function isSelected($name, $option, $default = false, $return = false)
{
if (postVar($name, true) == $option || getVar($name, true) == $option) {
/* make sure == not used (for string to int comparison) */
if ($return) {
return 'selected';
}
echo 'selected';
} else {
if (!postVar($name, true) && !getVar($name, true) && $default) {
if ($return) {
return 'selected';
}
echo 'selected';
}
}
}
// some functions
function SE_unlockLogin($login)
{
sql_query("DELETE FROM " . sql_table('plug_securityenforcer') . " WHERE login='******'");
}
// checks
// create the admin area page
$oPluginAdmin = new PluginAdmin('SecurityEnforcer');
// add styles to the <HEAD>
$oPluginAdmin->start('');
// if form to unlock is posted
if (postVar('action') == 'unlock') {
if (!$manager->checkTicket()) {
doError('Invalid Ticket');
}
$logins = postVar('unlock');
$message = '';
if (is_array($logins)) {
foreach ($logins as $entity) {
SE_unlockLogin($entity);
$message .= '<br />' . $entity . _SECURITYENFORCER_ADMIN_UNLOCKED;
}
}
}
$plug =& $oPluginAdmin->plugin;
// page title
echo '<h2>' . _SECURITYENFORCER_ADMIN_TITLE . '</h2>';
// error output
if ($message) {
echo "<p><strong>";
echo $message;
function doInstall()
{
global $mysql_usePrefix, $mysql_prefix, $weblog_ping;
// 0. put all POST-vars into vars
$mysql_host = postVar('mySQL_host');
$mysql_user = postVar('mySQL_user');
$mysql_password = postVar('mySQL_password');
$mysql_database = postVar('mySQL_database');
$mysql_create = postVar('mySQL_create');
$mysql_usePrefix = postVar('mySQL_usePrefix');
$mysql_prefix = postVar('mySQL_tablePrefix');
$config_indexurl = postVar('IndexURL');
$config_adminurl = postVar('AdminURL');
$config_adminpath = postVar('AdminPath');
$config_mediaurl = postVar('MediaURL');
$config_skinsurl = postVar('SkinsURL');
$config_pluginurl = postVar('PluginURL');
$config_actionurl = postVar('ActionURL');
$config_mediapath = postVar('MediaPath');
$config_skinspath = postVar('SkinsPath');
$user_name = postVar('User_name');
$user_realname = postVar('User_realname');
$user_password = postVar('User_password');
$user_password2 = postVar('User_password2');
$user_email = postVar('User_email');
$blog_name = postVar('Blog_name');
$blog_shortname = postVar('Blog_shortname');
$charset = postVar('charset');
$config_adminemail = $user_email;
$config_sitename = $blog_name;
$weblog_ping = postVar('Weblog_ping');
$_POST = array();
$config_indexurl = replaceDoubleBackslash($config_indexurl);
$config_adminurl = replaceDoubleBackslash($config_adminurl);
$config_mediaurl = replaceDoubleBackslash($config_mediaurl);
$config_skinsurl = replaceDoubleBackslash($config_skinsurl);
$config_pluginurl = replaceDoubleBackslash($config_pluginurl);
$config_actionurl = replaceDoubleBackslash($config_actionurl);
$config_adminpath = replaceDoubleBackslash($config_adminpath);
$config_skinspath = replaceDoubleBackslash($config_skinspath);
$config_mediapath = replaceDoubleBackslash($config_mediapath);
/**
* Include and initialize multibyte functions as a replacement for mbstring extension
* if mbstring extension is not loaded.
* Jan.28, 2011. Japanese Package Release Team
*/
if (!function_exists('mb_convert_encoding')) {
global $mbemu_internals;
include_once $config_adminpath . 'libs/mb_emulator/mb-emulator.php';
}
if (function_exists('date_default_timezone_set')) {
@date_default_timezone_set(function_exists('date_default_timezone_get') ? @date_default_timezone_get() : 'UTC');
}
if ($charset == 'ujis') {
define('_CHARSET', 'EUC-JP');
$config_sitename = mb_convert_encoding($config_sitename, _CHARSET, 'UTF-8');
$user_realname = mb_convert_encoding($user_realname, _CHARSET, 'UTF-8');
$blog_name = mb_convert_encoding($blog_name, _CHARSET, 'UTF-8');
} else {
define('_CHARSET', 'UTF-8');
}
// 1. check all the data
$errors = array();
if (!$mysql_database) {
array_push($errors, _ERROR2);
}
if ($mysql_usePrefix == 1 && strlen($mysql_prefix) == 0) {
array_push($errors, _ERROR3);
}
if ($mysql_usePrefix == 1 && !preg_match('#^[a-zA-Z0-9_]+$#', $mysql_prefix)) {
array_push($errors, _ERROR4);
}
// TODO: add action.php check
if (!endsWithSlash($config_indexurl) || !endsWithSlash($config_adminurl) || !endsWithSlash($config_mediaurl) || !endsWithSlash($config_pluginurl) || !endsWithSlash($config_skinsurl)) {
array_push($errors, _ERROR5);
