예제 #1
0
/**
 * Submit a new or updated story. The story is updated if it exists, or a new one is created
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @return  int		    Response code as defined in lib-plugins.php
 */
function service_submit_story($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS;
    if (!SEC_hasRights('story.edit')) {
        $output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30], true);
        return PLG_RET_AUTH_FAILED;
    }
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit) {
        /* This is EDIT mode, so there should be an old sid */
        if (empty($args['old_sid'])) {
            if (!empty($args['id'])) {
                $args['old_sid'] = $args['id'];
            } else {
                return PLG_RET_ERROR;
            }
            if (empty($args['sid'])) {
                $args['sid'] = $args['old_sid'];
            }
        }
    } else {
        if (empty($args['sid']) && !empty($args['id'])) {
            $args['sid'] = $args['id'];
        }
    }
    /* Store the first CATEGORY as the Topic ID */
    if (!empty($args['category'][0])) {
        $args['tid'] = $args['category'][0];
    }
    $content = '';
    if (!empty($args['content'])) {
        $content = $args['content'];
    } else {
        if (!empty($args['summary'])) {
            $content = $args['summary'];
        }
    }
    if (!empty($content)) {
        $parts = explode('[page_break]', $content);
        if (count($parts) == 1) {
            $args['introtext'] = $content;
            $args['bodytext'] = '';
        } else {
            $args['introtext'] = array_shift($parts);
            $args['bodytext'] = implode('[page_break]', $parts);
        }
    }
    /* Apply filters to the parameters passed by the webservice */
    if ($args['gl_svc']) {
        if (isset($args['mode'])) {
            $args['mode'] = COM_applyBasicFilter($args['mode']);
        }
        if (isset($args['editopt'])) {
            $args['editopt'] = COM_applyBasicFilter($args['editopt']);
        }
    }
    /* - START: Set all the defaults - */
    if (empty($args['tid'])) {
        // see if we have a default topic
        $topic = DB_getItem($_TABLES['topics'], 'tid', 'is_default = 1' . COM_getPermSQL('AND'));
        if (!empty($topic)) {
            $args['tid'] = $topic;
        } else {
            // otherwise, just use the first one
            $o = array();
            $s = array();
            if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) {
                $args['tid'] = $o[0];
            } else {
                $svc_msg['error_desc'] = 'No topics available';
                return PLG_RET_ERROR;
            }
        }
    }
    if (empty($args['owner_id'])) {
        $args['owner_id'] = $_USER['uid'];
    }
    if (empty($args['group_id'])) {
        $args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']);
    }
    if (isset($args['alternate_id']) && $args['tid'] == $args['alternate_id']) {
        $args['alternate_id'] = NULL;
    }
    if (empty($args['postmode'])) {
        $args['postmode'] = $_CONF['postmode'];
        if (!empty($args['content_type'])) {
            if ($args['content_type'] == 'text') {
                $args['postmode'] = 'text';
            } else {
                if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') {
                    $args['postmode'] = 'html';
                }
            }
        }
    }
    if ($args['gl_svc']) {
        /* Permissions */
        if (!isset($args['perm_owner'])) {
            $args['perm_owner'] = $_CONF['default_permissions_story'][0];
        } else {
            $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
        }
        if (!isset($args['perm_group'])) {
            $args['perm_group'] = $_CONF['default_permissions_story'][1];
        } else {
            $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
        }
        if (!isset($args['perm_members'])) {
            $args['perm_members'] = $_CONF['default_permissions_story'][2];
        } else {
            $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
        }
        if (!isset($args['perm_anon'])) {
            $args['perm_anon'] = $_CONF['default_permissions_story'][3];
        } else {
            $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
        }
        if (!isset($args['draft_flag'])) {
            $args['draft_flag'] = $_CONF['draft_flag'];
        }
        if (empty($args['frontpage'])) {
            $args['frontpage'] = $_CONF['frontpage'];
        }
        if (empty($args['show_topic_icon'])) {
            $args['show_topic_icon'] = $_CONF['show_topic_icon'];
        }
    }
    /* - END: Set all the defaults - */
    if (!isset($args['sid'])) {
        $args['sid'] = '';
    }
    $args['sid'] = COM_sanitizeID($args['sid']);
    if (!$gl_edit) {
        if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) {
            $args['sid'] = WS_makeId($args['slug'], STORY_MAX_ID_LENGTH);
        }
    }
    $story = new Story();
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit && !empty($args['gl_etag'])) {
        /* First load the original story to check if it has been modified */
        $result = $story->loadFromDatabase($args['sid']);
        if ($result == STORY_LOADED_OK) {
            if ($args['gl_etag'] != date('c', $story->_date)) {
                $svc_msg['error_desc'] = 'A more recent version of the story is available';
                return PLG_RET_PRECONDITION_FAILED;
            }
        } else {
            $svc_msg['error_desc'] = 'Error loading story';
            return PLG_RET_ERROR;
        }
    }
    /* This function is also doing the security checks */
    $result = $story->loadFromArgsArray($args);
    $sid = $story->getSid();
    switch ($result) {
        case STORY_DUPLICATE_SID:
            if (!$args['gl_svc']) {
                if (isset($args['type']) && $args['type'] == 'submission') {
                    $output .= STORY_edit($sid, 'moderate');
                } else {
                    $output .= STORY_edit($sid, 'error');
                }
            }
            return PLG_RET_ERROR;
