function admin_plugin_externalcontent_run(&$bBlog)
{
// Determine what our admin is attempting to do
if (isset($_GET['action'])) {
$action = $_GET['action'];
} elseif (isset($_POST['action'])) {
$action = $_POST['action'];
} else {
$action = '';
}
switch ($action) {
case "New":
// add new provider
$bBlog->query("insert into " . T_EXT_CONTENT . "\n set nicename='" . my_addslashes($_POST['nicename']) . "',\n url='" . my_addslashes($_POST['url']) . "'");
break;
case "Delete":
// delete provider
$bBlog->query("delete from " . T_EXT_CONTENT . " where id=" . $_POST['providerid']);
break;
case "Save":
// update an existing provider
if (isset($_POST['enabled'])) {
$enabled = 'true';
} else {
$enabled = 'false';
}
$bBlog->query("update " . T_EXT_CONTENT . "\n set nicename='" . my_addslashes($_POST['nicename']) . "',\n url='" . my_addslashes($_POST['url']) . "',\n enabled='" . $enabled . "'\n where id=" . $_POST['providerid']);
break;
default:
// show form
break;
}
$bBlog->smartyObj->assign('eproviders', $bBlog->get_results("select * from " . T_EXT_CONTENT . " order by nicename"));
}
/**
* Reads all values from the Request Object either adding slashes or
* Removing them based on preference.
*
* @param string $buffer the text to remove slashes from.
*
* @return string $buffer the converted string.
*/
function parse_incoming($addslashes = false)
{
global $_REQUEST;
if ($addslashes) {
return my_addslashes($_REQUEST);
} else {
return my_stripslashes($_REQUEST);
}
}
/**
* Process a trackback someone sent to us
*
* @param string $ip IP Address of the pinger
* @param array $ext_vars The trackback data, in the format:
* +================================================+
* | key | value |
* +-----------+------------------------------------+
* | url* | URL of the pinging site |
* +-----------+------------------------------------+
* | title | Title of the referring article |
* +-----------+------------------------------------+
* | excerpt | Excerpt from the referring article |
* +-----------+------------------------------------+
* | blog_name | Name of the referring blog |
* +===========+====================================+
* @param int $commentid If given, the ID of a comment in a blog
*/
function receiveTrackback($ip, $ext_vars, $commentid = null)
{
$this->_ip = $ip;
$this->_tbdata = $ext_vars;
$allow = $this->allowTrackback();
if (is_array($allow)) {
foreach ($allow['message'] as $msg) {
$err .= ' ' . $msg;
}
$this->userResponse(1, $msg);
} else {
$replyto = is_null($commentid) ? $commentid : 0;
/*
* According to the spec, only URL is required, all else is optional
*/
$vars['posterwebsite'] = my_addslashes($this->_tbdata['url']);
/**
* Policy:
* In the interests of spam-blocking, the only hypertext we allow is the
* URL of the poster. This is the only deviance from comment handling
*/
$vars['title'] = isset($this->_tbdata['title']) ? my_addslashes(StringHandling::removeTags($this->_tbdata['title'])) : '';
$vars['commenttext'] = isset($this->_tbdata['excerpt']) ? my_addslashes(StringHandling::removeTags($this->_tbdata['excerpt'])) : '';
$vars['postername'] = isset($this->_tbdata['blog_name']) ? my_addslashes(StringHandling::removeTags($this->_tbdata['blog_name'])) : '';
$vars['posttime'] = time();
$vars['ip'] = $this->_ip;
$vars['postid'] = $this->_post->postid;
if ($replyto > 0) {
$vars['parentid'] = $replyto;
}
/*
* Added check for moderation.
* Follow the same rules as for comments
*/
$vars['commenttext'] = StringHandling::removeTags(my_addslashes($vars['commenttext']));
$vars['onhold'] = $this->needsModeration($vars['commenttext']) ? 1 : 0;
$vars['type'] = 'trackback';
//Save the trackback
$id = $this->saveComment($vars);
if ($id > 0) {
// notify owner
if (C_NOTIFY == true) {
$this->notify($vars['postername'], $this->_post->permalink, $vars['onhold'], $vars['commenttext']);
}
$this->updateCommentCount($this->_db, $this->_post->postid);
$this->userResponse(0);
} else {
$this->userResponse(1, "Error adding trackback : " . mysql_error());
}
}
}
function prep_new_post()
{
$post->title = my_addslashes($_POST['title_text']);
$post->body = my_addslashes($_POST['body_text']);
// there has to be abetter way that this but i'm tired.
if (!isset($_POST['modifier'])) {
$post->modifier = C_DEFAULT_MODIFIER;
} else {
$post->modifier = my_addslashes($_POST['modifier']);
}
if (!isset($_POST['pubstatus'])) {
$post->status = C_DEFAULT_STATUS;
} else {
$post->status = my_addslashes($_POST['pubstatus']);
}
if (isset($_POST['sections'])) {
$_tmp_sections = (array) $_POST['sections'];
} else {
$_tmp_sections = null;
}
$post->sections = array();
$post->providing_sections = TRUE;
// this is so that bBlog knows to delete sections if there are none.