}
if (!endsWithSlash($config_adminpath)) {
array_push($errors, _ERROR6);
}
if (!endsWithSlash($config_mediapath)) {
array_push($errors, _ERROR7);
}
if (!endsWithSlash($config_skinspath)) {
array_push($errors, _ERROR8);
}
if (!is_dir($config_adminpath)) {
array_push($errors, _ERROR9);
}
if (!_isValidMailAddress($user_email)) {
array_push($errors, _ERROR10);
}
if (!_isValidDisplayName($user_name)) {
array_push($errors, _ERROR11);
}
if (!$user_password || !$user_password2) {
array_push($errors, _ERROR12);
}
if ($user_password != $user_password2) {
array_push($errors, _ERROR13);
}
if (!_isValidShortName($blog_shortname)) {
array_push($errors, _ERROR14);
}
if (sizeof($errors) > 0) {
showErrorMessages($errors);
}
// 2. try to log in to mySQL
global $MYSQL_CONN;
// this will need to be changed if we ever allow
$MYSQL_CONN = @sql_connect_args($mysql_host, $mysql_user, $mysql_password);
if ($MYSQL_CONN == false) {
_doError(_ERROR15 . ': ' . sql_error());
}
// 3. try to create database (if needed)
$mySqlVer = implode('.', array_map('intval', explode('.', sql_get_server_info())));
$collation = $charset == 'utf8' ? 'utf8_general_ci' : 'ujis_japanese_ci';
if ($mysql_create == 1) {
$sql = 'CREATE DATABASE ' . $mysql_database;
// <add for garble measure>
if (version_compare($mySqlVer, '4.1.0', '>=')) {
$sql .= ' DEFAULT CHARACTER SET ' . $charset . ' COLLATE ' . $collation;
}
// </add for garble measure>*/
sql_query($sql, $MYSQL_CONN) or _doError(_ERROR16 . ': ' . sql_error($MYSQL_CONN));
}
// 4. try to select database
sql_select_db($mysql_database, $MYSQL_CONN) or _doError(_ERROR17);
/*
* 4.5. set character set to this database in MySQL server
* This processing is added by Nucleus CMS Japanese Package Release Team as of Mar.30, 2011
*/
sql_set_charset_jp($charset);
// 5. execute queries
$filename = 'install.sql';
$fd = fopen($filename, 'r');
$queries = fread($fd, filesize($filename));
fclose($fd);
$queries = split("(;\n|;\r)", $queries);
$aTableNames = array('nucleus_actionlog', 'nucleus_ban', 'nucleus_blog', 'nucleus_category', 'nucleus_comment', 'nucleus_config', 'nucleus_item', 'nucleus_karma', 'nucleus_member', 'nucleus_plugin', 'nucleus_skin', 'nucleus_template', 'nucleus_team', 'nucleus_activation', 'nucleus_tickets');
// these are unneeded (one of the replacements above takes care of them)
// 'nucleus_plugin_event',
// 'nucleus_plugin_option',
// 'nucleus_plugin_option_desc',
// 'nucleus_skin_desc',
// 'nucleus_template_desc',
$aTableNamesPrefixed = array($mysql_prefix . 'nucleus_actionlog', $mysql_prefix . 'nucleus_ban', $mysql_prefix . 'nucleus_blog', $mysql_prefix . 'nucleus_category', $mysql_prefix . 'nucleus_comment', $mysql_prefix . 'nucleus_config', $mysql_prefix . 'nucleus_item', $mysql_prefix . 'nucleus_karma', $mysql_prefix . 'nucleus_member', $mysql_prefix . 'nucleus_plugin', $mysql_prefix . 'nucleus_skin', $mysql_prefix . 'nucleus_template', $mysql_prefix . 'nucleus_team', $mysql_prefix . 'nucleus_activation', $mysql_prefix . 'nucleus_tickets');
// these are unneeded (one of the replacements above takes care of them)
// $mysql_prefix . 'nucleus_plugin_event',
// $mysql_prefix . 'nucleus_plugin_option',
// $mysql_prefix . 'nucleus_plugin_option_desc',
// $mysql_prefix . 'nucleus_skin_desc',
// $mysql_prefix . 'nucleus_template_desc',
$count = count($queries);
for ($idx = 0; $idx < $count; $idx++) {
$query = trim($queries[$idx]);
// echo "QUERY = " . htmlspecialchars($query) . "<p>";
if ($query) {
if ($mysql_usePrefix == 1) {
$query = str_replace($aTableNames, $aTableNamesPrefixed, $query);
}
// <add for garble measure>
if ($mysql_create != 1 && strpos($query, 'CREATE TABLE') === 0 && version_compare($mySqlVer, '4.1.0', '>=')) {
$query .= ' DEFAULT CHARACTER SET ' . $charset . ' COLLATE ' . $collation;
}
// </add for garble measure>*/
sql_query($query, $MYSQL_CONN) or _doError(_ERROR30 . ' (' . htmlspecialchars($query) . '): ' . sql_error($MYSQL_CONN));
}
}
// 5a make first post
if (strtoupper(_CHARSET) != 'UTF-8') {
$itm_title = mb_convert_encoding(_1ST_POST_TITLE, _CHARSET, 'UTF-8');
$itm_body = mb_convert_encoding(_1ST_POST, _CHARSET, 'UTF-8');
$itm_more = mb_convert_encoding(_1ST_POST2, _CHARSET, 'UTF-8');
} else {
$itm_title = _1ST_POST_TITLE;
$itm_body = _1ST_POST;
$itm_more = _1ST_POST2;
}
