function dowork() { global $db, $main_smarty; $canIhaveAccess = 0; $canIhaveAccess = $canIhaveAccess + checklevel('admin'); if ($canIhaveAccess == 1) { if (is_writable('../settings.php') == 0) { die("<div class='alert'>Error: settings.php is not writeable.</div>"); } $action = isset($_REQUEST['action']) && sanitize($_REQUEST['action'], 3) != '' ? sanitize($_REQUEST['action'], 3) : "view"; if ($action == "view") { $config = new pliggconfig(); if (isset($_REQUEST['page'])) { $config->var_page = sanitize($_REQUEST['page'], 3); $config->showpage(); } } if ($action == "save") { $config = new pliggconfig(); // $config->var_id = substr(sanitize($_REQUEST['var_id'], 3), 6, 10); $config->var_id = sanitize($_REQUEST['var_id'], 3); $config->read(); // Check if template exists if ($config->var_name == '$thetemp' && $config->var_value != js_urldecode($_REQUEST['var_value'])) { if (!file_exists('../templates/' . js_urldecode($_REQUEST['var_value']))) { print "alert('" . $main_smarty->get_config_vars('PLIGG_Visual_AdminPanel_NoTemplate') . "')"; exit; } else { if (file_exists('../templates/' . js_urldecode($_REQUEST['var_value']) . '/template_details.php')) { include '../templates/' . js_urldecode($_REQUEST['var_value']) . '/template_details.php'; } if ($template_info['designed_for_pligg_version'] < pligg_version() && !$_REQUEST['force']) { if (!$template_info['designed_for_pligg_version']) { $template_info['designed_for_pligg_version'] = 'unknown'; } print sprintf("if (confirm('" . $main_smarty->get_config_vars('PLIGG_Visual_AdminPanel_Template_Version') . "')) {XMLHttpRequestObject.open('GET', '?action=save&var_id={$config->var_id}&var_value=" . urlencode($_REQUEST['var_value']) . "&force=1', true); XMLHttpRequestObject.send(null);}", $template_info['designed_for_pligg_version'], pligg_version()); exit; } } } $config->var_value = $db->escape(js_urldecode($_REQUEST['var_value'])); $config->store(false); } } }
<?php include_once 'internal/Smarty.class.php'; $main_smarty = new Smarty(); include 'config.php'; include mnminclude . 'html1.php'; include_once mnminclude . 'smartyvariables.php'; $type = sanitize($_REQUEST['type'], 2); $name = js_urldecode($_POST["name"]); switch ($type) { case 'username': if (utf8_strlen($name) < 3) { // if username is less than 3 characters echo $main_smarty->get_config_vars("PLIGG_Visual_CheckField_UserShort"); return; } if (preg_match('/\\pL/u', 'a')) { // Check if PCRE was compiled with UTF-8 support if (!preg_match('/^[_\\-\\d\\p{L}\\p{M}]+$/iu', $name)) { // if username contains invalid characters echo $main_smarty->get_config_vars("PLIGG_Visual_CheckField_InvalidChars"); return; } } else { if (!preg_match('/^[^~`@%&=\\/;:\\.,<>!"\\\'\\^\\.\\[\\]\\$\\(\\)\\|\\*\\+\\-\\?\\{\\}\\\\]+$/', $name)) { // if username contains invalid characters echo $main_smarty->get_config_vars("PLIGG_Visual_CheckField_InvalidChars"); return; } } if (user_exists($name)) {
$cansend = 0; $addresses = explode(", ", sanitize($_POST['email_address'], 3)); for ($i = 0; $i < count($addresses); $i++) { if ($addresses[$i] != "") { if (!check_email_address($addresses[$i])) { $cansend = -100; echo '<br>Error: ' . $addresses[$i] . ' is not a valid email address.<br>'; } else { $cansend = $cansend + 10; $headers .= "Bcc: " . $addresses[$i] . "\n"; } } } $headers .