if (!is_null($_tmp_sections)) {
foreach ($_tmp_sections as $_tmp_section) {
if (is_numeric($_tmp_section)) {
$post->sections[] = $_tmp_section;
}
}
}
if (isset($_POST['hidefromhome']) && $_POST['hidefromhome'] == 'hide') {
$hidefromhome = 'hide';
} else {
$hidefromhome = 'donthide';
}
$post->hidefromhome = $hidefromhome;
$post->allowcomments = $_POST['commentoptions'];
if (isset($_POST['disallowcommentsdays'])) {
$disdays = (int) $_POST['disallowcommentsdays'];
} else {
$disdays = 0;
}
$time = (int) time();
$autodisabledate = $time + $disdays * 3600 * 24;
$post->autodisabledate = $autodisabledate;
return $post;
}
/**
* Process a trackback someone sent to us
*
* @param string $ip IP Address of the pinger
* @param array $ext_vars The trackback data, in the format:
* +================================================+
* | key | value |
* +-----------+------------------------------------+
* | url* | URL of the pinging site |
* +-----------+------------------------------------+
* | title | Title of the referring article |
* +-----------+------------------------------------+
* | excerpt | Excerpt from the referring article |
* +-----------+------------------------------------+
* | blog_name | Name of the referring blog |
* +===========+====================================+
* @param int $commentid If given, the ID of a comment in a blog
*/
function receiveTrackback($ip, $ext_vars, $commentid = null)
{
$this->_ip = $ip;
$this->_tbdata = $ext_vars;
$allow = $this->allowTrackback();
if (is_array($allow)) {
foreach ($allow['message'] as $msg) {
$err .= ' ' . $msg;
}
$this->userResponse(1, $msg);
} else {
$replyto = is_null($commentid) ? $commentid : 0;
/*
* According to the spec, only URL is required, all else is optional
*/
$vars['posterwebsite'] = my_addslashes($this->_tbdata['url']);
$vars['title'] = isset($this->_tbdata['title']) ? my_addslashes($this->_tbdata['title']) : '';
$vars['commenttext'] = isset($this->_tbdata['excerpt']) ? my_addslashes($this->_tbdata['excerpt']) : '';
$vars['postername'] = isset($this->_tbdata['blog_name']) ? my_addslashes($this->_tbdata['blog_name']) : '';
$vars['posttime'] = time();
$vars['ip'] = $this->_ip;
$vars['postid'] = $this->_post->postid;
if ($replyto > 0) {
$vars['parentid'] = $replyto;
}
/*
* Added check for moderation.
* Follow the same rules as for comments
*/
$vars['commenttext'] = Comments::processCommentText(my_addslashes($vars['commenttext']));
$vars['onhold'] = Comments::needsModeration($vars['commenttext']) ? 1 : 0;
$vars['type'] = 'trackback';
//Save the trackback
$id = Comments::saveComment(&$db, $vars);
if ($id > 0) {
// notify owner
if (C_NOTIFY == true) {
Comments::notify($vars['postername'], $this->_post->permalink, $vars['onhold'], $vars['commenttext']);
}
Comments::updateCommentCount($this->_db, $this->_post->postid);
$this->userResponse(0);
} else {
$this->userResponse(1, "Error adding trackback : " . mysql_error());
}
}
}
function saveconfig()
{
global $db;
$default_point = intval($_POST['default_point']);
$zs_points = intval($_POST['zs_points']);
$getpoints = my_addslashes($_POST['getpoints']);
$array = array('default_point' => $default_point, 'getpoints' => $getpoints, 'zs_points' => $zs_points);
$db->update('ve123_zz_config', $array, "config_id='1'");
$config = $db->get_one('select * from ve123_zz_config limit 1');
$str .= '<?php' . chr(13) . chr(10);
$str .= "\$zz_config['default_point']=" . $default_point . ';' . chr(13) . chr(10);
$str .= "\$zz_config['zs_points']=" . $zs_points . ';' . chr(13) . chr(10);
$str .= "\$zz_config['getpoints']=\"" . $getpoints . "\";" . chr(13) . chr(10);
$str .= '?>';
$fp = @fopen('../cache/zz_config.php', 'w') or die('写方式打开文件失败,请检查程序目录是否为可写');
@fputs($fp, $str) or die('文件写入失败,请检查程序目录是否为可写');
@fclose($fp);
jsalert('修改成功!');
}
function saveconfig()
{
global $db;
$default_point = intval($_POST["default_point"]);
$zs_points = intval($_POST["zs_points"]);
$getpoints = my_addslashes($_POST["getpoints"]);
$array = array('default_point' => $default_point, 'getpoints' => $getpoints, 'zs_points' => $zs_points);
$db->update("ve123_tg_config", $array, "config_id='1'");
$config = $db->get_one("select * from ve123_tg_config limit 1");
$str .= "<?php" . chr(13) . chr(10);
$str .= "\$tg_config['default_point']=" . $default_point . ";" . chr(13) . chr(10);
$str .= "\$tg_config['zs_points']=" . $zs_points . ";" . chr(13) . chr(10);
$str .= "\$tg_config['getpoints']=\"" . $getpoints . "\";" . chr(13) . chr(10);
$str .= "?>";
$fp = @fopen("../cache/tg_config.php", "w") or die("写方式打开文件失败,请检查程序目录是否为可写");
//配置conn.php文件
@fputs($fp, $str) or die("文件写入失败,请检查程序目录是否为可写");
@fclose($fp);
jsalert("修改成功!");
}
function prepFields($vars, $replyto, $id)
{
$rval['postername'] = my_addslashes(htmlspecialchars($vars["name"]));
if (empty($rval['postername'])) {
$rval['postername'] = "Anonymous";
}
$rval['posteremail'] = my_addslashes(htmlspecialchars($vars["email"]));
$rval['title'] = my_addslashes(htmlspecialchars($vars["title"]));
$rval['posterwebsite'] = my_addslashes(StringHandling::transformLinks(htmlspecialchars($vars["website"])));
$rval['commenttext'] = Comments::processCommentText(my_addslashes($vars["comment"]));
$rval['pubemail'] = $vars["public_email"] == 1 ? 1 : 0;
$rval['pubwebsite'] = $vars["public_website"] == 1 ? 1 : 0;
$rval['posternotify'] = $vars["notify"] == 1 ? 1 : 0;
$rval['posttime'] = time();
$rval['ip'] = $_SERVER['REMOTE_ADDR'];
$rval['onhold'] = Comments::needsModeration($rval['commenttext']) ? 1 : 0;
$rval['postid'] = $id;
if ($replyto > 0) {
$rval['parentid'] = $replyto;
}
$rval['type'] = 'comment';
return $rval;
}
/**
*
*
* @param unknown $bBlog (reference)
*/
function admin_plugin_sections_run(&$bBlog)
{
// Again, the plugin API needs work.