$newpost = "INSERT INTO " . tableName('nucleus_item') . " VALUES (" . "1, " . "'" . $itm_title . "'," . " '" . $itm_body . "'," . " '" . $itm_more . "'," . " 1, 1, '2005-08-15 11:04:26', 0, 0, 0, 1, 0, 1);";
sql_query($newpost, $MYSQL_CONN) or _doError(_ERROR18 . ' (' . htmlspecialchars($newpost) . '): ' . sql_error($MYSQL_CONN));
// 6. update global settings
updateConfig('IndexURL', $config_indexurl);
updateConfig('AdminURL', $config_adminurl);
updateConfig('MediaURL', $config_mediaurl);
updateConfig('SkinsURL', $config_skinsurl);
updateConfig('PluginURL', $config_pluginurl);
updateConfig('ActionURL', $config_actionurl);
updateConfig('AdminEmail', $config_adminemail);
updateConfig('SiteName', $config_sitename);
if ($charset == 'ujis') {
updateConfig('Language', 'japanese-euc');
}
// 7. update GOD member
$query = 'UPDATE ' . tableName('nucleus_member') . " SET mname\t = '" . addslashes($user_name) . "'," . " mrealname\t = '" . addslashes($user_realname) . "'," . " mpassword\t = '" . md5(addslashes($user_password)) . "'," . " murl\t\t = '" . addslashes($config_indexurl) . "'," . " memail\t\t= '" . addslashes($user_email) . "'," . " madmin\t\t= 1," . " mcanlogin\t = 1" . " WHERE" . " mnumber\t = 1";
sql_query($query, $MYSQL_CONN) or _doError(_ERROR19 . ': ' . sql_error($MYSQL_CONN));
// 8. update weblog settings
$query = 'UPDATE ' . tableName('nucleus_blog') . " SET bname = '" . addslashes($blog_name) . "'," . " bshortname = '" . addslashes($blog_shortname) . "'," . " burl\t = '" . addslashes($config_indexurl) . "'" . " WHERE" . " bnumber\t= 1";
sql_query($query, $MYSQL_CONN) or _doError(_ERROR20 . ': ' . sql_error($MYSQL_CONN));
// 8-2. update category settings
if (strtoupper(_CHARSET) != 'UTF-8') {
$cat_name = mb_convert_encoding(_GENERALCAT_NAME, _CHARSET, 'UTF-8');
$cat_desc = mb_convert_encoding(_GENERALCAT_DESC, _CHARSET, 'UTF-8');
} else {
$cat_name = _GENERALCAT_NAME;
$cat_desc = _GENERALCAT_DESC;
}
$query = 'UPDATE ' . tableName('nucleus_category') . " SET cname = '" . $cat_name . "'," . " cdesc\t = '" . $cat_desc . "'" . " WHERE" . " catid\t = 1";
sql_query($query, $MYSQL_CONN) or _doError(_ERROR20 . ': ' . sql_error($MYSQL_CONN));
// 9. update item date
$query = 'UPDATE ' . tableName('nucleus_item') . " SET itime = '" . date('Y-m-d H:i:s', time()) . "'" . " WHERE inumber = 1";
sql_query($query, $MYSQL_CONN) or _doError(_ERROR21 . ': ' . sql_error($MYSQL_CONN));
global $aConfPlugsToInstall, $aConfSkinsToImport;
$aSkinErrors = array();
$aPlugErrors = array();
if (count($aConfPlugsToInstall) > 0 || count($aConfSkinsToImport) > 0) {
// 10. set global variables
global $MYSQL_HOST, $MYSQL_USER, $MYSQL_PASSWORD, $MYSQL_DATABASE, $MYSQL_PREFIX;
$MYSQL_HOST = $mysql_host;
$MYSQL_USER = $mysql_user;
$MYSQL_PASSWORD = $mysql_password;
$MYSQL_DATABASE = $mysql_database;
$MYSQL_PREFIX = $mysql_usePrefix == 1 ? $mysql_prefix : '';
global $DIR_NUCLEUS, $DIR_MEDIA, $DIR_SKINS, $DIR_PLUGINS, $DIR_LANG, $DIR_LIBS;
$DIR_NUCLEUS = $config_adminpath;
$DIR_MEDIA = $config_mediapath;
$DIR_SKINS = $config_skinspath;
$DIR_PLUGINS = $DIR_NUCLEUS . 'plugins/';
$DIR_LANG = $DIR_NUCLEUS . 'language/';
$DIR_LIBS = $DIR_NUCLEUS . 'libs/';
// close database connection (needs to be closed if we want to include globalfunctions.php)
sql_close($MYSQL_CONN);
$manager = '';
include_once $DIR_LIBS . 'globalfunctions.php';
// 11. install custom skins
$aSkinErrors = installCustomSkins($manager);
$defskinQue = 'SELECT `sdnumber` as result FROM ' . sql_table('skin_desc') . ' WHERE `sdname` = "default"';
$defSkinID = quickQuery($defskinQue);
$updateQuery = 'UPDATE ' . sql_table('blog') . ' SET `bdefskin` = ' . intval($defSkinID) . ' WHERE `bnumber` = 1';
sql_query($updateQuery);
$updateQuery = 'UPDATE ' . sql_table('config') . ' SET `value` = ' . intval($defSkinID) . ' WHERE `name` = "BaseSkin"';
sql_query($updateQuery);
// 12. install NP_Ping, if decided
if ($weblog_ping == 1) {
global $aConfPlugsToInstall;
array_push($aConfPlugsToInstall, "NP_Ping");
}
// 13. install custom plugins
$aPlugErrors = installCustomPlugs($manager);
}
// 14. Write config file ourselves (if possible)
$bConfigWritten = 0;
if (@file_exists('../config.php') && is_writable('../config.php') && ($fp = @fopen('../config.php', 'w'))) {
$config_data = '<' . '?php' . "\n\n";
