private function checkSessionVariables()
{
if (count($_SESSION) > 0) {
foreach ($_SESSION as $nElement => $nValue) {
if (is_array($nValue)) {
die("SESSION variable nElement can't be array");
}
$nValue = security::toHTML($nValue);
}
}
}
}
echo "<br/>";
misc::back();
}
break;
case 'dl':
if (!isset($_GET['subact'])) {
echo "<a href='?pg=admin&act=dl&subact=add'><b>Add</b></a><br/>\r\n\t\t\t\t <a href='?pg=admin&act=dl&subact=del'><b>Delete</b></a><br/>\r\n\t\t\t\t <a href='?pg=admin&act=dl&subact=edit'><b>Edit</b></a><br/>";
} else {
switch ($_GET['subact']) {
case 'add':
if (!isset($_POST['submit']) && !isset($_POST['link'])) {
echo "<table id='table-3' border='1' cellpadding='0' cellspacing='0'>\r\n\t\t\t\t\t\t\t\t<form method='post'>\r\n\t\t\t\t\t\t\t\t\t<td>Name</td><td><input type='text' name='name'></td><tr/>\r\n\t\t\t\t\t\t\t\t\t<td>Link</td><td><input type='text' name='link'></td><tr/>\r\n\t\t\t\t\t\t\t\t\t<td>Description</td><td><input type='text' name='description'></td><tr/>\r\n\t\t\t\t\t\t\t\t\t<td></td><td><input type='submit' name='submit' value='Add'></td>\r\n\t\t\t\t\t\t\t\t</form>\r\n\t\t\t\t\t\t\t\t</table>\r\n\t\t\t\t\t\t\t ";
} else {
$szName = security::toHTML($_POST['name']);
$szDesc = security::toHTML($_POST['description']);
if (!security::isValidUrl($_POST['link'])) {
misc::back();
echo "Invalid URL<br/>";
break;
} else {
core::$sql->exec("insert into srcms_downloads(name,link,description) values('{$szName}','{$_POST['link']}','{$szDesc}')");
echo "Successfully added link to downloads.<br/>";
misc::redirect('?pg=admin&act=dl', 1);
}
}
break;
case 'del':
if (!isset($_POST['submit']) && !isset($_GET['id'])) {
echo "<table id='table-3' border='1' cellpadding='0' cellspacing='0'>\r\n\t\t\t\t\t\t\t\t<td>ID</td><td>Name</td><td>Link</td><td>Description</td><td>Delete</td><tr/>\r\n\t\t\t\t\t\t\t ";
$hLinkList = core::$sql->exec("select * from srcms_downloads");
break;
case 'myprofile':
//module disabled
if ($core->aConfig['allowMyProfile'] == 0) {
echo "This module is currently disabled.";
return;
}
if (isset($_POST['submit'])) {
$nGender = (int) $_POST['gender'];
$szAvatarUrl = null;
$szSkype = null;
$szMsn = null;
$nPublic = (int) $_POST['ispublic'];
security::isValidUrl($_POST['avatar']) ? $szAvatarUrl = $_POST['avatar'] : ($szAvatarUrl = $core->aConfig[url] . "img/noavatar.png");
security::isCorrectEmail($_POST['msn']) ? $szMsn = $_POST['msn'] : ($szMsn = "None");
$szSkype = security::toHTML($_POST['skype']);
if (strlen($szSkype) > 50) {
$szSkype = "None";
}
if (strlen($szMsn) > 60) {
$szMsn = "None";
}
if (strlen($szAvatarUrl) > 500) {
$szAvatarUrl = $core->aConfig['url'] . "img/noavatar.png";
}
$avatarImageData = @getimagesize($szAvatarUrl);
//no error if shit happens
if (empty($avatarImageData[0]) || empty($avatarImageData[1])) {
$avatarImageData[0] = 0;
$avatarImageData[1] = 0;
}
for ($a = 1, $i = 0; $i < count($commentData); $i++) {
if ($i % 10 == 0) {
echo "<a href='?pg=news&comment={$nID}&page={$a}'>{$a}</a> ";
$a++;
$nPages++;
}
}
