function plugin_aaspam_validate($bool, $arr) { // if boolean $bool==false // the test is forced to fail if (!$bool) { return false; } // if user is loggedin we ignore the plugin if (user_loggedin()) { return true; } // get the value and reset last saved, so that // an attacker can't use the old one for multiple posting $v = sess_remove('aaspam'); // we get the array stored in session: // if it evaluated to false value (e.g. is null) test fails if (!$v) { return false; } // we test the result wether match user input if (!($ret = $_POST['aaspam'] == $v)) { global $smarty; $lang = lang_load('plugin:accessibleantispam'); $smarty->append('error', $lang['plugin']['accessibleantispam']['error']); } if (AASPAM_DEBUG && ($f = @fopen(AASPAM_LOG, 'a'))) { $arr['aaspam-q'] = $_POST['aaspam']; $arr['aaspam-a'] = $v; $arr['SUCCESS'] = $ret; $s = date('r') . "|" . session_id() . '|' . utils_kimplode($arr) . "\r\n"; @fwrite($f, $s); @fclose($f); } return $ret; }
function user_get($userid = null) { if ($userid == null && ($user = user_loggedin())) { return $user; } if (!preg_match('![/\\.]!', $userid) && file_exists($f = USERS_DIR . $userid . ".php")) { include $f; return $user; } }
function main() { global $lang, $smarty; if (user_loggedin()) { if (isset($_GET['do']) && $_GET['do'] == 'logout') { user_logout(); function myredirect() { login_redirect('index.php'); } add_filter('wp_head', 'myredirect'); $content = SHARED_TPLS . 'login_success.tpl'; } elseif (user_loggedin()) { function myredirect() { login_redirect('index.php'); } add_filter('wp_head', 'myredirect'); $content = SHARED_TPLS . 'login_success.tpl'; } else { utils_redirect(); } } elseif (sess_remove('logout_done')) { function myredirect() { login_redirect('index.php'); } add_filter('wp_head', 'myredirect'); $content = SHARED_TPLS . 'login_success.tpl'; } elseif (empty($_POST)) { $content = SHARED_TPLS . 'login.tpl'; } else { // validate after a POST if (login_validate()) { utils_redirect('login.php'); } else { $smarty->assign($_POST); $content = SHARED_TPLS . 'login.tpl'; } } // Set page title and content // first parameter is Title, second is content. // Content can be both a shared tpl or raw html content; in this last case // you have to set the third optional parameter to true $smarty->assign('subject', $lang['login']['head']); $smarty->assign('content', $content); }
function index_staticpage($page, $explicit_req, &$params, &$module) { global $smarty, $title; if (static_exists($page)) { $arr = static_parse($page); $title = $arr['subject']; if ($explicit_req) { add_filter('wp_title', 'index_gentitle', 1, 2); } $smarty->assign('static_id', $page); $smarty->assign('static_page', $arr); return $module = 'static.tpl'; } if (user_loggedin()) { utils_redirect('admin.php?p=static&action=write&page=' . $page); } else { $module = index_404error(); } return $module; }
function plugin_lastentries_widget() { global $fpdb; // load plugin strings // they're located under plugin.PLUGINNAME/lang/LANGID/ $lang = lang_load('plugin:lastentries'); $num = 10; #################### /* $queryId = $fpdb->query("fullparse:false,start:0,count:$num"); $fpdb->doquery($queryId); $fpdb->getQuery */ $q = new FPDB_Query(array('fullparse' => false, 'start' => 0, 'count' => $num), null); $string = '<ul>'; $count = 0; while ($q->hasmore()) { list($id, $entry) = $q->getEntry(); $link = get_permalink($id); $string .= '<li>'; $admin = BLOG_BASEURL . "admin.php?p=entry&entry="; if (user_loggedin()) { // if loggedin prints a "edit" link $string .= "<a href=\"{$admin}{$id}\">[" . $lang['plugin']['lastentries']['edit'] . "]</a>"; } $string .= "<a href=\"{$link}\">{$entry['subject']}</a></li>\n"; $count++; } if ($string == '<ul>') { $string .= '<li><a href="admin.php?p=entry&action=write">' . $lang['plugin']['lastentries']['add_entry'] . '</a></li>'; $subject = $lang['plugin']['lastentries']['no_entries']; } else { $subject = $lang['plugin']['lastentries']['subject_before_count'] . $count . $lang['plugin']['lastentries']['subject_after_count']; } $string .= '</ul>'; $widget = array(); $widget['subject'] = $subject; $widget['content'] = $string; return $widget; }
