} $sql = sprintf("DELETE FROM %s WHERE cid = %u", $db->prefix("banner"), $cid); $db->query($sql); $sql = sprintf("DELETE FROM %s WHERE cid = %u", $db->prefix("bannerclient"), $cid); $db->query($sql); redirect_header("admin.php?fct=banners&op=BannersAdmin#top", 1, _AM_DBUPDATED); break; case "BannerClientEdit": $cid = isset($_GET['cid']) ? intval($_GET['cid']) : 0; if ($cid > 0) { BannerClientEdit($cid); } break; case "BannerClientChange": $cid = isset($_POST['cid']) ? intval($_POST['cid']) : 0; if ($cid <= 0 || !XoopsSingleTokenHandler::quickValidate('banners_ClientChange')) { redirect_header("admin.php?fct=banners&op=BannersAdmin#top"); } $name = isset($_POST['name']) ? trim($_POST['name']) : ''; $contact = isset($_POST['contact']) ? trim($_POST['contact']) : ''; $email = isset($_POST['email']) ? trim($_POST['email']) : ''; $login = isset($_POST['login']) ? trim($_POST['login']) : ''; $passwd = isset($_POST['passwd']) ? trim($_POST['passwd']) : ''; $extrainfo = isset($_POST['extrainfo']) ? trim($_POST['extrainfo']) : ''; $db =& Database::getInstance(); $myts =& MyTextSanitizer::getInstance(); $sql = sprintf("UPDATE %s SET name = %s, contact = %s, email = %s, login = %s, passwd = %s, extrainfo = %s WHERE cid = %d", $db->prefix("bannerclient"), $db->quoteString($myts->stripSlashesGPC($name)), $db->quoteString($myts->stripSlashesGPC($contact)), $db->quoteString($myts->stripSlashesGPC($email)), $db->quoteString($myts->stripSlashesGPC($login)), $db->quoteString($myts->stripSlashesGPC($passwd)), $db->quoteString($myts->stripSlashesGPC($extrainfo)), $cid); $db->query($sql); redirect_header("admin.php?fct=banners&op=BannersAdmin#top", 1, _AM_DBUPDATED); break; default:
$list .= ", <a href='" . XOOPS_URL . "/userinfo.php?uid={$id}' target='_blank'>" . htmlspecialchars($_POST['memberslist_uname'][$id]) . "</a>"; $hidden .= "<input type='hidden' name='memberslist_id[]' value='{$id}' />\n"; } } echo "<div><h4>" . sprintf(_AM_AYSYWTDU, " " . $list . " ") . "</h4>"; echo _AM_BYTHIS . "<br /><br />\n <form action='admin.php' method='post'>\n <input type='hidden' name='fct' value='users' />\n <input type='hidden' name='op' value='delete_many_ok' />\n <input type='submit' value='" . _YES . "' />\n <input type='button' value='" . _NO . "' onclick='javascript:location.href=\"admin.php?op=adminMain\"' />"; echo $token->getHtml(); echo $hidden; echo "</form></div>"; } else { echo _AM_NOUSERS; } xoops_cp_footer(); break; case "delete_many_ok": if (XoopsSingleTokenHandler::quickValidate('users_deletemany')) { $count = count($_POST['memberslist_id']); $output = ""; $member_handler =& xoops_gethandler('member'); for ($i = 0; $i < $count; $i++) { $deluser =& $member_handler->getUser($_POST['memberslist_id'][$i]); if (is_object($deluser)) { $groups = $deluser->getGroups(); if (in_array(XOOPS_GROUP_ADMIN, $groups)) { $output .= sprintf('Admin user cannot be deleted. (User: %s)', $deluser->getVar("uname")) . "<br />"; } else { if (!$member_handler->deleteUser($deluser)) { $output .= "Could not delete " . $deluser->getVar("uname") . "<br />"; } else { $output .= $deluser->getVar("uname") . " deleted<br />"; }
} else { if ($tplset == $xoopsConfig['template_set']) { include_once XOOPS_ROOT_PATH . '/class/template.php'; xoops_template_touch($newtpl->getVar('tpl_id')); } echo ' Block template <b>' . $tplfiles[$i]->getVar('tpl_file') . '</b> added to the database.<br />'; } } flush(); unset($newtpl); } echo '<br />Module template files for template set <b>' . htmlspecialchars($tplset, ENT_QUOTES) . '</b> generated and installed.