= "Content-Type: text/plain; charset=utf-8\n"; $subject = isset($_POST['email_subject']) && sanitize($_POST['email_subject'], 3) != '' ? sanitize(js_urldecode($_POST['email_subject']), 3) : Email_Subject . $link->title; $message = isset($_POST['email_message']) && sanitize($_POST['email_message'], 3) != '' ? sanitize(js_urldecode($_POST['email_message']), 3) : Default_Message; if ($current_user->user_login) { $body = $message . "\r\n\r\n" . Included_Text_Part1 . " " . $current_user->user_login . "," . Included_Text_Part2 . "\r\n\r\n" . $link->title . " - " . strip_tags($link->content) . "\r\n\r\n" . $main_smarty->get_config_vars('PLIGG_Visual_Email_Tell_A_Friend') . $link_url; } else { $body = $message . "\r\n\r\n" . Included_Text_Part1 . " Anonymous," . Included_Text_Part2 . "\r\n\r\n" . $link->title . " - " . strip_tags($link->content) . "\r\n\r\n" . $main_smarty->get_config_vars('PLIGG_Visual_Email_Tell_A_Friend') . $link_url; } $backup = isset($_POST['backup']) && is_numeric($_POST['backup']) ? $_POST['backup'] : 2; if ($cansend >= 10) { $addresses = explode(", ", sanitize($_POST['email_address'], 3)); mailer_start(); $mailer = new PliggMailer($subject, $body, Send_From_Email, $addresses); if ($mailer->send()) { $sql = 'UPDATE `' . table_users . '` SET `last_email_friend` = FROM_UNIXTIME(' . time() . ') WHERE `user_login` = "' . $current_user->user_login . '"'; $db->query($sql); echo "<br>Sent! <br><br>"; if ($backup > 0) {
function admin_language_showpage() { global $main_smarty, $the_template; include_once 'config.php'; include_once mnminclude . 'html1.php'; include_once mnminclude . 'link.php'; include_once mnminclude . 'tags.php'; include_once mnminclude . 'smartyvariables.php'; $main_smarty = do_sidebar($main_smarty); force_authentication(); $canIhaveAccess = 0; $canIhaveAccess = $canIhaveAccess + checklevel('god'); if ($canIhaveAccess == 1) { if ($_REQUEST['var_id'] != "") { $lines = file('./languages/lang_' . pligg_language . '.conf'); $filename = './languages/lang_' . pligg_language . '.conf'; if ($handle = fopen($filename, 'w')) { foreach ($lines as $line_num => $line) { if (substr($line, 0, 2) != "//") { if (strlen(trim($line)) > 2) { $x = strpos($line, "="); if (trim(substr($line, 0, $x)) == str_replace('emptytext_', '', $_REQUEST["var_id"])) { $y = trim(substr($line, $x + 1, 10000)); $y = str_replace('"', '', $y); $line = trim(substr($line, 0, $x)) . ' = "' . $_REQUEST["var_value"] . '"' . "\n"; $returnVal = $_REQUEST["var_value"]; } } } if (fwrite($handle, $line)) { } else { echo "<b>Could not write to '{$filename}' file</b>"; } } fclose($handle); //header('Location: admin_modifylanguage.php'); } else { echo "<b>Could not open '{$filename}' file for writing</b>"; } echo $returnVal; die; } $canContinue = 1; $canContinue = isWriteable($canContinue, './languages/lang_' . pligg_language . '.conf', 0777, './languages/lang_' . pligg_language . '.conf'); if (!$canContinue) { echo 'File is not writeable. Please CHMOD /languages/lang_' . pligg_language . '.conf to 777 and refresh this page.<br /><br /><br />'; die; } $lines = file('./languages/lang_' . pligg_language . '.conf'); $section = "x"; $lastsection = ""; $tabA = " "; if (isset($_GET["mode"])) { if ($_GET["mode"] == "edit") { $outputHtml[] = "<form>"; $outputHtml[] = "<table class='listing'>"; $outputHtml[] = "Editing <b>" . sanitize($_GET["edit"], 1) . "</b><br /><br />"; foreach ($lines as $line_num => $line) { if (substr($line, 0, 2) != "//") { if (strlen(trim($line)) > 2) { $x = strpos($line, "="); if (trim(substr($line, 0, $x)) == $_GET["edit"]) { $y = trim(substr($line, $x + 1, 10000)); $y = str_replace('"', "", $y); $outputHtml[] = "Current Value: " . $y . "<br />"; $outputHtml[] = '<input type = "hidden" name = "edit" value = "' . $_GET["edit"] . '">'; $outputHtml[] = '<input type = "hidden" name = "mode" value = "save">'; $outputHtml[] = '<input name = "newvalue" value = "' . $y . '" size=75><br />'; $outputHtml[] = '<input