if (isset($_GET['sectdo'])) {
$sectdo = $_GET['sectdo'];
} elseif (isset($_POST['sectdo'])) {
$sectdo = $_POST['sectdo'];
} else {
$sectdo = '';
}
switch ($sectdo) {
case 'new':
// sections are being editied
$bBlog->query("insert into " . T_SECTIONS . "\n\t\t\tset nicename='" . my_addslashes($_POST['nicename']) . "',\n\t\t\tname='" . my_addslashes($_POST['urlname']) . "'");
$insid = $bBlog->insert_id;
$bBlog->get_sections();
// update the section cache
break;
case "Delete":
// delete section
// have to remove all references to the section in the posts
$sect_id = $bBlog->sect_by_name[$_POST['sname']];
if ($sect_id > 0) {
//
$posts_in_section_q = $bBlog->make_post_query(array("sectionid" => $sect_id));
$posts_in_section = $bBlog->get_posts($posts_in_section_q, TRUE);
if ($posts_in_section) {
foreach ($posts_in_section as $post) {
unset($tmpr);
$tmpr = array();
$tmpsections = explode(":", $post->sections);
foreach ($tmpsections as $tmpsection) {
if ($tmpsection != $sect_id) {
$tmpr[] = $tmpsection;
}
}
$newsects = implode(":", $tmpr);
// update the posts to remove the section
$bBlog->query("update " . T_POSTS . " set sections='{$newsects}'\n \twhere postid='{$post->postid}'");
}
// end foreach ($post_in_section as $post)
}
// end if($posts_in_section)
// delete the section
//$bBlog->get_results("delete from ".T_SECTIONS." where sectionid='$sect_id'");
$bBlog->query("delete from " . T_SECTIONS . " where sectionid='{$sect_id}'");
//echo "delete from ".T_SECTIONS." where sectionid='$sect_id'";
$bBlog->get_sections();
//$bBlog->debugging=TRUE;
}
// else show error
// else show error
case "Save":
$sect_id = $bBlog->sect_by_name[$_POST['sname']];
if ($sect_id < 1) {
break;
}
$bBlog->query("update " . T_SECTIONS . " set nicename='" . my_addslashes($_POST['nicename']) . "'\n where sectionid='{$sect_id}'");
$bBlog->get_sections();
// update section cache
break;
default:
// show form
break;
}
$bBlog->assign('esections', $bBlog->sections);
}
function saveform()
{
global $db;
$keywords = trim($_POST['keywords']);
$title = trim($_POST['title']);
$url = trim($_POST['url']);
$description = trim($_POST['description']);
$jscode = my_addslashes(trim($_POST['jscode']));
$price = trim($_POST['price']);
$pic = trim($_POST['pic']);
$link_id = intval($_POST['link_id']);
$do_action = $_POST['do_action'];
if ($do_action == 'modify') {
$array = array('keywords' => $keywords, 'title' => $title, 'url' => $url, 'description' => $description, 'jscode' => $jscode, 'price' => $price, 'pic' => $pic);
$db->update('ve123_zz_open', $array, "link_id='{$link_id}'");
jsalert('修改成功');
} else {
$array = array('keywords' => $keywords, 'title' => $title, 'url' => $url, 'description' => $description, 'jscode' => $jscode, 'price' => $price, 'pic' => $pic);
$db->insert('ve123_zz_open', $array);
jsalert('提交成功');
}
}
$file_htaccess = @fopen('.htaccess', 'w');
if ($file_htaccess) {
$saved = fputs($file_htaccess, $htaccess);
fclose($file_htaccess);
} else {
$saved = false;
}
}
if (false !== $saved) {
$msg = $lang['L_HTACC_CREATED'];
$tpl->assign_block_vars('CREATE_SUCCESS', array('HTACCESS' => nl2br(my_quotes($htaccess)), 'HTPASSWD' => nl2br(my_quotes($htpasswd))));
@chmod($config['paths']['root'], 0755);
} else {
$tpl->assign_block_vars('CREATE_ERROR', array('HTACCESS' => nl2br(my_quotes($htaccess)), 'HTPASSWD' => nl2br(my_quotes($htpasswd))));
}
}
}
if (sizeof($error) > 0 || !isset($_POST['username'])) {
$tpl->assign_vars(array('PASSWORDS_UNEQUAL' => my_addslashes($lang['L_PASSWORDS_UNEQUAL']), 'HTACC_CONFIRM_DELETE' => my_addslashes($lang['L_HTACC_CONFIRM_DELETE'])));
$tpl->assign_block_vars('INPUT', array('USERNAME' => my_quotes($username), 'USERPASS1' => my_quotes($userpass1), 'USERPASS2' => my_quotes($userpass2), 'TYPE0_CHECKED' => $type == 0 ? ' checked="checked"' : '', 'TYPE1_CHECKED' => $type == 1 ? ' checked="checked"' : '', 'TYPE2_CHECKED' => $type == 2 ? ' checked="checked"' : '', 'TYPE3_CHECKED' => $type == 3 ? ' checked="checked"' : ''));
}
if (sizeof($error) > 0) {
$msg = '<span class="error">' . implode('<br>', $error) . '</span>';
}
if ($msg > '') {
$tpl->assign_block_vars('MSG', array('TEXT' => $msg));
}
$tpl->pparse('show');
echo MSDFooter();
ob_end_flush();
die;
function saveform()
{
global $db, $config;
$title = addslashes(HtmlReplace(trim($_POST['title'])));
$content = my_addslashes(trim($_POST['content']));
$filename = HtmlReplace(trim($_POST['filename']));
$url = HtmlReplace(trim($_POST['url']));
$sortid = intval($_POST['sortid']);
$about_id = intval($_POST['about_id']);
$do_action = HtmlReplace($_POST['do_action']);
$is_show = $_POST['is_show'];
ob_start();
require 'temp/open.php';
$str = ob_get_contents();
ob_end_clean();
$str = stripslashes($str);
file_put_contents('../tg/html/' . $filename . '.html', $str);
if ($do_action == 'modify') {
$array = array('title' => $title, 'content' => $content, 'url' => $url, 'filename' => $filename, 'sortid' => $sortid, 'is_show' => $is_show);
$db->update('ve123_tg_open', $array, "about_id='{$about_id}'");
jsalert('修改成功');
} else {
$array = array('title' => $title, 'content' => $content, 'url' => $url, 'filename' => $filename, 'sortid' => $sortid, 'is_show' => $is_show);
$db->insert('ve123_tg_open', $array);
jsalert('提交成功');
}
}
function saveform()
{
global $db;
$keywords = trim($_POST["keywords"]);
$title = trim($_POST["title"]);
$url = trim($_POST["url"]);
$description = trim($_POST["description"]);
$jscode = my_addslashes(trim($_POST["jscode"]));
$price = trim($_POST["price"]);
$pic = trim($_POST["pic"]);
$link_id = intval($_POST["link_id"]);
$do_action = $_POST["do_action"];
if ($do_action == "modify") {
$array = array('keywords' => $keywords, 'title' => $title, 'url' => $url, 'description' => $description, 'jscode' => $jscode, 'price' => $price, 'pic' => $pic);
$db->update("ve123_tg_links", $array, "link_id='{$link_id}'");
jsalert("Ð޸ijɹ¦");
} else {
$array = array('keywords' => $keywords, 'title' => $title, 'url' => $url, 'description' => $description, 'jscode' => $jscode, 'price' => $price, 'pic' => $pic);
$db->insert("ve123_tg_links", $array);
jsalert("Ìá½»³É¹¦");
}
}
function admin_plugin_sections_run(&$bBlog)
{
// Again, the plugin API needs work.