if ($_GET['page'] < $nPages) {
echo "<a class='pageblue' href='?pg=news&comment={$nID}&page=" . ($_GET['page'] + 1) . "'>></a>";
}
if (isset($_SESSION['username'])) {
if (!isset($_POST['submit'])) {
echo " \r\n\t\t\t\t\t<br/>\r\n\t\t\t\t\t\t<form method='post'>\r\n\t\t\t\t\t\t\t<textarea id = 'commentTextBox' name='commentText' rows='5' cols='100'>Type your message here</textarea><br/>\r\n\t\t\t\t\t\t\t<input type='submit' name='submit' value='Submit'>\r\n\t\t\t\t\t\t</form>\r\n\t\t\t\t<script>CKEDITOR.replace( 'commentText' );</script>\r\n\t\t\t\t\t ";
} else {
//$cleanText = misc::applyAttributesToText($_POST['commentText']);
$cleanText = stripslashes(security::toHTML($_POST['commentText']));
if (strlen($cleanText) < $core->aConfig['minNewsCommentLen'] || strlen($cleanText) > $core->aConfig['maxNewsCommentLen']) {
echo "<br/>Your message is too short or too long. It has to be at least <b>" . $core->aConfig['minNewsCommentLen'] . "</b> \r\n\t\t\t\t\tsymbols long, your one is just <b>" . strlen($cleanText) . "</b> symbols long. Max length is " . $core->aConfig['maxNewsCommentLen'] . ".<br/>";
misc::back();
} else {
$datetime = misc::getDateTime();
core::$sql->exec("insert into srcms_newscomments(newsID, author, text, time) values('{$nID}','{$_SESSION['username']}', '{$cleanText}', '{$datetime}')");
echo "<br/><br/><b>Your comment has been successfully added</b>";
misc::redirect("?pg=news&comment={$nID}", 1);
}
}
} else {
echo "<br/><br/>You must be logged in to post comments";
}
} else {
echo "<br/>You can't comment news article that doesn't exist.";
public static function sendWebPrivMsg($to, $from, $title, $text)
{
global $core;
$msgTitle = security::toHTML($title);
$msgText = security::toHTML($text);
$senderJID = user::accountJIDbyUsername($from);
$receiverJID = user::accountJIDbyUsername($to);
if ($senderJID != $receiverJID) {
if (core::$sql->numRows("select * from srcms_privatemessages where receiver='{$receiverJID}'") >= $core->aConfig['maxPrivMsg']) {
echo "Receiver inbox is full.<br/>";
} else {
if (strlen($msgTitle) < $core->aConfig['minPrivMsgTitleLen'] || strlen($msgTitle) > $core->aConfig['maxPrivMsgTitleLen'] || strlen($msgText) < $core->aConfig['minPrivMsgBodyLen'] || strlen($msgText) > $core->aConfig['maxPrivMsgBodyLen']) {
echo "Message text, or title is too long or too short. Minimum title length is " . $core->aConfig['minPrivMsgTitleLen'] . " and " . $core->aConfig['maxPrivMsgTitleLen'] . "symbols\r\n\t\t\t\t\t\t\t\tmaximum. Message content minimum length is " . $core->aConfig['minPrivMsgBodyLen'] . " and " . $core->aConfig['maxPrivMsgBodyLen'] . " symbols maximum.<br/>";
misc::back();
} else {
$datetime = misc::getDateTime();
core::$sql->exec("insert into srcms_privatemessages(sender,receiver, title, msg, viewed, time) values('{$senderJID}', '{$receiverJID}', '{$msgTitle}', '{$msgText}', '0', '{$datetime}')");
echo "<br/>Message sent.<br/>";
misc::redirect("?pg=ucp&act=mailbox", 2);
}
}
} else {
echo "You can't send message to yourself.<br/>";
misc::back();
}
}