function init()
{
// Cannot edit with a "remember me" login.
if ($_SESSION["cookie_login"]) {
header('Location: ' . encode_url("login.php?type=simple&url=" . urlencode("edit_interface.php?" . decode_url($QUERY_STRING)), false));
exit;
}
// Coming soon ???
$this->has_familysearch = file_exists('modules/FamilySearch/familySearchWrapper.php');
if ($this->has_familysearch) {
require_once 'modules/FamilySearch/familySearchWrapper.php';
}
// The PID can come from a URL or a form
$this->pid = safe_REQUEST($_REQUEST, 'pid', PGV_REGEX_XREF);
$this->person = Person::getInstance($this->pid);
$this->server_list = get_server_list();
$this->gedcom_list = get_all_gedcoms();
unset($this->gedcom_list[PGV_GED_ID]);
// Other input values come from the form
$this->form_txtPID = safe_POST('txtPID', PGV_REGEX_XREF);
$this->form_cbRelationship = safe_POST('cbRelationship');
$this->form_location = safe_POST('location');
$this->form_txtURL = safe_POST('txtURL', PGV_REGEX_URL);
$this->form_txtTitle = safe_POST('txtTitle', '[^<>"%{};]+');
$this->form_txtGID = safe_POST('txtGID', $this->gedcom_list);
$this->form_txtUsername = safe_POST('txtUsername', PGV_REGEX_USERNAME);
$this->form_txtPassword = safe_POST('txtPassword', PGV_REGEX_PASSWORD);
$this->form_cbExistingServers = safe_POST('cbExistingServers', array_keys($this->server_list));
$this->form_txtCB_Title = safe_POST('txtCB_Title', '[^<>"%{};]+');
$this->form_txtCB_GID = safe_POST('txtCB_GID', $this->gedcom_list);
$this->form_txtFS_URL = safe_POST('txtFS_URL', PGV_REGEX_URL);
$this->form_txtFS_Title = safe_POST('txtFS_Title', '[^<>"%{};]+');
$this->form_txtFS_GID = safe_POST('txtFS_GID', $this->gedcom_list);
$this->form_txtFS_Username = safe_POST('txtFS_Username', PGV_REGEX_USERNAME);
$this->form_txtFS_Password = safe_POST('txtFS_Password', PGV_REGEX_PASSWORD);
if (is_null($this->form_location)) {
if ($this->server_list) {
$this->form_location = 'existing';
} else {
$this->form_location = 'remote';
}
}
}
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* @package PhpGedView
* @subpackage Languages
* @version $Id: changelanguage.php 6879 2010-01-30 11:35:46Z fisharebest $
*/
define('PGV_SCRIPT_NAME', 'changelanguage.php');
require './config.php';
loadLangFile("pgv_confighelp");
//-- make sure that they have admin status before they can use this page
//-- otherwise have them login again
if (!PGV_USER_IS_ADMIN) {
header("Location: login.php?url=changelanguage.php");
exit;
}
$action = safe_REQUEST($_REQUEST, 'action', PGV_REGEX_UNSAFE);
if (!isset($action) or $action == "") {
$action = "editold";
}
switch ($action) {
case "addnew":
$helpindex = "add_new_language_help";
print_header($pgv_lang["add_new_language"]);
break;
case "editold":
default:
print_header($pgv_lang["config_lang_utility"]);
}
print PGV_JS_START;
print "var helpWin;";
print "function showchanges() {";
// TODO use GET/POST, rather than $_REQUEST
// TODO decide what validation is required on these input parameters
$pid = safe_REQUEST($_REQUEST, 'pid', PGV_REGEX_XREF);
$mid = safe_REQUEST($_REQUEST, 'mid', PGV_REGEX_XREF);
$gid = safe_REQUEST($_REQUEST, 'gid', PGV_REGEX_XREF);
$linktoid = safe_REQUEST($_REQUEST, 'linktoid', PGV_REGEX_XREF);