if (isset($_GET['sectdo'])) {
$sectdo = $_GET['sectdo'];
} elseif (isset($_POST['sectdo'])) {
$sectdo = $_POST['sectdo'];
} else {
$sectdo = '';
}
switch ($sectdo) {
case 'new':
// sections are being editied
$nicename = StringHandling::removeMagicQuotes($_POST['nicename']);
$urlname = StringHandling::removeMagicQuotes($_POST['urlname']);
$bBlog->_adb->Execute("insert into " . T_SECTIONS . " set nicename=" . $bBlog->_adb->quote($nicename) . ", name=" . $bBlog->_adb->quote($urlname));
$insid = $bBlog->_adb->insert_id();
break;
case "Delete":
// delete section
// have to remove all references to the section in the posts
$sname = StringHandling::removeMagicQuotes($_POST['sname']);
$sect_id = $bBlog->section_ids_by_name[$sname];
if ($sect_id > 0) {
$ph = $bBlog->_ph;
$posts_in_section_q = $ph->make_post_query(array("sectionid" => $sect_id));
$posts_in_section = $ph->get_posts($posts_in_section_q, TRUE);
if ($posts_in_section) {
foreach ($posts_in_section as $post) {
unset($tmpr);
$tmpr = array();
$tmpsections = explode(":", $post->sections);
foreach ($tmpsections as $tmpsection) {
if ($tmpsection != $sect_id) {
$tmpr[] = $tmpsection;
}
}
$newsects = implode(":", $tmpr);
// update the posts to remove the section
$bBlog->_adb->Execute("update " . T_POSTS . " set sections='{$newsects}' where postid={$post->postid}");
}
// end foreach ($post_in_section as $post)
}
// end if($posts_in_section)
// delete the section
$bBlog->_adb->Execute("delete from " . T_SECTIONS . " where sectionid={$sect_id}");
}
// else show error
// else show error
case "Save":
$sect_id = $bBlog->sect_by_name[$_POST['sname']];
if ($sect_id < 1) {
break;
}
$sql = "update " . T_SECTIONS . " set nicename='" . my_addslashes($_POST['nicename']) . "' where sectionid='{$sect_id}'";
$bBlog->_adb->Execute($sql);
break;
default:
// show form
break;
}
$bBlog->get_sections();
$bBlog->assign('esections', $bBlog->sections);
}
function admin_logged_in()
{
$query = "\n SELECT\n `id`,\n `nickname`,\n `password`\n FROM\n `" . T_AUTHORS . "`\n WHERE\n (`nickname`='" . my_addslashes(@$_SESSION['nickname']) . "')\n AND\n (`password`='" . my_addslashes(@$_SESSION['password']) . "')\n ";
$result = $this->get_row($query);
if (@$result->id > 0 && @$_SESSION['checksum'] == md5($result->nickname . $result->password . BBLOGID)) {
return $result->id;
} else {
return $this->admin_logged_ip();
}
}
if (isset($_POST['url']) && is_numeric($tbpost)) {
// incoming trackback ping.
// we checked that :
// a ) url is suplied by POST
// b ) that the tbpost, suplied by GET, is valid.
// GET varibles from the trackback url:
if (is_numeric($tbcid) && $tbcid > 0) {
$replyto = $tbcid;
} else {
$replyto = 0;
}
// POST varibles - the trackback protocol no longer supports GET.
$tb_url = my_addslashes($_POST['url']);
$title = my_addslashes($_POST['title']);
$excerpt = my_addslashes($_POST['excerpt']);
$blog_name = my_addslashes($_POST['blog_name']);
// according to MT, only url is _required_. So we'll set some useful defaults.
// if we got this far, we can assume that this file is not included
// as part of bBlog but is being called seperatly.
// so we include the config file and therefore have access to the
// bBlog object.