        case STORY_EXISTING_NO_EDIT_PERMISSION:
            $output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30]);
            COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
            return PLG_RET_PERMISSION_DENIED;
        case STORY_NO_ACCESS_PARAMS:
            $output .= COM_showMessageText($MESSAGE[31], $MESSAGE[30]);
            COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
            return PLG_RET_PERMISSION_DENIED;
        case STORY_EMPTY_REQUIRED_FIELDS:
            if (!$args['gl_svc']) {
                $output .= STORY_edit($sid, 'error');
            }
            return PLG_RET_ERROR;
        default:
            break;
    }
    /* Image upload is not supported by the web-service at present */
    if (!$args['gl_svc']) {
        // Delete any images if needed
        if (array_key_exists('delete', $args)) {
            $delete = count($args['delete']);
            for ($i = 1; $i <= $delete; $i++) {
                $ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '" . DB_escapeString($sid) . "' AND ai_img_num = " . intval(key($args['delete'])));
                STORY_deleteImage($ai_filename);
                DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '" . DB_escapeString($sid) . "' AND ai_img_num = '" . intval(key($args['delete'])) . "'");
                next($args['delete']);
            }
        }
        // OK, let's upload any pictures with the article
        if (DB_count($_TABLES['article_images'], 'ai_sid', DB_escapeString($sid)) > 0) {
            $index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '" . DB_escapeString($sid) . "'") + 1;
        } else {
            $index_start = 1;
        }
        if (count($_FILES) > 0 and $_CONF['maximagesperarticle'] > 0) {
            require_once $_CONF['path_system'] . 'classes/upload.class.php';
            $upload = new upload();
            if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
                $upload->setLogFile($_CONF['path'] . 'logs/error.log');
                $upload->setDebug(true);
            }
            $upload->setMaxFileUploads($_CONF['maximagesperarticle']);
            $upload->setAutomaticResize(true);
            if ($_CONF['keep_unscaled_image'] == 1) {
                $upload->keepOriginalImage(true);
            } else {
                $upload->keepOriginalImage(false);
            }
            $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
            $upload->setFieldName('file');
            //@TODO - better error handling...
            if (!$upload->setPath($_CONF['path_images'] . 'articles')) {
                $output = COM_siteHeader('menu', $LANG24[30]);
                $output .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true);
                $output .= COM_siteFooter();
                echo $output;
                exit;
            }
            // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will
            // force any images bigger than the passed dimensions to be resized.
            // If mogrify is not set, any images larger than these dimensions
            // will get validation errors
            $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
            $upload->setMaxFileSize($_CONF['max_image_size']);
            // size in bytes, 1048576 = 1MB
            // Set file permissions on file after it gets uploaded (number is in octal)
            $upload->setPerms('0644');
            $filenames = array();
            $sql = "SELECT MAX(ai_img_num) + 1 AS ai_img_num FROM " . $_TABLES['article_images'] . " WHERE ai_sid = '" . DB_escapeString($sid) . "'";
            $result = DB_query($sql, 1);
            $row = DB_fetchArray($result);
            $ai_img_num = $row['ai_img_num'];
            if ($ai_img_num < 1) {
                $ai_img_num = 1;
            }
            for ($z = 0; $z < $_CONF['maximagesperarticle']; $z++) {
                $curfile['name'] = '';
                if (isset($_FILES['file']['name'][$z])) {
                    $curfile['name'] = $_FILES['file']['name'][$z];
                }
                if (!empty($curfile['name'])) {
                    $pos = strrpos($curfile['name'], '.') + 1;
                    $fextension = substr($curfile['name'], $pos);
                    $filenames[] = $sid . '_' . $ai_img_num . '.' . $fextension;
                    $ai_img_num++;
                } else {
                    $filenames[] = '';
                }
            }
            $upload->setFileNames($filenames);
            $upload->uploadFiles();
            //@TODO - better error handling
            if ($upload->areErrors()) {
                $retval = COM_siteHeader('menu', $LANG24[30]);
                $retval .= COM_showMessageText($upload->printErrors(false), $LANG24[30], true);
                $retval .= STORY_edit($sid, 'error');
                $retval .= COM_siteFooter();
                echo $retval;
                exit;
            }
            for ($z = 0; $z < $_CONF['maximagesperarticle']; $z++) {
                if ($filenames[$z] != '') {
                    $sql = "SELECT MAX(ai_img_num) + 1 AS ai_img_num FROM " . $_TABLES['article_images'] . " WHERE ai_sid = '" . DB_escapeString($sid) . "'";
                    $result = DB_query($sql, 1);
                    $row = DB_fetchArray($result);
                    $ai_img_num = $row['ai_img_num'];
                    if ($ai_img_num < 1) {
                        $ai_img_num = 1;
                    }
                    DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('" . DB_escapeString($sid) . "', {$ai_img_num}, '" . DB_escapeString($filenames[$z]) . "')");
                }
            }
        }
        if ($_CONF['maximagesperarticle'] > 0) {
            $errors = $story->checkImages();
            if (count($errors) > 0) {
                $output = COM_siteHeader('menu', $LANG24[54]);
                $eMsg = $LANG24[55] . '<p>';
                for ($i = 1; $i <= count($errors); $i++) {
                    $eMsg .= current($errors) . '<br />';
                    next($errors);
                }
                //@TODO - use return here...