type = "submit" name = "save" value = "save" class = "log2">'; } } } } } if ($_GET["mode"] == "save") { //print_r($_GET); //print "New: ".js_urldecode($_GET["newvalue"]); $_GET["newvalue"] = js_urldecode($_GET["newvalue"]); $outputHtml[] = "saving <b>" . $_GET["edit"] . "</b><br />"; $filename = './languages/lang_' . pligg_language . '.conf'; if ($handle = fopen($filename, 'w')) { foreach ($lines as $line_num => $line) { if (substr($line, 0, 2) != "//") { if (strlen(trim($line)) > 2) { $x = strpos($line, "="); if (trim(substr($line, 0, $x)) == $_GET["edit"]) { $y = trim(substr($line, $x + 1, 10000)); $y = str_replace('"', '', $y); $line = trim(substr($line, 0, $x)) . ' = "' . addslashes($_GET["newvalue"]) . '"' . "\n"; } } } if (fwrite($handle, $line)) { } else { $outputHtml[] = "<b>Could not write to '{$filename}' file</b>"; } } fclose($handle); exit; // header('Location: admin_modifylanguage.php'); } else { $outputHtml[] = "<b>Could not open '{$filename}' file for writing</b>"; } } } else { $outputHtml = array(); $outputHtml[] = '<table id="mytable" class="listing">'; foreach ($lines as $line_num => $line) { if (substr($line, 0, 2) == "//") { $x = strpos($line, "<LANG>"); if ($x === false) { } else { $y = strpos($line, "</LANG>"); $lang = substr($line, $x + 6, $y); } $x = strpos($line, "<TITLE>"); if ($x === false) { } else { $y = strpos($line, "</TITLE>"); $outputHtml[] = "<tr><td bgcolor = BFBFBF><b>Title:</b>" . substr($line, $x + 7, $y) . "</td></tr>"; } $x = strpos($line, "<SECTION>"); if ($x > 0) { $y = strpos($line, '</SECTION>'); $section = substr($line, $x + 9, $y - $x); if ($section != $lastsection) { $lastsection = $section; $outputHtml[] = '<tr id="row_ASDFGHJK"><td></td></tr>'; $outputHtml[] = '<tr id="row_ASDFGHJK"><td></td></tr>'; $outputHtml[] = '<tr id="row_ASDFGHJK"><td></td></tr>'; $outputHtml[] = '<tr id="row_ASDFGHJK"><th><b>Section</b>: ' . $section . '</th></tr>'; } } $x = strpos($line, "<VERSION>"); if ($x === false) { } else { $y = strpos($line, "</VERSION>"); $version = substr($line, $x + 9, $y); } $x = strpos($line, "<ADDED>"); if ($x === false) { } else { $y = strpos($line, "</ADDED>"); $added = substr($line, $x + 7, $y) * 1; } } else { if (strlen(trim($line)) > 2) { $x = strpos($line, "="); $outputHtml[] = '<tr id = "row_' . str_replace('"', '', trim(substr($line, $x + 1, 10000))) . '"><td><form onsubmit="return false"><fieldset>'; $grey = "grey1"; $outputHtml[] = "<b>" . $tabA . trim(substr($line, 0, $x)); $outputHtml[] = "</b><br />"; $outputHtml[] = "" . $tabA . $tabA; $ID = trim(substr($line, 0, $x)); $VALUE = htmlspecialchars(trim(substr(stripslashes($line), $x + 1, 10000), " \t\n\r\"\\'")); // $VALUE = htmlspecialchars(str_replace('"', '', trim(substr($line, $x + 1, 10000)))); if (function_exists("iconv") && detect_encoding($VALUE) != 'utf-8') { $VALUE = iconv('', 'UTF-8//IGNORE', $VALUE); } $outputHtml[] = "Value: <span class=\"emptytext\" id=\"editme{$ID}\" onclick=\"show_edit('{$ID}')\">{$VALUE}</span>"; $outputHtml[] = "<span id=\"showme{$ID}\" style=\"display:none;\">"; $outputHtml[] = "<input type=\"text\" name=\"var_value\" value=\"{$VALUE}\">"; $outputHtml[] = "<br><div style='margin:5px 0 0 75px;'><input type=\"submit\" value=\"Save\" onclick=\"save_changes('{$ID}',this.form)\">"; $outputHtml[] = "<input type=\"reset\" value=\"Cancel\" onclick=\"hide_edit('{$ID}')\"></span></div><br>"; $outputHtml[] = "</fieldset></form>"; $outputHtml[] = "</td></tr>"; } } } } $outputHtml[] = "</table>"; $main_smarty->assign('outputHtml', $outputHtml); // breadcrumbs $navwhere['text1'] = $main_smarty->get_config_vars('PLIGG_Visual_Header_AdminPanel'); $navwhere['link1'] = getmyurl('admin', ''); $navwhere['text2'] = "Modify Language"; $navwhere['link2'] = my_pligg_base . "/module.php?module=admin_language"; $main_smarty->assign('navbar_where', $navwhere); $main_smarty->assign('posttitle', " | " . $main_smarty->get_config_vars('PLIGG_Visual_Header_AdminPanel')); // breadcrumbs //Method for identifying modules rather than pagename define('modulename', 'admin_language'); $main_smarty->assign('modulename', modulename); define('pagename', 'admin_modifylanguage'); $main_smarty->assign('pagename', pagename); $main_smarty->assign('editinplace_init', $editinplace_init); $main_smarty->assign('tpl_center', admin_language_tpl_path . 'admin_language_main'); $main_smarty->display($template_dir . '/admin/admin.tpl'); } else { header("Location: " . getmyurl('login', $_SERVER['REQUEST_URI'])); } }
function admin_language_showpage() { global $main_smarty, $the_template; include_once 'config.php'; include_once mnminclude . 'html1.php'; include_once mnminclude . 'link.php'; include_once mnminclude . 'tags.php'; include_once mnminclude . 'smartyvariables.php'; $main_smarty = do_sidebar($main_smarty); force_authentication(); $canIhaveAccess = 0; $canIhaveAccess = $canIhaveAccess + checklevel('admin'); if ($canIhaveAccess == 1) { // Lines from all language files $files = new LangFiles(); // Update a line if ($_GET["mode"] == "save") { #echo "ankan"; if ($error = $files->set($_REQUEST['edit'], js_urldecode($_REQUEST['newvalue']), $_REQUEST['file'])) { echo "<strong>{$error}</strong>"; } // Display the list of all lines } else { $lines = array(); $oldmodule = ''; // All lines from all files here foreach ($files as $lnum => $line) { $l = array(); // Extract filename list($file, $pos) = explode('#', $lnum); $l['file'] = $file; // Add SECTION line for a new module if ($files->getName($file) != $oldmodule) { $l['section'] = $oldmodule = $files->getName($file); $lines[] = $l; unset($l['section']); } // Commented lines (auxiliary info) if (substr($line, 0, 2) == "//") { if (preg_match('/<TITLE>(.+)<\\/TITLE>/', $line, $m)) { $l['title'] = $m[1]; } elseif (preg_match('/<SECTION>(.+)<\\/SECTION>/', $line, $m)) { $l['section'] = $m[1]; } else { continue; } } elseif (strlen(trim($line)) > 2) { if (preg_match('/^([^=]+)\\s*=\\s*"?(.+)"?$/', trim($line), $m)) { $l['id'] = trim($m[1]); $l['value'] = htmlspecialchars(str_replace('"', '', trim($m[2]))); if (function_exists("iconv") && detect_encoding($l['value']) != 'utf-8') { $l['value'] = iconv('', 'UTF-8//IGNORE', $l['value']); } } else { $l['error'] = "Can't parse {$line}"; } } else { continue; } $lines[] = $l; } $main_smarty->assign('lines', $lines); // breadcrumbs $navwhere['text1'] = $main_smarty->get_config_vars('PLIGG_Visual_Header_AdminPanel'); $navwhere['link1'] = getmyurl('admin', ''); $navwhere['text2'] = "Modify Language"; $navwhere['link2'] = my_pligg_base . "/module.php?module=admin_language"; $main_smarty->assign('navbar_where', $navwhere); $main_smarty->assign('posttitle', " | " . $main_smarty->get_config_vars('PLIGG_Visual_Header_AdminPanel')); // breadcrumbs //Method for identifying modules rather than pagename define('modulename', 'admin_language'); $main_smarty->assign('modulename', modulename); define('pagename', 'admin_modifylanguage'); $main_smarty->assign('pagename', pagename); $main_smarty->assign('editinplace_init', $editinplace_init); $main_smarty->assign('tpl_center', admin_language_tpl_path . 'admin_language_main'); $main_smarty->display($template_dir . '/admin/admin.tpl'); } } else { header("Location: " . getmyurl('login', $_SERVER['REQUEST_URI'])); } }