<br /></code><br /><a href="admin.php?fct=tplsets">' . _MD_AM_BTOTADMIN . '</a>'; xoops_cp_footer(); break; case 'uploadtar_go': if (!XoopsSingleTokenHandler::quickValidate('tplsets_uploadtar')) { redirect_header('admin.php?fct=tplsets', 3, 'Ticket Error'); } include_once XOOPS_ROOT_PATH . '/class/uploader.php'; $uploader = new XoopsMediaUploader(XOOPS_UPLOAD_PATH, array('application/x-gzip', 'application/gzip', 'application/gzip-compressed', 'application/x-gzip-compressed', 'application/x-tar', 'application/x-tar-compressed', 'application/octet-stream'), 1000000); $uploader->setAllowedExtensions(array('tar', 'tar.gz', 'tgz', 'gz')); $uploader->setPrefix('tmp'); xoops_cp_header(); echo '<code>'; if ($uploader->fetchMedia($_POST['xoops_upload_file'][0])) { if (!$uploader->upload()) { xoops_error($uploader->getErrors()); } else { include_once XOOPS_ROOT_PATH . '/class/class.tar.php'; $tar = new tar(); $tar->openTar($uploader->getSavedDestination());
} } $sql = sprintf("UPDATE %s SET user_avatar = %s WHERE uid = %u", $xoopsDB->prefix('users'), $xoopsDB->quoteString($uploader->getSavedFileName()), $xoopsUser->getVar('uid')); $xoopsDB->query($sql); $avt_handler->addUser($avatar->getVar('avatar_id'), $xoopsUser->getVar('uid')); redirect_header('userinfo.php?t=' . time() . '&uid=' . $xoopsUser->getVar('uid'), 0, _US_PROFUPDATED); } } } include XOOPS_ROOT_PATH . '/header.php'; echo $uploader->getErrors(); include XOOPS_ROOT_PATH . '/footer.php'; } } if ($op == 'avatarchoose') { if (!XoopsSingleTokenHandler::quickValidate('avatarchoose')) { redirect_header('index.php', 3, _US_NOEDITRIGHT); exit; } $uid = 0; if (!empty($_POST['uid'])) { $uid = intval($_POST['uid']); } if (empty($uid) || $xoopsUser->getVar('uid') != $uid) { redirect_header('index.php', 3, _US_NOEDITRIGHT); exit; } $avt_handler =& xoops_gethandler('avatar'); $user_avatar = 'blank.gif'; $user_avatar_object = false; $myts =& MyTextSanitizer::getInstance();
include_once XOOPS_ROOT_PATH . "/class/xoopsformloader.php"; $op = "form"; if (!empty($_POST['op']) && $_POST['op'] == "send") { $op = $_POST['op']; } if ($op == "form") { xoops_cp_header(); //OpenTable(); $display_criteria = 1; include XOOPS_ROOT_PATH . "/modules/system/admin/mailusers/mailform.php"; $form->display(); //CloseTable(); xoops_cp_footer(); } if ($op == "send" && !empty($_POST['mail_send_to'])) { if (!XoopsSingleTokenHandler::quickValidate('mailusers_send')) { xoops_cp_header(); xoops_error("Ticket Error"); xoops_cp_footer(); exit; } $added = array(); $added_id = array(); $criteria = array(); if (!empty($_POST['mail_inactive'])) { $criteria[] = "level = 0"; } else { if (!empty($_POST['mail_mailok'])) { $criteria[] = 'user_mailok = 1'; } if (!empty($_POST['mail_to_group'])) {
$form->addElement(new XoopsFormText(_MD_IMGCATWEIGHT, 'imgcat_weight', 3, 4, $imagecategory->getVar('imgcat_weight'))); $form->addElement(new XoopsFormRadioYN(_MD_IMGCATDISPLAY, 'imgcat_display', $imagecategory->getVar('imgcat_display'), _YES, _NO)); $storetype = array('db' => _MD_INDB, 'file' => _MD_ASFILE); $form->addElement(new XoopsFormLabel(_MD_IMGCATSTRTYPE, $storetype[$imagecategory->getVar('imgcat_storetype')])); $form->addElement(new XoopsFormHidden('imgcat_id', $imgcat_id)); $form->addElement(new XoopsFormHidden('op', 'updatecat')); $form->addElement(new XoopsFormHidden('fct', 'images')); $form->addElement(new XoopsFormButton('', 'imgcat_button', _SUBMIT, 'submit')); xoops_cp_header(); echo '<a href="admin.php?fct=images">' . _MD_IMGMAIN . '</a> <span style="font-weight:bold;">»»</span> ' . $imagecategory->getVar('imgcat_name') . '<br /><br />'; $form->display(); xoops_cp_footer(); exit; } if ($op == 'updatecat') { if (!XoopsSingleTokenHandler::quickValidate('images_updatecat')) { system_images_error("Ticket Error"); } $imgcat_id = !empty($_POST['imgcat_id']) ? intval($_POST['imgcat_id']) : 0; if ($imgcat_id <= 0) { redirect_header('admin.php?fct=images', 1); } $imgcat_handler = xoops_gethandler('imagecategory'); $imagecategory =& $imgcat_handler->get($imgcat_id); if (!is_object($imagecategory)) { redirect_header('admin.php?fct=images', 1); } $imagecategory->setVar('imgcat_name', $_POST['imgcat_name']); $imgcat_display = empty($_POST['imgcat_display']) ? 0 : 1; $imagecategory->setVar('imgcat_display', $imgcat_display); $imagecategory->setVar('imgcat_maxsize', $_POST['imgcat_maxsize']);