$action = safe_REQUEST($_REQUEST, 'action', PGV_REGEX_NOSCRIPT, 'showmediaform');
$folder = safe_REQUEST($_REQUEST, 'folder', PGV_REGEX_UNSAFE);
$oldFolder = safe_REQUEST($_REQUEST, 'oldFolder', PGV_REGEX_UNSAFE);
$filename = safe_REQUEST($_REQUEST, 'filename', PGV_REGEX_UNSAFE);
$oldFilename = safe_REQUEST($_REQUEST, 'oldFilename', PGV_REGEX_UNSAFE, $filename);
$level = safe_REQUEST($_REQUEST, 'level', PGV_REGEX_UNSAFE);
$text = safe_REQUEST($_REQUEST, 'text', PGV_REGEX_UNSAFE);
$tag = safe_REQUEST($_REQUEST, 'tag', PGV_REGEX_UNSAFE);
$islink = safe_REQUEST($_REQUEST, 'islink', PGV_REGEX_UNSAFE);
$glevels = safe_REQUEST($_REQUEST, 'glevels', PGV_REGEX_UNSAFE);
$update_CHAN = !safe_POST_bool('preserve_last_changed');
$filename = decrypt($filename);
$oldFilename = decrypt($oldFilename);
print_simple_header($pgv_lang["add_media_tool"]);
$disp = true;
if (empty($pid) && !empty($mid)) {
$pid = $mid;
}
if (!empty($pid)) {
if (!isset($pgv_changes[$pid . "_" . $GEDCOM])) {
$gedrec = find_media_record($pid);
} else {
$gedrec = find_updated_record($pid);
}
$disp = displayDetailsById($pid, "OBJE");
loadLangFile("pgv_confighelp");
require PGV_ROOT . 'includes/functions/functions_editlang.php';
//-- make sure that they have admin status before they can use this page
//-- otherwise have them login again
if (!PGV_USER_IS_ADMIN) {
echo "Please close this window and do a Login in the former window first...";
exit;
}
$lang_filename = safe_REQUEST($_REQUEST, 'lang_filename', PGV_REGEX_NOSCRIPT, '');
$file_type = safe_REQUEST($_REQUEST, 'file_type', PGV_REGEX_NOSCRIPT, '');
$language2 = safe_REQUEST($_REQUEST, 'language2', PGV_REGEX_NOSCRIPT, '');
$ls01 = safe_REQUEST($_REQUEST, 'ls01', PGV_REGEX_NOSCRIPT, '');
$ls02 = safe_REQUEST($_REQUEST, 'ls02', PGV_REGEX_NOSCRIPT, '');
$lang_filename_orig = safe_REQUEST($_REQUEST, 'lang_filename_orig', PGV_REGEX_NOSCRIPT, '');
$action = safe_REQUEST($_REQUEST, 'action', PGV_REGEX_NOSCRIPT, '');
$anchor = safe_REQUEST($_REQUEST, 'anchor', PGV_REGEX_NOSCRIPT, '');
print_simple_header($pgv_lang["editlang"]);
echo PGV_JS_START, "self.focus();", PGV_JS_END;
switch ($file_type) {
case "facts":
$lang_filename = $factsfile[$language2];
$lang_filename_orig = $factsfile["english"];
break;
case "configure_help":
$lang_filename = $confighelpfile[$language2];
$lang_filename_orig = $confighelpfile["english"];
break;
case "help_text":
$lang_filename = $helptextfile[$language2];
$lang_filename_orig = $helptextfile["english"];
break;
*/
define('PGV_SCRIPT_NAME', 'editnews.php');
require './config.php';
$useFCK = file_exists(PGV_ROOT . 'modules/FCKeditor/fckeditor.php');
if ($useFCK) {
require PGV_ROOT . 'modules/FCKeditor/fckeditor.php';
}
if (!PGV_USER_ID) {
print_simple_header("");
print $pgv_lang["access_denied"];
print_simple_footer();
exit;
}
$action = safe_GET('action', array('compose', 'save', 'delete'), 'compose');
$news_id = safe_GET('news_id');
$username = safe_REQUEST($_REQUEST, 'username');
$date = safe_POST('date', PGV_REGEX_UNSAFE);
$title = safe_POST('title', PGV_REGEX_UNSAFE);
$text = safe_POST('text', PGV_REGEX_UNSAFE);
print_simple_header($pgv_lang["edit_news"]);
if (empty($username)) {
$username = $GEDCOM;
}
if ($action == "compose") {