//$config_data .= "\n"; (extraneous, just added extra \n to previous line
$config_data .= " // mySQL connection information\n";
$config_data .= " \$MYSQL_HOST\t = '" . $mysql_host . "';\n";
$config_data .= " \$MYSQL_USER\t = '" . $mysql_user . "';\n";
$config_data .= " \$MYSQL_PASSWORD = '******';\n";
$config_data .= " \$MYSQL_DATABASE = '" . $mysql_database . "';\n";
$config_data .= " \$MYSQL_PREFIX = '" . ($mysql_usePrefix == 1 ? $mysql_prefix : '') . "';\n";
$config_data .= " // new in 3.50. first element is db handler, the second is the db driver used by the handler\n";
$config_data .= " // default is \$MYSQL_HANDLER = array('mysql','');\n";
$config_data .= " //\$MYSQL_HANDLER = array('mysql','mysql');\n";
$config_data .= " //\$MYSQL_HANDLER = array('pdo','mysql');\n";
$config_data .= " \$MYSQL_HANDLER = array('" . $MYSQL_HANDLER[0] . "','" . $MYSQL_HANDLER[1] . "');\n";
$config_data .= "\n";
$config_data .= " // main nucleus directory\n";
$config_data .= " \$DIR_NUCLEUS = '" . $config_adminpath . "';\n";
$config_data .= "\n";
$config_data .= " // path to media dir\n";
$config_data .= " \$DIR_MEDIA = '" . $config_mediapath . "';\n";
$config_data .= "\n";
$config_data .= " // extra skin files for imported skins\n";
$config_data .= " \$DIR_SKINS = '" . $config_skinspath . "';\n";
$config_data .= "\n";
$config_data .= " // these dirs are normally sub dirs of the nucleus dir, but \n";
$config_data .= " // you can redefine them if you wish\n";
$config_data .= " \$DIR_PLUGINS = \$DIR_NUCLEUS . 'plugins/';\n";
$config_data .= " \$DIR_LANG\t= \$DIR_NUCLEUS . 'language/';\n";
$config_data .= " \$DIR_LIBS\t= \$DIR_NUCLEUS . 'libs/';\n";
$config_data .= "\n";
$config_data .= " // include libs\n";
$config_data .= " include(\$DIR_LIBS . 'globalfunctions.php');\n";
$config_data .= "?" . ">";
$result = @fputs($fp, $config_data, strlen($config_data));
fclose($fp);
if ($result) {
$bConfigWritten = 1;
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title><?php
echo _TITLE;
?>
</title>
<style>@import url('../nucleus/styles/manual.css');</style>
</head>
<body>
<div style="text-align:center"><img src="../nucleus/styles/logo.gif" alt="<?php
echo _ALT_NUCLEUS_CMS_LOGO;
?>
" /></div> <!-- Nucleus logo -->
<?php
$aAllErrors = array_merge($aSkinErrors, $aPlugErrors);
if (count($aAllErrors) > 0) {
echo '<h1>' . _TITLE2 . '</h1>';
echo '<ul><li>' . implode('</li><li>', $aAllErrors) . '</li></ul>';
}
if (!$bConfigWritten) {
?>
<h1><?php
echo _TITLE3;
?>
</h1>
<?php
echo _TEXT10;
?>
<pre><code><?php
// mySQL connection information
$MYSQL_HOST = '<b><?php
echo $mysql_host;
?>
</b>';
$MYSQL_USER = '******';
$MYSQL_PASSWORD = '******';
$MYSQL_DATABASE = '<b><?php
echo $mysql_database;
?>
</b>';
$MYSQL_PREFIX = '<b><?php
echo $mysql_usePrefix == 1 ? $mysql_prefix : '';
?>
</b>';
// new in 3.50. first element is db handler, the second is the db driver used by the handler
// default is $MYSQL_HANDLER = array('mysql','');
$MYSQL_HANDLER = array('<?php
echo $MYSQL_HANDLER[0];
?>
','<?php
echo $MYSQL_HANDLER[1];
?>
');
// main nucleus directory
$DIR_NUCLEUS = '<b><?php
echo $config_adminpath;
?>
</b>';
// path to media dir
$DIR_MEDIA = '<b><?php
echo $config_mediapath;
?>
</b>';
// extra skin files for imported skins
$DIR_SKINS = '<b><?php
echo $config_skinspath;
?>
</b>';
// these dirs are normally sub dirs of the nucleus dir, but
// you can redefine them if you wish
$DIR_PLUGINS = $DIR_NUCLEUS . 'plugins/';
$DIR_LANG = $DIR_NUCLEUS . 'language/';
$DIR_LIBS = $DIR_NUCLEUS . 'libs/';
// include libs
include($DIR_LIBS . 'globalfunctions.php');
?></code></pre>
<?php
echo _TEXT11;
?>
<div class="note">
<?php
echo _TEXT12;
?>
</div>
<?php
} else {
?>
<h1><?php
echo _TITLE4;
?>
</h1>
<?php
echo _TEXT13;
?>
<?php
}
?>
<h1><?php
echo _TITLE5;
?>
</h1>
<?php
echo _TEXT14;
?>
<ul>
<li><?php
echo _TEXT14_L1;
?>
</li>
<li><?php
echo _TEXT14_L2;
?>
</li>
</ul>
<h1><?php
echo _HEADER10;
?>
</h1>
<?php
echo _TEXT15;
?>
<ul>
<li><?php
echo _TEXT15_L1;
?>
</li>
<li><?php
echo _TEXT15_L2;
?>
</li>
<li><?php
echo _TEXT15_L3;
?>
</li>
</ul>
<?php
echo _TEXT16;
?>
<h1><?php
echo _HEADER11;
?>
</h1>
<p><?php
echo _TEXT16_H;
?>
<ul>
<li><a href="<?php
echo $config_adminurl;
?>
"><?php
echo _TEXT16_L1;
?>
</a></li>
<li><a href="<?php
echo $config_indexurl;
?>
"><?php
echo _TEXT16_L2;
