function upgrade_plugins_141()
{
global $_TABLES;
if (DB_count($_TABLES['plugins'], 'pi_name', 'links') == 1) {
DB_query("UPDATE {$_TABLES['plugins']} SET pi_version = '1.0.1', pi_gl_version = '1.4.1' WHERE pi_name = 'links'");
}
// add remarks-field to polls
if (DB_count($_TABLES['plugins'], 'pi_name', 'polls') == 1) {
DB_query("ALTER TABLE {$_TABLES['pollanswers']} ADD remark varchar(255) NULL AFTER votes");
DB_query("UPDATE {$_TABLES['plugins']} SET pi_version = '1.1.0', pi_gl_version = '1.4.1' WHERE pi_name = 'polls'");
}
if (DB_count($_TABLES['plugins'], 'pi_name', 'spamx') == 1) {
// delete MT-Blacklist entries from Spam-X plugin
DB_query("DELETE FROM {$_TABLES['spamx']} WHERE name = 'MTBlacklist'");
// the count of deleted spams was introduced in 1.4.0 but not added
// when upgrading from an older database, so add it now if it's missing
$val = DB_getItem($_TABLES['vars'], 'value', "name = 'spamx.counter'");
if (empty($val)) {
DB_save($_TABLES['vars'], 'name,value', "'spamx.counter','0'");
}
DB_query("UPDATE {$_TABLES['plugins']} SET pi_version = '1.1.0', pi_gl_version = '1.4.1' WHERE pi_name = 'spamx'");
}
// add field to support advanced editor and a help link in staticpages
if (DB_count($_TABLES['plugins'], 'pi_name', 'staticpages') == 1) {
DB_query("ALTER TABLE {$_TABLES['staticpage']} ADD postmode varchar(16) DEFAULT 'html' NOT NULL AFTER sp_inblock");
DB_query("ALTER TABLE {$_TABLES['staticpage']} ADD sp_help varchar(255) default '' AFTER sp_centerblock");
DB_query("UPDATE {$_TABLES['plugins']} SET pi_version = '1.4.3', pi_gl_version = '1.4.1' WHERE pi_name = 'staticpages'");
}
}
function MG_approveSubmission($media_id)
{
global $_CONF, $_TABLES, $LANG_MG01;
$mid = addslashes($media_id);
$owner_uid = DB_getItem($_TABLES['mg_mediaqueue'], 'media_user_id', "media_id='" . $mid . "'");
DB_delete($_TABLES['mg_mediaqueue'], 'media_id', $mid);
$album_id = DB_getItem($_TABLES['mg_media_album_queue'], 'album_id', "media_id='" . $mid . "'");
DB_save($_TABLES['mg_media_albums'], 'album_id, media_id, media_order', "{$album_id}, '{$mid}', 0");
require_once $_CONF['path'] . 'plugins/mediagallery/include/sort.php';
MG_SortMedia($album_id);
DB_delete($_TABLES['mg_media_album_queue'], 'media_id', $mid);
$sql = "SELECT media_filename, media_type " . "FROM {$_TABLES['mg_media']} WHERE media_id='" . $mid . "'";
$result = DB_query($sql);
list($media_filename, $media_type) = DB_fetchArray($result);
$media_count = DB_getItem($_TABLES['mg_albums'], 'media_count', 'album_id=' . $album_id);
$media_count++;
DB_change($_TABLES['mg_albums'], 'media_count', $media_count, 'album_id', $album_id);
MG_updateAlbumLastUpdate($album_id);
$album_cover = DB_getItem($_TABLES['mg_albums'], 'album_cover', 'album_id=' . $album_id);
if ($album_cover == -1 && $media_type == 0) {
DB_change($_TABLES['mg_albums'], 'album_cover_filename', $media_filename, 'album_id', $album_id);
}
// email the owner / uploader that the item has been approved.
COM_clearSpeedlimit(600, 'mgapprove');
$last = COM_checkSpeedlimit('mgapprove');
if ($last == 0) {
$result2 = DB_query("SELECT username, fullname, email FROM {$_TABLES['users']} WHERE uid='" . $owner_uid . "'");
list($username, $fullname, $email) = DB_fetchArray($result2);
if ($email != '') {
$subject = $LANG_MG01['upload_approved'];
$body = $LANG_MG01['upload_approved'];
$body .= '<br' . XHTML . '><br' . XHTML . '>';
$body .= $LANG_MG01['thanks_submit'];
$body .= '<br' . XHTML . '><br' . XHTML . '>';
$body .= $_CONF['site_name'] . '<br' . XHTML . '>';
$body .= $_CONF['site_url'] . '<br' . XHTML . '>';
$to = array();
$from = array();
$to = COM_formatEmailAddress($username, $email);
$from = COM_formatEmailAddress($_CONF['site_name'], $_CONF['site_mail']);
if (!COM_mail($to, $subject, $body, $from, true)) {
COM_errorLog("Media Gallery Error - Unable to send queue notification email");
}
COM_updateSpeedlimit('mgapprove');
}
}
// PLG_itemSaved($media_id, 'mediagallery');
// COM_rdfUpToDateCheck();
// COM_olderStuff();
return;
}
function MG_saveRSS()
{
global $_CONF, $_MG_CONF, $_TABLES, $_USER, $_POST;
$rss_full_enabled = isset($_POST['rss_full_enabled']) ? COM_applyFilter($_POST['rss_full_enabled'], true) : 0;
$rss_feed_type = COM_applyFilter($_POST['rss_feed_type']);
$rss_ignore_empty = isset($_POST['rss_ignore_empty']) ? COM_applyFilter($_POST['rss_ignore_empty'], true) : 0;
$rss_anonymous_only = isset($_POST['rss_anonymous_only']) ? COM_applyFilter($_POST['rss_anonymous_only'], true) : 0;
$rss_feed_name = COM_applyFilter($_POST['rss_feed_name']);
$hide_email = isset($_POST['hide_email']) ? COM_applyFilter($_POST['hide_email'], true) : 0;
DB_save($_TABLES['mg_config'], "config_name, config_value", "'rss_full_enabled','{$rss_full_enabled}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'rss_feed_type','{$rss_feed_type}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'rss_ignore_empty','{$rss_ignore_empty}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'rss_anonymous_only','{$rss_anonymous_only}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'rss_feed_name','{$rss_feed_name}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'hide_author_email','{$hide_email}'");
$_MG_CONF['rss_full_enabled'] = $rss_full_enabled;
MG_buildFullRSS();
echo COM_refresh($_MG_CONF['admin_url'] . 'index.php?msg=6');
exit;
}
function POLLS_saveVote_AJAX($pid, $aid)
{
global $_CONF, $_PO_CONF, $_TABLES, $LANG_POLLS;
$retval = array('html' => '', 'statusMessage' => '');
if (POLLS_ipAlreadyVoted($pid)) {
$retval['statusMessage'] = 'You have already voted on this poll';
$retval['html'] = POLLS_pollResults($pid, 400, '', '', 2);
} else {
setcookie('poll-' . $pid, implode('-', $aid), time() + $_PO_CONF['pollcookietime'], $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
DB_change($_TABLES['polltopics'], 'voters', "voters + 1", 'pid', DB_escapeString($pid), '', true);
$answers = count($aid);
for ($i = 0; $i < $answers; $i++) {
DB_change($_TABLES['pollanswers'], 'votes', "votes + 1", array('pid', 'qid', 'aid'), array(DB_escapeString($pid), $i, COM_applyFilter($aid[$i], true)), '', true);
}
DB_save($_TABLES['pollvoters'], 'ipaddress,date,pid', "'" . DB_escapeString($_SERVER['REMOTE_ADDR']) . "'," . time() . ",'" . DB_escapeString($pid) . "'");
}
$eMsg = $LANG_POLLS['savedvotemsg'] . ' "' . DB_getItem($_TABLES['polltopics'], 'topic', "pid = '" . DB_escapeString($pid) . "'") . '"';
$retval['statusMessage'] = $eMsg;
$retval['html'] = POLLS_pollResults($pid, 400, '', '', 2);
return $retval;
}
function MG_usage($application, $album_title, $media_title, $media_id)
{
global $_MG_CONF, $_USER, $_TABLES, $REMOTE_ADDR;
if (!$_MG_CONF['usage_tracking']) {
return;
}
$now = time();
if ($now - $_MG_CONF['last_usage_purge'] > 5184000) {
$purgetime = $now - 5184000;
// 60 days
DB_query("DELETE FROM {$_TABLES['mg_usage_tracking']} WHERE time < " . $purgetime);
DB_save($_TABLES['mg_config'], 'config_name,config_value', "'last_usage_purge','{$now}'");
COM_errorLog("Media Gallery: Purged old data from Usage Tracking Tables");
}
$log_time = $now;
$user_id = (int) $_USER['uid'];
$user_ip = DB_escapeString($REMOTE_ADDR);
$user_name = DB_escapeString($_USER['username']);
$title = DB_escapeString($album_title);
$ititle = DB_escapeString($media_title);
$sql = "INSERT INTO " . $_TABLES['mg_usage_tracking'] . " (time,user_id,user_ip, user_name,application, album_title, media_title,media_id)" . " VALUES ({$log_time}, {$user_id}, '{$user_ip}', '{$user_name}', '{$application}', '{$title}', '{$ititle}', '{$media_id}')";
DB_query($sql);
}
function MG_saveConfig()
{
global $display, $_CONF, $_MG_CONF, $_TABLES, $_USER, $LANG_MG09;
$gallery_only = COM_applyFilter($_POST['gallery_only'], true);
$index_all = COM_applyFilter($_POST['index_all'], true);
$album_display_columns = COM_applyFilter($_POST['albumdisplaycolumns'], true);
$album_display_rows = COM_applyFilter($_POST['albumdisplayrows'], true);
$loginrequired = COM_applyFilter($_POST['loginrequired'], true);
$anonymous_uploads = isset($_POST['anonymousuploads']) ? COM_applyFilter($_POST['anonymousuploads'], true) : 0;
$zip_path = COM_applyFilter($_POST['zip_path']);
$ffmpeg_path = COM_applyFilter($_POST['ffmpeg_path']);
$tmp_path = COM_applyFilter($_POST['tmp_path']);
$ftp_path = COM_applyFilter($_POST['ftp_path']);
$displayblocks = COM_applyFilter($_POST['displayblocks']);
$usage_tracking = COM_applyFilter($_POST['usagetracking']);
$dfid = COM_applyFilter($_POST['dfid'], true);
// $htmlallowed = COM_applyFilter($_POST['htmlallowed'],true);
$whatsnew = COM_applyFilter($_POST['whatsnew'], true);
$orig_jpg_quality = COM_applyFilter($_POST['orig_jpg_quality'], true);
$jpg_quality = COM_applyFilter($_POST['jpg_quality'], true);
$tn_jpg_quality = COM_applyFilter($_POST['tn_jpg_quality'], true);
$truncate_breadcrumb = COM_applyFilter($_POST['truncate_breadcrumb'], true);
$seperator = COM_applyFilter($_POST['seperator']);
$whatsnew_time = COM_applyFilter($_POST['whatsnew_time'], true);
$gallery_tn_size = COM_applyFilter($_POST['gallery_tn_size'], true);
$gallery_tn_height = COM_applyFilter($_POST['tnheight'], true);
$gallery_tn_width = COM_applyFilter($_POST['tnwidth'], true);
$flv_player = COM_applyFilter($_POST['use_flowplayer'], true);
$preserve_filename = COM_applyFilter($_POST['preserve_filename'], true);
$discard_originals = COM_applyFilter($_POST['discard_originals'], true);
$verbose = COM_applyFilter($_POST['verbose'], true);
$dwnc = COM_applyFilter($_POST['dwnc'], true);
$emid = COM_applyFilter($_POST['emid'], true);
$fip = COM_applyFilter($_POST['fip'], true);
$cmtbar = COM_applyFilter($_POST['cmtbar'], true);
$wn_length = COM_applyFilter($_POST['wn_length'], true);
$custom_image_height = COM_applyFilter($_POST['custom_image_height'], true);
$custom_image_width = COM_applyFilter($_POST['custom_image_width'], true);
$random_width = COM_applyFilter($_POST['random_width'], true);
$time_limit = COM_applyFilter($_POST['time_limit'], true);
$item_limit = COM_applyFilter($_POST['item_limit'], true);
$refresh_rate = COM_applyFilter($_POST['refresh_rate'], true);
$postcard_retention = COM_applyFilter($_POST['postcard_retention'], true);
$profile_hook = COM_applyFilter($_POST['profile_hook'], true);
$index_album_skin = COM_applyFilter($_POST['skin']);
$random_skin = COM_applyFilter($_POST['rskin']);
$subalbum_select = COM_applyFilter($_POST['subalbum_select'], true);
$at_border = COM_applyFilter($_POST['at_border'], true);
$at_align = COM_applyFilter($_POST['at_align']);
$at_width = COM_applyFilter($_POST['at_width'], true);
$at_height = COM_applyFilter($_POST['at_height'], true);
$at_src = COM_applyFilter($_POST['at_src']);
$at_autoplay = COM_applyFilter($_POST['at_autoplay'], true);
$at_enable_link = COM_applyFilter($_POST['at_enable_link'], true);
$at_delay = COM_applyFilter($_POST['at_delay'], true);
$at_showtitle = COM_applyFilter($_POST['at_showtitle'], true);
$search_columns = COM_applyFilter($_POST['search_columns'], true);
$search_rows = COM_applyFilter($_POST['search_rows'], true);
$search_enable_rating = COM_applyFilter($_POST['search_enable_rating'], true);
$search_playback_type = COM_applyFilter($_POST['search_playback_type'], true);
$search_enable_views = COM_applyFilter($_POST['search_enable_views'], true);
$popup_from_album = isset($_POST['popupfromalbum']) ? COM_applyFilter($_POST['popupfromalbum'], true) : 0;
$autotag_caption = isset($_POST['autotag_caption']) ? COM_applyFilter($_POST['autotag_caption'], true) : 0;
$indextheme = COM_applyFilter($_POST['theme']);
if (isset($_POST['up_display_rows_enabled'])) {
$up_display_rows_enabled = 1;
} else {
$up_display_rows_enabled = 0;
}
if (isset($_POST['up_display_columns_enabled'])) {
$up_display_columns_enabled = 1;
} else {
$up_display_columns_enabled = 0;
}
if (isset($_POST['up_mp3_player_enabled'])) {
$up_mp3_player_enabled = 1;
} else {
$up_mp3_player_enabled = 0;
}
if (isset($_POST['up_av_playback_enabled'])) {
$up_av_playback_enabled = 1;
} else {
$up_av_playback_enabled = 0;
}
if (isset($_POST['up_thumbnail_size_enabled'])) {
$up_thumbnail_size_enabled = 1;
} else {
$up_thumbnail_size_enabled = 0;
}
if (isset($_POST['enable_jhead'])) {
$enable_jhead = 1;
} else {
$enable_jhead = 0;
}
if (isset($_POST['enable_jpegtran'])) {
$enable_jpegtran = 1;
} else {
$enable_jpegtran = 0;
}
if (isset($_POST['enable_zip'])) {
$enable_zip = 1;
} else {
$enable_zip = 0;
}
if (isset($_POST['enable_ffmpeg'])) {
$enable_ffmpeg = 1;
} else {
$enable_ffmpeg = 0;
}
if (!preg_match('/^.*\\/$/', $tmp_path)) {
$tmp_path .= '/';
}
// sanity check on values...
if ($album_display_columns < 1 || $album_display_columns > 5) {
$album_display_columns = 2;
}
if ($loginrequired < 0 || $loginrequired > 1) {
$loginrequired = 1;
}
if ($displayblocks < 0 || $displayblocks > 3) {
$displayblocks = 0;
}
if ($usage_tracking < 0 || $usage_tracking > 1) {
$usage_tracking = 0;
}
if ($whatsnew < 0 || $whatsnew > 1) {
$whatsnew = 0;
}
if ($orig_jpg_quality < 25 || $orig_jpg_quality > 100) {
$orig_jpg_quality = 75;
}
if ($jpg_quality < 25 || $jpg_quality > 100) {
$jpg_quality = 75;
}
if ($tn_jpg_quality < 25 || $tn_jpg_quality > 100) {
$tn_jpg_quality = 75;
}
if ($truncate_breadcrumb == '') {
$truncate_breadcrumb = 0;
}
if ($seperator == '') {
$seperator = '/';
}
// check the batch options...
if ($time_limit < 30) {
$time_limit = 30;
}
if ($item_limit < 5) {
$item_limit = 5;
}
if ($refresh_rate < 5) {
$refresh_rate = 5;
}
DB_save($_TABLES['mg_config'], "config_name, config_value", "'loginrequired', '{$loginrequired}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'anonymous_uploads', '{$anonymous_uploads}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'album_display_columns', '{$album_display_columns}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'album_display_rows', '{$album_display_rows}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'displayblocks', '{$displayblocks}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'usage_tracking', '{$usage_tracking}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'dfid', '{$dfid}'");
// DB_save($_TABLES['mg_config'],"config_name, config_value","'htmlallowed', '$htmlallowed'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'whatsnew', '{$whatsnew}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'jpg_orig_quality', '{$orig_jpg_quality}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'jpg_quality', '{$jpg_quality}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'tn_jpg_quality', '{$tn_jpg_quality}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'truncate_breadcrumb', '{$truncate_breadcrumb}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'whatsnew_time', '{$whatsnew_time}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'gallery_tn_size', '{$gallery_tn_size}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'gallery_tn_height', '{$gallery_tn_height}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'gallery_tn_width', '{$gallery_tn_width}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'use_flowplayer', '{$flv_player}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'seperator', '{$seperator}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'up_display_rows_enabled', '{$up_display_rows_enabled}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'up_display_columns_enabled','{$up_display_columns_enabled}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'up_mp3_player_enabled', '{$up_mp3_player_enabled}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'up_av_playback_enabled', '{$up_av_playback_enabled}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'up_thumbnail_size_enabled', '{$up_thumbnail_size_enabled}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'zip_enabled', '{$enable_zip}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'zip_path', '{$zip_path}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'tmp_path', '{$tmp_path}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'ftp_path', '{$ftp_path}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'ffmpeg_enabled', '{$enable_ffmpeg}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'ffmpeg_path', '{$ffmpeg_path}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'preserve_filename',' {$preserve_filename}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'discard_original','{$discard_originals}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'verbose','{$verbose}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'disable_whatsnew_comments','{$dwnc}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'enable_media_id','{$emid}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'full_in_popup','{$fip}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'commentbar','{$cmtbar}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'title_length','{$wn_length}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'custom_image_height','{$custom_image_height}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'custom_image_width','{$custom_image_width}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'random_width','{$random_width}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'def_refresh_rate','{$refresh_rate}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'def_time_limit','{$time_limit}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'def_item_limit','{$item_limit}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'postcard_retention','{$postcard_retention}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'profile_hook','{$profile_hook}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'indexskin','{$index_album_skin}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'random_skin','{$random_skin}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'subalbum_select','{$subalbum_select}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'popup_from_album','{$popup_from_album}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'autotag_caption','{$autotag_caption}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'indextheme','{$indextheme}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'at_border','{$at_border}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'at_align','{$at_align}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'at_width','{$at_width}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'at_height','{$at_height}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'at_src','{$at_src}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'at_autoplay','{$at_autoplay}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'at_enable_link','{$at_enable_link}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'at_delay','{$at_delay}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'at_showtitle','{$at_showtitle}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'search_columns','{$search_columns}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'search_rows','{$search_rows}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'search_playback_type','{$search_playback_type}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'search_enable_views','{$search_enable_views}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'search_enable_rating','{$search_enable_rating}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'gallery_only','{$gallery_only}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'index_all','{$index_all}'");
// now reset anything in the prefs that need to be reset...