function plugin_adminarea_widget() { // load plugin strings // they're located under plugin.PLUGINNAME/lang/LANGID/ $lang = lang_load('plugin:adminarea'); $baseurl = BLOG_BASEURL; if ($user = user_loggedin()) { $userid = $user['userid']; $string = <<<END \t\t<p>{$lang['plugin']['adminarea']['welcome']} <strong>{$userid}</strong> !</p> \t\t<ul> \t\t<li><a href="{$baseurl}admin.php">{$lang['plugin']['adminarea']['admin_panel']}</a></li> \t\t<li><a href="{$baseurl}admin.php?p=entry&action=write">{$lang['plugin']['adminarea']['add_entry']}</a></li> \t\t<li><a href="{$baseurl}login.php?do=logout">{$lang['plugin']['adminarea']['logout']}</a></li> \t\t</ul> END; } else { $string = '<ul><li><a href="' . $baseurl . 'login.php">Login</a></li></ul>'; } $entry['subject'] = $lang['plugin']['adminarea']['subject']; $entry['content'] = $string; return $entry; }
function plugin_postviews_calc($id, $calc) { $dir = entry_dir($id); if (!$dir) { return; } $f = $dir . '/view_counter' . EXT; $v = io_load_file($f); if ($v === false) { $v = 0; } elseif ($v < 0) { // file was locked. Do not increase views. // actually on file locks system should hang, so // this should never happen $v = 0; $calc = false; } if ($calc && !user_loggedin()) { $v++; io_write_file($f, $v); } return $v; }
<?php session_start(); require_once 'databaseconnection.php'; include 'includes/sc-includes.php'; if (!user_loggedin()) { header('Location:index.php'); } ?> <?php if (isset($_GET['err'])) { echo $_GET['err']; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Blue Marble Theme - Free CSS Template</title> <meta name="keywords" content="blue, marble, design, theme, web, free templates, website templates, CSS, HTML" /> <meta name="description" content="Blue Marble Theme is a free website template provided by templatemo.com" /> <link href="templatemo_style.css" rel="stylesheet" type="text/css" /> <link rel="stylesheet" href="nivo-slider.css" type="text/css" media="screen" /> <script src="js/jquery.min.js" type="text/javascript"></script> <script src="js/jquery.nivo.slider.js" type="text/javascript"></script> <script type="text/javascript"> $(window).load(function() {
function theme_init(&$smarty) { /* &$mode */ global $fp_config, $lang, $theme, $fp_params; // avoid compiled tpl collision (i.e. change theme without this and cry) $smarty->compile_id = md5($fp_config['general']['theme']); $smarty->template_dir = ABS_PATH . THEMES_DIR . $fp_config['general']['theme'] . '/'; $loggedin = user_loggedin(); $flatpress = $fp_config['general']; // retained for compatibility // todo: ugly, clean this up // smarty has constant facilities included ^_^ //$flatpress['FP_INTERFACE'] = FP_INTERFACE; //$flatpress['BLOGURL'] = BLOG_BASEURL; $flatpress['loggedin'] = $loggedin; if ($loggedin) { $flatpress['user'] = user_get(); } // useful shorthand for themes // e.g. {$flatpress.themeurl}imgs/myimage.png if (isset($fp_config['general']['style'])) { $themeurl = theme_style_geturl($fp_config['general']['style']); } else { $themeurl = theme_geturl(); } $flatpress['themeurl'] = $themeurl; $flatpress['params'] = $fp_params; $flatpress_upper = array_change_key_case($flatpress, CASE_UPPER); $flatpress = array_merge($flatpress, $flatpress_upper); $smarty->assign('flatpress', $flatpress); $smarty->assign('lang', $lang); $smarty->assign('blogtitle', $fp_config['general']['title']); $smarty->assign('pagetitle', apply_filters('wp_title', "", '«')); $smarty->assign_by_ref('fp_config', $fp_config); $smarty->register_modifier('tag', 'theme_apply_filters_wrapper'); $smarty->register_modifier('link', 'theme_apply_filters_link_wrapper'); $smarty->register_modifier('filed', 'theme_entry_categories'); if (!isset($fp_params['feed']) || empty($fp_params['feed'])) { $smarty->register_modifier('date_format_daily', 'theme_smarty_modifier_date_format_daily'); $smarty->register_modifier('date_format', 'theme_date_format'); } $smarty->register_modifier('date_rfc3339', 'theme_smarty_modifier_date_rfc3339'); $smarty->register_function('action', 'theme_smarty_function_action'); do_action('theme_init'); }
