothing as long shipping fee = 0
if ($row['net'] == 0) {
continue;
}
// lower weight and current shipping fee lower then this
if ($subtotal['weight'] <= $row['weight']) {
$subtotal['shipping_calc'] = true;
}
function search()
{
if (!$this->search_word_count) {
return NULL;
}
$shop_url = _getConfig('shop_pref_id_shop', '_shopPref');
$shop_lang_support = _getConfig('shop_pref_felang') ? true : false;
if (!is_intval($shop_url) && is_string($shop_url)) {
$shop_url = trim($shop_url);
} elseif (is_intval($shop_url) && intval($shop_url)) {
$shop_url = 'aid=' . intval($shop_url);
} else {
$shop_url = $GLOBALS['aktion'][1] ? 'aid=' . $GLOBALS['aktion'][1] : 'id=' . $GLOBALS['aktion'][0];
}
if ($this->search_highlight_words && is_array($this->search_highlight_words)) {
$s_highlight_words = implode(' ', $this->search_highlight_words);
} else {
$s_highlight_words = '';
$this->search_highlight = false;
}
$sql = 'SELECT shopprod_id, shopprod_category, shopprod_ordernumber, ';
$sql .= 'shopprod_name1, shopprod_var, ';
$sql .= 'UNIX_TIMESTAMP(shopprod_changedate) AS shopprod_date, ';
$sql .= 'CONCAT(';
$sql .= "\tshopprod_description0,' ',";
$sql .= "\tshopprod_description1,' ',";
$sql .= "\tshopprod_description2,' ',";
$sql .= "\tshopprod_description3,' ',";
$sql .= "\tshopprod_color,' ',";
$sql .= "\tshopprod_size,' ',";
$sql .= "\tshopprod_ordernumber,' ',";
$sql .= "\tshopprod_model,' ',";
$sql .= "\tshopprod_name1,' ',";
$sql .= "\tshopprod_name2,' '";
$sql .= ') AS shopprod_search ';
$sql .= 'FROM ' . DB_PREPEND . 'phpwcms_shop_products WHERE shopprod_status=1';
if ($shop_lang_support && !empty($GLOBALS['phpwcms']['default_lang'])) {
$sql .= " AND (shopprod_lang='' OR shopprod_lang=" . _dbEscape($GLOBALS['phpwcms']['default_lang']) . ')';
}
$data = _dbQuery($sql);
foreach ($data as $value) {
$s_result = array();
$s_text = $value['shopprod_search'];
$s_text = str_replace(array('~', '|', ':', 'http', '//', '_blank', ' '), ' ', $s_text);
$s_text = clean_search_text($s_text);
preg_match_all('/' . $this->search_words . '/is', $s_text, $s_result);
$s_count = count($s_result[0]);
if ($s_count && SEARCH_TYPE_AND) {
$s_and_or = array();
foreach ($s_result[0] as $svalue) {
$s_and_or[strtolower($svalue)] = 1;
}
$s_and_or = count($s_and_or);
if ($s_and_or != $this->search_word_count) {
$s_count = 0;
}
}
if ($s_count) {
$id = $this->search_result_entry;
$s_title = $value['shopprod_ordernumber'] ? trim($value['shopprod_ordernumber']) . ': ' : '';
$s_title .= $value['shopprod_name1'];
$s_title = html($s_title);
$s_text = trim($s_text);
if ($this->search_wordlimit) {
$s_text = getCleanSubString($s_text, $this->search_wordlimit, $this->ellipse_sign, 'word');
}
$s_text = html($s_text);
$this->search_results[$id]["id"] = $value['shopprod_id'];
$this->search_results[$id]["cid"] = 0;
$this->search_results[$id]["rank"] = $s_count;
$this->search_results[$id]["date"] = $value['shopprod_date'];
$this->search_results[$id]["user"] = '';
$this->search_results[$id]["subtitle"] = '';
$this->search_results[$id]['query'] = $shop_url;
//.'&shop_cat='.$value['shopprod_category'].'&shop_detail='.$value['shopprod_id'];
$this->search_results[$id]['image'] = false;
if ($this->image_render) {
$value['shopprod_var'] = unserialize($value['shopprod_var']);
if (isset($value['shopprod_var']['images'][0]['f_hash'])) {
$this->search_results[$id]['image'] = array('id' => $value['shopprod_var']['images'][0]['f_id'], 'hash' => $value['shopprod_var']['images'][0]['f_hash'], 'ext' => $value['shopprod_var']['images'][0]['f_ext'], 'name' => $value['shopprod_var']['images'][0]['f_name']);
}
}
if ($this->search_highlight) {
$this->search_results[$id]["title"] = highlightSearchResult($s_title, $this->search_highlight_words);
$this->search_results[$id]["text"] = highlightSearchResult($s_text, $this->search_highlight_words);
$this->search_results[$id]['link'] = rel_url(array('shop_cat' => $value['shopprod_category'], 'shop_detail' => $value['shopprod_id'], 'highlight' => $s_highlight_words), array('searchstart', 'searchwords'), $shop_url);
} else {
$this->search_results[$id]["title"] = $s_title;
$this->search_results[$id]["text"] = $s_text;
$this->search_results[$id]['link'] = rel_url(array('shop_cat' => $value['shopprod_category'], 'shop_detail' => $value['shopprod_id']), array('highlight', 'searchstart', 'searchwords'), $shop_url);
}
$this->search_result_entry++;
}
}
}