print '<span class="subheaders">' . $pgv_lang["edit_news"] . '</span>';
?>
<script language="JavaScript" type="text/javascript">
function checkForm(frm) {
if (frm.title.value=="") {
alert('<?php
print $pgv_lang["enter_title"];
}
if (isset($_FILES['thumbnail'])) {
if (!move_uploaded_file($_FILES['thumbnail']['tmp_name'], $MEDIA_DIRECTORY . "thumbs/" . $_FILES['thumbnail']['name'])) {
$error .= "\nERROR 19: " . $pgv_lang["upload_error"] . " " . file_upload_error_text($_FILES['thumbnail']['error']);
}
}
if (!empty($error)) {
addDebugLog($action . " {$error}");
print $error . "\n";
} else {
addDebugLog($action . " SUCCESS");
print "SUCCESS\n";
}
exit;
case 'getchanges':
$lastdate = new GedcomDate(safe_REQUEST($_REQUEST, 'date', '\\d\\d \\w\\w\\w \\d\\d\\d\\d'));
if ($lastdate->isOK()) {
if ($lastdate->MinJD() < server_jd() - 180) {
addDebugLog($action . " ERROR 24: You cannot retrieve updates for more than 180 days.");
print "ERROR 24: You cannot retrieve updates for more than 180 days.\n";
} else {
print "SUCCESS\n";
foreach (get_recent_changes($lastdate->MinJD()) as $xref) {
echo "{$xref}\n";
}
}
} else {
addDebugLog($action . " ERROR 23: Invalid date parameter. Please use a valid date in the GEDCOM format DD MMM YYYY.");
print "ERROR 23: Invalid date parameter. Please use a valid date in the GEDCOM format DD MMM YYYY.\n";
}
exit;
function safe_COOKIE($var, $regex = PGV_REGEX_NOSCRIPT, $default = null)
{
return safe_REQUEST($_COOKIE, $var, $regex, $default);
}
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* @package PhpGedView
* @subpackage Admin
* @version $Id: editlang_edit_settings.php 6946 2010-03-23 02:51:54Z canajun2eh $
*/
define('PGV_SCRIPT_NAME', 'editlang_edit_settings.php');
require './config.php';
loadLangFile("pgv_confighelp");
$action = safe_REQUEST($_REQUEST, 'action', PGV_REGEX_UNSAFE);
$ln = safe_REQUEST($_REQUEST, 'ln', PGV_REGEX_UNSAFE);
$new_shortcut = safe_REQUEST($_REQUEST, 'new_shortcut', PGV_REGEX_UNSAFE);
$v_flagsfile = safe_REQUEST($_REQUEST, 'v_flagsfile', PGV_REGEX_UNSAFE);
$v_original_lang_name = safe_REQUEST($_REQUEST, 'v_original_lang_name', PGV_REGEX_UNSAFE);
$v_lang_shortcut = safe_REQUEST($_REQUEST, 'v_lang_shortcut', PGV_REGEX_UNSAFE);
if ($action == "" and $ln == "") {
header("Location: admin.php");
exit;
}
if ($action == "cancel") {
header("Location: changelanguage.php");
exit;
}
//-- make sure that they have admin status before they can use this page
//-- otherwise have them login again
if (!PGV_USER_IS_ADMIN) {
echo "Please close this window and do a Login in the former window first...";
exit;
}
// Create array with configured languages in gedcoms and users
if ($ENABLE_AUTOCOMPLETE) {
require PGV_ROOT . 'js/autocomplete.js.htm';
}
//-- only allow logged in users to access this page
if (!$ALLOW_EDIT_GEDCOM || !$USE_QUICK_UPDATE || !PGV_USER_ID) {
echo $pgv_lang["access_denied"];
print_simple_footer();
exit;
}
if (!isset($closewin)) {
$closewin = 0;
}
// TODO Decide whether to use GET/POST and appropriate validation
$pid = safe_REQUEST($_REQUEST, 'pid', PGV_REGEX_XREF, PGV_USER_GEDCOM_ID);
$action = safe_REQUEST($_REQUEST, 'action');
$closewin = safe_REQUEST($_REQUEST, 'closewin', '1', '0');