                $output .= COM_showMessageText($eMsg, $LANG24[54], true);
                $output .= STORY_edit($sid, 'error');
                $output .= COM_siteFooter();
                echo $output;
                exit;
            }
        }
    }
    $result = $story->saveToDatabase();
    if ($result == STORY_SAVED) {
        // see if any plugins want to act on that story
        if (!empty($args['old_sid']) && $args['old_sid'] != $sid) {
            PLG_itemSaved($sid, 'article', $args['old_sid']);
        } else {
            PLG_itemSaved($sid, 'article');
        }
        // update feed(s) and Older Stories block
        COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid);
        COM_olderStuff();
        if ($story->type == 'submission') {
            COM_setMessage(9);
            echo COM_refresh($_CONF['site_admin_url'] . '/moderation.php');
            exit;
        } else {
            $output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9);
        }
        /* @TODO Set the object id here */
        $svc_msg['id'] = $sid;
        return PLG_RET_OK;
    }
}
예제 #2
0
function links_save_category($cid, $old_cid, $pid, $category, $description, $tid, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
    global $_CONF, $_TABLES, $_USER, $LANG_LINKS, $LANG_LINKS_ADMIN, $_LI_CONF, $PLG_links_MESSAGE17;
    // Convert array values to numeric permission values
    if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) {
        list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    // clean 'em up
    $description = addslashes(COM_checkHTML(COM_checkWords($description), 'links.edit'));
    $category = addslashes(COM_checkHTML(COM_checkWords($category), 'links.edit'));
    $pid = addslashes(strip_tags($pid));
    $cid = addslashes(strip_tags($cid));
    $old_cid = addslashes(strip_tags($old_cid));
    if (empty($category) || empty($description)) {
        return 7;
    }
    // Check cid to make sure not illegal
    if ($cid == addslashes($_LI_CONF['root']) || $cid == 'user') {
        return 11;
    }
    if (!empty($cid) && $cid != $old_cid) {
        // this is either a new category or an attempt to change the cid
        // - check that cid doesn't exist yet
        $ctrl = DB_getItem($_TABLES['linkcategories'], 'cid', "cid = '{$cid}'");
        if (!empty($ctrl)) {
            if (isset($PLG_links_MESSAGE17)) {
                return 17;
            } else {
                return 11;
            }
        }
    }
    // Check that they didn't delete the cid. If so, get the hidden one
    if (empty($cid) && !empty($old_cid)) {
        $cid = $old_cid;
    }
    // Make sure they aren't making a parent category child of one of it's own
    // children. This would create orphans
    if ($cid == DB_getItem($_TABLES['linkcategories'], 'pid', "cid='{$pid}'")) {
        return 12;
    }
    $access = 0;
    if (DB_count($_TABLES['linkcategories'], 'cid', $old_cid) > 0) {
        // update existing item, but new cid so get access from database with old cid
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$old_cid}'");
        $A = DB_fetchArray($result);
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
        // set flag
        $update = "existing";
    } else {
        if (DB_count($_TABLES['linkcategories'], 'cid', $cid) > 0) {
            // update existing item, same cid, so get access from database with existing cid
            $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group, perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$cid}'");
            $A = DB_fetchArray($result);
            $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
            // set flag
            $update = "same";
        } else {
            // new item, so use passed values
            $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
            // set flag
            $update = 'new';
        }
    }
    if ($access < 3) {
        // no access rights: user should not be here
        COM_accessLog(sprintf($LANG_LINKS_ADMIN[60], $_USER['username'], $cid));
        return 6;
    } else {
        // save item
        if ($update == 'existing') {
            // update an existing item but new cid
            $sql = "UPDATE {$_TABLES['linkcategories']}\n                    SET cid='{$cid}',\n                        pid='{$pid}',\n                        tid='{$tid}',category='{$category}',\n                        description='{$description}',\n                        modified=NOW(),\n                        owner_id='{$owner_id}',group_id='{$group_id}',\n                        perm_owner='{$perm_owner}',perm_group='{$perm_group}',\n                        perm_members='{$perm_members}',perm_anon='{$perm_anon}'\n                    WHERE cid = '{$old_cid}'";
            $result = DB_query($sql);
            // Also need to update links for this category