?>
</a></li>
</ul>
</p>
</body>
</html>
<?php
}
function requestVar($name)
{
return postVar($name) ? postVar($name) : getVar($name);
}
<?php
include 'default.php';
$name = postVar('name');
$price = postVar('price');
if (is_null($name) || is_null($price)) {
echo jsonErr('One of the required fields was not sent successfully.');
return;
}
$to = '*****@*****.**';
$subject = 'Item Price Change Ticket';
$message = "An item price change ticket has been submitted.\nName: {$name}\nPrice: {$price}";
mail($to, $subject, $message);
echo jsonSuccess(array('message' => 'Your ticket has successfully been submitted. Thank you!'));
function bm_doEditItem()
{
global $member, $manager, $CONF;
$itemid = intRequestVar('itemid');
$catid = postVar('catid');
// only allow if user is allowed to alter item
if (!$member->canUpdateItem($itemid, $catid)) {
bm_doError(_ERROR_DISALLOWED);
}
$body = postVar('body');
$title = postVar('title');
$more = postVar('more');
$closed = intPostVar('closed');
$actiontype = postVar('actiontype');
$draftid = intPostVar('draftid');
// redirect to admin area on delete (has delete confirmation)
if ($actiontype == 'delete') {
redirect('index.php?action=itemdelete&itemid=' . $itemid);
exit;
}
// create new category if needed (only on edit/changedate)
if (strstr($catid, 'newcat')) {
// get blogid
list($blogid) = sscanf($catid, "newcat-%d");
// create
$blog =& $manager->getBlog($blogid);
$catid = $blog->createNewCategory();
// show error when sth goes wrong
if (!$catid) {
bm_doError(_BOOKMARKLET_ERROR_COULDNTNEWCAT);
}
}
// only edit action is allowed for bookmarklet edit
switch ($actiontype) {
case 'changedate':
$publish = 1;
$wasdraft = 0;
$timestamp = mktime(intPostVar('hour'), intPostVar('minutes'), 0, intPostVar('month'), intPostVar('day'), intPostVar('year'));
break;
case 'edit':
$publish = 1;
$wasdraft = 0;
$timestamp = 0;
break;
case 'backtodrafts':
$publish = 0;
$wasdraft = 0;
$timestamp = 0;
break;
default:
bm_doError(_BOOKMARKLET_ERROR_SOMETHINGWRONG);
}
// update item for real
ITEM::update($itemid, $catid, $title, $body, $more, $closed, $wasdraft, $publish, $timestamp);
if ($draftid > 0) {
ITEM::delete($draftid);
}
// show success message
if ($catid != intPostVar('catid')) {
$href = 'index.php?action=categoryedit&blogid=' . $blog->getID() . '&catid=' . $catid;
$onclick = 'if (event && event.preventDefault) event.preventDefault(); window.open(this.href); return false;';
$title = _BOOKMARKLET_NEW_WINDOW;
$aTag = ' <a href="' . $href . '" onclick="' . $onclick . '" title="' . $title . '">';
$message = _BOOKMARKLET_NEW_CATEGORY . $aTag . _BOOKMARKLET_NEW_CATEGORY_EDIT . '</a>';
bm_message(_ITEM_UPDATED, _ITEM_UPDATED, _BOOKMARKLET_NEW_CATEGORY . $aTag . _BOOKMARKLET_NEW_CATEGORY_EDIT . '</a>', '');
} else {
bm_message(_ITEM_UPDATED, _ITEM_UPDATED, _ITEM_UPDATED, '');
}
}
function intPostVar($name)
{
return intval(postVar($name));
}
/**
* @todo document this
*/
function action_pluginadd()
{
global $member, $manager, $DIR_PLUGINS;
// check if allowed
$member->isAdmin() or $this->disallow();
$name = postVar('filename');
if ($manager->pluginInstalled($name)) {
$this->error(_ERROR_DUPPLUGIN);
}
if (!checkPlugin($name)) {
$this->error(_ERROR_PLUGFILEERROR . ' (' . htmlspecialchars($name) . ')');
}
// get number of currently installed plugins
$res = sql_query('SELECT * FROM ' . sql_table('plugin'));
$numCurrent = sql_num_rows($res);
// plugin will be added as last one in the list
$newOrder = $numCurrent + 1;
$manager->notify('PreAddPlugin', array('file' => &$name));
// do this before calling getPlugin (in case the plugin id is used there)
$query = 'INSERT INTO ' . sql_table('plugin') . ' (porder, pfile) VALUES (' . $newOrder . ',"' . sql_real_escape_string($name) . '")';
sql_query($query);
$iPid = sql_insert_id();
$manager->clearCachedInfo('installedPlugins');
// Load the plugin for condition checking and instalation
$plugin =& $manager->getPlugin($name);
// check if it got loaded (could have failed)
if (!$plugin) {
sql_query('DELETE FROM ' . sql_table('plugin') . ' WHERE pid=' . intval($iPid));
$manager->clearCachedInfo('installedPlugins');
$this->error(_ERROR_PLUGIN_LOAD);
}
// check if plugin needs a newer Nucleus version
if (getNucleusVersion() < $plugin->getMinNucleusVersion()) {
// uninstall plugin again...