//-- only allow editors or users who are editing their own individual or their immediate relatives
if (!PGV_USER_CAN_EDIT) {
$famids = pgv_array_merge(find_sfamily_ids(PGV_USER_GEDCOM_ID), find_family_ids(PGV_USER_GEDCOM_ID));
$related = false;
foreach ($famids as $famid) {
if (!isset($pgv_changes[$famid . "_" . PGV_GEDCOM])) {
$famrec = find_family_record($famid, PGV_GED_ID);
} else {
$famrec = find_updated_record($famid, PGV_GED_ID);
}
if (preg_match("/1 (HUSB|WIFE|CHIL) @{$pid}@/", $famrec)) {
$related = true;
break;
}
}
global $PGV_IMAGES, $faqs;
// -- print html header information
print_header($pgv_lang["faq_list"]);
// -- Get all of the _POST variables we're interested in
$action = safe_REQUEST($_REQUEST, 'action', PGV_REGEX_UNSAFE, 'show');
$adminedit = safe_REQUEST($_REQUEST, 'adminedit', PGV_REGEX_UNSAFE, PGV_USER_GEDCOM_ADMIN);
$type = safe_REQUEST($_REQUEST, 'type', PGV_REGEX_UNSAFE);
$oldGEDCOM = safe_REQUEST($_REQUEST, 'oldGEDCOM', PGV_REGEX_UNSAFE);
$whichGEDCOM = safe_REQUEST($_REQUEST, 'whichGEDCOM', PGV_REGEX_UNSAFE);
$oldOrder = safe_REQUEST($_REQUEST, 'oldOrder', PGV_REGEX_UNSAFE);
$order = safe_REQUEST($_REQUEST, 'order', PGV_REGEX_UNSAFE);
$header = safe_REQUEST($_POST, 'header', PGV_REGEX_UNSAFE);
$body = safe_REQUEST($_POST, 'body', PGV_REGEX_UNSAFE);
$pidh = safe_REQUEST($_REQUEST, 'pidh', PGV_REGEX_UNSAFE);
$pidb = safe_REQUEST($_REQUEST, 'pidb', PGV_REGEX_UNSAFE);
$id = safe_REQUEST($_REQUEST, 'id', PGV_REGEX_UNSAFE);
// NOTE: Commit the faq data to the DB
if ($action == "commit") {
if (empty($whichGEDCOM)) {
$whichGEDCOM = $GEDCOM;
}
if (empty($oldGEDCOM)) {
$oldGEDCOM = $whichGEDCOM;
}
if (empty($order)) {
$order = 0;
}
switch ($type) {
case 'update':
$faqs = get_faq_data();
if (isset($faqs[$order]) && $order != $oldOrder) {
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* @package PhpGedView
* @subpackage Charts
* @version $Id: addremotelink.php 6879 2010-01-30 11:35:46Z fisharebest $
*/
define('PGV_SCRIPT_NAME', 'addremotelink.php');
require './config.php';
require PGV_ROOT . 'includes/controllers/remotelink_ctrl.php';
$controller = new RemoteLinkController();
$controller->init();
print_simple_header($pgv_lang['title_remote_link']);
$pid = safe_REQUEST($_REQUEST, 'pid', PGV_REGEX_XREF);
$action = safe_POST('action', array('addlink'));
//-- only allow gedcom admins to create remote links
if (!$controller->canAccess()) {
echo '<span class="error">', $pgv_lang['access_denied'], '<br />';
if (!PGV_USER_GEDCOM_ADMIN) {
echo $pgv_lang['user_cannot_edit'];
} else {
if (!$ALLOW_EDIT_GEDCOM) {
echo $pgv_lang['gedcom_editing_disabled'];
} else {
echo $pgv_lang['privacy_prevented_editing'];
if ($pid) {
echo '<br />', $pgv_lang['privacy_not_granted'], ' ', $pid;
}
}
$linenum = safe_REQUEST($_REQUEST, 'linenum', PGV_REGEX_UNSAFE);
$pid = safe_REQUEST($_REQUEST, 'pid', PGV_REGEX_XREF);
$famid = safe_REQUEST($_REQUEST, 'famid', PGV_REGEX_XREF);
$text = safe_REQUEST($_REQUEST, 'text', PGV_REGEX_UNSAFE);
$tag = safe_REQUEST($_REQUEST, 'tag', PGV_REGEX_UNSAFE);
$famtag = safe_REQUEST($_REQUEST, 'famtag', PGV_REGEX_UNSAFE);
$glevels = safe_REQUEST($_REQUEST, 'glevels', PGV_REGEX_UNSAFE);
$islink = safe_REQUEST($_REQUEST, 'islink', PGV_REGEX_UNSAFE);
$type = safe_REQUEST($_REQUEST, 'type', PGV_REGEX_UNSAFE);