            $sql = "UPDATE {$_TABLES['links']} SET cid='{$cid}' WHERE cid='{$old_cid}'";
            $result = DB_query($sql);
        } else {
            if ($update == 'same') {
                // update an existing item
                $sql = "UPDATE {$_TABLES['linkcategories']}\n                    SET pid='{$pid}',\n                        tid='{$tid}',category='{$category}',\n                        description='{$description}',\n                        modified=NOW(),\n                        owner_id='{$owner_id}',group_id='{$group_id}',\n                        perm_owner='{$perm_owner}',perm_group='{$perm_group}',\n                        perm_members='{$perm_members}',perm_anon='{$perm_anon}'\n                    WHERE cid = '{$cid}'";
                $result = DB_query($sql);
            } else {
                // insert a new item
                if (empty($cid)) {
                    $cid = COM_makeSid();
                }
                $sql = "INSERT INTO {$_TABLES['linkcategories']}\n                    (cid, pid, category, description, tid,\n                    created,modified,\n                    owner_id, group_id, perm_owner, perm_group,\n                    perm_members, perm_anon)\n                    VALUES\n                    ('{$cid}','{$pid}','{$category}',\n                    '{$description}','{$tid}',\n                    NOW(),NOW(),\n                    '{$owner_id}','{$group_id}','{$perm_owner}',\n                    '{$perm_group}','{$perm_members}','{$perm_anon}')";
                $result = DB_query($sql);
            }
        }
        if ($update == 'existing' && $cid != $old_cid) {
            PLG_itemSaved($cid, 'links.category', $old_cid);
        } else {
            PLG_itemSaved($cid, 'links.category');
        }
    }
    return 10;
    // success message
}
예제 #3
0
/**
 * Submit static page. The page is updated if it exists, or a new one is created
 *
 * @param   array   args     Contains all the data provided by the client
 * @param   string  &output  OUTPUT parameter containing the returned text
 * @param   string  &svc_msg OUTPUT parameter containing any service messages
 * @return  int		     Response code as defined in lib-plugins.php
 */
function service_submit_staticpages($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_GROUPS, $_SP_CONF;
    $output = '';
    if (!SEC_hasRights('staticpages.edit')) {
        $output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
        $output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied'], true);
        $output .= COM_siteFooter();
        return PLG_RET_AUTH_FAILED;
    }
    if (defined('DEMO_MODE')) {
        $output = COM_siteHeader('menu');
        $output .= COM_showMessageText('Option disabled in Demo Mode', 'Option disabled in Demo Mode', true);
        $output .= COM_siteFooter();
        return PLG_REG_AUTH_FAILED;
    }
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit) {
        // This is EDIT mode, so there should be an sp_old_id
        if (empty($args['sp_old_id'])) {
            if (!empty($args['id'])) {
                $args['sp_old_id'] = $args['id'];
            } else {
                return PLG_RET_ERROR;
            }
            if (empty($args['sp_id'])) {
                $args['sp_id'] = $args['sp_old_id'];
            }
        }
    } else {
        if (empty($args['sp_id']) && !empty($args['id'])) {
            $args['sp_id'] = $args['id'];
        }
    }
    if (empty($args['sp_uid'])) {
        $args['sp_uid'] = $_USER['uid'];
    }
    if (empty($args['sp_title']) && !empty($args['title'])) {
        $args['sp_title'] = $args['title'];
    }
    if (empty($args['sp_content']) && !empty($args['content'])) {
        $args['sp_content'] = $args['content'];
    }
    if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) {
        $args['sp_tid'] = $args['category'][0];
    }
    if (!isset($args['owner_id'])) {
        $args['owner_id'] = $_USER['uid'];
    }
    if (empty($args['group_id'])) {
        $args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
    }
    $args['sp_id'] = COM_sanitizeID($args['sp_id']);
    if (!$gl_edit) {
        if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
            if (function_exists('WS_makeId')) {
                $args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
            } else {
                $args['sp_id'] = COM_makeSid();
            }
        }
    }
    // Apply filters to the parameters passed by the webservice
    if ($args['gl_svc']) {
        $par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode');
        $par_num = array('sp_uid', 'sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode', 'sp_search', 'sp_status');
        foreach ($par_str as $str) {
            if (isset($args[$str])) {
                $args[$str] = COM_applyBasicFilter($args[$str]);
            } else {
                $args[$str] = '';