$this->deleteOnePlugin($plugin->getID());
// ...and show error
$this->error(_ERROR_NUCLEUSVERSIONREQ . htmlspecialchars($plugin->getMinNucleusVersion()));
}
// check if plugin needs a newer Nucleus version
if (getNucleusVersion() == $plugin->getMinNucleusVersion() && getNucleusPatchLevel() < $plugin->getMinNucleusPatchLevel()) {
// uninstall plugin again...
$this->deleteOnePlugin($plugin->getID());
// ...and show error
$this->error(_ERROR_NUCLEUSVERSIONREQ . htmlspecialchars($plugin->getMinNucleusVersion() . ' patch ' . $plugin->getMinNucleusPatchLevel()));
}
$pluginList = $plugin->getPluginDep();
foreach ($pluginList as $pluginName) {
$res = sql_query('SELECT * FROM ' . sql_table('plugin') . ' WHERE pfile="' . $pluginName . '"');
if (sql_num_rows($res) == 0) {
// uninstall plugin again...
$this->deleteOnePlugin($plugin->getID());
$this->error(sprintf(_ERROR_INSREQPLUGIN, htmlspecialchars($pluginName, ENT_QUOTES)));
}
}
// call the install method of the plugin
$plugin->install();
$manager->notify('PostAddPlugin', array('plugin' => &$plugin));
// update all events
$this->action_pluginupdate();
}
/**
* Parse skinvar membermailform
*/
function parse_membermailform($rows = 10, $cols = 40, $desturl = '')
{
global $member, $CONF, $memberid;
if ($desturl == '') {
if ($CONF['URLMode'] == 'pathinfo') {
$desturl = createMemberLink($memberid);
} else {
$desturl = $CONF['IndexURL'] . createMemberLink($memberid);
}
}
$message = postVar('message');
$frommail = postVar('frommail');
$this->formdata = array('url' => htmlspecialchars($desturl), 'actionurl' => htmlspecialchars($CONF['ActionURL'], ENT_QUOTES), 'memberid' => $memberid, 'rows' => $rows, 'cols' => $cols, 'message' => htmlspecialchars($message, ENT_QUOTES), 'frommail' => htmlspecialchars($frommail, ENT_QUOTES));
if ($member->isLoggedIn()) {
$this->doForm('membermailform-loggedin');
} else {
if ($CONF['NonmemberMail']) {
$this->doForm('membermailform-notloggedin');
} else {
$this->doForm('membermailform-disallowed');
}
}
}
/**
* Called when a comment or member mail message is validated. We'll check if the
* provided captcha solution is correct here. If not, we'll return an error.
*/
function event_ValidateForm(&$data)
{
switch ($data['type']) {
case 'comment':
case 'membermail':
case 'activation':
break;
default:
return;
}
// initialize on first call
if (!$this->inited) {
$this->init_captcha();
}
// don't do anything when no GD libraries are available
if (!$this->isAvailable()) {
return;
}
global $member;
// captchas are not used for registered members
if ($member->isLoggedIn()) {
return;
}
// get key and attempted solution from request
$ver_key = postVar('ver_key');
$ver_sol = postVar('ver_sol');
// check if the solution matches what is in the database
if (!$this->check($ver_key, $ver_sol)) {
$data['error'] = $this->getOption('FailedMsg');
}
}
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the
* Free Software Foundation; either version 2 of the License, or (at your
* option) any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
* Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
require_once '../config.php';
$logfile = LACE_LOGDIR . postVar('log') . '.dat';
if (!file_exists($logfile)) {
$logfile = LACE_LOGFILE;
}
?>
<div id="subnav">
<?php
printLogList($logfile);
?>
</div>
<h4 id="windowTitle"><?php
echo LACE_SITE_NAME;
?>
Logs</h4>
function _skinfiles_editfile_process()
{
global $manager;
$skinfiles = $manager->getPlugin('NP_SkinFiles');
$file = _skinfiles_basename(trim(requestVar('file')));
$directory = dirname(trim(requestVar('file')));
$directory = sfExpandDirectory($directory);
if (requestVar('sure') == 'yes') {
if (sfValidPath($directory) && file_exists($directory . $file) && is_file($directory . $file) && is_writable($directory . $file) && sfAllowEditing($file)) {
if ($skinfiles->getOption('generate_backup') == 'yes') {
copy($directory . $file, $directory . $skinfiles->getOption('backup_prefix') . $file);
}
$content = postVar('content');
$success = false;
if ($fh = @fopen($directory . $file, 'wb')) {
if (@fwrite($fh, $content) !== false) {
$success = true;
}
@fclose($fh);
}
if ($success) {
echo "<p class='message'>" . _SKINFILES_ERR_EDIT_FILE4 . "«" . htmlspecialchars($file) . "» " . _SKINFILES_ERR_EDIT_FILE5 . "</p>";
} else {
echo "<p class='error'>" . _SKINFILES_ERR_EDIT_FILE6 . "«" . htmlspecialchars($file) . "» " . _SKINFILES_ERR_EDIT_FILE7 . "</p>";