if ($up_display_rows_enabled == 0) {
DB_query("UPDATE {$_TABLES['mg_userprefs']} SET display_rows=0");
}
if ($up_display_columns_enabled == 0) {
DB_query("UPDATE {$_TABLES['mg_userprefs']} SET display_columns=0");
}
if ($up_mp3_player_enabled == 0) {
DB_query("UPDATE {$_TABLES['mg_userprefs']} SET mp3_player=-1");
}
if ($up_av_playback_enabled == 0) {
DB_query("UPDATE {$_TABLES['mg_userprefs']} SET playback_mode=-1");
}
if ($up_thumbnail_size_enabled == 0) {
DB_query("UPDATE {$_TABLES['mg_userprefs']} SET tn_size=-1");
}
$result = DB_query("SELECT * FROM " . $_TABLES['mg_config'], 1);
$nRows = DB_numRows($result);
for ($x = 0; $x < $nRows; $x++) {
$row = DB_fetchArray($result);
$_MG_CONF[$row['config_name']] = $row['config_value'];
}
return MG_editConfig($LANG_MG09[2]);
}
function MB_saveEditMenu()
{
global $_CONF, $_TABLES, $_GROUPS, $LANG_MB;
$errors = 0;
$errMsg = '';
// sanity check
if (!isset($_POST['menuname']) || $_POST['menuname'] == '') {
$errors++;
$errMsg .= $LANG_MB['menu_name_error'];
} else {
$menuname = COM_applyFilter($_POST['menuname']);
if (strstr($menuname, ' ') !== FALSE) {
$errors++;
$errMsg .= $LANG_MB['menu_name_space'];
}
}
if ($errors > 0) {
return $errMsg;
}
$menu_id = COM_applyFilter($_POST['menu_id'], true);
$menuname = DB_escapeString(COM_applyFilter($_POST['menuname']));
$menutype = COM_applyFilter($_POST['menutype'], true);
$menuactive = isset($_POST['menuactive']) ? COM_applyFilter($_POST['menuactive'], true) : 0;
$menugroup = COM_applyFilter($_POST['group'], true);
$sqlFieldList = 'id,menu_name,menu_type,menu_active,group_id';
$sqlDataValues = "'{$menu_id}','{$menuname}',{$menutype},{$menuactive},{$menugroup}";
DB_save($_TABLES['menu'], $sqlFieldList, $sqlDataValues);
CACHE_remove_instance('menu');
CACHE_remove_instance('css');
$randID = rand();
DB_save($_TABLES['vars'], 'name,value', "'cacheid',{$randID}");
return '';
}
function MG_savePBOption($mid, $name, $val, $is_num = false)
{
global $_TABLES;
$mid = addslashes($mid);
$name = addslashes($name);
if ($is_num) {
$val = intval($val);
} else {
$val = addslashes($val);
}
DB_save($_TABLES['mg_playback_options'], 'media_id, option_name, option_value', "'{$mid}', '{$name}', '{$val}'");
}
/**
* Submit static page. The page is updated if it exists, or a new one is created
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_submit_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_GROUPS, $_SP_CONF;
if (!$_CONF['disable_webservices']) {
require_once $_CONF['path_system'] . 'lib-webservices.php';
}
$output = '';
if (!SEC_hasRights('staticpages.edit')) {
$output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
$output .= COM_startBlock($LANG_STATIC['access_denied'], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= $LANG_STATIC['access_denied_msg'];
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$output .= COM_siteFooter();
return PLG_RET_AUTH_FAILED;
}
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit) {
// This is EDIT mode, so there should be an sp_old_id
if (empty($args['sp_old_id'])) {
if (!empty($args['id'])) {
$args['sp_old_id'] = $args['id'];
} else {
return PLG_RET_ERROR;
}
if (empty($args['sp_id'])) {
$args['sp_id'] = $args['sp_old_id'];
}
}
} else {
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
}
if (empty($args['sp_title']) && !empty($args['title'])) {
$args['sp_title'] = $args['title'];
}
if (empty($args['sp_content']) && !empty($args['content'])) {
$args['sp_content'] = $args['content'];
}
if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) {
$args['sp_tid'] = $args['category'][0];
}
if (!isset($args['owner_id'])) {
$args['owner_id'] = $_USER['uid'];
}
if (empty($args['group_id'])) {
$args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
}
$args['sp_id'] = COM_sanitizeID($args['sp_id']);
if (!$gl_edit) {
if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
$slug = '';
if (isset($args['slug'])) {
$slug = $args['slug'];
}
if (function_exists('WS_makeId')) {
$args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
} else {
$args['sp_id'] = COM_makeSid();
}
}
}
// Apply filters to the parameters passed by the webservice
if ($args['gl_svc']) {
$par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode');
$par_num = array('sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode');
foreach ($par_str as $str) {
if (isset($args[$str])) {
$args[$str] = COM_applyBasicFilter($args[$str]);
} else {
$args[$str] = '';
}
}
foreach ($par_num as $num) {
if (isset($args[$num])) {
$args[$num] = COM_applyBasicFilter($args[$num], true);
} else {
$args[$num] = 0;
}
}
}
// START: Staticpages defaults
if (empty($args['sp_format'])) {
$args['sp_format'] = 'allblocks';
}
if (empty($args['sp_tid'])) {
$args['sp_tid'] = 'all';
}
if ($args['sp_where'] < 0 || $args['sp_where'] > 3) {
$args['sp_where'] = 0;
}
if ($args['sp_php'] < 0 || $args['sp_php'] > 2) {
$args['sp_php'] = 0;
}
if ($args['commentcode'] < -1 || $args['commentcode'] > 1) {
$args['commentcode'] = $_CONF['comment_code'];
}
if ($args['gl_svc']) {
// Permissions
if (!isset($args['perm_owner'])) {
$args['perm_owner'] = $_SP_CONF['default_permissions'][0];
} else {
$args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
}
if (!isset($args['perm_group'])) {
$args['perm_group'] = $_SP_CONF['default_permissions'][1];
} else {
$args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
}
if (!isset($args['perm_members'])) {
$args['perm_members'] = $_SP_CONF['default_permissions'][2];
} else {
$args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
}
if (!isset($args['perm_anon'])) {
$args['perm_anon'] = $_SP_CONF['default_permissions'][3];
} else {
$args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
}
if (!isset($args['sp_onmenu'])) {
$args['sp_onmenu'] = '';
} elseif ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) {
$svc_msg['error_desc'] = 'Menu label missing';
return PLG_RET_ERROR;
}
if (empty($args['sp_content'])) {
$svc_msg['error_desc'] = 'No content';
return PLG_RET_ERROR;
}
if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') {
$args['sp_inblock'] = 'on';
}
if (empty($args['sp_centerblock'])) {
$args['sp_centerblock'] = '';
}
if (empty($args['draft_flag']) && $_SP_CONF['draft_flag'] == '1') {
$args['draft_flag'] = 'on';
}
if (empty($args['template_flag'])) {
$args['template_flag'] = '';
}
if (empty($args['template_id'])) {
$args['template_id'] = '';
}
}
// END: Staticpages defaults
$sp_id = $args['sp_id'];
$sp_title = $args['sp_title'];
$sp_page_title = $args['sp_page_title'];
$sp_content = $args['sp_content'];
$sp_hits = $args['sp_hits'];
$sp_format = $args['sp_format'];
$sp_onmenu = $args['sp_onmenu'];
$sp_label = '';
if (!empty($args['sp_label'])) {
$sp_label = $args['sp_label'];
}
$meta_description = $args['meta_description'];
$meta_keywords = $args['meta_keywords'];
$commentcode = $args['commentcode'];
$owner_id = $args['owner_id'];
$group_id = $args['group_id'];
$perm_owner = $args['perm_owner'];
$perm_group = $args['perm_group'];
$perm_members = $args['perm_members'];
$perm_anon = $args['perm_anon'];
$sp_php = $args['sp_php'];
$sp_nf = '';
if (!empty($args['sp_nf'])) {
$sp_nf = $args['sp_nf'];
}
$sp_old_id = $args['sp_old_id'];
$sp_centerblock = $args['sp_centerblock'];
$draft_flag = $args['draft_flag'];
$template_flag = $args['template_flag'];
$template_id = $args['template_id'];
$sp_help = '';
if (!empty($args['sp_help'])) {
$sp_help = $args['sp_help'];
}
$sp_tid = $args['sp_tid'];
$sp_where = $args['sp_where'];
$sp_inblock = $args['sp_inblock'];
$postmode = $args['postmode'];
if ($gl_edit && !empty($args['gl_etag'])) {
// First load the original staticpage to check if it has been modified
$o = array();
$s = array();
$r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s);
if ($r == PLG_RET_OK) {
if ($args['gl_etag'] != $o['updated']) {
$svc_msg['error_desc'] = 'A more recent version of the staticpage is available';
return PLG_RET_PRECONDITION_FAILED;
}
} else {
$svc_msg['error_desc'] = 'The requested staticpage no longer exists';
return PLG_RET_ERROR;
}
}
// Check for unique page ID
$duplicate_id = false;
$delete_old_page = false;
if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) {
if ($sp_id != $sp_old_id) {
$duplicate_id = true;
}
} elseif (!empty($sp_old_id)) {
if ($sp_id != $sp_old_id) {
$delete_old_page = true;
}
}
if ($duplicate_id) {
$output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2);
if (!$args['gl_svc']) {
$output .= staticpageeditor($sp_id);
}
$output .= COM_siteFooter();
$svc_msg['error_desc'] = 'Duplicate ID';
return PLG_RET_ERROR;
} elseif (!empty($sp_title) && !empty($sp_content)) {
if (empty($sp_hits)) {
$sp_hits = 0;
}
if ($sp_onmenu == 'on') {
$sp_onmenu = 1;
} else {
$sp_onmenu = 0;
}
if ($sp_nf == 'on') {
$sp_nf = 1;
} else {
$sp_nf = 0;
}
if ($sp_centerblock == 'on') {
$sp_centerblock = 1;
} else {
$sp_centerblock = 0;
}
if ($sp_inblock == 'on') {
$sp_inblock = 1;
} else {
$sp_inblock = 0;
}
if ($draft_flag == 'on') {
$draft_flag = 1;
} else {
$draft_flag = 0;
}
if ($template_flag == 'on') {
$template_flag = 1;
} else {
$template_flag = 0;
}
// Remove any autotags the user doesn't have permission to use
$sp_content = PLG_replaceTags($sp_content, '', true);
// Clean up the text
if ($_SP_CONF['censor'] == 1) {
$sp_content = COM_checkWords($sp_content);
$sp_title = COM_checkWords($sp_title);
}
if ($_SP_CONF['filter_html'] == 1) {
$sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
}
$sp_title = strip_tags($sp_title);
$sp_page_title = strip_tags($sp_page_title);
$sp_label = strip_tags($sp_label);
$meta_description = strip_tags($meta_description);
$meta_keywords = strip_tags($meta_keywords);
$sp_content = addslashes($sp_content);
$sp_title = addslashes($sp_title);
$sp_page_title = addslashes($sp_page_title);
$sp_label = addslashes($sp_label);
$meta_description = addslashes($meta_description);
$meta_keywords = addslashes($meta_keywords);
// If user does not have php edit perms, then set php flag to 0.
if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) {
$sp_php = 0;
}
// If marked as a template then set id to nothing and other default settings
if ($template_flag == 1) {
$template_id = '';
$sp_onmenu = 0;
$sp_label = "";
$sp_centerblock = 0;
$sp_php = 0;
$sp_inblock = 0;
$sp_nf = 0;
$sp_hits = 0;
$meta_description = "";
$meta_keywords = "";
} else {
// See if it was a template before, if so and option changed, remove use from other pages
if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_old_id}'") == 1) {
$sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_old_id}'";
$result = DB_query($sql);
}
if ($template_id != '') {
// If using a template, make sure php disabled
$sp_php = 0;
// Double check template id exists and is still a template
$perms = SP_getPerms();
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
if (DB_getItem($_TABLES['staticpage'], 'COUNT(sp_id)', "sp_id = '{$template_id}' AND template_flag = 1 AND (draft_flag = 0)" . $perms) == 0) {
$template_id = '';
}
}
}
// make sure there's only one "entire page" static page per topic
if ($sp_centerblock == 1 && $sp_where == 0) {
$sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE (sp_centerblock = 1) AND (sp_where = 0) AND (sp_tid = '{$sp_tid}') AND (draft_flag = 0)";
// if we're in a multi-language setup, we need to allow one "entire
// page" centerblock for 'all' or 'none' per language
if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) {
$ids = explode('_', $sp_id);
if (count($ids) > 1) {
$lang_id = array_pop($ids);
$sql .= " AND sp_id LIKE '%\\_{$lang_id}'";
}
}
DB_query($sql);
}
$formats = array('allblocks', 'blankpage', 'leftblocks', 'noblocks');
if (!in_array($sp_format, $formats)) {
$sp_format = 'allblocks';
}
if (!$args['gl_svc']) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
// Retrieve created date
$datecreated = DB_getItem($_TABLES['staticpage'], 'created', "sp_id = '{$sp_id}'");
if ($datecreated == '') {
$datecreated = date('Y-m-d H:i:s');
}
DB_save($_TABLES['staticpage'], 'sp_id,sp_title,sp_page_title, sp_content,created,modified,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode', "'{$sp_id}','{$sp_title}','{$sp_page_title}','{$sp_content}','{$datecreated}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}','{$meta_description}','{$meta_keywords}',{$template_flag},'{$template_id}',{$draft_flag},{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}'");
if ($delete_old_page && !empty($sp_old_id)) {
// If a template and the id changed, update any staticpages that use it
if ($template_flag == 1) {
$sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '{$sp_id}' WHERE template_id = '{$sp_old_id}'";
$result = DB_query($sql);
}
DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id);
}
if (empty($sp_old_id) || $sp_id == $sp_old_id) {
if (!$template_flag) {
PLG_itemSaved($sp_id, 'staticpages');
} else {
// If template then have to notify of all pages that use this template that a change to the page happened
$sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'";
$result = DB_query($sql);
while ($A = DB_fetchArray($result)) {
PLG_itemSaved($A['sp_id'], 'staticpages');
}
}
} else {
DB_change($_TABLES['comments'], 'sid', addslashes($sp_id), array('sid', 'type'), array(addslashes($sp_old_id), 'staticpages'));
if (!$template_flag) {
PLG_itemSaved($sp_id, 'staticpages', $sp_old_id);
} else {
// If template then have to notify of all pages that use this template that a change to the page happened
$sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'";
$result = DB_query($sql);
while ($A = DB_fetchArray($result)) {
PLG_itemSaved($A['sp_id'], 'staticpages');
}
}
}
$url = COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . $sp_id);
$output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages', 19);
$svc_msg['id'] = $sp_id;
return PLG_RET_OK;
} else {
$output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2);
if (!$args['gl_svc']) {
$output .= staticpageeditor($sp_id);
}
$output .= COM_siteFooter();
return PLG_RET_ERROR;
}
}
$display .= doTest($url, 'data/test.txt', 'data directory');
@unlink($_CONF['path_data'] . 'test.txt');
} else {
$display .= '<li>' . sprintf($LANG_SECTEST['failed_tmp'], 'data') . '</li>';
}
$display .= checkDefaultPassword();
$display .= '</ol>';
} else {
$resultInstallDirCheck = checkInstallDir();
$resultPasswordCheck = checkDefaultPassword();
if ($failed_tests == 0) {
$display .= '<p>' . $LANG_SECTEST['okay'] . '</p>';
} else {
$display .= '<ol>';
$display .= $resultInstallDirCheck . LB . $resultPasswordCheck;
$display .= '</ol>';
}
}
if ($failed_tests > 0) {
$display .= '<p class="warningsmall"><strong>' . $LANG_SECTEST['please_fix'] . '</strong></p>';
DB_save($_TABLES['vars'], 'name,value', "'security_check','0'");
} else {
$display .= '<p>' . $LANG_SECTEST['please_note'] . '</p>';
DB_save($_TABLES['vars'], 'name,value', "'security_check','1'");
}
$ml = COM_createLink('geeklog-announce', 'http://lists.geeklog.net/mailman/listinfo/geeklog-announce');
$versioncheck = '<strong>' . $LANG01[107] . '</strong>';
$display .= '<p>' . sprintf($LANG_SECTEST['stay_informed'], $ml, $versioncheck) . '</p>';
$display .= COM_endBlock();
$display .= COM_siteFooter();
COM_output($display);
/**
* Save a trackback (or pingback) comment.
*
* Also filters parameters and handles multiple trackbacks from the same source.
*
* Note: Spam check should have been done before calling this function.
*
* @param string $sid entry id
* @param string $type type of entry ('article' = story, etc.)
* @param string $url URL of the trackback comment
* @param string $title title of the comment (set to $url if empty)
* @param string $blog name of the blog that sent the comment
* @param string $excerpt excerpt from the comment
* @return int < 0: error, > 0: ID of the trackback comment
*
*/
function TRB_saveTrackbackComment($sid, $type, $url, $title = '', $blog = '', $excerpt = '')
{
global $_CONF, $_TABLES;
$url = COM_applyFilter($url);
$title = TRB_filterTitle($title);
$blog = TRB_filterBlogname($blog);
$excerpt = TRB_filterExcerpt($excerpt);
// MT does that, so follow its example ...
if (MBYTE_strlen($excerpt) > 255) {
$excerpt = MBYTE_substr($excerpt, 0, 252) . '...';
}
$title = str_replace(array('$', '{', '}'), array('$', '{', '~'), $title);
$excerpt = str_replace(array('$', '{', '}'), array('$', '{', '~'), $excerpt);
$blog = str_replace(array('$', '{', '}'), array('$', '{', '~'), $blog);
$url = DB_escapeString($url);
$title = DB_escapeString($title);
$blog = DB_escapeString($blog);
$excerpt = DB_escapeString($excerpt);
if ($_CONF['multiple_trackbacks'] == 0) {
// multiple trackbacks not allowed - check if we have this one already
if (DB_count($_TABLES['trackback'], array('url', 'sid', 'type'), array($url, $sid, $type)) >= 1) {
return TRB_SAVE_REJECT;
}
} else {
if ($_CONF['multiple_trackbacks'] == 1) {
// delete any earlier trackbacks from the same URL
DB_delete($_TABLES['trackback'], array('url', 'sid', 'type'), array($url, $sid, $type));
}
}
// else: multiple trackbacks allowed
DB_save($_TABLES['trackback'], 'sid,url,title,blog,excerpt,date,type,ipaddress', "'{$sid}','{$url}','{$title}','{$blog}','{$excerpt}',NOW(),'{$type}','{$_SERVER['REMOTE_ADDR']}'");
$comment_id = DB_insertId();
if ($type == 'article') {
DB_query("UPDATE {$_TABLES['stories']} SET trackbacks = trackbacks + 1 WHERE (sid = '{$sid}')");
}
return $comment_id;
}
/**
* Moves comment from submission table to comments table
*
* @copyright Jared Wenerd 2008
* @author Jared Wenerd, wenerd87 AT gmail DOT com
* @param string $cid comment id
* @return string of story id
*/
function CMT_approveModeration($cid)
{
global $_CONF, $_TABLES;
$result = DB_query("SELECT type, sid, date, title, comment, uid, name, pid, ipaddress FROM {$_TABLES['commentsubmissions']} WHERE cid = '{$cid}'");
$A = DB_fetchArray($result);
if ($A['pid'] > 0) {
// get indent+1 of parent
$indent = DB_getItem($_TABLES['comments'], 'indent+1', "cid = '{$A['pid']}'");
} else {
$indent = 0;
}
$A['title'] = addslashes($A['title']);
$A['comment'] = addslashes($A['comment']);
if (isset($A['name'])) {
// insert data
$A['name'] = addslashes($A['name']);
DB_save($_TABLES['comments'], 'type,sid,date,title,comment,uid,name,pid,ipaddress,indent', "'{$A['type']}','{$A['sid']}','{$A['date']}','{$A['title']}','{$A['comment']}','{$A['uid']}'," . "'{$A['name']}','{$A['pid']}','{$A['ipaddress']}',{$indent}");
} else {
// insert data, null automatically goes into name column
DB_save($_TABLES['comments'], 'type,sid,date,title,comment,uid,pid,ipaddress,indent', "'{$A['type']}','{$A['sid']}','{$A['date']}','{$A['title']}','{$A['comment']}','{$A['uid']}'," . "'{$A['pid']}','{$A['ipaddress']}',{$indent}");
}
$newcid = DB_insertId();
DB_delete($_TABLES['commentsubmissions'], 'cid', $cid);
DB_change($_TABLES['commentnotifications'], 'cid', $newcid, 'mid', $cid);
// notify of new published comment
if ($_CONF['allow_reply_notifications'] == 1 && $A['pid'] > 0) {
$result = DB_query("SELECT cid, uid, deletehash FROM {$_TABLES['commentnotifications']} WHERE cid = {$A['pid']}");
$B = DB_fetchArray($result);
if ($B !== false) {
CMT_sendReplyNotification($B);
}
}
return $A['sid'];
}
/**
* Saves link to the database
*
* @param string $lid ID for link
* @param string $old_lid old ID for link
* @param string $cid cid of category link belongs to
* @param string $categorydd Category links belong to
* @param string $url URL of link to save
* @param string $description Description of link
* @param string $title Title of link
* @param int $hits Number of hits for link
* @param int $owner_id ID of owner
* @param int $group_id ID of group link belongs to
* @param int $perm_owner Permissions the owner has
* @param int $perm_group Permissions the group has
* @param int $perm_members Permissions members have
* @param int $perm_anon Permissions anonymous users have
* @return string HTML redirect or error message
* @global array core config vars
* @global array core group data
* @global array core table data
* @global array core user data
* @global array core msg data
* @global array links plugin lang admin vars
*
*/
function savelink($lid, $old_lid, $cid, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF;
$retval = '';
// Convert array values to numeric permission values
if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
// Remove any autotags the user doesn't have permission to use
$description = PLG_replaceTags($description, '', true);
// clean 'em up
$description = DB_escapeString(COM_checkHTML(COM_checkWords($description), 'links.edit'));
$title = DB_escapeString(strip_tags(COM_checkWords($title)));
$cid = DB_escapeString($cid);
if (empty($owner_id)) {
// this is new link from admin, set default values
$owner_id = $_USER['uid'];
if (isset($_GROUPS['Links Admin'])) {
$group_id = $_GROUPS['Links Admin'];
} else {
$group_id = SEC_getFeatureGroup('links.edit');
}
$perm_owner = 3;
$perm_group = 2;
$perm_members = 2;
$perm_anon = 2;
}
$lid = COM_sanitizeID($lid);
$old_lid = COM_sanitizeID($old_lid);
if (empty($lid)) {
if (empty($old_lid)) {
$lid = COM_makeSid();
} else {
$lid = $old_lid;
}
}
// check for link id change
if (!empty($old_lid) && $lid != $old_lid) {
// check if new lid is already in use
if (DB_count($_TABLES['links'], 'lid', $lid) > 0) {
// TBD: abort, display editor with all content intact again
$lid = $old_lid;
// for now ...