            }
        }
        foreach ($par_num as $num) {
            if (isset($args[$num])) {
                $args[$num] = COM_applyBasicFilter($args[$num], true);
            } else {
                $args[$num] = 0;
            }
        }
    }
    // START: Staticpages defaults
    if ($args['sp_status'] != 1) {
        $args['sp_status'] = 0;
    }
    if (empty($args['sp_format'])) {
        $args['sp_format'] = 'allblocks';
    }
    if (empty($args['sp_tid'])) {
        $args['sp_tid'] = 'all';
    }
    if ($args['sp_where'] < 0 || $args['sp_where'] > 4) {
        $args['sp_where'] = 0;
    }
    if ($args['sp_php'] < 0 || $args['sp_php'] > 2) {
        $args['sp_php'] = 0;
    }
    if ($args['commentcode'] < -1 || $args['commentcode'] > 1) {
        $args['commentcode'] = $_CONF['comment_code'];
    }
    if ($args['sp_search'] != 1) {
        $args['sp_search'] = 0;
    }
    if ($args['gl_svc']) {
        // Permissions
        if (!isset($args['perm_owner'])) {
            $args['perm_owner'] = $_SP_CONF['default_permissions'][0];
        } else {
            $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
        }
        if (!isset($args['perm_group'])) {
            $args['perm_group'] = $_SP_CONF['default_permissions'][1];
        } else {
            $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
        }
        if (!isset($args['perm_members'])) {
            $args['perm_members'] = $_SP_CONF['default_permissions'][2];
        } else {
            $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
        }
        if (!isset($args['perm_anon'])) {
            $args['perm_anon'] = $_SP_CONF['default_permissions'][3];
        } else {
            $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
        }
        if (!isset($args['sp_onmenu'])) {
            $args['sp_onmenu'] = '';
        } else {
            if ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) {
                $svc_msg['error_desc'] = 'Menu label missing';
                return PLG_RET_ERROR;
            }
        }
        if (empty($args['sp_content'])) {
            $svc_msg['error_desc'] = 'No content';
            return PLG_RET_ERROR;
        }
        if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') {
            $args['sp_inblock'] = 'on';
        }
        if (empty($args['sp_centerblock'])) {
            $args['sp_centerblock'] = '';
        }
    }
    // END: Staticpages defaults
    $sp_id = $args['sp_id'];
    $sp_status = $args['sp_status'];
    $sp_uid = $args['sp_uid'];
    $sp_title = $args['sp_title'];
    $sp_content = $args['sp_content'];
    $sp_hits = $args['sp_hits'];
    $sp_format = $args['sp_format'];
    $sp_onmenu = $args['sp_onmenu'];
    $sp_label = '';
    if (!empty($args['sp_label'])) {
        $sp_label = $args['sp_label'];
    }
    $commentcode = $args['commentcode'];
    $owner_id = $args['owner_id'];
    $group_id = $args['group_id'];
    $perm_owner = $args['perm_owner'];
    $perm_group = $args['perm_group'];
    $perm_members = $args['perm_members'];
    $perm_anon = $args['perm_anon'];
    $sp_php = $args['sp_php'];
    $sp_nf = '';
    if (!empty($args['sp_nf'])) {
        $sp_nf = $args['sp_nf'];
    }
    $sp_old_id = $args['sp_old_id'];
    $sp_centerblock = $args['sp_centerblock'];
    $sp_help = '';
    if (!empty($args['sp_help'])) {
        $sp_help = $args['sp_help'];
    }
    $sp_tid = $args['sp_tid'];
    $sp_where = $args['sp_where'];
    $sp_inblock = $args['sp_inblock'];
    $postmode = $args['postmode'];
    $sp_search = $args['sp_search'];
    if ($gl_edit && !empty($args['gl_etag'])) {
        // First load the original staticpage to check if it has been modified
        $o = array();
        $s = array();
        $r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s);
        if ($r == PLG_RET_OK) {
            if ($args['gl_etag'] != $o['updated']) {
                $svc_msg['error_desc'] = 'A more recent version of the staticpage is available';
                return PLG_RET_PRECONDITION_FAILED;
            }
        } else {
            $svc_msg['error_desc'] = 'The requested staticpage no longer exists';
            return PLG_RET_ERROR;
        }
    }
    // Check for unique page ID
    $duplicate_id = false;
    $delete_old_page = false;
    if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) {
        if ($sp_id != $sp_old_id) {
            $duplicate_id = true;
        }
    } elseif (!empty($sp_old_id)) {
        if ($sp_id != $sp_old_id) {
            $delete_old_page = true;
        }
    }
    if ($duplicate_id) {
        $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
        $output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2);
        if (!$args['gl_svc']) {
            $output .= PAGE_edit($sp_id);
        }
        $output .= COM_siteFooter();
        $svc_msg['error_desc'] = 'Duplicate ID';