function main() { // general setup global $panel, $action, $lang, $smarty, $fp_admin, $fp_admin_action; $panels = admin_getpanels(); $panel = isset($_GET['p']) ? $_GET['p'] : $panels[0]; define('ADMIN_PANEL', $panel); $smarty->assign('panel', $panel); if (!admin_panelexists($panel)) { trigger_error('Requested panel does not exists!', E_USER_ERROR); } $panelprefix = "admin.{$panel}"; $panelpath = ADMIN_DIR . "panels/{$panel}/{$panelprefix}.php"; $fp_admin = null; if (file_exists($panelpath)) { include $panelpath; $panelclass = "admin_{$panel}"; if (!class_exists($panelclass)) { trigger_error("No class defined for requested panel", E_USER_ERROR); } $fp_admin = new $panelclass($smarty); } /* check if user is loggedin */ if (!user_loggedin()) { utils_redirect("login.php"); die; } $action = isset($_GET['action']) ? $_GET['action'] : 'default'; if (!$fp_admin) { return; } $fp_admin_action = $fp_admin->get_action($action); define('ADMIN_PANEL_ACTION', $action); $smarty->assign('action', $action); $panel_url = BLOG_BASEURL . "admin.php?p={$panel}"; $action_url = $panel_url . "&action={$action}"; $smarty->assign('panel_url', $panel_url); $smarty->assign('action_url', $action_url); if (!empty($_POST)) { check_admin_referer("admin_{$panel}_{$action}"); } $smarty->assign('success', sess_remove("success_{$panel}")); $retval = $fp_admin_action->exec(); if ($retval > 0) { // if has REDIRECT option // clear postdata by a redirect sess_add("success_{$panel}", $smarty->get_template_vars('success')); $smarty->get_template_vars('success'); $to_action = $retval > 1 ? '&action=' . $action : ''; $with_mod = isset($_GET['mod']) ? '&mod=' . $_GET['mod'] : ''; $with_arguments = ''; if ($retval == PANEL_REDIRECT_CURRENT) { foreach ($fp_admin_action->args as $mandatory_argument) { $with_arguments .= '&' . $mandatory_argument . '=' . $_REQUEST[$mandatory_argument]; } } $url = "admin.php?p={$panel}{$to_action}{$with_mod}{$with_arguments}"; utils_redirect($url); } $smarty->register_modifier('action_link', 'admin_filter_action'); $smarty->register_modifier('cmd_link', 'admin_filter_command'); }
/** * Smarty {admincontrols}{/admincontrols} block plugin * * Type: block function<br /> * Name: admincontrols<br /> * Purpose: automatically show/hides admin controls<br /> * @author NoWhereMan <monte at ohrt dot com> * @return string string $content if loggedin */ function smarty_block_admincontrols($params, $content, &$smarty) { if (user_loggedin()) { return $content; } }
function commentform() { global $smarty, $lang, $fpdb, $fp_params; $comment_formid = 'fp-comments'; $smarty->assign('comment_formid', $comment_formid); if (!empty($_POST)) { # utils_nocache_headers(); // add http to url if (!empty($_POST['url']) && strpos($_POST['url'], 'http://') === false) { $_POST['url'] = 'http://' . $_POST['url']; } // custom hook here!! if ($arr = comment_validate()) { global $fp_config; $id = comment_save($fp_params['entry'], $arr); do_action('comment_post', $fp_params['entry'], array($id, $arr)); $q = new FPDB_Query(array('id' => $fp_params['entry'], 'fullparse' => false), null); list($entryid, $e) = $q->getEntry(); if ($fp_config['general']['notify'] && !user_loggedin()) { global $post; $comm_mail = isset($arr['email']) ? "<{$arr['email']}>" : ''; $from_mail = $fp_config['general']['email']; $post = $e; // plugin such as prettyurls might need this... $lang = lang_load('comments'); $mail = str_replace(array('%toname%', '%fromname%', '%frommail%', '%entrytitle%', '%commentlink%', '%content%', '%blogtitle%'), array($fp_config['general']['author'], $arr['name'], $comm_mail, $e['subject'], get_comments_link($entryid) . '#' . $id, $arr['content'], $fp_config['general']['title']), $lang['comments']['mail']); @utils_mail($from_mail, "New comment on {$fp_config['general']['title']}", $mail); } // if comment is valid, this redirect will clean the postdata $location = str_replace('&', '&', get_comments_link($entryid)) . '#' . $id; utils_redirect($location, true); exit; } else { $smarty->assign('values', $_POST); } } // Cookies $smarty->assign('cookie', array('name' => @$_COOKIE['comment_author_' . COOKIEHASH], 'email' => @$_COOKIE['comment_author_email_' . COOKIEHASH], 'url' => @$_COOKIE['comment_author_url_' . COOKIEHASH])); }
function system_init() { system_sanitizequery(); system_unregister_globals(); system_prepare_iis(); $GLOBALS['fpdb'] = new FPDB(); $GLOBALS['fp_widgets'] = new widget_indexer(); $GLOBALS['smarty'] =& $GLOBALS['_FP_SMARTY']; $smarty =& $GLOBALS['smarty']; $GLOBALS['fp_config'] = config_load(); cookie_setup(); sess_setup(); user_loggedin(); ob_start(); $GLOBALS['theme'] = theme_loadsettings(); $GLOBALS['lang'] = lang_load(); plugin_loadall(); // init smarty $smarty->compile_dir = CACHE_DIR; $smarty->cache_dir = SMARTY_DIR . 'cache/'; $smarty->caching = 0; do_action('init'); ob_end_clean(); }