}
}
$access = 0;
$old_lid = DB_escapeString($old_lid);
if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}.");
COM_output($display);
exit;
} elseif (!empty($title) && !empty($description) && !empty($url)) {
if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) {
$cid = DB_escapeString($categorydd);
} else {
if ($categorydd != $LANG_LINKS_ADMIN[7]) {
echo COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php');
}
}
DB_delete($_TABLES['linksubmission'], 'lid', $old_lid);
DB_delete($_TABLES['links'], 'lid', $old_lid);
DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$lid}','{$cid}','{$url}','{$description}','{$title}',NOW(),'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
if (empty($old_lid) || $old_lid == $lid) {
PLG_itemSaved($lid, 'links');
} else {
PLG_itemSaved($lid, 'links', $old_lid);
}
// Get category for rdf check
$category = DB_getItem($_TABLES['linkcategories'], "category", "cid='{$cid}'");
COM_rdfUpToDateCheck('links', $category, $lid);
return PLG_afterSaveSwitch($_LI_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/links/portal.php?what=link&item={$lid}"), 'links', 2);
} else {
// missing fields
$retval .= COM_errorLog($LANG_LINKS_ADMIN[10], 2);
if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
$retval .= editlink('edit', $old_lid);
} else {
$retval .= editlink('edit', '');
}
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LINKS_ADMIN[1]));
return $retval;
}
}
/**
* Saves user to the database
*
* @param int $uid user id
* @return string HTML redirect or error message
*
*/
function USER_save($uid)
{
global $_CONF, $_TABLES, $_USER, $LANG28, $_USER_VERBOSE;
$retval = '';
$userChanged = false;
if ($_USER_VERBOSE) {
COM_errorLog("**** entering USER_save()****", 1);
}
if ($_USER_VERBOSE) {
COM_errorLog("group size at beginning = " . sizeof($groups), 1);
}
$uid = COM_applyFilter($_POST['uid'], true);
if ($uid == 0) {
$uid = '';
}
$regdate = COM_applyFilter($_POST['regdate'], true);
$username = trim($_POST['new_username']);
$fullname = COM_truncate(trim(USER_sanitizeName($_POST['fullname'])), 80);
$userstatus = COM_applyFilter($_POST['userstatus'], true);
$oldstatus = COM_applyFilter($_POST['oldstatus'], true);
$passwd = isset($_POST['newp']) ? trim($_POST['newp']) : '';
$passwd_conf = isset($_POST['newp_conf']) ? trim($_POST['newp_conf']) : '';
$cooktime = COM_applyFilter($_POST['cooktime'], true);
$email = trim($_POST['email']);
$email_conf = trim($_POST['email_conf']);
$groups = $_POST['groups'];
$homepage = trim($_POST['homepage']);
$location = strip_tags(trim($_POST['location']));
$photo = isset($_POST['photo']) ? $_POST['photo'] : '';
$delete_photo = isset($_POST['delete_photo']) && $_POST['delete_photo'] == 'on' ? 1 : 0;
$sig = trim($_POST['sig']);
$about = trim($_POST['about']);
$pgpkey = trim($_POST['pgpkey']);
$language = isset($_POST['language']) ? trim(COM_applyFilter($_POST['language'])) : '';
$theme = isset($_POST['theme']) ? trim(COM_applyFilter($_POST['theme'])) : '';
$maxstories = COM_applyFilter($_POST['maxstories'], true);
$tzid = COM_applyFilter($_POST['tzid']);
$dfid = COM_applyFilter($_POST['dfid'], true);
$search_fmt = COM_applyFilter($_POST['search_result_format']);
$commentmode = COM_applyFilter($_POST['commentmode']);
$commentorder = isset($_POST['commentorder']) && $_POST['commentorder'] == 'DESC' ? 'DESC' : 'ASC';
$commentlimit = COM_applyFilter($_POST['commentlimit'], true);
$emailfromuser = isset($_POST['emailfromuser']) && $_POST['emailfromuser'] == 'on' ? 1 : 0;
$emailfromadmin = isset($_POST['emailfromadmin']) && $_POST['emailfromadmin'] == 'on' ? 1 : 0;
$noicons = isset($_POST['noicons']) && $_POST['noicons'] == 'on' ? 1 : 0;
$noboxes = isset($_POST['noboxes']) && $_POST['noboxes'] == 'on' ? 1 : 0;
$showonline = isset($_POST['showonline']) && $_POST['showonline'] == 'on' ? 1 : 0;
$topic_order = isset($_POST['topic_order']) && $_POST['topic_order'] == 'ASC' ? 'ASC' : 'DESC';
$maxstories = COM_applyFilter($_POST['maxstories'], true);
$newuser = COM_applyFilter($_POST['newuser'], true);
$remoteuser = isset($_POST['remoteuser']) && $_POST['remoteuser'] == 'on' ? 1 : 0;
$remoteusername = isset($_POST['remoteusername']) ? strip_tags(trim($_POST['remoteusername'])) : '';
$remoteservice = isset($_POST['remoteservice']) ? COM_applyFilter($_POST['remoteservice']) : '';
$social_services = SOC_followMeProfile($uid);
foreach ($social_services as $service) {
$service_input = $service['service'] . '_username';
$_POST[$service_input] = strip_tags($_POST[$service_input]);
}
if ($uid == 1) {
return USER_list();
}
if ($uid == '' || $uid < 2 || $newuser == 1) {
if (empty($passwd) && $remoteuser == 0) {
return USER_edit($uid, 504);
}
if (empty($email)) {
return USER_edit($uid, 505);
}
}
if ($username == '') {
return USER_edit($uid, 506);
}
if (!USER_validateUsername($username)) {
return USER_edit($uid, 512);
}
if ($email == '') {
return USER_edit($uid, 507);
}
if ($passwd != $passwd_conf && $remoteuser == 0) {
// passwords don't match
return USER_edit($uid, 67);
}
if ($email != $email_conf) {
return USER_edit($uid, 508);
}
// remote user checks
if ($remoteuser == 1) {
if ($remoteusername == '') {
return USER_edit($uid, 513);
}
if ($remoteservice == '') {
return USER_edit($uid, 514);
}
}
$validEmail = true;
if (empty($username)) {
$validEmail = false;
} elseif (empty($email)) {
if (empty($uid)) {
$validEmail = false;
} else {
$ws_user = DB_getItem($_TABLES['users'], 'remoteservice', "uid = " . intval($uid));
if (empty($ws_user)) {
$validEmail = false;
}
}
}
if ($validEmail) {
if (!empty($email) && !COM_isEmail($email)) {
return USER_edit($uid, 52);
}
$uname = DB_escapeString($username);
if (empty($uid)) {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******'");
} else {
$uservice = DB_getItem($_TABLES['users'], 'remoteservice', "uid = {$uid}");
if ($uservice != '') {
$uservice = DB_escapeString($uservice);
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND remoteservice = '{$uservice}'");
} else {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "username = '******' AND uid <> {$uid} AND (remoteservice = '' OR remoteservice IS NULL)");
}
}
if ($ucount > 0) {
// Admin just changed a user's username to one that already exists
return USER_edit($uid, 51);
}
$emailaddr = DB_escapeString($email);
$exclude_remote = " AND (remoteservice IS NULL OR remoteservice = '')";
if (empty($uid)) {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}'" . $exclude_remote);
} else {
$old_email = DB_getItem($_TABLES['users'], 'email', "uid = {$uid}");
if ($old_email == $email) {
// email address didn't change so don't care
$ucount = 0;
} else {
$ucount = DB_getItem($_TABLES['users'], 'COUNT(*)', "email = '{$emailaddr}' AND uid <> {$uid}" . $exclude_remote);
}
}
if ($ucount > 0) {
// Admin just changed a user's email to one that already exists
return USER_edit($uid, 56);
}
if ($_CONF['custom_registration'] && function_exists('CUSTOM_userCheck')) {
$ret = CUSTOM_userCheck($username, $email);
if (!empty($ret)) {
// need a numeric return value - otherwise use default message
if (!is_numeric($ret['number'])) {
$ret['number'] = 97;
}
return USER_edit($uid, $ret['number']);
}
}
// Let plugins have a chance to decide what to do before saving the user, return errors.
$msg = PLG_itemPreSave('useredit', $username);
if (!empty($msg)) {
// need a numeric return value - otherwise use default message
if (!is_numeric($msg)) {
$msg = 97;
}
return USER_edit($uid, $msg);
}
if (empty($uid) || !empty($passwd)) {
$passwd2 = SEC_encryptPassword($passwd);
} else {
$passwd2 = DB_getItem($_TABLES['users'], 'passwd', "uid = {$uid}");
}
// do we need to create the user?
if (empty($uid)) {
if (empty($passwd)) {
// no password? create one ...
$passwd = USER_createPassword(8);
$passwd2 = SEC_encryptPassword($passwd);
}
if ($remoteuser == 1) {
$uid = USER_createAccount($username, $email, '', $fullname, '', $remoteusername, $remoteservice, 1);
} else {
$uid = USER_createAccount($username, $email, $passwd2, $fullname, $homepage, '', '', 1);
}
if ($uid > 1) {
DB_query("UPDATE {$_TABLES['users']} SET status = {$userstatus} WHERE uid = {$uid}");
}
if (isset($_POST['emailuser'])) {
USER_createAndSendPassword($username, $email, $uid, $passwd);
}
if ($uid < 2) {
return USER_edit('', 509);
}
$newuser = 1;
}
// at this point, we have a valid user...
// Filter some of the text entry fields to ensure they don't cause problems...
$fullname = strip_tags($fullname);
$about = strip_tags($about);
$pgpkey = strip_tags($pgpkey);
$curphoto = USER_handlePhotoUpload($uid, $delete_photo);
if ($_CONF['allow_user_photo'] == 1 && !empty($curphoto)) {
$curusername = DB_getItem($_TABLES['users'], 'username', "uid = {$uid}");
if ($curusername != $username) {
// user has been renamed - rename the photo, too
$newphoto = preg_replace('/' . $curusername . '/', $username, $curphoto, 1);
$imgpath = $_CONF['path_images'] . 'userphotos/';
if (rename($imgpath . $curphoto, $imgpath . $newphoto) === false) {
$display = COM_siteHeader('menu', $LANG28[22]);
$display .= COM_errorLog('Could not rename userphoto "' . $curphoto . '" to "' . $newphoto . '".');
$display .= COM_siteFooter();
return $display;
}
$curphoto = $newphoto;
}
}
// update users table
$sql = "UPDATE {$_TABLES['users']} SET " . "username = '******'," . "fullname = '" . DB_escapeString($fullname) . "'," . "passwd = '" . DB_escapeString($passwd2) . "'," . "email = '" . DB_escapeString($email) . "'," . "homepage = '" . DB_escapeString($homepage) . "'," . "sig = '" . DB_escapeString($sig) . "'," . "photo = '" . DB_escapeString($curphoto) . "'," . "cookietimeout = {$cooktime}," . "theme = '" . DB_escapeString($theme) . "'," . "language = '" . DB_escapeString($language) . "'," . "status = {$userstatus} WHERE uid = {$uid};";
DB_query($sql);
// update userprefs
$sql = "UPDATE {$_TABLES['userprefs']} SET " . "noicons = {$noicons}," . "dfid = {$dfid}," . "tzid = '" . DB_escapeString($tzid) . "'," . "emailstories = 0," . "emailfromadmin = {$emailfromadmin}," . "emailfromuser = {$emailfromuser}," . "showonline = {$showonline}," . "search_result_format = '" . DB_escapeString($search_fmt) . "' WHERE uid={$uid};";
DB_query($sql);
// userinfo table
$sql = "UPDATE {$_TABLES['userinfo']} SET " . "about = '" . DB_escapeString($about) . "'," . "location = '" . DB_escapeString($location) . "'," . "pgpkey = '" . DB_escapeString($pgpkey) . "' WHERE uid={$uid};";
DB_query($sql);
// userindex table
$TIDS = @array_values($_POST['topics']);
$AIDS = @array_values($_POST['selauthors']);
$BOXES = @array_values($_POST['blocks']);
$ETIDS = @array_values($_POST['dgtopics']);
$allowed_etids = USER_buildTopicList();
$AETIDS = explode(' ', $allowed_etids);
$tids = '';
if (sizeof($TIDS) > 0) {
$tids = DB_escapeString(implode(' ', array_intersect($AETIDS, $TIDS)));
}
$aids = '';
if (sizeof($AIDS) > 0) {
foreach ($AIDS as $key => $val) {
$AIDS[$key] = intval($val);
}
$aids = DB_escapeString(implode(' ', $AIDS));
}
$selectedblocks = '';
$selectedBoxes = array();
if (count($BOXES) > 0) {
foreach ($BOXES as $key => $val) {
$BOXES[$key] = intval($val);
}
$boxes = DB_escapeString(implode(',', $BOXES));
$blockresult = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ({$boxes})");
$numRows = DB_numRows($blockresult);
for ($x = 1; $x <= $numRows; $x++) {
$row = DB_fetchArray($blockresult);
if ($row['name'] != 'user_block' and $row['name'] != 'admin_block' and $row['name'] != 'section_block') {
$selectedblocks .= $row['bid'];
if ($x != $numRows) {
$selectedblocks .= ' ';
}
}
}
}
$etids = '-';
if (sizeof($ETIDS) > 0) {
$etids = DB_escapeString(implode(' ', array_intersect($AETIDS, $ETIDS)));
} else {
$etids = '-';
}
DB_save($_TABLES['userindex'], "uid,tids,aids,boxes,noboxes,maxstories,etids", "{$uid},'{$tids}','{$aids}','{$selectedblocks}',{$noboxes},{$maxstories},'{$etids}'");
// usercomment
DB_save($_TABLES['usercomment'], 'uid,commentmode,commentorder,commentlimit', "{$uid},'{$commentmode}','{$commentorder}'," . intval($commentlimit));
if ($_CONF['custom_registration'] and function_exists('CUSTOM_userSave')) {
CUSTOM_userSave($uid);
}
if ($_CONF['usersubmission'] == 1 && $oldstatus == USER_ACCOUNT_AWAITING_APPROVAL && ($userstatus == USER_ACCOUNT_ACTIVE || $userstatus == USER_ACCOUNT_AWAITING_ACTIVATION || $userstatus == USER_ACCOUNT_AWAITING_VERIFICATION)) {
USER_createAndSendPassword($username, $email, $uid);
}
if ($userstatus == USER_ACCOUNT_DISABLED) {
SESS_endUserSession($uid);
}
$userChanged = true;
// if groups is -1 then this user isn't allowed to change any groups so ignore
if (is_array($groups) && SEC_hasRights('group.edit')) {
if (!SEC_inGroup('Root')) {
$rootgrp = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Root'");
if (in_array($rootgrp, $groups)) {
COM_accessLog("User {$_USER['username']} ({$_USER['uid']}) just tried to give Root permissions to user {$username}.");
echo COM_refresh($_CONF['site_admin_url'] . '/index.php');
exit;
}
}
// make sure the Remote Users group is in $groups
if (SEC_inGroup('Remote Users', $uid)) {
$remUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Remote Users'");
if (!in_array($remUsers, $groups)) {
$groups[] = $remUsers;
}
}
if ($_USER_VERBOSE) {
COM_errorLog("deleting all group_assignments for user {$uid}/{$username}", 1);
}
// remove user from all groups that the User Admin is a member of
$UserAdminGroups = SEC_getUserGroups();
$whereGroup = 'ug_main_grp_id IN (' . implode(',', $UserAdminGroups) . ')';
DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE (ug_uid = {$uid}) AND " . $whereGroup);
// make sure to add user to All Users and Logged-in Users groups
$allUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'All Users'");
if (!in_array($allUsers, $groups)) {
$groups[] = $allUsers;
}
$logUsers = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = 'Logged-in Users'");
if (!in_array($logUsers, $groups)) {
$groups[] = $logUsers;
}
foreach ($groups as $userGroup) {
if (in_array($userGroup, $UserAdminGroups)) {
if ($_USER_VERBOSE) {
COM_errorLog("adding group_assignment " . $userGroup . " for {$username}", 1);
}
$sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$userGroup}, {$uid})";
DB_query($sql);
}
}
}
// subscriptions
$subscription_deletes = @array_values($_POST['subdelete']);
if (is_array($subscription_deletes)) {
foreach ($subscription_deletes as $subid) {
DB_delete($_TABLES['subscriptions'], 'sub_id', (int) $subid);
}
}
foreach ($social_services as $service) {
$service_input = $service['service'] . '_username';
$_POST[$service_input] = DB_escapeString($_POST[$service_input]);
if ($_POST[$service_input] != '') {
$sql = "REPLACE INTO {$_TABLES['social_follow_user']} (ssid,uid,ss_username) ";
$sql .= " VALUES (" . (int) $service['service_id'] . "," . $uid . ",'" . $_POST[$service_input] . "');";
DB_query($sql, 1);
} else {
$sql = "DELETE FROM {$_TABLES['social_follow_user']} WHERE ssid = " . (int) $service['service_id'] . " AND uid=" . (int) $uid;
DB_query($sql, 1);
}
}
if ($newuser == 0) {
PLG_profileSave('', $uid);
} else {
PLG_createUser($uid);
}
if ($userChanged) {
PLG_userInfoChanged($uid);
}
CACHE_remove_instance('mbmenu');
$errors = DB_error();
if (empty($errors)) {
echo PLG_afterSaveSwitch($_CONF['aftersave_user'], "{$_CONF['site_url']}/users.php?mode=profile&uid={$uid}", 'user', 21);
} else {
$retval .= COM_siteHeader('menu', $LANG28[22]);
$retval .= COM_errorLog('Error in USER_save() in ' . $_CONF['site_admin_url'] . '/user.php');
$retval .= COM_siteFooter();
echo $retval;
exit;
}
} else {
$retval = COM_siteHeader('menu', $LANG28[1]);
$retval .= COM_errorLog($LANG28[10]);
if (DB_count($_TABLES['users'], 'uid', $uid) > 0) {
$retval .= USER_edit($uid);
} else {
$retval .= USER_edit();
}
$retval .= COM_siteFooter();
echo $retval;
exit;
}
if ($_USER_VERBOSE) {
COM_errorLog("***************leaving USER_save()*****************", 1);
}
return $retval;
}
function MG_saveMemberDefaults()
{
global $_CONF, $_MG_CONF, $_TABLES, $_USER, $_POST;
$member_albums = isset($_POST['member_albums']) ? COM_applyFilter($_POST['member_albums'], true) : 0;
$member_quota = COM_applyFilter($_POST['member_quota'], true) * 1048576;
$auto_create = isset($_POST['auto_create']) ? COM_applyFilter($_POST['auto_create'], true) : 0;
$allow_create = isset($_POST['allow_create']) ? COM_applyFilter($_POST['allow_create'], true) : 0;
$member_use_fullname = isset($_POST['member_use_fullname']) ? COM_applyFilter($_POST['member_use_fullname'], true) : 0;
$feature_member_album = isset($_POST['feature_member_album']) ? COM_applyFilter($_POST['feature_member_album'], true) : 0;
$allow_remote = isset($_POST['allow_remote']) ? COM_applyFilter($_POST['allow_remote'], true) : 0;
$member_root = isset($_POST['member_root']) ? COM_applyFilter($_POST['member_root'], true) : 0;
$member_archive = isset($_POST['member_archive']) ? COM_applyFilter($_POST['member_archive'], true) : 0;
$enable_random = isset($_POST['enable_random']) ? COM_applyFilter($_POST['enable_random'], true) : 0;
$max_image_width = COM_applyFilter($_POST['max_image_width'], true);
$max_image_height = COM_applyFilter($_POST['max_image_height'], true);
$max_filesize = COM_applyFilter($_POST['max_filesize'], true) * 1024;
$uploads = isset($_POST['uploads']) ? COM_applyFilter($_POST['uploads'], true) : 0;
$moderate = isset($_POST['moderate']) ? COM_applyFilter($_POST['moderate'], true) : 0;
$mod_id = COM_applyFilter($_POST['mod_id'], true);
$email_mod = isset($_POST['email_mod']) ? COM_applyFilter($_POST['email_mod'], true) : 0;
$tperm_owner = isset($_POST['perm_owner']) ? $_POST['perm_owner'] : 0;
$tperm_group = isset($_POST['perm_group']) ? $_POST['perm_group'] : 0;
$tperm_members = isset($_POST['perm_members']) ? $_POST['perm_members'] : 0;
$tperm_anon = isset($_POST['perm_anon']) ? $_POST['perm_anon'] : 0;
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($tperm_owner, $tperm_group, $tperm_members, $tperm_anon);
// valid media formats....