        return PLG_RET_ERROR;
    } elseif (!empty($sp_title) && !empty($sp_content)) {
        if (empty($sp_hits)) {
            $sp_hits = 0;
        }
        if ($sp_onmenu == 'on') {
            $sp_onmenu = 1;
        } else {
            $sp_onmenu = 0;
        }
        if ($sp_nf == 'on') {
            $sp_nf = 1;
        } else {
            $sp_nf = 0;
        }
        if ($sp_centerblock == 'on') {
            $sp_centerblock = 1;
        } else {
            $sp_centerblock = 0;
        }
        if ($sp_inblock == 'on') {
            $sp_inblock = 1;
        } else {
            $sp_inblock = 0;
        }
        // Clean up the text
        if ($_SP_CONF['censor'] == 1) {
            $sp_content = COM_checkWords($sp_content);
            $sp_title = COM_checkWords($sp_title);
        }
        if ($_SP_CONF['filter_html'] == 1) {
            $sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
        }
        $sp_title = strip_tags($sp_title);
        $sp_label = strip_tags($sp_label);
        $sp_content = DB_escapeString($sp_content);
        $sp_title = DB_escapeString($sp_title);
        $sp_label = DB_escapeString($sp_label);
        // If user does not have php edit perms, then set php flag to 0.
        if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) {
            $sp_php = 0;
        }
        // make sure there's only one "entire page" static page per topic
        if ($sp_centerblock == 1 && $sp_where == 0) {
            $sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE sp_centerblock = 1 AND sp_where = 0 AND sp_tid = '" . DB_escapeString($sp_tid) . "'";
            // multi-language configuration - allow one entire page
            // centerblock for all or none per language
            if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) {
                $ids = explode('_', $sp_id);
                if (count($ids) > 1) {
                    $lang_id = array_pop($ids);
                    $sql .= " AND sp_id LIKE '%\\_" . DB_escapeString($lang_id) . "'";
                }
            }
            DB_query($sql);
        }
        $formats = array('allblocks', 'blankpage', 'leftblocks', 'rightblocks', 'noblocks');
        if (!in_array($sp_format, $formats)) {
            $sp_format = 'allblocks';
        }
        if (!$args['gl_svc']) {
            list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
        }
        DB_save($_TABLES['staticpage'], 'sp_id,sp_status,sp_uid,sp_title,sp_content,sp_date,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode,sp_search', "'{$sp_id}',{$sp_status}, {$sp_uid},'{$sp_title}','{$sp_content}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}',{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}',{$sp_search}");
        if ($delete_old_page && !empty($sp_old_id)) {
            DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id);
            DB_change($_TABLES['comments'], 'sid', DB_escapeString($sp_id), array('sid', 'type'), array(DB_escapeString($sp_old_id), 'staticpages'));
            PLG_itemDeleted($sp_old_id, 'staticpages');
        }
        PLG_itemSaved($sp_id, 'staticpages');
        $url = COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $sp_id);
        $output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages');
        $svc_msg['id'] = $sp_id;
        return PLG_RET_OK;
    } else {
        $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
        $output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2);
        if (!$args['gl_svc']) {
            $output .= PAGE_edit($sp_id);
        }
        $output .= COM_siteFooter();
        return PLG_RET_ERROR;
    }
}
예제 #4
0
/**
 * Submit a new or updated story. The story is updated if it exists, or a new one is created
 *
 * @param   array   args    Contains all the data provided by the client
 * @param   string  &output OUTPUT parameter containing the returned text
 * @return  int         Response code as defined in lib-plugins.php
 */
function service_submit_story($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $_USER, $LANG24, $MESSAGE, $_GROUPS;
    if (!SEC_hasRights('story.edit')) {
        $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
        $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
        return PLG_RET_AUTH_FAILED;
    }
    require_once $_CONF['path_system'] . 'lib-comment.php';
    if (!$_CONF['disable_webservices']) {
        require_once $_CONF['path_system'] . 'lib-webservices.php';
    }
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit) {
        /* This is EDIT mode, so there should be an old sid */
        if (empty($args['old_sid'])) {
            if (!empty($args['id'])) {
                $args['old_sid'] = $args['id'];
            } else {
                return PLG_RET_ERROR;
            }
            if (empty($args['sid'])) {