} } echo "</td><td align='center'>"; if ($_POST['oldweight'][$mid] != $_POST['weight'][$mid]) { echo "<span style='color:#ff0000;font-weight:bold;'>" . $_POST['weight'][$mid] . "</span>"; } else { echo $_POST['weight'][$mid]; } echo "\n <input type='hidden' name='module[]' value='" . $mid . "' />\n <input type='hidden' name='oldname[" . $mid . "]' value='" . htmlspecialchars($_POST['oldname'][$mid], ENT_QUOTES) . "' />\n <input type='hidden' name='newname[" . $mid . "]' value='" . htmlspecialchars($newname[$mid], ENT_QUOTES) . "' />\n <input type='hidden' name='oldstatus[" . $mid . "]' value='" . $_POST['oldstatus'][$mid] . "' />\n <input type='hidden' name='newstatus[" . $mid . "]' value='" . $_POST['newstatus'][$mid] . "' />\n <input type='hidden' name='oldweight[" . $mid . "]' value='" . intval($_POST['oldweight'][$mid]) . "' />\n <input type='hidden' name='weight[" . $mid . "]' value='" . intval($_POST['weight'][$mid]) . "' />\n </td></tr>"; } echo "\n <tr class='foot' align='center'><td colspan='3'><input type='submit' value='" . _MD_AM_SUBMIT . "' /> <input type='button' value='" . _MD_AM_CANCEL . "' onclick='location=\"admin.php?fct=modulesadmin\"' /></td></tr>\n </table>\n </form>"; xoops_cp_footer(); exit; } if ($op == "submit") { if (!XoopsSingleTokenHandler::quickValidate('modulesadmin_submit')) { system_modulesadmin_error("Ticket Error"); } $ret = array(); $write = false; foreach ($_POST['module'] as $mid) { if (isset($_POST['newstatus'][$mid]) && $_POST['newstatus'][$mid] == 1) { if ($_POST['oldstatus'][$mid] == 0) { $ret[] = xoops_module_activate($mid); } } else { if ($_POST['oldstatus'][$mid] == 1) { $ret[] = xoops_module_deactivate($mid); } } $newname[$mid] = trim($_POST['newname'][$mid]);
} $f_timezone = $timezone_offset < 0 ? 'GMT ' . $timezone_offset : 'GMT +' . $timezone_offset; echo _US_TIMEZONE . ": {$f_timezone}<br />"; echo "<form action='register.php' method='post'>"; echo $token->getHtml(); echo "<input type='hidden' name='uname' value='" . $myts->htmlSpecialChars($uname) . "' />\n <input type='hidden' name='email' value='" . $myts->htmlSpecialChars($email) . "' />"; echo "<input type='hidden' name='user_viewemail' value='" . $user_viewemail . "' />\n <input type='hidden' name='timezone_offset' value='" . (double) $timezone_offset . "' />\n <input type='hidden' name='url' value='" . $myts->htmlSpecialChars($url) . "' />\n <input type='hidden' name='pass' value='" . $myts->htmlSpecialChars($pass) . "' />\n <input type='hidden' name='vpass' value='" . $myts->htmlSpecialChars($vpass) . "' />\n <input type='hidden' name='user_mailok' value='" . $user_mailok . "' />\n <br /><br /><input type='hidden' name='op' value='finish' /><input type='submit' value='" . _US_FINISH . "' /></form>"; } else { echo "<span style='color:#ff0000;'>{$stop}</span>"; include 'include/registerform.php'; $reg_form->display(); } include 'footer.php'; break; case 'finish': if (!XoopsSingleTokenHandler::quickValidate('register_finish')) { exit; } include 'header.php'; $stop = userCheck($uname, $email, $pass, $vpass); if (empty($stop)) { $member_handler =& xoops_gethandler('member'); $newuser =& $member_handler->createUser(); $newuser->setVar('user_viewemail', $user_viewemail, true); $newuser->setVar('uname', $uname, true); $newuser->setVar('email', $email, true); if ($url != '') { $newuser->setVar('url', formatURL($url), true); } $newuser->setVar('user_avatar', 'blank.gif', true); $actkey = substr(md5(uniqid(mt_rand(), 1)), 0, 8);