$format_jpg = isset($_POST['format_jpg']) ? COM_applyFilter($_POST['format_jpg'], true) : 0;
$format_png = isset($_POST['format_png']) ? COM_applyFilter($_POST['format_png'], true) : 0;
$format_tif = isset($_POST['format_tif']) ? COM_applyFilter($_POST['format_tif'], true) : 0;
$format_gif = isset($_POST['format_gif']) ? COM_applyFilter($_POST['format_gif'], true) : 0;
$format_bmp = isset($_POST['format_bmp']) ? COM_applyFilter($_POST['format_bmp'], true) : 0;
$format_tga = isset($_POST['format_tga']) ? COM_applyFilter($_POST['format_tga'], true) : 0;
$format_psd = isset($_POST['format_psd']) ? COM_applyFilter($_POST['format_psd'], true) : 0;
$format_mp3 = isset($_POST['format_mp3']) ? COM_applyFilter($_POST['format_mp3'], true) : 0;
$format_ogg = isset($_POST['format_ogg']) ? COM_applyFilter($_POST['format_ogg'], true) : 0;
$format_asf = isset($_POST['format_asf']) ? COM_applyFilter($_POST['format_asf'], true) : 0;
$format_swf = isset($_POST['format_swf']) ? COM_applyFilter($_POST['format_swf'], true) : 0;
$format_mov = isset($_POST['format_mov']) ? COM_applyFilter($_POST['format_mov'], true) : 0;
$format_mp4 = isset($_POST['format_mp4']) ? COM_applyFilter($_POST['format_mp4'], true) : 0;
$format_mpg = isset($_POST['format_mpg']) ? COM_applyFilter($_POST['format_mpg'], true) : 0;
$format_zip = isset($_POST['format_zip']) ? COM_applyFilter($_POST['format_zip'], true) : 0;
$format_other = isset($_POST['format_other']) ? COM_applyFilter($_POST['format_other'], true) : 0;
$format_flv = isset($_POST['format_flv']) ? COM_applyFilter($_POST['format_flv'], true) : 0;
$format_rflv = isset($_POST['format_rflv']) ? COM_applyFilter($_POST['format_rflv'], true) : 0;
$format_emb = isset($_POST['format_emb']) ? COM_applyFilter($_POST['format_emb'], true) : 0;
$member_valid_formats = $format_jpg + $format_png + $format_tif + $format_gif + $format_bmp + $format_tga + $format_psd + $format_mp3 + $format_ogg + $format_asf + $format_swf + $format_mov + $format_mp4 + $format_mpg + $format_zip + $format_other + $format_flv + $format_rflv + $format_emb;
// put any error checking / validation here
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_albums','{$member_albums}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_use_fullname','{$member_use_fullname}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'feature_member_album','{$feature_member_album}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'allow_remote','{$allow_remote}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_quota','{$member_quota}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_auto_create','{$auto_create}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_create_new','{$allow_create}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_album_root','{$member_root}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_album_archive','{$member_archive}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_enable_random','{$enable_random}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_max_width','{$max_image_width}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_max_height','{$max_image_height}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_max_filesize','{$max_filesize}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_uploads','{$uploads}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_moderate','{$moderate}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_mod_group_id','{$mod_id}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_email_mod','{$email_mod}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_perm_owner','{$perm_owner}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_perm_group','{$perm_group}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_perm_members','{$perm_members}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_perm_anon','{$perm_anon}'");
DB_save($_TABLES['mg_config'], "config_name, config_value", "'member_valid_formats','{$member_valid_formats}'");
CACHE_remove_instance('stmenu');
echo COM_refresh($_MG_CONF['admin_url'] . 'index.php?msg=12');
exit;
}
/**
* Saves user's preferences back to the database
*
* @param array $A User's data to save
* @return void
*
*/
function savepreferences($A)
{
global $_CONF, $_TABLES, $_USER;
if (isset($A['noicons']) && $A['noicons'] == 'on') {
$A['noicons'] = 1;
} else {
$A['noicons'] = 0;
}
if (isset($A['willing']) && $A['willing'] == 'on') {
$A['willing'] = 1;
} else {
$A['willing'] = 0;
}
if (isset($A['noboxes']) && $A['noboxes'] == 'on') {
$A['noboxes'] = 1;
} else {
$A['noboxes'] = 0;
}
if (isset($A['emailfromadmin']) && $A['emailfromadmin'] == 'on') {
$A['emailfromadmin'] = 1;
} else {
$A['emailfromadmin'] = 0;
}
if (isset($A['emailfromuser']) && $A['emailfromuser'] == 'on') {
$A['emailfromuser'] = 1;
} else {
$A['emailfromuser'] = 0;
}
if (isset($A['showonline']) && $A['showonline'] == 'on') {
$A['showonline'] = 1;
} else {
$A['showonline'] = 0;
}
$A['maxstories'] = COM_applyFilter($A['maxstories'], true);
if (empty($A['maxstories'])) {
$A['maxstories'] = 0;
} else {
if ($A['maxstories'] > 0) {
if ($A['maxstories'] < $_CONF['minnews']) {
$A['maxstories'] = $_CONF['minnews'];
}
}
}
$TIDS = @array_values($A['topics']);
// array of strings
$AIDS = @array_values($A['selauthors']);
// array of integers
$BOXES = @array_values($A['blocks']);
// array of integers
$ETIDS = @array_values($A['etids']);
// array of strings
$AETIDS = USER_getAllowedTopics();
// array of strings (fetched, needed to "clean" $TIDS and $ETIDS)
$tids = '';
if (count($TIDS) > 0) {
// the array_intersect mitigates the need to scrub the TIDS input
$tids = addslashes(implode(' ', array_intersect($AETIDS, $TIDS)));
}
$aids = '';
if (count($AIDS) > 0) {
// Scrub the AIDS array to prevent SQL injection and bad values
foreach ($AIDS as $key => $val) {
$AIDS[$key] = COM_applyFilter($val, true);
}
$aids = addslashes(implode(' ', $AIDS));
}
$selectedblocks = '';
if (count($BOXES) > 0) {
// Scrub the BOXES array to prevent SQL injection and bad values
foreach ($BOXES as $key => $val) {
$BOXES[$key] = COM_applyFilter($val, true);
}
$boxes = addslashes(implode(',', $BOXES));
$blockresult = DB_query("SELECT bid,name FROM {$_TABLES['blocks']} WHERE bid NOT IN ({$boxes})");
$numRows = DB_numRows($blockresult);
for ($x = 1; $x <= $numRows; $x++) {
$row = DB_fetchArray($blockresult);
if ($row['name'] != 'user_block' and $row['name'] != 'admin_block' and $row['name'] != 'section_block') {
$selectedblocks .= $row['bid'];
if ($x != $numRows) {
$selectedblocks .= ' ';
}
}
}
}
$selectedblocks = trim($selectedblocks);
$etids = '';
if ($_CONF['emailstories'] == 1 && count($ETIDS) > 0) {
// the array_intersect mitigates the need to scrub the ETIDS input
$etids = addslashes(implode(' ', array_intersect($AETIDS, $ETIDS)));
}
if (isset($A['tzid'])) {
$A['tzid'] = COM_applyFilter($A['tzid']);
} else {
$A['tzid'] = '';
}
if (isset($A['theme'])) {
$A['theme'] = COM_applyFilter($A['theme']);
}
if (empty($A['theme'])) {
$A['theme'] = $_CONF['theme'];
}
if (isset($A['language'])) {
$A['language'] = COM_applyFilter($A['language']);
}
if (empty($A['language'])) {
$A['language'] = $_CONF['language'];
}
// Save theme, when doing so, put in cookie so we can set the user's theme
// even when they aren't logged in
$theme = addslashes($A['theme']);
$language = addslashes($A['language']);
DB_query("UPDATE {$_TABLES['users']} SET theme='{$theme}',language='{$language}' WHERE uid = '{$_USER['uid']}'");
setcookie($_CONF['cookie_theme'], $A['theme'], time() + 31536000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
setcookie($_CONF['cookie_language'], $A['language'], time() + 31536000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
setcookie($_CONF['cookie_tzid'], $A['tzid'], time() + 31536000, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure']);
$A['dfid'] = COM_applyFilter($A['dfid'], true);
DB_query("UPDATE {$_TABLES['userprefs']} SET noicons='{$A['noicons']}', willing='{$A['willing']}', dfid='{$A['dfid']}', tzid='{$A['tzid']}', emailfromadmin='{$A['emailfromadmin']}', emailfromuser='******'emailfromuser']}', showonline='{$A['showonline']}' WHERE uid='{$_USER['uid']}'");
if (empty($etids)) {
$etids = '-';
}
DB_save($_TABLES['userindex'], "uid,tids,aids,boxes,noboxes,maxstories,etids", "'{$_USER['uid']}','{$tids}','{$aids}','{$selectedblocks}','{$A['noboxes']}',{$A['maxstories']},'{$etids}'");
$A['commentmode'] = COM_applyFilter($A['commentmode']);
if (empty($A['commentmode'])) {
$A['commentmode'] = $_CONF['comment_mode'];
}
$A['commentmode'] = addslashes($A['commentmode']);
$A['commentorder'] = COM_applyFilter($A['commentorder']);
if (empty($A['commentorder'])) {
$A['commentorder'] = 'ASC';
}
$A['commentorder'] = addslashes($A['commentorder']);
$A['commentlimit'] = COM_applyFilter($A['commentlimit'], true);
if ($A['commentlimit'] <= 0) {
$A['commentlimit'] = $_CONF['comment_limit'];
}
DB_save($_TABLES['usercomment'], 'uid,commentmode,commentorder,commentlimit', "'{$_USER['uid']}','{$A['commentmode']}','{$A['commentorder']}','{$A['commentlimit']}'");
PLG_userInfoChanged($_USER['uid']);
}
function saveElement()
{
global $_TABLES;
$this->label = DB_escapeString($this->label);
$this->url = DB_escapeString($this->url);
$sqlFieldList = 'id,pid,menu_id,element_label,element_type,element_subtype,element_order,element_active,element_url,element_target,group_id';
$sqlDataValues = "{$this->id},{$this->pid},'" . DB_escapeString($this->menu_id) . "','{$this->label}',{$this->type},'{$this->subtype}',{$this->order},{$this->active},'{$this->url}','{$this->target}',{$this->group_id}";
DB_save($_TABLES['menu_elements'], $sqlFieldList, $sqlDataValues);
}
/**
* Save a group to the database
*
* @param string $grp_id ID of group to save
* @param string $grp_name Group Name
* @param string $grp_descr Description of group
* @param boolean $grp_admin Flag that indicates this is an admin use group
* @param boolean $grp_gl_core Flag that indicates if this is a core Geeklog group
* @param boolean $grp_default Flag that indicates if this is a default group
* @param boolean $grp_applydefault Flag that indicates whether to apply a change in $grp_default to all existing user accounts
* @param array $features Features the group has access to
* @param array $groups Groups this group will belong to
* @return string HTML refresh or error message
*
*/
function savegroup($grp_id, $grp_name, $grp_descr, $grp_admin, $grp_gl_core, $grp_default, $grp_applydefault, $features, $groups)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $_GROUP_VERBOSE;
$retval = '';
if (!empty($grp_name) && !empty($grp_descr)) {
$GroupAdminGroups = SEC_getUserGroups();
if (!empty($grp_id) && $grp_id > 0 && !in_array($grp_id, $GroupAdminGroups) && !SEC_groupIsRemoteUserAndHaveAccess($grp_id, $GroupAdminGroups)) {
COM_accessLog("User {$_USER['username']} tried to edit group '{$grp_name}' ({$grp_id}) with insufficient privileges.");
return COM_refresh($_CONF['site_admin_url'] . '/group.php');
}
if ($grp_gl_core == 1 and !is_array($features)) {
COM_errorLog("Sorry, no valid features were passed to this core group ({$grp_id}) and saving could cause problem...bailing.");
return COM_refresh($_CONF['site_admin_url'] . '/group.php');
}
// group names have to be unique, so check if this one exists already
$g_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = '{$grp_name}'");
if ($g_id > 0) {
if (empty($grp_id) || $grp_id != $g_id) {
// there already is a group with that name - complain
$retval .= COM_showMessageText($LANG_ACCESS['groupexistsmsg'], $LANG_ACCESS['groupexists']) . editgroup($grp_id);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor']));
return $retval;
}
}
$grp_descr = COM_stripslashes($grp_descr);
$grp_descr = DB_escapeString($grp_descr);
$grp_applydefault_add = true;
if (empty($grp_id)) {
DB_save($_TABLES['groups'], 'grp_name,grp_descr,grp_gl_core,grp_default', "'{$grp_name}','{$grp_descr}',{$grp_gl_core},{$grp_default}");
$grp_id = DB_getItem($_TABLES['groups'], 'grp_id', "grp_name = '{$grp_name}'");
$new_group = true;
} else {
if ($grp_applydefault == 1) {
// check if $grp_default changed
$old_default = DB_getItem($_TABLES['groups'], 'grp_default', "grp_id = {$grp_id}");
if ($old_default == $grp_default) {
// no change required
$grp_applydefault = 0;
} elseif ($old_default == 1) {
$grp_applydefault_add = false;
}
}
DB_save($_TABLES['groups'], 'grp_id,grp_name,grp_descr,grp_gl_core,grp_default', "{$grp_id},'{$grp_name}','{$grp_descr}',{$grp_gl_core},{$grp_default}");
$new_group = false;
}
if (empty($grp_id) || $grp_id < 1) {
// "this shouldn't happen"
COM_errorLog("Internal error: invalid group id");
$retval .= COM_showMessage(95);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor']));
return $retval;
}
// Use the field grp_gl_core to indicate if this non-core GL Group
// is an Admin related group
if ($grp_gl_core != 1 and $grp_id > 1) {
if ($grp_admin == 1) {
DB_query("UPDATE {$_TABLES['groups']} SET grp_gl_core=2 WHERE grp_id={$grp_id}");
} else {
DB_query("UPDATE {$_TABLES['groups']} SET grp_gl_core=0 WHERE grp_id={$grp_id}");
}
}
// now save the features
DB_delete($_TABLES['access'], 'acc_grp_id', $grp_id);
$num_features = count($features);
if (SEC_inGroup('Root')) {
foreach ($features as $f) {
DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id,acc_grp_id) VALUES ({$f},{$grp_id})");
}
} else {
$GroupAdminFeatures = SEC_getUserPermissions();
$availableFeatures = explode(',', $GroupAdminFeatures);
foreach ($features as $f) {
if (in_array($f, $availableFeatures)) {
DB_query("INSERT INTO {$_TABLES['access']} (acc_ft_id,acc_grp_id) VALUES ({$f},{$grp_id})");
}
}
}
if ($_GROUP_VERBOSE) {
COM_errorLog('groups = ' . $groups);
COM_errorLog("deleting all group_assignments for group {$grp_id}/{$grp_name}", 1);
}
DB_delete($_TABLES['group_assignments'], 'ug_grp_id', $grp_id);
if (!empty($groups)) {
foreach ($groups as $g) {
if (in_array($g, $GroupAdminGroups)) {
if ($_GROUP_VERBOSE) {
COM_errorLog("adding group_assignment {$g} for {$grp_name}", 1);
}
$sql = "INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_grp_id) VALUES ({$g},{$grp_id})";
DB_query($sql);
}
}
}
// Make sure Root group belongs to any new group
if (DB_getItem($_TABLES['group_assignments'], 'COUNT(*)', "ug_main_grp_id = {$grp_id} AND ug_grp_id = 1") == 0) {
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_grp_id) VALUES ({$grp_id}, 1)");
}
// make sure this Group Admin belongs to the new group
if (!SEC_inGroup('Root')) {
if (DB_count($_TABLES['group_assignments'], 'ug_uid', "(ug_uid = {$_USER['uid']}) AND (ug_main_grp_id = {$grp_id})") == 0) {
DB_query("INSERT INTO {$_TABLES['group_assignments']} (ug_main_grp_id, ug_uid) VALUES ({$grp_id},{$_USER['uid']})");
}
}
if ($grp_applydefault == 1) {
applydefaultgroup($grp_id, $grp_applydefault_add);
}
if ($new_group) {
PLG_groupChanged($grp_id, 'new');
} else {
PLG_groupChanged($grp_id, 'edit');
}
if (isset($_REQUEST['chk_showall']) && $_REQUEST['chk_showall'] == 1) {
return COM_refresh($_CONF['site_admin_url'] . '/group.php?msg=49&chk_showall=1');
} else {
return COM_refresh($_CONF['site_admin_url'] . '/group.php?msg=49');
}
} else {
$retval .= COM_showMessageText($LANG_ACCESS['missingfieldsmsg'], $LANG_ACCESS['missingfields']) . editgroup($grp_id);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_ACCESS['groupeditor']));
return $retval;
}
}
/**
* Save topic to the database
*
* @param string $tid Topic ID
* @param string $topic Name of topic (what the user sees)
* @param string $imageurl (partial) URL to topic image
* @param string $meta_description Topic meta description
* @param string $meta_keywords Topic meta keywords
* @param int $sortnum number for sort order in "Topics" block
* @param int $limitnews number of stories per page for this topic
* @param int $owner_id ID of owner
* @param int $group_id ID of group topic belongs to
* @param int $perm_owner Permissions the owner has
* @param int $perm_group Permissions the group has
* @param int $perm_member Permissions members have
* @param int $perm_anon Permissions anonymous users have
* @param string $is_default 'on' if this is the default topic
* @param string $is_archive 'on' if this is the archive topic
* @return string HTML redirect or error message
*/
function savetopic($tid, $topic, $imageurl, $meta_description, $meta_keywords, $sortnum, $limitnews, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_default, $is_archive)
{
global $_CONF, $_TABLES, $LANG27, $MESSAGE;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$tid = COM_sanitizeID($tid);
$access = 0;
if (DB_count($_TABLES['topics'], 'tid', $tid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$retval .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
} elseif (!empty($tid) && !empty($topic)) {
if ($imageurl == '/images/topics/') {
$imageurl = '';
}
$topic = addslashes($topic);
$meta_description = addslashes(strip_tags($meta_description));
$meta_keywords = addslashes(strip_tags($meta_keywords));
if ($is_default == 'on') {
$is_default = 1;
DB_query("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1");
} else {
$is_default = 0;
}
$is_archive = $is_archive == 'on' ? 1 : 0;
$archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
if ($is_archive) {
// $tid is the archive topic
// - if it wasn't already, mark all its stories "archived" now
if ($archivetid != $tid) {
DB_query("UPDATE {$_TABLES['stories']} SET featured = 0, frontpage = 0, statuscode = " . STORY_ARCHIVE_ON_EXPIRE . " WHERE tid = '{$tid}'");
DB_query("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1");
}
} else {
// $tid is not the archive topic
// - if it was until now, reset the "archived" status of its stories
if ($archivetid == $tid) {
DB_query("UPDATE {$_TABLES['stories']} SET statuscode = 0 WHERE tid = '{$tid}'");
DB_query("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1");
}
}
DB_save($_TABLES['topics'], 'tid, topic, imageurl, meta_description, meta_keywords, sortnum, limitnews, is_default, archive_flag, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon', "'{$tid}', '{$topic}', '{$imageurl}', '{$meta_description}', '{$meta_keywords}','{$sortnum}','{$limitnews}',{$is_default},'{$is_archive}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
// update feed(s) and Older Stories block
COM_rdfUpToDateCheck('article', $tid);
COM_olderStuff();
$retval = COM_refresh($_CONF['site_admin_url'] . '/topic.php?msg=13');
} else {
$retval .= COM_siteHeader('menu', $LANG27[1]);
$retval .= COM_errorLog($LANG27[7], 2);
$retval .= COM_siteFooter();
}
return $retval;
}
function MG_getFile($filename, $file, $album_id, $opt = array())
{
global $_CONF, $_MG_CONF, $_USER, $_TABLES, $LANG_MG00, $LANG_MG01, $LANG_MG02, $_SPECIAL_IMAGES_MIMETYPE, $new_media_id;
$caption = isset($opt['caption']) ? $opt['caption'] : '';
$description = isset($opt['description']) ? $opt['description'] : '';
$upload = isset($opt['upload']) ? $opt['upload'] : 1;
$purgefiles = isset($opt['purgefiles']) ? $opt['purgefiles'] : 0;
$filetype = isset($opt['filetype']) ? $opt['filetype'] : '';
$atttn = isset($opt['atttn']) ? $opt['atttn'] : 0;
$thumbnail = isset($opt['thumbnail']) ? $opt['thumbnail'] : '';
$keywords = isset($opt['keywords']) ? $opt['keywords'] : '';
$category = isset($opt['category']) ? $opt['category'] : 0;
$dnc = isset($opt['dnc']) ? $opt['dnc'] : 0;
$replace = isset($opt['replace']) ? $opt['replace'] : 0;
$artist = '';
$musicAlbum = '';
$genre = '';
$video_attached_thumbnail = 0;
$successfulWatermark = 0;
$dnc = 1;
// What is this?