                $args['sid'] = $args['old_sid'];
            }
        }
    } else {
        if (empty($args['sid']) && !empty($args['id'])) {
            $args['sid'] = $args['id'];
        }
    }
    // Store the first CATEGORY as the Topic ID
    if (!empty($args['category'][0])) {
        $args['tid'] = $args['category'][0];
    }
    $content = '';
    if (!empty($args['content'])) {
        $content = $args['content'];
    } else {
        if (!empty($args['summary'])) {
            $content = $args['summary'];
        }
    }
    if (!empty($content)) {
        $parts = explode('[page_break]', $content);
        if (count($parts) == 1) {
            $args['introtext'] = $content;
            $args['bodytext'] = '';
        } else {
            $args['introtext'] = array_shift($parts);
            $args['bodytext'] = implode('[page_break]', $parts);
        }
    }
    // Apply filters to the parameters passed by the webservice
    if ($args['gl_svc']) {
        if (isset($args['mode'])) {
            $args['mode'] = COM_applyBasicFilter($args['mode']);
        }
        if (isset($args['editopt'])) {
            $args['editopt'] = COM_applyBasicFilter($args['editopt']);
        }
    }
    // - START: Set all the defaults -
    /*
        if (empty($args['tid'])) {
            // see if we have a default topic
            $topic = DB_getItem($_TABLES['topics'], 'tid',
                                'is_default = 1' . COM_getPermSQL('AND'));
            if (!empty($topic)) {
                $args['tid'] = $topic;
            } else {
                // otherwise, just use the first one
                $o = array();
                $s = array();
                if (service_getTopicList_story(array('gl_svc' => true), $o, $s) == PLG_RET_OK) {
                    $args['tid'] = $o[0];
                } else {
                    $svc_msg['error_desc'] = 'No topics available';
                    return PLG_RET_ERROR;
                }
            }
        } */
    /* This is a solution for above but the above has issues
        if (!TOPIC_checkTopicSelectionControl()) {
            $svc_msg['error_desc'] = 'No topics selected or available';
            return PLG_RET_ERROR;
        }
       */
    if (empty($args['owner_id'])) {
        $args['owner_id'] = $_USER['uid'];
    }
    if (empty($args['group_id'])) {
        $args['group_id'] = SEC_getFeatureGroup('story.edit', $_USER['uid']);
    }
    if (empty($args['postmode'])) {
        $args['postmode'] = $_CONF['postmode'];
        if (!empty($args['content_type'])) {
            if ($args['content_type'] == 'text') {
                $args['postmode'] = 'text';
            } else {
                if ($args['content_type'] == 'html' || $args['content_type'] == 'xhtml') {
                    $args['postmode'] = 'html';
                }
            }
        }
    }
    if ($args['gl_svc']) {
        // Permissions
        if (!isset($args['perm_owner'])) {
            $args['perm_owner'] = $_CONF['default_permissions_story'][0];
        } else {
            $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
        }
        if (!isset($args['perm_group'])) {
            $args['perm_group'] = $_CONF['default_permissions_story'][1];
        } else {
            $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
        }
        if (!isset($args['perm_members'])) {
            $args['perm_members'] = $_CONF['default_permissions_story'][2];
        } else {
            $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
        }
        if (!isset($args['perm_anon'])) {
            $args['perm_anon'] = $_CONF['default_permissions_story'][3];
        } else {
            $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
        }
        if (!isset($args['draft_flag'])) {
            $args['draft_flag'] = $_CONF['draft_flag'];
        }
        if (empty($args['frontpage'])) {
            $args['frontpage'] = $_CONF['frontpage'];
        }
        if (empty($args['show_topic_icon'])) {
            $args['show_topic_icon'] = $_CONF['show_topic_icon'];
        }
    }
    // - END: Set all the defaults -
    // TEST CODE
    /* foreach ($args as $k => $v) {
           if (!is_array($v)) {
               echo "$k => $v\r\n";
           } else {
               echo "$k => $v\r\n";
               foreach ($v as $k1 => $v1) {
                   echo "        $k1 => $v1\r\n";
               }
           }
       }*/
    // exit ();
    // END TEST CODE
    if (!isset($args['sid'])) {
        $args['sid'] = '';
    }
    $args['sid'] = COM_sanitizeID($args['sid']);
    if (!$gl_edit) {
        if (strlen($args['sid']) > STORY_MAX_ID_LENGTH) {
            $slug = '';
            if (isset($args['slug'])) {
                $slug = $args['slug'];
            }
            if (function_exists('WS_makeId')) {
                $args['sid'] = WS_makeId($slug, STORY_MAX_ID_LENGTH);