$now = time();
$remaddr = $_SERVER['REMOTE_ADDR'];
$q = "insert into " . T_COMMENTS . "\n\t\t\tset \n\t\t\tpostid='{$tbpost}',\n\t\t\tparentid='{$replyto}',\n\t\t\tposttime='{$now}',\n\t\t\tpostername='{$blog_name}',\n\t\t\tposteremail='',\n\t\t\tposterwebsite='{$tb_url}',\n\t\t\tposternotify='0',\n\t\t\tpubemail='0',\n\t\t\tpubwebsite='1',\n\t\t\tip='{$remaddr}',\n\t\t\ttitle='{$title}',\n\t\t\tcommenttext='{$excerpt}',\n\t\t\ttype='trackback'";
$bBlog->_adb->Execute($q);
$insid = $bBlog->insert_id;
if ($insid < 1) {
trackback_response(1, "Error adding trackback : " . mysql_error());
} else {
// notify owner
include_once BBLOGROOT . 'inc/mail.php';
function new_comment($postid, $replyto = 0)
{
$post = $this->get_post($postid, FALSE, TRUE);
if (!$post) {
// this needs to be fixed...
$this->standalone_message("Error adding comment", "couldn't find post id {$postid}");
} elseif ($post->allowcomments == 'disallow' or $post->allowcomments == 'timed' and $post->autodisabledate < time()) {
$this->standalone_message("Error adding comment", "Comments have been turned off for this post");
} else {
$postername = my_addslashes(htmlspecialchars($_POST["name"]));
if ($postername == '') {
$postername = "Anonymous";
}
$posteremail = my_addslashes(htmlspecialchars($_POST["email"]));
$title = my_addslashes(htmlspecialchars($_POST["title"]));
$posterwebsite = my_addslashes(htmlspecialchars($_POST["website"]));
if (substr(strtolower($posterwebsite), 0, 7) != 'http://' && $posterwebsite != '') {
$posterwebsite = 'http://' . $posterwebsite;
}
$comment = my_addslashes($_POST["comment"]);
if ($_POST["public_email"] == 1) {
$pubemail = 1;
} else {
$pubemail = 0;
}
if ($_POST["public_website"] == 1) {
$pubwebsite = 1;
} else {
$pubwebsite = 0;
}
if ($_POST["notify"] == 1) {
$notify = 1;
} else {
$notify = 0;
}
$now = time();
$remaddr = $_SERVER['REMOTE_ADDR'];
if ($_POST['set_cookie']) {
$value = base64_encode(serialize(array('web' => $posterwebsite, 'mail' => $posteremail, 'name' => $postername)));
setcookie("bBcomment", $value, time() + 86400 * 360);
}
$moderated = FALSE;
$onhold = '0';
if (C_COMMENT_MODERATION == 'all') {
$moderated = TRUE;
} elseif (C_COMMENT_MODERATION == 'urlonly') {
if ($comment != preg_replace('!<[^>]*?>!', ' ', $comment)) {
// found html tags
$moderated = TRUE;
}
if ($comment != preg_replace("#([\t\r\n ])([a-z0-9]+?){1}://([\\w\\-]+\\.([\\w\\-]+\\.)*[\\w]+(:[0-9]+)?(/[^ \"\n\r\t<]*)?)#i", '\\1<a href="\\2://\\3" target="_blank">\\2://\\3</a>', $comment)) {
$moderated = TRUE;
}
if ($comment != preg_replace("#([\t\r\n ])(www|ftp)\\.(([\\w\\-]+\\.)*[\\w]+(:[0-9]+)?(/[^ \"\n\r\t<]*)?)#i", '\\1<a href="http://\\2.\\3" target="_blank">\\2.\\3</a>', $comment)) {
$moderated = TRUE;
}
}
if ($moderated == TRUE) {
$onhold = '1';
}
if (C_COMMENT_TIME_LIMIT > 0) {
$fromtime = $now - C_COMMENT_TIME_LIMIT * 60;
$this->query("select * from " . T_COMMENTS . " where ip='{$remaddr}' and posttime > {$fromtime}");
if ($this->num_rows > 0) {
$this->standalone_message("Comment Flood Protection", "Error adding comment. You have tried to make a comment too soon after your last one. Please try again later. This is a bBlog spam prevention mesaure");
}
}
if ($replyto > 0 && is_numeric($replyto)) {
$parentidq = " parentid='{$replyto}', ";
}
$q = "insert into " . T_COMMENTS . "\n\t\t\tset {$parentidq}\n\t\t\tpostid='{$postid}',\n\t\t\ttitle='{$title}',\n\t\t\tposttime='{$now}',\n\t\t\tpostername='{$postername}',\n\t\t\tposteremail='{$posteremail}',\n\t\t\tposterwebsite='{$posterwebsite}',\n\t\t\tposternotify='{$notify}',\n\t\t\tpubemail='{$pubemail}',\n\t\t\tpubwebsite='{$pubwebsite}',\n\t\t\tip='{$remaddr}',\n\t\t\tcommenttext='{$comment}',\n\t\t\tonhold='{$onhold}',\n\t\t\ttype='comment'";
$this->query($q);
$insid = $this->insert_id;
if ($insid < 1) {
$this->standalone_message("Error", "Error inserting comment : " . mysql_error());
} else {
// notify
include_once BBLOGROOT . "inc/mail.php";
$message = htmlspecialchars($postername) . " has posted a comment in reply to your blog entry at " . $this->_get_entry_permalink($postid) . "\n";
if ($onhold == 1) {
$message .= "You have selected comment moderation and this comment will not appear until you approve it, so please visit your blog and log in to approve or reject any comments\n";
}
notify_owner("New comment on your blog", $message);
$newnumcomments = $this->get_var("SELECT count(*) as c FROM " . T_COMMENTS . " WHERE postid='{$postid}' and deleted='false' group by postid");
$this->query("update " . T_POSTS . " set commentcount='{$newnumcomments}' where postid='{$postid}'");
$this->modifiednow();
// This is used when an alternate location is desired as the result of a successful post.
if (isset($_POST['return_url'])) {
$ru = str_replace('%commentid%', $insid, $_POST['return_url']);
header("Location: " . $ru);
} else {
header("Location: " . $this->_get_entry_permalink($postid) . "#comment" . $insid);
}
ob_end_clean();
// or here.. hmm.
exit;
}
}
}
function admin_plugin_usermanager_run(&$bBlog)
{
// Again, the plugin API needs work.