$fact = safe_REQUEST($_REQUEST, 'fact', PGV_REGEX_UNSAFE);
$option = safe_REQUEST($_REQUEST, 'option', PGV_REGEX_UNSAFE);
$assist = safe_REQUEST($_REQUEST, 'assist', PGV_REGEX_UNSAFE);
$noteid = safe_REQUEST($_REQUEST, 'noteid', PGV_REGEX_UNSAFE);
$pid_array = safe_REQUEST($_REQUEST, 'pid_array', PGV_REGEX_XREF);
$pids_array_add = safe_REQUEST($_REQUEST, 'pids_array_add', PGV_REGEX_XREF);
$pids_array_edit = safe_REQUEST($_REQUEST, 'pids_array_edit', PGV_REGEX_XREF);
$update_CHAN = !safe_POST_bool('preserve_last_changed');
$uploaded_files = array();
// items for ASSO RELA selector :
$assokeys = array('attendant', 'attending', 'best_man', 'bridesmaid', 'buyer', 'circumciser', 'civil_registrar', 'employee', 'employer', 'foster_child', 'foster_father', 'foster_mother', 'friend', 'godfather', 'godmother', 'godparent', 'godson', 'goddaughter', 'godchild', 'guardian', 'informant', 'lodger', 'nanny', 'nurse', 'owner', 'priest', 'rabbi', 'registry_officer', 'seller', 'servant', 'slave', 'twin', 'twin_brother', 'twin_sister', 'ward', 'witness', '');
$assorela = array();
foreach ($assokeys as $indexval => $key) {
if (isset($pgv_lang["{$key}"])) {
$assorela["{$key}"] = $pgv_lang["{$key}"];
} else {
$assorela["{$key}"] = "? {$key}";
}
}
uasort($assorela, "stringsort");
print_simple_header('Edit Interface');
if ($ENABLE_AUTOCOMPLETE) {
// TODO work out whether to use GET/POST for these
// TODO decide what (if any) validation is required on these parameters
$action = safe_REQUEST($_REQUEST, 'action', PGV_REGEX_UNSAFE);
$linenum = safe_REQUEST($_REQUEST, 'linenum', PGV_REGEX_UNSAFE);
$pid = safe_REQUEST($_REQUEST, 'pid', PGV_REGEX_XREF);
$famid = safe_REQUEST($_REQUEST, 'famid', PGV_REGEX_XREF);
$text = safe_REQUEST($_REQUEST, 'text', PGV_REGEX_UNSAFE);
$tag = safe_REQUEST($_REQUEST, 'tag', PGV_REGEX_UNSAFE);
$famtag = safe_REQUEST($_REQUEST, 'famtag', PGV_REGEX_UNSAFE);
$glevels = safe_REQUEST($_REQUEST, 'glevels', PGV_REGEX_UNSAFE);
$islink = safe_REQUEST($_REQUEST, 'islink', PGV_REGEX_UNSAFE);
$type = safe_REQUEST($_REQUEST, 'type', PGV_REGEX_UNSAFE);
$fact = safe_REQUEST($_REQUEST, 'fact', PGV_REGEX_UNSAFE);
$option = safe_REQUEST($_REQUEST, 'option', PGV_REGEX_UNSAFE);
$assist = safe_REQUEST($_REQUEST, 'assist', PGV_REGEX_UNSAFE);
$noteid = safe_REQUEST($_REQUEST, 'noteid', PGV_REGEX_UNSAFE);
$update_CHAN = !safe_POST_bool('preserve_last_changed');
$uploaded_files = array();
// items for ASSO RELA selector :
$assokeys = array('attendant', 'attending', 'best_man', 'bridesmaid', 'buyer', 'circumciser', 'civil_registrar', 'employee', 'employer', 'foster_child', 'foster_father', 'foster_mother', 'friend', 'godfather', 'godmother', 'godparent', 'godson', 'goddaughter', 'godchild', 'guardian', 'informant', 'lodger', 'nanny', 'nurse', 'owner', 'priest', 'rabbi', 'registry_officer', 'seller', 'servant', 'slave', 'twin', 'twin_brother', 'twin_sister', 'ward', 'witness', '');
$assorela = array();
foreach ($assokeys as $indexval => $key) {
if (isset($pgv_lang["{$key}"])) {
$assorela["{$key}"] = $pgv_lang["{$key}"];
} else {
$assorela["{$key}"] = "? {$key}";
}
}
uasort($assorela, "stringsort");
print_simple_header('Edit Interface');
if ($ENABLE_AUTOCOMPLETE) {