$errors = 0;
$errMsg = '';
require_once $_CONF['path'] . 'plugins/mediagallery/include/classAlbum.php';
$album = new mgAlbum($album_id);
$root_album = new mgAlbum(0);
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: *********** Beginning media upload process...");
COM_errorLog("Filename to process: " . $filename);
COM_errorLog("UID=" . $_USER['uid']);
COM_errorLog("album access=" . $album->access);
COM_errorLog("album owner_id=" . $album->owner_id);
COM_errorLog("member_uploads=" . $album->member_uploads);
}
clearstatcache();
if (!file_exists($filename)) {
$errMsg = $LANG_MG02['upload_not_found'];
return array(false, $errMsg);
}
if (!is_readable($filename)) {
$errMsg = $LANG_MG02['upload_not_readable'];
return array(false, $errMsg);
}
// make sure we have the proper permissions to upload to this album....
if (!isset($album->id)) {
$errMsg = $LANG_MG02['album_nonexist'];
// "Album does not exist, unable to process uploads";
return array(false, $errMsg);
}
if ($album->access != 3 && !$root_album->owner_id && $album->member_uploads == 0) {
COM_errorLog("Someone has tried to illegally upload to an album in Media Gallery. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: " . $_SERVER['REMOTE_ADDR'], 1);
return array(false, $LANG_MG00['access_denied_msg']);
}
sleep(0.1);
// We do this to make sure we don't get dupe sid's
/*
* The following section of code will generate a unique name for a temporary
* file and copy the uploaded file to the Media Gallery temp directory.
* We do this to prevent any SAFE MODE issues when we later open the
* file to determine the mime type.
*/
if (empty($_USER['username'])) {
$_USER['username'] = '******';
}
$tmpPath = $_MG_CONF['tmp_path'] . $_USER['username'] . COM_makesid() . '.tmp';
if ($upload) {
$rc = @move_uploaded_file($filename, $tmpPath);
} else {
$rc = @copy($filename, $tmpPath);
$importSource = $filename;
}
if ($rc != 1) {
COM_errorLog("Media Upload - Error moving uploaded file in generic processing....");
COM_errorLog("Media Upload - Unable to copy file to: " . $tmpPath);
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
@unlink($tmpPath);
COM_errorLog("MG Upload: Problem uploading a media object");
return array(false, $errMsg);
}
$filename = $tmpPath;
$new_media_id = $replace > 0 ? $replace : COM_makesid();
$media_time = time();
$media_upload_time = $media_time;
if (!isset($_USER['uid']) || $_USER['uid'] < 1) {
$media_user_id = 1;
} else {
$media_user_id = $_USER['uid'];
}
$mimeInfo = MG_getMediaMetaData($filename);
$mimeExt = strtolower(substr(strrchr($file, '.'), 1));
$mimeInfo['type'] = $mimeExt;
// override the determination for some filetypes
$filetype = MG_getFileTypeFromExt($mimeExt, $filetype);
if (empty($mimeInfo['mime_type'])) {
COM_errorLog("MG Upload: getID3 was unable to detect mime type - using PHP detection");
$mimeInfo['mime_type'] = $filetype;
}
$gotTN = 0;
if ($mimeInfo['id3v2']['APIC'][0]['mime'] == 'image/jpeg') {
$mp3AttachdedThumbnail = $mimeInfo['id3v2']['APIC'][0]['data'];
$gotTN = 1;
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: found mime type of " . $mimeInfo['type']);
}
if ($mimeExt == '' || $mimeInfo['mime_type'] == 'application/octet-stream' || $mimeInfo['mime_type'] == '') {
// assume format based on file upload info...
switch ($filetype) {
case 'audio/mpeg':
$mimeInfo['type'] = 'mp3';
$mimeInfo['mime_type'] = 'audio/mpeg';
$mimeExt = 'mp3';
break;
case 'image/tga':
$mimeInfo['type'] = 'tga';
$mimeInfo['mime_type'] = 'image/tga';
$mimeExt = 'tga';
break;
case 'image/psd':
$mimeInfo['type'] = 'psd';
$mimeInfo['mime_type'] = 'image/psd';
$mimeExt = 'psd';
break;
case 'image/gif':
$mimeInfo['type'] = 'gif';
$mimeInfo['mime_type'] = 'image/gif';
$mimeExt = 'gif';
break;
case 'image/jpeg':
case 'image/jpg':
$mimeInfo['type'] = 'jpg';
$mimeInfo['mime_type'] = 'image/jpeg';
$mimeExt = 'jpg';
break;
case 'image/png':
$mimeInfo['type'] = 'png';
$mimeInfo['mime_type'] = 'image/png';
$mimeExt = 'png';
break;
case 'image/bmp':
$mimeInfo['type'] = 'bmp';
$mimeInfo['mime_type'] = 'image/bmp';
$mimeExt = 'bmp';
break;
case 'application/x-shockwave-flash':
$mimeInfo['type'] = 'swf';
$mimeInfo['mime_type'] = 'application/x-shockwave-flash';
$mimeExt = 'swf';
break;
case 'application/zip':
$mimeInfo['type'] = 'zip';
$mimeInfo['mime_type'] = 'application/zip';
$mimeExt = 'zip';
break;
case 'audio/mpeg':
$mimeInfo['type'] = 'mp3';
$mimeInfo['mime_type'] = 'audio/mpeg';
$mimeExt = 'mp3';
break;
case 'video/quicktime':
$mimeInfo['type'] = 'mov';
$mimeInfo['mime_type'] = 'video/quicktime';
$mimeExt = 'mov';
break;
case 'video/x-m4v':
$mimeInfo['type'] = 'mov';
$mimeInfo['mime_type'] = 'video/x-m4v';
$mimeExt = 'mov';
break;
case 'video/x-flv':
$mimeInfo['type'] = 'flv';
$mimeInfo['mime_type'] = 'video/x-flv';
$mimeExt = 'flv';
break;
case 'audio/x-ms-wma':
$mimeInfo['type'] = 'wma';
$mimeInfo['mime_type'] = 'audio/x-ms-wma';
$mimeExt = 'wma';
break;
default:
switch ($mimeExt) {
case 'flv':
$mimeInfo['type'] = 'flv';
$mimeInfo['mime_type'] = 'video/x-flv';
break;
case 'wma':
$mimeInfo['type'] = 'wma';
$mimeInfo['mime_type'] = 'audio/x-ms-wma';
break;
default:
$mimeInfo['type'] = 'file';
$mimeInfo['mime_type'] = 'application/octet-stream';
if ($filetype != '') {
$mimeInfo['mime_type'] = $filetype;
}
break;
}
break;
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: override mime type to: " . $mimeInfo['type'] . ' based upon file extension of: ' . $filetype);
}
}
switch ($mimeInfo['mime_type']) {
case 'audio/mpeg':
$format_type = MG_MP3;
break;
case 'image/gif':
$format_type = MG_GIF;
break;
case 'image/jpeg':
case 'image/jpg':
$format_type = MG_JPG;
break;
case 'image/png':
$format_type = MG_PNG;
break;
case 'image/bmp':
$format_type = MG_BMP;
break;
case 'application/x-shockwave-flash':
$format_type = MG_SWF;
break;
case 'application/zip':
$format_type = MG_ZIP;
break;
case 'video/mpeg':
case 'video/x-motion-jpeg':
case 'video/quicktime':
case 'video/mpeg':
case 'video/x-mpeg':
case 'video/x-mpeq2a':
case 'video/x-qtc':
case 'video/x-m4v':
$format_type = MG_MOV;
break;
case 'video/x-flv':
$format_type = MG_FLV;
break;
case 'image/tiff':
$format_type = MG_TIF;
break;
case 'image/x-targa':
case 'image/tga':
$format_type = MG_TGA;
break;
case 'image/psd':
$format_type = MG_PSD;
break;
case 'application/ogg':
$format_type = MG_OGG;
break;
case 'audio/x-ms-wma':
case 'audio/x-ms-wax':
case 'audio/x-ms-wmv':
case 'video/x-ms-asf':
case 'video/x-ms-asf-plugin':
case 'video/avi':
case 'video/msvideo':
case 'video/x-msvideo':
case 'video/avs-video':
case 'video/x-ms-wmv':
case 'video/x-ms-wvx':
case 'video/x-ms-wm':
case 'application/x-troff-msvideo':
case 'application/x-ms-wmz':
case 'application/x-ms-wmd':
$format_type = MG_ASF;
break;
case 'application/pdf':
$format_type = MG_OTHER;
break;
default:
$format_type = MG_OTHER;
break;
}
if (!($album->valid_formats & $format_type)) {
return array(false, $LANG_MG02['format_not_allowed']);
}
$mimeType = $mimeInfo['mime_type'];
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: PHP detected mime type is : " . $filetype);
}
if ($filetype == 'video/x-m4v') {
$mimeType = 'video/x-m4v';
$mimeInfo['mime_type'] = 'video/x-m4v';
}
if ($replace > 0) {
$sql = "SELECT * FROM {$_TABLES['mg_media']} WHERE media_id='" . addslashes($replace) . "'";
$result = DB_query($sql);
$row = DB_fetchArray($result);
$media_filename = $row['media_filename'];
} else {
if ($_MG_CONF['preserve_filename'] == 1) {
$loopCounter = 0;
$digitCounter = 1;
$file_name = stripslashes($file);
$file_name = MG_replace_accents($file_name);
$file_name = preg_replace("#[ ]#", "_", $file_name);
// change spaces to underscore
$file_name = preg_replace('#[^\\.\\-,\\w]#', '_', $file_name);
//only parenthesis, underscore, letters, numbers, comma, hyphen, period - others to underscore
$file_name = preg_replace('#(_)+#', '_', $file_name);
//eliminate duplicate underscore
$pos = strrpos($file_name, '.');
if ($pos === false) {
$basefilename = $file_name;
} else {
$basefilename = strtolower(substr($file_name, 0, $pos));
}
do {
clearstatcache();
$media_filename = substr(md5(uniqid(rand())), 0, $digitCounter) . '_' . $basefilename;
$loopCounter++;
if ($loopCounter > 16) {
$digitCounter++;
$loopCounter = 0;
}
} while (MG_file_exists($media_filename));
} else {
do {
clearstatcache();
$media_filename = md5(uniqid(rand()));
} while (MG_file_exists($media_filename));
}
}
// replace a few mime extentions here...
//
if ($mimeExt == 'php') {
$mimeExt = 'phps';
}
if (in_array($mimeExt, array('pl', 'cgi', 'py', 'sh', 'rb'))) {
$mimeExt = 'txt';
}
$disp_media_filename = $media_filename . '.' . $mimeExt;
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Stored filename is : " . $disp_media_filename);
COM_errorLog("MG Upload: Mime Type: " . $mimeType);
}
switch ($mimeType) {
case 'image/psd':
case 'image/x-targa':
case 'image/tga':
case 'image/photoshop':
case 'image/x-photoshop':
case 'image/psd':
case 'application/photoshop':
case 'application/psd':
case 'image/tiff':
case 'image/gif':
case 'image/jpeg':
case 'image/jpg':
case 'image/png':
case 'image/bmp':
$dispExt = $mimeExt;
if (in_array($mimeType, $_SPECIAL_IMAGES_MIMETYPE)) {
$dispExt = 'jpg';
}
$media_orig = MG_getFilePath('orig', $media_filename, $mimeExt);
$media_disp = MG_getFilePath('disp', $media_filename, $dispExt);
$media_tn = MG_getFilePath('tn', $media_filename, $dispExt);
$mimeType = $mimeInfo['mime_type'];
// process image file
$media_time = getOriginationTimestamp($filename);
if ($media_time == null || $media_time < 0) {
$media_time = time();
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: About to move/copy file");
}
$rc = @copy($filename, $media_orig);
if ($rc != 1) {
COM_errorLog("Media Upload - Error moving uploaded file....");
COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig);
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
@chmod($media_orig, 0644);
list($rc, $msg) = MG_convertImage($media_orig, $media_tn, $media_disp, $mimeExt, $mimeType, $album_id, $media_filename, $dnc);
if ($rc == false) {
$errors++;
$errMsg .= $msg;
// sprintf($LANG_MG02['convert_error'],$filename);
} else {
$mediaType = 0;
if ($_MG_CONF['discard_original'] == 1 && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg' || $mimeType == 'image/png' || $mimeType == 'image/bmp' || $mimeType == 'image/gif')) {
if ($_MG_CONF['jhead_enabled'] && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg')) {
$rc = MG_execWrapper('"' . $_MG_CONF['jhead_path'] . "/jhead" . '"' . " -te " . $media_orig . " " . $media_disp);
}
@unlink($media_orig);
}
if ($album->wm_auto) {
if ($_MG_CONF['discard_original'] == 1) {
$rc = MG_watermark($media_disp, $album_id, 1);
if ($rc == true) {
$successfulWatermark = 1;
}
} else {
$rc1 = MG_watermark($media_orig, $album_id, 1);
$rc2 = MG_watermark($media_disp, $album_id, 0);
if ($rc1 == ture && $rc2 == true) {
$successfulWatermark = 1;
}
}
}
if ($dnc != 1) {
if (!in_array($mimeType, $_SPECIAL_IMAGES_MIMETYPE)) {
$mimeExt = 'jpg';
$mimeType = 'image/jpeg';
}
}
}
}
break;
case 'video/quicktime':
case 'video/mpeg':
case 'video/x-flv':
case 'video/x-ms-asf':
case 'video/x-ms-asf-plugin':
case 'video/avi':
case 'video/msvideo':
case 'video/x-msvideo':
case 'video/avs-video':
case 'video/x-ms-wmv':
case 'video/x-ms-wvx':
case 'video/x-ms-wm':
case 'application/x-troff-msvideo':
case 'application/x-shockwave-flash':
case 'video/mp4':
case 'video/x-m4v':
$mimeType = $mimeInfo['mime_type'];
if ($filetype == 'video/mp4') {
$mimeExt = 'mp4';
}
// process video format
$media_orig = MG_getFilePath('orig', $media_filename, $mimeExt);
$rc = @copy($filename, $media_orig);
if ($rc != 1) {
COM_errorLog("MG Upload: Error moving uploaded file in video processing....");
COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig);
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
@chmod($media_orig, 0644);
$mediaType = 1;
}
$video_attached_thumbnail = MG_videoThumbnail($album_id, $media_orig, $media_filename);
break;
case 'application/ogg':
case 'audio/mpeg':
case 'audio/x-ms-wma':
case 'audio/x-ms-wax':
case 'audio/x-ms-wmv':
$mimeType = $mimeInfo['mime_type'];
// process audio format
$media_orig = MG_getFilePath('orig', $media_filename, $mimeExt);
$rc = @copy($filename, $media_orig);
COM_errorLog("MG Upload: Extracting audio meta data");
if (isset($mimeInfo['tags']['id3v1']['title'][0])) {
if ($caption == '') {
$caption = $mimeInfo['tags']['id3v1']['title'][0];
}
}
if (isset($mimeInfo['tags']['id3v1']['artist'][0])) {
$artist = addslashes($mimeInfo['tags']['id3v1']['artist'][0]);
}
if (isset($mimeInfo['tags']['id3v2']['genre'][0])) {
$genre = addslashes($mimeInfo['tags']['id3v2']['genre'][0]);
}
if (isset($mimeInfo['tags']['id3v1']['album'][0])) {
$musicAlbum = addslashes($mimeInfo['tags']['id3v1']['album'][0]);
}
if ($rc != 1) {
COM_errorLog("Media Upload - Error moving uploaded file in audio processing....");
COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig);
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
$mediaType = 2;
}
break;
case 'zip':
case 'application/zip':
if ($_MG_CONF['zip_enabled']) {
$errMsg .= MG_processZip($filename, $album_id, $purgefiles, $media_filename);
break;
}
// NO BREAK HERE, fall through if enable zip isn't allowed
// NO BREAK HERE, fall through if enable zip isn't allowed
default:
$media_orig = MG_getFilePath('orig', $media_filename, $mimeExt);
$mimeType = $mimeInfo['mime_type'];
$rc = @copy($filename, $media_orig);
if ($rc != 1) {
COM_errorLog("Media Upload - Error moving uploaded file in generic processing....");
COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig);
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
$mediaType = 4;
}
$mediaType = 4;
break;
}
// update quota
$quota = $album->album_disk_usage;
$quota += @filesize(MG_getFilePath('orig', $media_filename, $mimeExt));
if ($_MG_CONF['discard_original'] == 1) {
$quota += @filesize(MG_getFilePath('disp', $media_filename, 'jpg'));
}
DB_change($_TABLES['mg_albums'], 'album_disk_usage', $quota, 'album_id', intval($album_id));
if ($errors) {
@unlink($tmpPath);
COM_errorLog("MG Upload: Problem uploading a media object");
return array(false, $errMsg);
}
if (($mimeType != 'application/zip' || $_MG_CONF['zip_enabled'] == 0) && $errors == 0) {
// Now we need to process an uploaded thumbnail
if ($gotTN == 1) {
$mp3TNFilename = $_MG_CONF['tmp_path'] . 'mp3tn' . time() . '.jpg';
$fn = fopen($mp3TNFilename, "w");
fwrite($fn, $mp3AttachdedThumbnail);
fclose($fn);
$saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
MG_attachThumbnail($album_id, $mp3TNFilename, $saveThumbnailName);
@unlink($mp3TNFilename);
$atttn = 1;
} else {
if ($atttn == 1) {
$saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
MG_attachThumbnail($album_id, $thumbnail, $saveThumbnailName);
}
}
if ($video_attached_thumbnail) {
$atttn = 1;
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Building SQL and preparing to enter database");
}
if ($_MG_CONF['htmlallowed'] != 1) {
$media_desc = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description)))));
$media_caption = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption)))));
$media_keywords = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords)))));
} else {
$media_desc = addslashes(COM_checkHTML(COM_killJS($description)));
$media_caption = addslashes(COM_checkHTML(COM_killJS($caption)));
$media_keywords = addslashes(COM_checkHTML(COM_killJS($keywords)));
}
// Check and see if moderation is on. If yes, place in mediasubmission
if ($album->moderate == 1 && !$root_album->owner_id) {
$tableMedia = $_TABLES['mg_mediaqueue'];
$tableMediaAlbum = $_TABLES['mg_media_album_queue'];
$queue = 1;
} else {
$tableMedia = $_TABLES['mg_media'];
$tableMediaAlbum = $_TABLES['mg_media_albums'];
$queue = 0;
}
$original_filename = addslashes($file);
if ($album->filename_title) {
if ($media_caption == '') {
$pos = strrpos($original_filename, '.');
if ($pos === false) {
$media_caption = $original_filename;
} else {
$media_caption = substr($original_filename, 0, $pos);
}
}
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Inserting media record into mg_media");
}
$resolution_x = 0;
$resolution_y = 0;
// try to find a resolution if video...