if (isset($_GET['userdo'])) {
$userdo = $_GET['userdo'];
} elseif (isset($_POST['userdo'])) {
$userdo = $_POST['userdo'];
} else {
$userdo = "";
}
switch ($userdo) {
case "Delete":
// delete author
if (is_numeric($_POST['userid'])) {
$bBlog->query("DELETE FROM " . T_AUTHORS . " WHERE id='" . $_POST['userid'] . "'");
}
break;
case "Add":
$user = array();
$user['id'] = "-1";
$bBlog->smartyObj->assign('user', $user);
$bBlog->smartyObj->assign('showeditform', TRUE);
break;
case "addsave":
$nickname = my_addslashes($_POST['nickname']);
$email = my_addslashes($_POST['email']);
$fullname = my_addslashes($_POST['fullname']);
$password = sha1(my_addslashes($_POST['password']));
$location = my_addslashes($_POST['location']);
$ip_domain = my_addslashes($_POST['ip_domain']);
$url = my_addslashes($_POST['url']);
$icq = my_addslashes($_POST['icq']);
$secretQuestion = my_addslashes($_POST['secretQuestion']);
$secretAnswer = my_addslashes($_POST['secretAnswer']);
$q = "insert into " . T_AUTHORS . " (nickname, email, fullname, password, location, url, icq, secret_question, secret_answer) values ('{$nickname}', '{$email}', '{$fullname}', '{$password}', '{$location}', '{$url}', '{$icq}', '{$secretQuestion}', '{$secretAnswer}')";
$bBlog->query($q);
break;
case "Edit":
if (!is_numeric($_POST['userid'])) {
break;
}
$user = $bBlog->get_results("SELECT * from " . T_AUTHORS . " WHERE id='" . $_POST['userid'] . "'", ARRAY_A);
if (!$user) {
break;
}
$bBlog->smartyObj->assign('user', $user[0]);
$bBlog->smartyObj->assign('showeditform', TRUE);
break;
case "editsave":
if (!is_numeric($_POST['userid'])) {
break;
}
$oldpass = $bBlog->db->get_var("SELECT `password` FROM `" . T_AUTHORS . "` WHERE `id` = '" . $_POST['userid'] . "'");
$nickname = my_addslashes($_POST['nickname']);
$email = my_addslashes($_POST['email']);
$fullname = my_addslashes($_POST['fullname']);
$password = $_POST['password'] == '***OLDPASSWORD***' ? $oldpass : sha1($_POST['password']);
$location = my_addslashes($_POST['location']);
$ip_domain = my_addslashes($_POST['ip_domain']);
$url = my_addslashes($_POST['url']);
$icq = my_addslashes($_POST['icq']);
$secretQuestion = my_addslashes($_POST['secretQuestion']);
$secretAnswer = my_addslashes($_POST['secretAnswer']);
$q = "update " . T_AUTHORS . " set nickname='{$nickname}', email='{$email}', fullname='{$fullname}', password='******', location='{$location}', url='{$url}', icq='{$icq}', secret_question='{$secretQuestion}', secret_answer='{$secretAnswer}', ip_domain='{$ip_domain}' where id='{$_POST['userid']}'";
$bBlog->query($q);
break;
default:
// show form
break;
}
$bBlog->smartyObj->assign('message', 'Showing users. ');
$bBlog->smartyObj->assign('users', $bBlog->get_results("SELECT * FROM `" . T_AUTHORS . "` order by nickname"));
$posts_with_comments_q = "SELECT " . T_POSTS . ".postid, " . T_POSTS . ".title, count(*) c FROM " . T_COMMENTS . ", " . T_POSTS . " \tWHERE " . T_POSTS . ".postid = " . T_COMMENTS . ".postid GROUP BY " . T_POSTS . ".postid ORDER BY " . T_POSTS . ".posttime DESC LIMIT 0 , 30 ";
$posts_with_comments = $bBlog->get_results($posts_with_comments_q, ARRAY_A);
$bBlog->smartyObj->assign("postselect", $posts_with_comments);
}
function photobblog_update(&$bBlog, $postid, $imageLoc, $caption)
{
$bBlog->query("update " . TBL_PREFIX . "photobblog set imageLoc='" . $imageLoc . "' , caption='" . my_addslashes($caption) . "' where postid=" . $postid);
}
@chmod($config['paths']['root'],0755);
}
else
{
$tpl->assign_block_vars('CREATE_ERROR',array(
'HTACCESS' => htmlspecialchars($htaccess),
'HTPASSWD' => htmlspecialchars($htpasswd)));
}
}
}
if (sizeof($error)>0||!isset($_POST['username']))
{
$tpl->assign_vars(array(
'PASSWORDS_UNEQUAL' => my_addslashes($lang['L_PASSWORDS_UNEQUAL']),
'HTACC_CONFIRM_DELETE' => my_addslashes($lang['L_HTACC_CONFIRM_DELETE'])));
$tpl->assign_block_vars('INPUT',array(
'USERNAME' => htmlspecialchars($username),
'USERPASS1' => htmlspecialchars($userpass1),
'USERPASS2' => htmlspecialchars($userpass2),
'TYPE0_CHECKED' => $type==0 ? ' checked="checked"' : '',
'TYPE1_CHECKED' => $type==1 ? ' checked="checked"' : '',