}
/* begin modification by katsumi */
if ($success && strlen($content) == 0) {
_skinfiles_delbutton('file', trim(requestVar('file')));
}
/* end modification */
_skinfiles_editfile();
} else {
echo "<p class='error'>" . _SKINFILES_ERR_EDIT_FILE1 . "«" . htmlspecialchars($file) . "» " . _SKINFILES_ERR_EDIT_FILE2;
echo _SKINFILES_ERR_EDIT_FILE3 . "</p>";
}
} else {
// User cancelled
sfShowDirectory($directory);
}
}
/**
* Sends a new password
*/
function forgotPassword()
{
$membername = trim(postVar('name'));
if (!MEMBER::exists($membername)) {
doError(_ERROR_NOSUCHMEMBER);
}
$mem = MEMBER::createFromName($membername);
/* below keeps regular users from resetting passwords using forgot password feature
Removing for now until clear why it is required.*/
/*if (!$mem->canLogin())
doError(_ERROR_NOLOGON_NOACTIVATE);*/
// check if e-mail address is correct
if (!($mem->getEmail() == postVar('email'))) {
doError(_ERROR_INCORRECTEMAIL);
}
// send activation link
$mem->sendActivationLink('forgot');
if (postVar('url')) {
redirect(postVar('url'));
} else {
// header ("Content-Type: text/html; charset="._CHARSET);
sendContentType('text/html', '', _CHARSET);
echo _MSG_ACTIVATION_SENT;
echo '<br /><br />Return to <a href="' . $CONF['IndexURL'] . '" title="' . $CONF['SiteName'] . '">' . $CONF['SiteName'] . '</a>';
}
exit;
}
<?php
include 'default.php';
$db = getDB();
$name = postVar('name');
$email = postVar('email');
$steamProfileLink = postVar('steamProfileLink');
$desc = postVar('desc');
if (is_null($name) || is_null($email) || is_null($steamProfileLink) || is_null($desc)) {
echo jsonErr('One of the required fields was left blank or not sent correctly.');
return;
}
# Check steam profile link to make sure it is valid
if (!filter_var($steamProfileLink, FILTER_VALIDATE_URL)) {
echo jsonErr('Your steam profile link was not a valid url.');
return;
}
# Add to support database table
$stmt = $db->prepare('INSERT INTO support (name, email, steamProfileLink, desc, date, time) VALUES (:name, :email, :steamProfileLink, :desc, CURDATE(), CURTIME())');
$stmt->bindValue(':name', $name);
$stmt->bindValue(':email', $email);
$stmt->bindValue(':steamProfileLink', $steamProfileLink);
$stmt->bindValue(':desc', $desc);
$stmt->execute();
# Send email to our email
$to = '*****@*****.**';
$subject = 'Support Ticket Submitted';
$message = "A support ticket has been sent.\n\nName: {$name}\nEmail: {$email}\nProfile link: {$steamProfileLink}\nDescription: {$desc}";
mail($to, $subject, $message);
# Send email to user confirming their support ticket
$subject = 'Support ticket received';
/**
* Tries to create an draft from the data in the current request (comes from
* bookmarklet or admin area
*
* Returns an array with status info:
* status = 'added', 'error', 'newcategory'
*
* @static
*
* Used by xmlHTTPRequest AutoDraft
*/
function createDraftFromRequest()
{
global $member, $manager;
$i_author = $member->getID();
$i_body = postVar('body');
$i_title = postVar('title');
$i_more = postVar('more');
if (strtoupper(_CHARSET) != 'UTF-8') {
$i_body = mb_convert_encoding($i_body, _CHARSET, "UTF-8");
$i_title = mb_convert_encoding($i_title, _CHARSET, "UTF-8");
$i_more = mb_convert_encoding($i_more, _CHARSET, "UTF-8");
}
//$i_actiontype = postVar('actiontype');
$i_closed = intPostVar('closed');
//$i_hour = intPostVar('hour');
//$i_minutes = intPostVar('minutes');
//$i_month = intPostVar('month');
//$i_day = intPostVar('day');
//$i_year = intPostVar('year');
$i_catid = postVar('catid');
$i_draft = 1;
$type = postVar('type');
if ($type == 'edit') {
$i_blogid = getBlogIDFromItemID(intPostVar('itemid'));
} else {
$i_blogid = intPostVar('blogid');
}
$i_draftid = intPostVar('draftid');
if (!$member->canAddItem($i_catid)) {
return array('status' => 'error', 'message' => _ERROR_DISALLOWED);
}
if (!trim($i_body)) {
return array('status' => 'error', 'message' => _ERROR_NOEMPTYITEMS);
}
// create new category if needed
if (strstr($i_catid, 'newcat')) {
// Set in default category
$blog =& $manager->getBlog($i_blogid);
$i_catid = $blog->getDefaultCategory();
} else {
// force blogid (must be same as category id)
$i_blogid = getBlogIDFromCatID($i_catid);
$blog =& $manager->getBlog($i_blogid);
}
$posttime = 0;
if ($i_draftid > 0) {
ITEM::update($i_draftid, $i_catid, $i_title, $i_body, $i_more, $i_closed, 1, 0, 0);
$itemid = $i_draftid;
} else {