if ($mediaType == 1) {
switch ($mimeType) {
case 'application/x-shockwave-flash':
case 'video/quicktime':
case 'video/mpeg':
case 'video/x-m4v':
$resolution_x = -1;
$resolution_y = -1;
if (isset($mimeInfo['video']['resolution_x']) && isset($mimeInfo['video']['resolution_x'])) {
$resolution_x = $mimeInfo['video']['resolution_x'];
$resolution_y = $mimeInfo['video']['resolution_y'];
}
break;
case 'video/x-flv':
if ($mimeInfo['video']['resolution_x'] < 1 || $mimeInfo['video']['resolution_y'] < 1) {
$resolution_x = -1;
$resolution_y = -1;
if (isset($mimeInfo['meta']['onMetaData']['width']) && isset($mimeInfo['meta']['onMetaData']['height'])) {
$resolution_x = $mimeInfo['meta']['onMetaData']['width'];
$resolution_y = $mimeInfo['meta']['onMetaData']['height'];
}
} else {
$resolution_x = $mimeInfo['video']['resolution_x'];
$resolution_y = $mimeInfo['video']['resolution_y'];
}
break;
case 'video/x-ms-asf':
case 'video/x-ms-asf-plugin':
case 'video/avi':
case 'video/msvideo':
case 'video/x-msvideo':
case 'video/avs-video':
case 'video/x-ms-wmv':
case 'video/x-ms-wvx':
case 'video/x-ms-wm':
case 'application/x-troff-msvideo':
$resolution_x = -1;
$resolution_y = -1;
if (isset($mimeInfo['video']['streams']['2']['resolution_x']) && isset($mimeInfo['video']['streams']['2']['resolution_y'])) {
$resolution_x = $mimeInfo['video']['streams']['2']['resolution_x'];
$resolution_y = $mimeInfo['video']['streams']['2']['resolution_y'];
}
break;
}
}
if ($replace > 0) {
$sql = "UPDATE " . $tableMedia . " SET " . "media_filename='" . addslashes($media_filename) . "'," . "media_original_filename='" . $original_filename . "'," . "media_mime_ext='" . addslashes($mimeExt) . "'," . "mime_type='" . addslashes($mimeType) . "'," . "media_time='" . addslashes($media_time) . "'," . "media_user_id='" . addslashes($media_user_id) . "'," . "media_type='" . addslashes($mediaType) . "'," . "media_upload_time='" . addslashes($media_upload_time) . "'," . "media_watermarked='" . addslashes($successfulWatermark) . "'," . "media_resolution_x='" . intval($resolution_x) . "'," . "media_resolution_y='" . intval($resolution_y) . "' " . "WHERE media_id='" . addslashes($replace) . "'";
DB_query($sql);
} else {
$sql = "INSERT INTO " . $tableMedia . " (media_id,media_filename,media_original_filename,media_mime_ext," . "media_exif,mime_type,media_title,media_desc,media_keywords,media_time," . "media_views,media_comments,media_votes,media_rating,media_tn_attached," . "media_tn_image,include_ss,media_user_id,media_user_ip,media_approval," . "media_type,media_upload_time,media_category,media_watermarked,v100," . "maint,media_resolution_x,media_resolution_y,remote_media,remote_url," . "artist,album,genre) " . "VALUES ('" . addslashes($new_media_id) . "','" . addslashes($media_filename) . "','" . $original_filename . "','" . addslashes($mimeExt) . "','1','" . addslashes($mimeType) . "','" . addslashes($media_caption) . "','" . addslashes($media_desc) . "','" . addslashes($media_keywords) . "','" . addslashes($media_time) . "','0','0','0','0.00','" . addslashes($atttn) . "','','1','" . addslashes($media_user_id) . "','','0','" . addslashes($mediaType) . "','" . addslashes($media_upload_time) . "','" . addslashes($category) . "','" . addslashes($successfulWatermark) . "','0','0'," . intval($resolution_x) . "," . intval($resolution_y) . ",0,'','" . addslashes($artist) . "','" . addslashes($musicAlbum) . "','" . addslashes($genre) . "');";
DB_query($sql);
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Updating Album information");
}
$x = 0;
$sql = "SELECT MAX(media_order) + 10 AS media_seq FROM {$_TABLES['mg_media_albums']} WHERE album_id = " . intval($album_id);
$result = DB_query($sql);
$row = DB_fetchArray($result);
$media_seq = $row['media_seq'];
if ($media_seq < 10) {
$media_seq = 10;
}
$sql = "INSERT INTO " . $tableMediaAlbum . " (media_id, album_id, media_order) " . "VALUES ('" . addslashes($new_media_id) . "', " . intval($album_id) . ", " . intval($media_seq) . ")";
DB_query($sql);
if ($mediaType == 1 && $resolution_x > 0 && $resolution_y > 0 && $_MG_CONF['use_default_resolution'] == 0) {
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','width', '{$resolution_x}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','height','{$resolution_y}'");
}
PLG_itemSaved($new_media_id, 'mediagallery');
// update the media count for the album, only if no moderation...
if ($queue == 0) {
$album->media_count++;
DB_change($_TABLES['mg_albums'], 'media_count', $album->media_count, 'album_id', $album->id);
MG_updateAlbumLastUpdate($album->id);
if ($album->cover == -1 && ($mediaType == 0 || $atttn == 1)) {
if ($atttn == 1) {
$covername = 'tn_' . $media_filename;
} else {
$covername = $media_filename;
}
DB_change($_TABLES['mg_albums'], 'album_cover_filename', $covername, 'album_id', $album->id);
}
// MG_resetAlbumCover($album->id);
}
$x++;
}
}
if ($queue) {
$errMsg .= $LANG_MG01['successful_upload_queue'];
// ' successfully placed in Moderation queue';
} else {
$errMsg .= $LANG_MG01['successful_upload'];
// ' successfully uploaded to album';
}
if ($queue == 0) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
MG_buildFullRSS();
MG_buildAlbumRSS($album_id);
}
COM_errorLog("MG Upload: Successfully uploaded a media object");
@unlink($tmpPath);
return array(true, $errMsg);
}
/**
* Saves a poll
*
* Saves a poll topic and potential answers to the database
*
* @param string $pid Poll topic ID
* @param string $old_pid Previous poll topic ID
* @param array $Q Array of poll questions
* @param string $mainpage Checkbox: poll appears on homepage
* @param string $topic The text for the topic
* @param string $meta_description
* @param string $meta_keywords
* @param int $statuscode (unused)
* @param string $open Checkbox: poll open for voting
* @param string $hideresults Checkbox: hide results until closed
* @param int $commentcode Indicates if users can comment on poll
* @param array $A Array of possible answers
* @param array $V Array of vote per each answer
* @param array $R Array of remark per each answer
* @param int $owner_id ID of poll owner
* @param int $group_id ID of group poll belongs to
* @param int $perm_owner Permissions the owner has on poll
* @param int $perm_grup Permissions the group has on poll
* @param int $perm_members Permissions logged in members have on poll
* @param int $perm_anon Permissions anonymous users have on poll
* @return string HTML redirect or error message
*
*/
function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $meta_keywords, $statuscode, $open, $hideresults, $commentcode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$topic = COM_stripslashes($topic);
$meta_description = strip_tags(COM_stripslashes($meta_description));
$meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
$pid = COM_sanitizeID($pid);
$old_pid = COM_sanitizeID($old_pid);
if (empty($pid)) {
if (empty($old_pid)) {
$pid = COM_makeSid();
} else {
$pid = $old_pid;
}
}
// check if any question was entered
if (empty($topic) or count($Q) == 0 or strlen($Q[0]) == 0 or strlen($A[0][0]) == 0) {
$retval .= COM_siteHeader('menu', $LANG25[5]);
$retval .= COM_startBlock($LANG21[32], '', COM_getBlockTemplate('_msg_block', 'header'));
$retval .= $LANG25[2];
$retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$retval .= COM_siteFooter();
return $retval;
}
if (!SEC_checkToken()) {
COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks.");
return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php');
}
// check for poll id change
if (!empty($old_pid) && $pid != $old_pid) {
// check if new pid is already in use
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
// TBD: abort, display editor with all content intact again
$pid = $old_pid;
// for now ...
}
}
// start processing the poll topic
if ($_POLL_VERBOSE) {
COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
$access = 0;
if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
$P = DB_fetchArray($result);
$access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}.");
COM_output($display);
exit;
}
if (empty($voters)) {
$voters = 0;
}
if ($_POLL_VERBOSE) {
COM_errorLog('owner permissions: ' . $perm_owner, 1);
COM_errorLog('group permissions: ' . $perm_group, 1);
COM_errorLog('member permissions: ' . $perm_members, 1);
COM_errorLog('anonymous permissions: ' . $perm_anon, 1);
}
// we delete everything and re-create it with the input from the form
$del_pid = $pid;
if (!empty($old_pid) && $pid != $old_pid) {
$del_pid = $old_pid;
// delete by old pid, create using new pid below
}
DB_delete($_TABLES['polltopics'], 'pid', $del_pid);
DB_delete($_TABLES['pollanswers'], 'pid', $del_pid);
DB_delete($_TABLES['pollquestions'], 'pid', $del_pid);
$topic = addslashes($topic);
$meta_description = addslashes($meta_description);
$meta_keywords = addslashes($meta_keywords);
$k = 0;
// set up a counter to make sure we do assign a straight line of question id's
$v = 0;
// re-count votes sine they might have been changed
// first dimension of array are the questions
$num_questions = count($Q);
for ($i = 0; $i < $num_questions; $i++) {
$Q[$i] = COM_stripslashes($Q[$i]);
if (strlen($Q[$i]) > 0) {
// only insert questions that exist
$Q[$i] = addslashes($Q[$i]);
DB_save($_TABLES['pollquestions'], 'qid, pid, question', "'{$k}', '{$pid}', '{$Q[$i]}'");
// within the questions, we have another dimensions with answers,
// votes and remarks
$num_answers = count($A[$i]);
for ($j = 0; $j < $num_answers; $j++) {
$A[$i][$j] = COM_stripslashes($A[$i][$j]);
if (strlen($A[$i][$j]) > 0) {
// only insert answers etc that exist
if (!is_numeric($V[$i][$j])) {
$V[$i][$j] = "0";
}
$A[$i][$j] = addslashes($A[$i][$j]);
$R[$i][$j] = addslashes($R[$i][$j]);
$sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');";
DB_query($sql);
$v = $v + $V[$i][$j];
}
}
$k++;
}
}
// save topics after the questions so we can include question count into table
$sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$v}, {$k}, '" . date('Y-m-d H:i:s');
if ($mainpage == 'on') {
$sql .= "',1";
} else {
$sql .= "',0";
}
if ($open == 'on') {
$sql .= ",1";
} else {
$sql .= ",0";
}
if ($hideresults == 'on') {
$sql .= ",1";
} else {
$sql .= ",0";
}
$sql .= ",'{$statuscode}','{$commentcode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}";
// Save poll topic
DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, date, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon", $sql);
if (empty($old_pid) || $old_pid == $pid) {
PLG_itemSaved($pid, 'polls');
} else {
DB_change($_TABLES['comments'], 'sid', addslashes($pid), array('sid', 'type'), array(addslashes($old_pid), 'polls'));
PLG_itemSaved($pid, 'polls', $old_pid);
}
if ($_POLL_VERBOSE) {
COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
}
return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19);
return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=19');
}
/**
* Saves a block
*
* @param string $bid Block ID
* @param string $title Block title
* @param string $type Type of block
* @param int $blockorder Order block appears relative to the others
* @param string $content Content of block
* @param string $tid Ids of topics block is assigned to
* @param string $rdfurl URL to headline feed for portal blocks
* @param string $rdfupdated Date RSS/RDF feed was last updated
* @param string $rdflimit max. number of entries to import from feed
* @param string $phpblockfn Name of php function to call to get content
* @param int $onleft Flag indicates if block shows up on left or right
* @param int $owner_id ID of owner
* @param int $group_id ID of group block belongs to
* @param array $perm_owner Permissions the owner has on the object
* @param array $perm_group Permissions the group has on the object
* @param array $perm_members Permissions the logged in members have
* @param array $perm_anon Permissinos anonymous users have
* @param int $is_enabled Flag, indicates if block is enabled or not
* @return string HTML redirect or error message
*
*/
function saveblock($bid, $name, $title, $help, $type, $blockorder, $content, $rdfurl, $rdfupdated, $rdflimit, $phpblockfn, $onleft, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_enabled, $allow_autotags, $cache_time)
{
global $_CONF, $_TABLES, $LANG01, $LANG21, $MESSAGE, $_USER;
$retval = '';
$title = DB_escapeString(COM_stripslashes(strip_tags($title)));
$phpblockfn = DB_escapeString(COM_stripslashes(trim($phpblockfn)));
if (empty($title) || !TOPIC_checkTopicSelectionControl()) {
$retval .= COM_showMessageText($LANG21[64], $LANG21[63]) . editblock($bid);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[63]));
return $retval;
}
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$access = 0;
if ($bid > 0 && DB_count($_TABLES['blocks'], 'bid', $bid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['blocks']} WHERE bid = '{$bid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !TOPIC_hasMultiTopicAccess('topic') || !SEC_inGroup($group_id)) {
$retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally create or edit block {$bid}.");
return $retval;
} elseif (!empty($name) and ($type == 'normal' && !empty($title) && !empty($content) or $type == 'portal' && !empty($title) && !empty($rdfurl) or $type == 'phpblock' && !empty($phpblockfn) && !empty($title) or $type == 'gldefault' && strlen($blockorder) > 0)) {
if ($is_enabled == 'on') {
$is_enabled = 1;
} else {
$is_enabled = 0;
}
if ($allow_autotags == 'on') {
$allow_autotags = 1;
} else {
$allow_autotags = 0;
}
if ($cache_time < -1 or $cache_time == "") {
$cache_time = $_CONF['default_cache_time_block'];
}
if ($type == 'portal') {
$content = '';
$rdfupdated = '';
$phpblockfn = '';
// get rid of possible extra prefixes (e.g. "feed://http://...")