'TYPE2_CHECKED' => $type==2 ? ' checked="checked"' : '',
'TYPE3_CHECKED' => $type==3 ? ' checked="checked"' : ''));
}
if (sizeof($error)>0) $msg='<span class="error">'.implode('<br>',$error).'</span>';
if ($msg>'') $tpl->assign_block_vars('MSG',array(
'TEXT' => $msg));
function admin_plugin_links_run(&$bBlog)
{
if (isset($_GET['linkdo'])) {
$linkdo = $_GET['linkdo'];
} elseif (isset($_POST['linkdo'])) {
$linkdo = $_POST['linkdo'];
} else {
$linkdo = '';
}
switch ($linkdo) {
case "New":
// add new link
$maxposition = $bBlog->get_var("select position from " . T_LINKS . " order by position desc limit 0,1");
$position = $maxposition + 10;
$bBlog->_adb->Execute("insert into " . T_LINKS . "\n set nicename='" . my_addslashes($_POST['nicename']) . "',\n url='" . my_addslashes($_POST['url']) . "',\n category='" . my_addslashes($_POST['category']) . "',\n\t position='{$position}'");
break;
case "Delete":
// delete link
$bBlog->_adb->Execute("delete from " . T_LINKS . " where linkid=" . $_POST['linkid']);
break;
case "Save":
// update an existing link
$bBlog->_adb->Execute("update " . T_LINKS . "\n set nicename='" . my_addslashes($_POST['nicename']) . "',\n url='" . my_addslashes($_POST['url']) . "',\n category='" . my_addslashes($_POST['category']) . "'\n where linkid=" . $_POST['linkid']);
break;
case "Up":
$bBlog->_adb->Execute("update " . T_LINKS . " set position=position-15 where linkid=" . $_POST['linkid']);
reorder_links();
break;
case "Down":
$bBlog->_adb->Execute("update " . T_LINKS . " set position=position+15 where linkid=" . $_POST['linkid']);
reorder_links();
break;
default:
// show form
break;
}
if (isset($_GET['catdo'])) {
$catdo = $_GET['catdo'];
} elseif (isset($_POST['catdo'])) {
$catdo = $_POST['catdo'];
} else {
$catdo = '';
}
switch ($catdo) {
case "New":
// add new category
$bBlog->_adb->Execute("insert into " . T_CATEGORIES . "\n set name='" . my_addslashes($_POST['name']) . "'");
break;
case "Delete":
// delete category
// have to remove all references to the category in the links
$bBlog->_adb->Execute("update " . T_LINKS . "\n set linkid=0 where linkid=" . $_POST['categoryid']);
// delete the category
$bBlog->_adb->Execute("delete from " . T_CATEGORIES . " where categoryid=" . $_POST['categoryid']);
break;
case "Save":
// update an existing category
$bBlog->_adb->Execute("update " . T_CATEGORIES . "\n set name='" . my_addslashes($_POST['name']) . "'\n where categoryid=" . $_POST['categoryid']);
break;
default:
// show form
break;
}
$rs = $bBlog->_adb->Execute("select * from " . T_CATEGORIES);
if ($rs !== false && !$rs->EOF) {
$bBlog->assign('ecategories', $rs->GetRows(-1));
}
$rs = $bBlog->_adb->Execute("select * from " . T_LINKS . " order by position");
if ($rs !== false && !$rs->EOF) {
$bBlog->assign('elinks', $rs->GetRows(-1));
}
}
/**
* !runs my_addslashes on an array item
* used by my_addslashes_array_walk
*
* @param unknown $item (reference)
* @param unknown $key
*/
function my_addslashes_array(&$item, $key)
{
$item = my_addslashes($item);
}
function mt_setPostCategories($params)
{
global $loq;
if ($loq->userauth($params[1], $params[2])) {
// password accepted
$postid = $params[0];
$post = $loq->get_post($postid, TRUE, TRUE);
$sections = array();
foreach ($params[3] as $section) {
$sections[] = $section['categoryId'];
}
$sections = implode(":", $sections);
$result = $loq->edit_post(array('title' => my_addslashes($post->title), 'body' => my_addslashes($post->body), 'postid' => $params[0], 'sections' => $sections, 'edit_sections' => 1));
ob_start();
XMLRPC_response(XMLRPC_prepare($result), WEBLOG_XMLPRPC_USERAGENT);
} else {
XMLRPC_error("301", "The username and password you entered was not accepted. Please try again.", WEBLOG_XMLRPC_USERAGENT);
}
}
}
$timestamp = maketimestamp($_POST['ts_day'], $_POST['ts_month'], $_POST['ts_year'], $_POST['ts_hour'], $_POST['ts_minute']);
} else {
$timestamp = FALSE;
}
if ($_POST['hidefromhome'] == 'hide') {
$hidefromhome = 'hide';
} else {
$hidefromhome = 'donthide';
}
// there is a reason for not using booleans here.
// is because the bBlog->edit_post function needs to know if to change it or not.