$itemid = $blog->additem($i_catid, $i_title, $i_body, $i_more, $i_blogid, $i_author, $posttime, $i_closed, $i_draft);
}
// No plugin support in AutoSaveDraft yet
//Setting the itemOptions
//$aOptions = requestArray('plugoption');
//NucleusPlugin::_applyPluginOptions($aOptions, $itemid);
//$manager->notify('PostPluginOptionsUpdate',array('context' => 'item', 'itemid' => $itemid, 'item' => array('title' => $i_title, 'body' => $i_body, 'more' => $i_more, 'closed' => $i_closed, 'catid' => $i_catid)));
// success
return array('status' => 'added', 'draftid' => $itemid);
}
<?php
require HTMLView::pathForTemplate('layout.head');
?>
<body>
<div class="container">
<h1>Register</h1>
<form method="post" style="text-align: center;">
<?php
if (isset($alert)) {
$alert->renderHTML();
}
?>
<?php
CSRFPRotection::generateHTMLTag();
?>
<p><input type="text" name="email" placeholder="Email Address" value="<?php
postVar('email');
?>
"></p>
<p><input type="password" name="password" placeholder="Password"></p>
<p><button type="submit">Submit</button></p>
</form>
<p><a href="<?php
echo RouteController::fqURL('user.login');
?>
">Login</a></p>
</div>
</body>
</html>
/**
* laceListener()
*
* Checks POST variables for incoming messages or
* update requests.
*/
function laceListener($fromListener = true)
{
$cookie_name = cookieVar(LACE_NAME_COOKIE, false);
$post_name = postVar('name', false);
// name
$post_text = postVar('text', false);
// text
if ($post_name !== false && $post_text !== false) {
if (validateSession() === false) {
return '"chat":{"nodata":"1"}';
}
if (isFlooding() === true) {
return '"chat":{"nodata":"1"}';
}
$message = prepareMessage($post_name, $post_text);
if ($message !== false) {
if ($cookie_name && $cookie_name != $post_name) {
addNameChange($cookie_name, $post_name);
} else {
global $A;
// Activity object
joinMessage($post_name);
$A->update($post_name);
}
// Reset $name just in case it has been changed
global $name;
$name = $post_name;
setcookie(LACE_NAME_COOKIE, $post_name, time() + 259200, LACE_URL_REL);
addMessage($message);
}
}
if ($fromListener) {
$chatHash = postVar('chatHash', false);
if ($chatHash) {
$hash = getMessageHash();
if (validateSession() === false || $chatHash == $hash) {
return '"chat":{"nodata":""}';
}
$json = '"chat":{"hash":"' . $hash . '","data":"';
$json .= addslashes(str_replace("\n", "", printFileContentsHTML())) . '"}';
return $json;
}
return '"chat":{"nodata":""}';
}
return '"chat":{"nodata":""}';
}
public function event_PostRegister(&$data)
{
if ($this->enable_security == 'yes') {
$password = postVar('password');
if (postVar('action') == 'memberadd') {
$message = $this->_validate_and_messsage($password, $this->pwd_min_length, $this->pwd_complexity);
if ($message) {
$errormessage = _SECURITYENFORCER_ACCOUNT_CREATED . $message . "<br /><br />\n";
global $admin;
$admin->error($errormessage);
}
}
}
return;
}
<?php
include 'default.php';
$name = postVar('name');
$price = postVar('price');
$link = postVar('link');
if (is_null($name) || is_null($price) || is_null($link)) {
echo jsonErr('One of the required fields was not send correctly.');
return;
}
$to = '*****@*****.**';
$subject = 'New Item Ticket';
$message = "A new item ticket has been submitted.\nName: {$name}\nPrice: {$price}\nLink: {$link}\n";
mail($to, $subject, $message);
echo jsonSuccess(array('message' => 'Your ticket has successfully been submitted. Thank you!'));
function _linklist_delete()
{
$type = postVar('type');
$msg = _linklist_doDelete($type);
_linklist_index($msg);
}
* 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
// Initialize the form's name value to
// be overridden during session init.
global $name;
$name = '';
require_once 'common.php';
if ($name == '') {
$name = getName();
}
// This is only ever used if XMLHttpRequest is
// not accessible (JavaScript disabled, etc.)
// Otherwise, Lace just passes through it unaffected.
laceListener(false);
// Front Controller dirty work
$op = postVar('op', false);
switch ($op) {
case 'log':
$id = 'log';
$include = 'log.inc.php';
$title = LACE_SITE_NAME . ' Logs';
break;
case 'help':
$id = 'help';
$include = 'help.inc.php';
$title = LACE_SITE_NAME . ' Tips';
break;
default:
if ($_SERVER['REQUEST_URI'] != LACE_URL_REL && $_SERVER['REQUEST_URI'] != LACE_URL_REL . basename(__FILE__)) {
// Redirect invalid URLs to the main page
header('Location: ' . LACE_URL_ABS);