if (substr($rdfurl, 0, 4) == 'rss:') {
$rdfurl = substr($rdfurl, 4);
} elseif (substr($rdfurl, 0, 5) == 'feed:') {
$rdfurl = substr($rdfurl, 5);
}
if (substr($rdfurl, 0, 2) == '//') {
$rdfurl = substr($rdfurl, 2);
}
$rdfurl = COM_sanitizeUrl($rdfurl, array('http', 'https'));
}
if ($type == 'gldefault') {
$content = '';
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
}
if ($type == 'phpblock') {
// NOTE: PHP Blocks must be within a function and the function
// must start with phpblock_ as the prefix. This will prevent
// the arbitrary execution of code
if (!stristr($phpblockfn, 'phpblock_')) {
$retval .= COM_showMessageText($LANG21[38], $LANG21[37]) . editblock($bid);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[37]));
return $retval;
}
$content = '';
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
}
if ($type == 'normal') {
$rdfurl = '';
$rdfupdated = '';
$rdflimit = 0;
$phpblockfn = '';
if ($allow_autotags == 1) {
// Remove any autotags the user doesn't have permission to use
$content = PLG_replaceTags($content, '', true);
}
$content = DB_escapeString($content);
}
if ($rdflimit < 0) {
$rdflimit = 0;
}
if (!empty($rdfurl)) {
$rdfurl = DB_escapeString($rdfurl);
}
if (empty($rdfupdated)) {
$rdfupdated = '0000-00-00 00:00:00';
}
if ($bid > 0) {
DB_save($_TABLES['blocks'], 'bid,name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time,rdf_last_modified,rdf_etag', "{$bid},'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time},NULL,NULL");
} else {
$sql = array();
$sql['mysql'] = $sql['mssql'] = "INSERT INTO {$_TABLES['blocks']} " . '(name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time) ' . "VALUES ('{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','{$rdfupdated}','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time})";
$sql['pgsql'] = "INSERT INTO {$_TABLES['blocks']} " . '(bid,name,title,help,type,blockorder,content,rdfurl,rdfupdated,rdflimit,phpblockfn,onleft,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon,is_enabled,allow_autotags,cache_time) ' . "VALUES ((SELECT NEXTVAL('{$_TABLES['blocks']}_bid_seq')),'{$name}','{$title}','{$help}','{$type}','{$blockorder}','{$content}','{$rdfurl}','1970-01-01','{$rdflimit}','{$phpblockfn}',{$onleft},{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$is_enabled},{$allow_autotags},{$cache_time})";
DB_query($sql);
$bid = DB_insertId();
}
TOPIC_saveTopicSelectionControl('block', $bid);
$cacheInstance = 'block__' . $bid . '__';
// remove any of this blocks instances if exists
CACHE_remove_instance($cacheInstance);
return COM_refresh($_CONF['site_admin_url'] . '/block.php?msg=11');
} else {
if (empty($name)) {
// empty block name
$msgtxt = $LANG21[50];
} elseif ($type == 'portal') {
// Portal block is missing fields
$msgtxt = $LANG21[33];
} elseif ($type == 'phpblock') {
// PHP Block is missing field
$msgtxt = $LANG21[34];
} elseif ($type == 'normal') {
// Normal block is missing field
$msgtxt = $LANG21[35];
} elseif ($type == 'gldefault') {
// Default geeklog field missing
$msgtxt = $LANG21[42];
} else {
// Layout block missing content
$msgtxt = $LANG21[36];
}
$retval .= COM_showMessageText($msgtxt, $LANG21[32]) . editblock($bid);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG21[32]));
}
return $retval;
}
function _mg_profilesave($uid = 0)
{
global $_CONF, $_MG_CONF, $_TABLES, $_USER;
if (COM_isAnonUser()) {
return;
}
if ($_MG_CONF['up_display_rows_enabled'] == 0 && $_MG_CONF['up_display_columns_enabled'] == 0 && $_MG_CONF['up_mp3_player_enabled'] == 0 && $_MG_CONF['up_av_playback_enabled'] == 0 && $_MG_CONF['up_thumbnail_size_enabled'] == 0) {
return;
}
$display_rows = (int) COM_applyFilter($_POST['display_rows'], true);
$display_columns = (int) COM_applyFilter($_POST['display_columns'], true);
$mp3_player = isset($_POST['mp3_player']) ? (int) COM_applyFilter($_POST['mp3_player'], true) : 0;
$playback_mode = (int) COM_applyFilter($_POST['playback_mode'], true);
$tn_size = (int) COM_applyFilter($_POST['tn_size'], true);
$uid = $uid == 0 ? (int) $_USER['uid'] : (int) $uid;
if ($display_columns < 0 || $display_columns > 5) {
$display_columns = 3;
}
if ($display_rows < 0 || $display_rows > 99) {
$display_rows = 4;
}
if ($_MG_CONF['up_display_rows_enabled'] == 0) {
$display_rows = 0;
}
if ($_MG_CONF['up_display_columns_enabled'] == 0) {
$display_columns = 0;
}
if ($_MG_CONF['up_mp3_player_enabled'] == 0) {
$mp3_player = -1;
}
if ($_MG_CONF['up_av_playback_enabled'] == 0) {
$playback_mode = -1;
}
if ($_MG_CONF['up_thumbnail_size_enabled'] == 0) {
$tn_size = -1;
}
$active = 1;
// Let's see if user exists in table already
$result = DB_query("SELECT * FROM " . $_TABLES['mg_userprefs'] . " WHERE uid=" . (int) $uid);
if (DB_numRows($result) > 0) {
$row = DB_fetchArray($result);
$quota = $row['quota'];
$member_gallery = $row['member_gallery'];
} else {
$quota = $_MG_CONF['member_quota'];
$member_gallery = 0;
}
DB_save($_TABLES['mg_userprefs'], 'uid,active,display_rows,display_columns,mp3_player,playback_mode,tn_size,member_gallery,quota', "{$uid},{$active},{$display_rows},{$display_columns},{$mp3_player},{$playback_mode},{$tn_size},{$member_gallery},{$quota}");
}
/**
* Save information of a weblog directory service
*
* @param int $pid ID of service or 0 for new entry
* @param string $name name of the service
* @param string $site_url Homepage URL of the service
* @param string $ping_url URL to ping at the service
* @param string $method method used for the ping
* @param string $enabled 'on' when enabled
* @return string HTML redirect or service editor
*
*/
function saveService($pid, $name, $site_url, $ping_url, $method, $enabled)
{
global $_CONF, $_TABLES, $LANG_TRB;
$enabled = $enabled == 'on' ? 1 : 0;
if ($method == 'extended') {
$method = 'weblogUpdates.extendedPing';
} else {
$method = 'weblogUpdates.ping';
}
$name = strip_tags(COM_stripslashes($name));
$site_url = strip_tags(COM_stripslashes($site_url));
$ping_url = strip_tags(COM_stripslashes($ping_url));
$errormsg = '';
if (empty($name)) {
$errormsg = $LANG_TRB['error_site_name'];
} else {
// all URLs must start with http: or https:
$parts = explode(':', $site_url);
if ($parts[0] != 'http' && $parts[0] != 'https') {
$errormsg = $LANG_TRB['error_site_url'];
} else {
$parts = explode(':', $ping_url);
if ($parts[0] != 'http' && $parts[0] != 'https') {
$errormsg = $LANG_TRB['error_ping_url'];
}
}
}
if (!empty($errormsg)) {
return editServiceForm($pid, $errormsg, $name, $site_url, $ping_url, $method, $enabled);
}
$name = DB_escapeString($name);
$site_url = DB_escapeString($site_url);
$ping_url = DB_escapeString($ping_url);
if ($pid > 0) {
DB_save($_TABLES['pingservice'], 'pid,name,site_url,ping_url,method,is_enabled', "'{$pid}','{$name}','{$site_url}','{$ping_url}','{$method}','{$enabled}'");
} else {
DB_save($_TABLES['pingservice'], 'name,site_url,ping_url,method,is_enabled', "'{$name}','{$site_url}','{$ping_url}','{$method}','{$enabled}'");
}
return COM_refresh($_CONF['site_admin_url'] . '/trackback.php?mode=listservice&msg=65');
}
/**
* Submit static page. The page is updated if it exists, or a new one is created
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_submit_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_GROUPS, $_SP_CONF;
$output = '';
if (!SEC_hasRights('staticpages.edit')) {
$output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
$output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied'], true);
$output .= COM_siteFooter();
return PLG_RET_AUTH_FAILED;
}
if (defined('DEMO_MODE')) {
$output = COM_siteHeader('menu');
$output .= COM_showMessageText('Option disabled in Demo Mode', 'Option disabled in Demo Mode', true);
$output .= COM_siteFooter();
return PLG_REG_AUTH_FAILED;
}
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit) {
// This is EDIT mode, so there should be an sp_old_id
if (empty($args['sp_old_id'])) {
if (!empty($args['id'])) {
$args['sp_old_id'] = $args['id'];
} else {
return PLG_RET_ERROR;
}
if (empty($args['sp_id'])) {
$args['sp_id'] = $args['sp_old_id'];
}
}
} else {
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
}
if (empty($args['sp_uid'])) {
$args['sp_uid'] = $_USER['uid'];
}
if (empty($args['sp_title']) && !empty($args['title'])) {
$args['sp_title'] = $args['title'];
}
if (empty($args['sp_content']) && !empty($args['content'])) {
$args['sp_content'] = $args['content'];
}
if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) {
$args['sp_tid'] = $args['category'][0];
}
if (!isset($args['owner_id'])) {
$args['owner_id'] = $_USER['uid'];
}
if (empty($args['group_id'])) {
$args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
}
$args['sp_id'] = COM_sanitizeID($args['sp_id']);
if (!$gl_edit) {
if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
if (function_exists('WS_makeId')) {
$args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
} else {
$args['sp_id'] = COM_makeSid();
}
}
}
// Apply filters to the parameters passed by the webservice
if ($args['gl_svc']) {
$par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode');
$par_num = array('sp_uid', 'sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode', 'sp_search', 'sp_status');
foreach ($par_str as $str) {
if (isset($args[$str])) {
$args[$str] = COM_applyBasicFilter($args[$str]);
} else {
$args[$str] = '';
}
}
foreach ($par_num as $num) {
if (isset($args[$num])) {
$args[$num] = COM_applyBasicFilter($args[$num], true);
} else {
$args[$num] = 0;
}
}
}
// START: Staticpages defaults
if ($args['sp_status'] != 1) {
$args['sp_status'] = 0;
}
if (empty($args['sp_format'])) {
$args['sp_format'] = 'allblocks';
}
if (empty($args['sp_tid'])) {
$args['sp_tid'] = 'all';
}
if ($args['sp_where'] < 0 || $args['sp_where'] > 4) {
$args['sp_where'] = 0;
}
if ($args['sp_php'] < 0 || $args['sp_php'] > 2) {
$args['sp_php'] = 0;
}
if ($args['commentcode'] < -1 || $args['commentcode'] > 1) {
$args['commentcode'] = $_CONF['comment_code'];
}
if ($args['sp_search'] != 1) {
$args['sp_search'] = 0;
}
if ($args['gl_svc']) {
// Permissions
if (!isset($args['perm_owner'])) {
$args['perm_owner'] = $_SP_CONF['default_permissions'][0];
} else {
$args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
}
if (!isset($args['perm_group'])) {
$args['perm_group'] = $_SP_CONF['default_permissions'][1];
} else {
$args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
}
if (!isset($args['perm_members'])) {
$args['perm_members'] = $_SP_CONF['default_permissions'][2];
} else {
$args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
}
if (!isset($args['perm_anon'])) {
$args['perm_anon'] = $_SP_CONF['default_permissions'][3];
} else {
$args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
}
if (!isset($args['sp_onmenu'])) {
$args['sp_onmenu'] = '';
} else {
if ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) {
$svc_msg['error_desc'] = 'Menu label missing';
return PLG_RET_ERROR;
}
}
if (empty($args['sp_content'])) {
$svc_msg['error_desc'] = 'No content';
return PLG_RET_ERROR;
}
if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') {
$args['sp_inblock'] = 'on';
}
if (empty($args['sp_centerblock'])) {
$args['sp_centerblock'] = '';
}
}
// END: Staticpages defaults
$sp_id = $args['sp_id'];
$sp_status = $args['sp_status'];
$sp_uid = $args['sp_uid'];
$sp_title = $args['sp_title'];
$sp_content = $args['sp_content'];
$sp_hits = $args['sp_hits'];
$sp_format = $args['sp_format'];
$sp_onmenu = $args['sp_onmenu'];
$sp_label = '';
if (!empty($args['sp_label'])) {
$sp_label = $args['sp_label'];
}
$commentcode = $args['commentcode'];
$owner_id = $args['owner_id'];
$group_id = $args['group_id'];
$perm_owner = $args['perm_owner'];
$perm_group = $args['perm_group'];
$perm_members = $args['perm_members'];
$perm_anon = $args['perm_anon'];
$sp_php = $args['sp_php'];
$sp_nf = '';
if (!empty($args['sp_nf'])) {
$sp_nf = $args['sp_nf'];
}
$sp_old_id = $args['sp_old_id'];
$sp_centerblock = $args['sp_centerblock'];
$sp_help = '';
if (!empty($args['sp_help'])) {
$sp_help = $args['sp_help'];
}
$sp_tid = $args['sp_tid'];
$sp_where = $args['sp_where'];
$sp_inblock = $args['sp_inblock'];
$postmode = $args['postmode'];
$sp_search = $args['sp_search'];
if ($gl_edit && !empty($args['gl_etag'])) {
// First load the original staticpage to check if it has been modified
$o = array();
$s = array();
$r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s);
if ($r == PLG_RET_OK) {
if ($args['gl_etag'] != $o['updated']) {
$svc_msg['error_desc'] = 'A more recent version of the staticpage is available';
return PLG_RET_PRECONDITION_FAILED;
}
} else {
$svc_msg['error_desc'] = 'The requested staticpage no longer exists';
return PLG_RET_ERROR;
}
}
// Check for unique page ID
$duplicate_id = false;
$delete_old_page = false;
if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) {
if ($sp_id != $sp_old_id) {
$duplicate_id = true;
}
} elseif (!empty($sp_old_id)) {
if ($sp_id != $sp_old_id) {
$delete_old_page = true;
}
}
if ($duplicate_id) {
$output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2);
if (!$args['gl_svc']) {
$output .= PAGE_edit($sp_id);
}
$output .= COM_siteFooter();
$svc_msg['error_desc'] = 'Duplicate ID';
return PLG_RET_ERROR;
} elseif (!empty($sp_title) && !empty($sp_content)) {
if (empty($sp_hits)) {
$sp_hits = 0;
}
if ($sp_onmenu == 'on') {
$sp_onmenu = 1;
} else {
$sp_onmenu = 0;
}
if ($sp_nf == 'on') {
$sp_nf = 1;
} else {
$sp_nf = 0;
}
if ($sp_centerblock == 'on') {
$sp_centerblock = 1;
} else {
$sp_centerblock = 0;
}
if ($sp_inblock == 'on') {
$sp_inblock = 1;
} else {
$sp_inblock = 0;
}
// Clean up the text
if ($_SP_CONF['censor'] == 1) {
$sp_content = COM_checkWords($sp_content);
$sp_title = COM_checkWords($sp_title);
}
if ($_SP_CONF['filter_html'] == 1) {
$sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
}
$sp_title = strip_tags($sp_title);
$sp_label = strip_tags($sp_label);
$sp_content = DB_escapeString($sp_content);
$sp_title = DB_escapeString($sp_title);
$sp_label = DB_escapeString($sp_label);
// If user does not have php edit perms, then set php flag to 0.
if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) {
$sp_php = 0;
}
// make sure there's only one "entire page" static page per topic
if ($sp_centerblock == 1 && $sp_where == 0) {
$sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE sp_centerblock = 1 AND sp_where = 0 AND sp_tid = '" . DB_escapeString($sp_tid) . "'";
// multi-language configuration - allow one entire page
// centerblock for all or none per language
if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) {
$ids = explode('_', $sp_id);
if (count($ids) > 1) {
$lang_id = array_pop($ids);
$sql .= " AND sp_id LIKE '%\\_" . DB_escapeString($lang_id) . "'";
}
}
DB_query($sql);
}
$formats = array('allblocks', 'blankpage', 'leftblocks', 'rightblocks', 'noblocks');
if (!in_array($sp_format, $formats)) {
$sp_format = 'allblocks';
}
if (!$args['gl_svc']) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
DB_save($_TABLES['staticpage'], 'sp_id,sp_status,sp_uid,sp_title,sp_content,sp_date,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode,sp_search', "'{$sp_id}',{$sp_status}, {$sp_uid},'{$sp_title}','{$sp_content}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}',{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}',{$sp_search}");
if ($delete_old_page && !empty($sp_old_id)) {
DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id);
DB_change($_TABLES['comments'], 'sid', DB_escapeString($sp_id), array('sid', 'type'), array(DB_escapeString($sp_old_id), 'staticpages'));
PLG_itemDeleted($sp_old_id, 'staticpages');
}
PLG_itemSaved($sp_id, 'staticpages');
$url = COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $sp_id);
$output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages');
$svc_msg['id'] = $sp_id;
return PLG_RET_OK;
} else {
$output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2);
if (!$args['gl_svc']) {
$output .= PAGE_edit($sp_id);
}
$output .= COM_siteFooter();
return PLG_RET_ERROR;
}
}
/**
* Store post info for speed limit
*
* @param string $type type of speed limit, e.g. 'submit', 'comment'
* @param string $property IP address or other identifiable property
*
*/
function COM_updateSpeedlimit($type = 'submit', $property = '')
{
global $_TABLES;
if (empty($property)) {
$property = $_SERVER['REMOTE_ADDR'];
}
$property = addslashes($property);
DB_save($_TABLES['speedlimit'], 'ipaddress,date,type', "'{$property}',UNIX_TIMESTAMP(),'{$type}'");
}
/**
* Save topic to the database
*
* @param string $tid Topic ID
* @param string $topic Name of topic (what the user sees)
* @param int $inherit whether to inherit
* @param int $hidden whether to hide
* @param string $parent_id Parent ID
* @param string $imageUrl (partial) URL to topic image
* @param string $meta_description Topic meta description
* @param string $meta_keywords Topic meta keywords
* @param int $sortNum number for sort order in "Topics" block
* @param int $limitNews number of stories per page for this topic
* @param int $owner_id ID of owner
* @param int $group_id ID of group topic belongs to
* @param int $perm_owner Permissions the owner has
* @param int $perm_group Permissions the group has
* @param int $perm_members Permissions members have
* @param int $perm_anon Permissions anonymous users have
* @param string $is_default 'on' if this is the default topic
* @param string $is_archive 'on' if this is the archive topic
* @return string HTML redirect or error message
*/
function savetopic($tid, $topic, $inherit, $hidden, $parent_id, $imageUrl, $meta_description, $meta_keywords, $sortNum, $limitNews, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_default, $is_archive)
{
global $_CONF, $_TABLES, $_USER, $LANG27, $MESSAGE;
$retval = '';
// Convert array values to numeric permission values
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
$tid = COM_sanitizeID($tid);
// Check if tid is a restricted name
$restricted_tid = false;
if (!strcasecmp($tid, TOPIC_ALL_OPTION) || !strcasecmp($tid, TOPIC_NONE_OPTION) || !strcasecmp($tid, TOPIC_HOMEONLY_OPTION) || !strcasecmp($tid, TOPIC_SELECTED_OPTION) || !strcasecmp($tid, TOPIC_ROOT)) {
$restricted_tid = true;
}
// Check if tid is used by another topic
$duplicate_tid = false;
$old_tid = '';
if (isset($_POST['old_tid'])) {
$old_tid = COM_applyFilter($_POST['old_tid']);
if (!empty($old_tid)) {
$old_tid = COM_sanitizeID($old_tid);
// See if new topic id
if (strcasecmp($tid, $old_tid)) {
if (!strcasecmp($tid, DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'"))) {
$duplicate_tid = true;
}
}
} else {
if (!strcasecmp($tid, DB_getItem($_TABLES['topics'], 'tid', "tid = '{$tid}'"))) {
$duplicate_tid = true;
}
}
}
// Make sure parent id exists
$parent_id_found = false;
if ($parent_id == DB_getItem($_TABLES['topics'], 'tid', "tid = '{$parent_id}'") || $parent_id == TOPIC_ROOT) {
$parent_id_found = true;
}
// Check if parent archive topic, if so bail
$archive_parent = false;
$archive_tid = DB_getItem($_TABLES['topics'], 'tid', 'archive_flag = 1');
if ($parent_id == $archive_tid) {
$archive_parent = true;
}
// If archive topic, make sure no child topics else bail
$archive_child = false;
$is_archive = $is_archive == 'on' ? 1 : 0;
if ($is_archive) {
if ($tid == DB_getItem($_TABLES['topics'], 'parent_id', "parent_id = '{$tid}'")) {
$archive_child = true;
}
}
if (DB_count($_TABLES['topics'], 'tid', $tid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
} else {
// Now check access to parent topic
if ($parent_id != TOPIC_ROOT) {
if (DB_count($_TABLES['topics'], 'tid', $parent_id) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$parent_id}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
}
$in_Group = SEC_inGroup($A['group_id']);
} else {
$access = 3;
$in_Group = true;
}
if ($access < 3 || !$in_Group) {
$retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally assign topic {$tid} to {$parent_id}.");
} elseif (!empty($tid) && !empty($topic) && !$restricted_tid && !$duplicate_tid && !$archive_parent && !$archive_child && $parent_id_found) {
if ($imageUrl === '/images/topics/') {
$imageUrl = '';
}
$topic = GLText::remove4byteUtf8Chars(strip_tags($topic));
$topic = DB_escapeString($topic);
$meta_description = GLText::remove4byteUtf8Chars(strip_tags($meta_description));
$meta_description = DB_escapeString($meta_description);
$meta_keywords = GLText::remove4byteUtf8Chars(strip_tags($meta_keywords));
$meta_keywords = DB_escapeString($meta_keywords);
if ($is_default == 'on') {
$is_default = 1;
DB_query("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1");
} else {
$is_default = 0;
}
if ($is_archive) {
// $tid is the archive topic
// - if it wasn't already, mark all its stories "archived" now
if ($archive_tid != $tid) {
$sql = "UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n SET s.featured = 0, s.frontpage = 0, s.statuscode = " . STORY_ARCHIVE_ON_EXPIRE . "\n WHERE ta.type = 'article' AND ta.tid = '{$tid}' AND ta.id = s.sid";
DB_query($sql);
$sql = "UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1";
DB_query($sql);
}
// Set hidden and inherit to false since archive topic now
$inherit = '';
$hidden = '';
} else {
// $tid is not the archive topic
// - if it was until now, reset the "archived" status of its stories
if ($archive_tid == $tid) {
$sql = "UPDATE {$_TABLES['stories']} s, {$_TABLES['topic_assignments']} ta\n SET s.statuscode = 0\n WHERE ta.type = 'article' AND ta.tid = '{$tid}' AND ta.id = s.sid";
DB_query($sql);
$sql = "UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1";
DB_query($sql);
}
}
$inherit = $inherit == 'on' ? 1 : 0;
$hidden = $hidden == 'on' ? 1 : 0;
// Cannot hide root topics so switch if needed
if ($parent_id == TOPIC_ROOT && $hidden == 1) {
$hidden = 0;
}
// If not a new topic and id change then...
if (!empty($old_tid)) {
if ($tid != $old_tid) {
changetopicid($tid, $old_tid);
$old_tid = DB_escapeString($old_tid);
DB_delete($_TABLES['topics'], 'tid', $old_tid);
}
}
DB_save($_TABLES['topics'], 'tid, topic, inherit, hidden, parent_id, imageurl, meta_description, meta_keywords, sortnum, limitnews, is_default, archive_flag, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon', "'{$tid}', '{$topic}', {$inherit}, {$hidden}, '{$parent_id}', '{$imageUrl}', '{$meta_description}', '{$meta_keywords}','{$sortNum}','{$limitNews}',{$is_default},'{$is_archive}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
if ($old_tid != $tid) {
PLG_itemSaved($tid, 'topic', $old_tid);
} else {
PLG_itemSaved($tid, 'topic');
}
// Reorder Topics, Delete topic cache and reload topic tree
reorderTopics();
// update feed(s)
COM_rdfUpToDateCheck('article', $tid);
COM_redirect($_CONF['site_admin_url'] . '/topic.php?msg=13');
} elseif ($restricted_tid) {
$retval .= COM_errorLog($LANG27[31], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} elseif ($duplicate_tid) {
$retval .= COM_errorLog($LANG27[49], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} elseif ($archive_parent) {
$retval .= COM_errorLog($LANG27[46], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} elseif ($archive_child) {
$retval .= COM_errorLog($LANG27[47], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} elseif (!$parent_id_found) {
$retval .= COM_errorLog($LANG27[48], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
} else {
$retval .= COM_errorLog($LANG27[7], 2);
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG27[1]));
}
}
return $retval;
}
function MG_saveMediaEdit($album_id, $media_id, $actionURL)
{
global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03, $_POST, $_FILES;
$back = COM_applyFilter($_POST['rpath']);
if ($back != '') {
$sLength = strlen($_CONF['site_url']);
if (substr($back, 0, $sLength) != $_CONF['site_url']) {
$back = $_CONF['site_url'];
}
$actionURL = $back;
}
$queue = COM_applyFilter($_POST['queue'], true);
if (isset($_POST['replacefile'])) {
$replacefile = COM_applyFilter($_POST['replacefile']);
} else {
$replacefile = 0;
}
if ($replacefile == 1) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php';
$repfilename = $_FILES['repfilename'];
$filename = $repfilename['name'];
$file = $repfilename['tmp_name'];
list($rc, $msg) = MG_getFile($file, $filename, $album_id, '', '', 1, 0, '', 0, '', '', 0, 0, $media_id);
COM_errorLog($msg);
}
// see if we had an attached thumbnail before...