$disdays = (int) $_POST['disallowcommentsdays'];
$time = (int) time();
$autodisabledate = $time + $disdays * 3600 * 24;
$params = array("postid" => $_POST['postid'], "title" => my_addslashes($_POST['title_text']), "body" => my_addslashes($_POST['body_text']), "modifier" => my_addslashes($_POST['modifier']), "status" => my_addslashes($_POST['pubstatus']), "edit_sections" => TRUE, "hidefromhome" => $hidefromhome, "allowcomments" => my_addslashes($_POST['commentoptions']), "autodisabledate" => $autodisabledate, "sections" => $newsections, "timestamp" => $timestamp);
//$bBlog->edit_post($params);
if ($ph->edit_post($params)) {
$bBlog->modifiednow();
}
if (isset($_POST['send_trackback']) && $_POST['send_trackback'] == "TRUE") {
// send a trackback
include "./trackback.php";
if (!isset($_POST['title_text'])) {
$_POST['title_text'] = "";
}
if (!isset($_POST['excerpt'])) {
$_POST['excerpt'] = "";
}
if (!isset($_POST['tburl'])) {
$_POST['tburl'] = "";
function my_get()
{
return my_addslashes($_GET);
}
/**
* Save the changes made to a comment
*
* @param object $bBlog Instance of bBlog class
*/
function saveEdit(&$bBlog)
{
$rval = true;
$cid = intval($_POST['commentid']);
if ($cid === 0) {
$rval = false;
} else {
$title = my_addslashes($_POST['title']);
$author = my_addslashes($_POST['author']);
$email = my_addslashes($_POST['email']);
$websiteurl = my_addslashes($_POST['websiteurl']);
$body = my_addslashes($_POST['body']);
if ($rval === true) {
$q = "update " . T_COMMENTS . " set title='{$title}', postername='{$author}', posterwebsite='{$websiteurl}', posteremail='{$email}', commenttext='{$body}' where commentid='{$_POST['commentid']}'";
if ($bBlog->query($q) === true) {
$bBlog->assign('message', 'Comment <em>' . $title . '</em> saved');
}
}
}
return $rval;
}
function WriteParams($as = 0, $restore_values = false)
{
// wenn $as=1 wird versucht den aktuellen Index der Datenbank nach dem Einlesen wieder zu ermitteln
// auch wenn sich die Indexnummer durch Loeschaktionen geaendert hat
global $config, $databases, $config_dontsave;
$nl = "\n";
// alte Werte retten
if ($as) {
if (is_array($restore_values)) {
if ($restore_values['cron_dbindex'] < 0) {
// Multidump oder "alle Datenbanken" war gewaehlt
$config['cron_dbindex'] = $restore_values['cron_dbindex'];
} else {
//den Index der konkreten Datenbank aus der alten Konfiguration ermitteln
$db_names = array();
$db_names = array_flip($databases['Name']);
if (isset($db_names[$restore_values['db_actual']])) {
// alte Db existiert noch -> Index uebernehmen
$databases['db_actual'] = $restore_values['db_actual'];
} else {
$databases['db_actual'] = $databases['Name'][0];
}
//Cron-Index wiederfinden
if (isset($db_names[$restore_values['cron_dbindex']])) {
$config['cron_dbindex'] = $db_names[$restore_values['cron_dbindex']];
} else {
// DB wurde zwischenzeitlich geloescht - sicherheitshalber alle DBs sichern
$databases['cron_dbindex'] = -3;
}
}
}
}
FillMultiDBArrays();
//Parameter zusammensetzen
$config['multipart_groesse'] = $config['multipartgroesse1'] * ($config['multipartgroesse2'] == 1 ? 1024 : 1024 * 1024);
$param = $pars_all = '<?php ' . $nl;
if (!isset($config['email_maxsize'])) {
$config['email_maxsize'] = $config['email_maxsize1'] * ($config['email_maxsize2'] == 1 ? 1024 : 1024 * 1024);
}
if (!isset($config['cron_execution_path'])) {
$config['cron_execution_path'] = "msd_cron/";
}
if ($as == 0) {
$config['paths']['root'] = addslashes(Realpfad("./"));
}
$config['files']['parameter'] = $config['paths']['config'] . $config['config_file'] . '.php';
$config['files']['iconpath'] = './css/' . $config['theme'] . '/icons/';
foreach ($config as $var => $val) {
if (!in_array($var, $config_dontsave)) {
if (is_array($val)) {
$pars_all .= '$config[\'' . $var . '\']=array();' . $nl;
foreach ($val as $var2 => $val2) {
if ($config['magic_quotes_gpc'] == 1) {
$val2 = stripslashes($val2);
}
$pars_all .= '$config[\'' . $var . '\'][' . (is_int($var2) ? $var2 : "'" . $var2 . "'") . '] = \'' . my_addslashes($val2) . "';{$nl}";
}
} else {
if ($config['magic_quotes_gpc'] == 1) {
$val = stripslashes($val);
}
if (!in_array($var, $config_dontsave)) {
$pars_all .= '$config[\'' . $var . '\'] = \'' . my_addslashes($val) . "';{$nl}";
}
}
}
}
foreach ($databases as $var => $val) {
if (is_array($val)) {
$pars_all .= '$databases[\'' . $var . '\']=array();' . $nl;
foreach ($val as $var2 => $val2) {
if ($config['magic_quotes_gpc'] == 1 || $as == 1) {
$pars_all .= '$databases[\'' . $var . '\'][' . (is_int($var2) ? $var2 : "'" . $var2 . "'") . '] = \'' . my_addslashes(stripslashes($val2)) . "';{$nl}";
} else {
$pars_all .= '$databases[\'' . $var . '\'][' . (is_int($var2) ? $var2 : "'" . $var2 . "'") . '] = \'' . my_addslashes($val2) . "';{$nl}";
}
}
} else {
if ($config['magic_quotes_gpc'] == 0 || $as == 1) {
$pars_all .= '$databases[\'' . $var . '\'] = \'' . addslashes($val) . "';{$nl}";
} else {
$pars_all .= '$databases[\'' . $var . '\'] = \'' . $val . "';{$nl}";
}
}
}
$param .= '?>';
$pars_all .= '?>';
//Datei öffnen und schreiben
$ret = true;
$file = $config['paths']['config'] . $config['config_file'] . '.php';
if ($fp = fopen($file, "wb")) {
if (!fwrite($fp, $pars_all)) {
$ret = false;
}
if (!fclose($fp)) {
$ret = false;
}
@chmod($file, 0777);
} else {
$ret = false;
}
$ret = WriteCronScript($restore_values);
return $ret;
}
}
$bBlog->get_modifiers();
$optionformrows = array();
$options = get_options();
if (isset($_POST['submit']) && $_POST['submit'] == 'Save Options') {
// saving options..
$updatevars = array();
foreach ($options as $option) {
if (!isset($_POST[$option['name']])) {
break;
}
switch ($option['type']) {
case "text":
case "email":
case "url":
$updatevars[] = array("name" => $option['name'], "value" => my_addslashes($_POST[$option['name']]));
break;
case "password":
if ($_POST[$option['name']] != '') {
$updatevars[] = array("name" => $option['name'], "value" => md5($_POST[$option['name']]));
}
break;
case "templateselect":
// make sure we're not being poked.
if (ereg('^[[:alnum:]]+$', $_POST[$option['name']])) {
$updatevars[] = array("name" => $option['name'], "value" => strtolower($_POST[$option['name']]));
}
break;
case "statusselect":
if ($_POST[$option['name']] == 'live') {
$updatevars[] = array("name" => $option['name'], "value" => 'live');