$thumb = $_FILES['attthumb'];
$thumbnail = $thumb['tmp_name'];
$att = isset($_POST['attachtn']) ? COM_applyFilter($_POST['attachtn'], true) : 0;
if ($att == 1) {
$attachtn = 1;
} else {
$attachtn = 0;
}
if ($queue) {
$old_attached_tn = DB_getItem($_TABLES['mg_mediaqueue'], 'media_tn_attached', 'media_id="' . DB_escapeString($media_id) . '"');
} else {
$old_attached_tn = DB_getItem($_TABLES['mg_media'], 'media_tn_attached', 'media_id="' . DB_escapeString($media_id) . '"');
}
if ($old_attached_tn == 0 && $att == 1 && $thumbnail == '') {
$attachtn = 0;
}
if ($old_attached_tn == 1 && $attachtn == 0) {
$remove_old_tn = 1;
} else {
$remove_old_tn = 0;
}
if ($queue) {
$remote_media = DB_getItem($_TABLES['mg_mediaqueue'], 'remote_media', 'media_id="' . DB_escapeString($media_id) . '"');
} else {
$remote_media = DB_getItem($_TABLES['mg_media'], 'remote_media', 'media_id="' . DB_escapeString($media_id) . '"');
}
if ($remote_media) {
$remote_url = isset($_POST['remoteurl']) ? DB_escapeString($_POST['remoteurl']) : '';
} else {
$remote_url = '';
}
if ($_MG_CONF['htmlallowed']) {
$media_title = COM_checkWords($_POST['media_title']);
$media_desc = COM_checkWords($_POST['media_desc']);
} else {
$media_title = htmlspecialchars(strip_tags(COM_checkWords($_POST['media_title'])));
$media_desc = htmlspecialchars(strip_tags(COM_checkWords($_POST['media_desc'])));
}
$media_time_month = COM_applyFilter($_POST['media_month']);
$media_time_day = COM_applyFilter($_POST['media_day']);
$media_time_year = COM_applyFilter($_POST['media_year']);
$media_time_hour = COM_applyFilter($_POST['media_hour']);
$media_time_minute = COM_applyFilter($_POST['media_minute']);
$original_filename = COM_applyFilter($_POST['original_filename']);
if ($replacefile == 1) {
$original_filename = $filename;
}
$cat_id = COM_applyFilter($_POST['cat_id'], true);
$media_keywords = $_POST['media_keywords'];
$media_keywords_safe = substr($media_keywords, 0, 254);
$media_keywords = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords($media_keywords_safe))));
$artist = isset($_POST['artist']) ? DB_escapeString(COM_applyFilter($_POST['artist'])) : '';
$musicalbum = isset($_POST['musicalbum']) ? DB_escapeString(COM_applyFilter($_POST['musicalbum'])) : '';
$genre = isset($_POST['genre']) ? DB_escapeString(COM_applyFilter($_POST['genre'])) : '';
$dtObject = new Date('now', $_USER['tzid']);
$dtObject->setDateTimestamp($media_time_year, $media_time_month, $media_time_day, $media_time_hour, $media_time_minute, 0);
$media_time = $dtObject->toUnix();
if (isset($_POST['owner_name'])) {
$owner_id = COM_applyFilter($_POST['owner_name'], true);
$owner_sql = ',media_user_id=' . $owner_id . ' ';
} else {
$owner_sql = '';
}
$sql = "UPDATE " . ($queue ? $_TABLES['mg_mediaqueue'] : $_TABLES['mg_media']) . "\n SET media_title='" . DB_escapeString($media_title) . "',\n media_desc='" . DB_escapeString($media_desc) . "',\n media_original_filename='" . DB_escapeString($original_filename) . "',\n media_time=" . $media_time . ",\n media_tn_attached=" . $attachtn . ",\n media_category=" . intval($cat_id) . ",\n media_keywords='" . $media_keywords . "',\n artist='" . $artist . "',\n album='" . $musicalbum . "',\n genre='" . $genre . "',\n remote_url='" . $remote_url . "' " . $owner_sql . "WHERE media_id='" . DB_escapeString($media_id) . "'";
DB_query($sql);
if (DB_error() != 0) {
echo COM_errorLog("Media Gallery: ERROR Updating image in media database");
}
PLG_itemSaved($media_id, 'mediagallery');
$media_id_db = DB_escapeString($media_id);
// process playback options if any...
if (isset($_POST['autostart'])) {
// asf
$playback_option['autostart'] = intval(COM_applyFilter($_POST['autostart'], true));
$playback_option['enablecontextmenu'] = intval(COM_applyFilter($_POST['enablecontextmenu'], true));
$playback_option['stretchtofit'] = isset($_POST['stretchtofit']) ? intval(COM_applyFilter($_POST['stretchtofit'], true)) : 0;
$playback_option['showstatusbar'] = COM_applyFilter($_POST['showstatusbar'], true);
$playback_option['uimode'] = COM_applyFilter($_POST['uimode']);
$playback_option['height'] = isset($_POST['height']) ? COM_applyFilter($_POST['height'], true) : 0;
$playback_option['width'] = isset($_POST['width']) ? COM_applyFilter($_POST['width'], true) : 0;
$playback_option['bgcolor'] = isset($_POST['bgcolor']) ? COM_applyFilter($_POST['bgcolor']) : 0;
$playback_option['playcount'] = isset($_POST['playcount']) ? COM_applyFilter($_POST['playcount'], true) : 0;
$playback_option['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0;
if ($playback_option['playcount'] < 1) {
$playback_option['playcount'] = 1;
}
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','autostart',{$playback_option['autostart']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','enablecontextmenu',{$playback_option['enablecontextmenu']}");
if ($playback_option['stretchtofit'] != '') {
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','stretchtofit',{$playback_option['stretchtofit']}");
}
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','showstatusbar',{$playback_option['showstatusbar']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','uimode', '{$playback_option['uimode']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','height',{$playback_option['height']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','width',{$playback_option['width']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','bgcolor','{$playback_option['bgcolor']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','playcount','{$playback_option['playcount']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','loop','{$playback_option['loop']}'");
}
if (isset($_POST['play'])) {
//swf
$playback_option['play'] = COM_applyFilter($_POST['play'], true);
$playback_option['menu'] = isset($_POST['menu']) ? COM_applyFilter($_POST['menu'], true) : '';
$playback_option['quality'] = isset($_POST['quality']) ? DB_escapeString(COM_applyFilter($_POST['quality'])) : '';
$playback_option['flashvars'] = isset($_POST['flashvars']) ? DB_escapeString(COM_applyFilter($_POST['flashvars'])) : '';
$playback_option['height'] = COM_applyFilter($_POST['height'], true);
$playback_option['width'] = COM_applyFilter($_POST['width'], true);
$playback_option['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0;
$playback_option['scale'] = isset($_POST['scale']) ? DB_escapeString(COM_applyFilter($_POST['scale'])) : '';
$playback_option['wmode'] = isset($_POST['wmode']) ? DB_escapeString(COM_applyFilter($_POST['wmode'])) : '';
$playback_option['allowscriptaccess'] = isset($_POST['allowscriptaccess']) ? DB_escapeString(COM_applyFilter($_POST['allowscriptaccess'])) : '';
$playback_option['bgcolor'] = isset($_POST['bgcolor']) ? DB_escapeString(COM_applyFilter($_POST['bgcolor'])) : '';
$playback_option['swf_version'] = isset($_POST['swf_version']) ? COM_applyFilter($_POST['swf_version'], true) : 9;
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','play', {$playback_option['play']}");
if ($playback_option['menu'] != '') {
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','menu', {$playback_option['menu']}");
}
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','quality', '{$playback_option['quality']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','height', {$playback_option['height']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','width', {$playback_option['width']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','flashvars', '{$playback_option['flashvars']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','scale', '{$playback_option['scale']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','wmode', '{$playback_option['wmode']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','loop', '{$playback_option['loop']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','allowscriptaccess','{$playback_option['allowscriptaccess']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','bgcolor', '{$playback_option['bgcolor']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id}','swf_version', '{$playback_option['swf_version']}'");
}
if (isset($_POST['autoplay'])) {
//quicktime
$playback_option['autoplay'] = COM_applyFilter($_POST['autoplay'], true);
$playback_option['autoref'] = COM_applyFilter($_POST['autoref'], true);
$playback_option['controller'] = COM_applyFilter($_POST['controller'], true);
$playback_option['kioskmode'] = COM_applyFilter($_POST['kioskmode'], true);
$playback_option['scale'] = DB_escapeString(COM_applyFilter($_POST['scale']));
$playback_option['height'] = COM_applyFilter($_POST['height'], true);
$playback_option['width'] = COM_applyFilter($_POST['width'], true);
$playback_option['bgcolor'] = COM_applyFilter($_POST['bgcolor']);
$playback_option['loop'] = COM_applyFilter($_POST['loop'], true);
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','autoref',{$playback_option['autoref']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','autoplay',{$playback_option['autoplay']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','controller',{$playback_option['controller']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','kioskmode',{$playback_option['kioskmode']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','scale','{$playback_option['scale']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','height',{$playback_option['height']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','width',{$playback_option['width']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','bgcolor','{$playback_option['bgcolor']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','loop','{$playback_option['loop']}'");
}
if ($attachtn == 1 && $thumbnail != '') {
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php';
$media_filename = DB_getItem($_TABLES['mg_media'], 'media_filename', 'media_id="' . $media_id . '"');
$thumbFilename = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
MG_attachThumbnail($album_id, $thumbnail, $thumbFilename);
}
if ($remove_old_tn == 1) {
$media_filename = DB_getItem($_TABLES['mg_media'], 'media_filename', 'media_id="' . $media_id . '"');
foreach ($_MG_CONF['validExtensions'] as $ext) {
if (file_exists($_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename . $ext)) {
@unlink($_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename . $ext);
break;
}
}
}
if ($queue) {
echo COM_refresh($_MG_CONF['site_url'] . '/admin.php?album_id=' . $album_id . '&mode=moderate');
} else {
require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
MG_buildAlbumRSS($album_id);
CACHE_remove_instance('whatsnew');
echo COM_refresh($actionURL);
}
exit;
}
function LIB_Save($pi_name, $edt_flg, $navbarMenu, $menuno)
{
global $_CONF;
global $_TABLES;
global $_USER;
$box_conf = "_" . strtoupper($pi_name) . "_CONF";
global ${$box_conf};
$box_conf = ${$box_conf};
$lang_box_admin = "LANG_" . strtoupper($pi_name) . "_ADMIN";
global ${$lang_box_admin};
$lang_box_admin = ${$lang_box_admin};
$lang_box_admin_menu = "LANG_" . strtoupper($pi_name) . "_admin_menu";
global ${$lang_box_admin_menu};
$lang_box_admin_menu = ${$lang_box_admin_menu};
$lang_box_inputtype = "LANG_" . strtoupper($pi_name) . "_INPUTTYPE";
global ${$lang_box_inputtype};
$lang_box_inputtype = ${$lang_box_inputtype};
$table = $_TABLES[strtoupper($pi_name) . '_def_group'];
$retval = '';
// clean 'em up
$id = COM_applyFilter($_POST['id'], true);
$code = COM_applyFilter($_POST['code']);
$code = addslashes(COM_checkHTML(COM_checkWords($code)));
$name = COM_applyFilter($_POST['name']);
$name = addslashes(COM_checkHTML(COM_checkWords($name)));
$description = $_POST['description'];
//COM_applyFilter($_POST['description']);
$description = addslashes(COM_checkHTML(COM_checkWords($description)));
$parent_flg = COM_applyFilter($_POST['parent_flg'], true);
$input_type = COM_applyFilter($_POST['input_type'], true);
$orderno = mb_convert_kana($_POST['orderno'], "a");
//全角英数字を半角英数字に変換する
$orderno = COM_applyFilter($orderno, true);
//$name = mb_convert_kana($name,"AKV");
//A:半角英数字を全角英数字に変換する
//K:半角カタカナを全角カタカナに変換する
//V:濁点つきの文字を1文字に変換する (K、H と共に利用する)
//$name = str_replace ("'", "’",$name);
//$code = mb_convert_kana($code,"a");//全角英数字を半角英数字に変換する
//-----
$type = 1;
$uuid = $_USER['uid'];
// CHECK はじめ
$err = "";
//ID コード
if ($id == 0) {
//$err.=$lang_box_admin['err_uid']."<br/>".LB;
} else {
if (!is_numeric($id)) {
$err .= $lang_box_admin['err_id'] . "<br/>" . LB;
}
}
//コード
if ($code != "") {
$cntsql = "SELECT code FROM {$table} ";
$cntsql .= " WHERE ";
$cntsql .= " code='{$code}' ";
$cntsql .= " AND group_id<>{$id}";
$result = DB_query($cntsql);
$numrows = DB_numRows($result);
if ($numrows != 0) {
$err .= $lang_box_admin['err_code_w'] . "<br/>" . LB;
}
}
//タイトル必須
if (empty($name)) {
$err .= $lang_box_admin['err_name'] . "<br/>" . LB;
}
//errorのあるとき
if ($err != "") {
$retval['title'] = $lang_box_admin['piname'] . $lang_box_admin['edit'];
$retval['display'] = LIB_Edit($pi_name, $id, $edt_flg, 3, $err);
return $retval;
}
// CHECK おわり
if ($id == 0) {
$w = DB_getItem($table, "max(group_id)", "1=1");
if ($w == "") {
$w = 0;
}
$id = $w + 1;
}
$fields = "group_id";
$values = "{$id}";
$fields .= ",code";
$values .= ",'{$code}'";
$fields .= ",name";
$values .= ",'{$name}'";
$fields .= ",description";
$values .= ",'{$description}'";
$fields .= ",orderno";
//
$values .= ",{$orderno}";
$fields .= ",parent_flg";
//
$values .= ",{$parent_flg}";
$fields .= ",input_type";
//
$values .= ",{$input_type}";
$fields .= ",uuid";
$values .= ",{$uuid}";
$fields .= ",udatetime";
$values .= ",NOW( )";
//
// if ($edt_flg){
// $return_page=$_CONF['site_url'] . "/".THIS_SCRIPT;
// $return_page.="?id=".$id;
// }else{
// $return_page=$_CONF['site_admin_url'] . '/plugins/'.THIS_SCRIPT.'?msg=1';
// }
DB_save($table, $fields, $values, $return_page);
// $rt=fncsendmail ($id);
$message = "";
if ($box_conf['aftersave_admin'] === 'no') {
$retval['title'] = $lang_box_admin['piname'] . $lang_box_admin['edit'];
$retval['display'] = LIB_Edit($pi_name, $id, $edt_flg, 1, "");
return $retval;
} else {
if ($box_conf['aftersave_admin'] === 'list' or $box_conf['aftersave_admin'] === 'item') {
$url = $_CONF['site_admin_url'] . "/plugins/{$pi_name}/group.php";
$item_url = COM_buildURL($url);
$target = 'item';
$message = 1;
} else {
if ($box_conf['aftersave_admin'] === 'admin') {
$target = $box_conf['aftersave_admin'];
$message = 1;
} else {
$item_url = $_CONF['site_url'] . $box_conf['top'];
$target = $box_conf['aftersave_admin'];
}
}
}
$return_page = PLG_afterSaveSwitch($target, $item_url, $pi_name, $message);
echo $return_page;
exit;
}
function saveAlbum()
{
global $_TABLES, $MG_albums;
$this->album_disk_usage = (int) $this->album_disk_usage;
$this->last_update = (int) $this->last_update;
$this->views = (int) $this->views;
$this->enable_keywords = (int) $this->enable_keywords;
$this->title = DB_escapeString($this->title);
$this->description = DB_escapeString($this->description);
$sqlFieldList = 'album_id,album_title,album_desc,album_parent,album_order,skin,hidden,album_cover,album_cover_filename,media_count,album_disk_usage,last_update,album_views,display_album_desc,enable_album_views,image_skin,album_skin,display_skin,enable_comments,exif_display,enable_rating,playback_type,tn_attached,enable_slideshow,enable_random,enable_shutterfly,enable_views,enable_keywords,enable_sort,enable_rss,enable_postcard,albums_first,allow_download,full_display,tn_size,max_image_height,max_image_width,max_filesize,display_image_size,display_rows,display_columns,valid_formats,filename_title,shopping_cart,wm_auto,wm_id,opacity,wm_location,album_sort_order,member_uploads,moderate,email_mod,featured,cbposition,cbpage,owner_id,group_id,mod_group_id,perm_owner,perm_group,perm_members,perm_anon,podcast,mp3ribbon,tnheight,tnwidth,usealternate,rsschildren';
$sqlDataValues = "{$this->id},'{$this->title}','{$this->description}',{$this->parent},{$this->order},'{$this->skin}',{$this->hidden},'{$this->cover}','{$this->cover_filename}',{$this->media_count},{$this->album_disk_usage},{$this->last_update},{$this->views},{$this->display_album_desc},{$this->enable_album_views},'{$this->image_skin}','{$this->album_skin}','{$this->display_skin}',{$this->enable_comments},{$this->exif_display},{$this->enable_rating},{$this->playback_type},{$this->tn_attached},{$this->enable_slideshow},{$this->enable_random},{$this->enable_shutterfly},{$this->enable_views},{$this->enable_keywords},{$this->enable_sort},{$this->enable_rss},{$this->enable_postcard},{$this->albums_first},{$this->allow_download},{$this->full},{$this->tn_size},{$this->max_image_height},{$this->max_image_width},{$this->max_filesize},{$this->display_image_size},{$this->display_rows},{$this->display_columns},{$this->valid_formats},{$this->filename_title},{$this->shopping_cart},{$this->wm_auto},{$this->wm_id},{$this->wm_opacity},{$this->wm_location},{$this->album_sort_order},{$this->member_uploads},{$this->moderate},{$this->email_mod},{$this->featured},{$this->cbposition},'{$this->cbpage}',{$this->owner_id},{$this->group_id},{$this->mod_group_id},{$this->perm_owner},{$this->perm_group},{$this->perm_members},{$this->perm_anon},{$this->podcast},{$this->mp3ribbon},{$this->tnHeight},{$this->tnWidth},{$this->useAlternate},{$this->rssChildren}";
DB_save($_TABLES['mg_albums'], $sqlFieldList, $sqlDataValues);
CACHE_remove_instance('whatsnew');
}