            } else {
                $args['sid'] = COM_makeSid();
            }
        }
    }
    $story = new Story();
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit && !empty($args['gl_etag'])) {
        // First load the original story to check if it has been modified
        $result = $story->loadFromDatabase($args['sid']);
        if ($result == STORY_LOADED_OK) {
            if ($args['gl_etag'] != date('c', $story->_date)) {
                $svc_msg['error_desc'] = 'A more recent version of the story is available';
                return PLG_RET_PRECONDITION_FAILED;
            }
        } else {
            $svc_msg['error_desc'] = 'Error loading story';
            return PLG_RET_ERROR;
        }
    }
    // This function is also doing the security checks
    $result = $story->loadFromArgsArray($args);
    $sid = $story->getSid();
    // Check if topics selected if not prompt required field
    if ($result == STORY_LOADED_OK) {
        if (!TOPIC_checkTopicSelectionControl()) {
            $result = STORY_EMPTY_REQUIRED_FIELDS;
        }
    }
    switch ($result) {
        case STORY_DUPLICATE_SID:
            $output .= COM_errorLog($LANG24[24], 2);
            if (!$args['gl_svc']) {
                $output .= storyeditor($sid);
            }
            $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[5]));
            return PLG_RET_ERROR;
            break;
        case STORY_EXISTING_NO_EDIT_PERMISSION:
            $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
            $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
            COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
            return PLG_RET_PERMISSION_DENIED;
            break;
        case STORY_NO_ACCESS_PARAMS:
            $output .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
            $output = COM_createHTMLDocument($output, array('pagetitle' => $MESSAGE[30]));
            COM_accessLog("User {$_USER['username']} tried to illegally submit or edit story {$sid}.");
            return PLG_RET_PERMISSION_DENIED;
            break;
        case STORY_EMPTY_REQUIRED_FIELDS:
            $output .= COM_errorLog($LANG24[31], 2);
            if (!$args['gl_svc']) {
                $output .= storyeditor($sid);
            }
            $output = COM_createHTMLDocument($output);
            return PLG_RET_ERROR;
            break;
        default:
            break;
    }
    /* Image upload is not supported by the web-service at present */
    if (!$args['gl_svc']) {
        // Delete any images if needed
        if (array_key_exists('delete', $args)) {
            $delete = count($args['delete']);
            for ($i = 1; $i <= $delete; $i++) {
                $ai_filename = DB_getItem($_TABLES['article_images'], 'ai_filename', "ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete']));
                STORY_deleteImage($ai_filename);
                DB_query("DELETE FROM {$_TABLES['article_images']} WHERE ai_sid = '{$sid}' AND ai_img_num = " . key($args['delete']));
                next($args['delete']);
            }
        }
        // OK, let's upload any pictures with the article
        if (DB_count($_TABLES['article_images'], 'ai_sid', $sid) > 0) {
            $index_start = DB_getItem($_TABLES['article_images'], 'max(ai_img_num)', "ai_sid = '{$sid}'") + 1;
        } else {
            $index_start = 1;
        }
        if (count($_FILES) > 0 && $_CONF['maximagesperarticle'] > 0) {
            require_once $_CONF['path_system'] . 'classes/upload.class.php';
            $upload = new Upload();
            if (isset($_CONF['debug_image_upload']) && $_CONF['debug_image_upload']) {
                $upload->setLogFile($_CONF['path'] . 'logs/error.log');
                $upload->setDebug(true);
            }
            $upload->setMaxFileUploads($_CONF['maximagesperarticle']);
            if (!empty($_CONF['image_lib'])) {
                if ($_CONF['image_lib'] == 'imagemagick') {
                    // Using imagemagick
                    $upload->setMogrifyPath($_CONF['path_to_mogrify']);
                } elseif ($_CONF['image_lib'] == 'netpbm') {
                    // using netPBM
                    $upload->setNetPBM($_CONF['path_to_netpbm']);
                } elseif ($_CONF['image_lib'] == 'gdlib') {
                    // using the GD library
                    $upload->setGDLib();
                }
                $upload->setAutomaticResize(true);
                if ($_CONF['keep_unscaled_image'] == 1) {
                    $upload->keepOriginalImage(true);
                } else {
                    $upload->keepOriginalImage(false);
                }
                if (isset($_CONF['jpeg_quality'])) {
                    $upload->setJpegQuality($_CONF['jpeg_quality']);
                }
            }
            $upload->setAllowedMimeTypes(array('image/gif' => '.gif', 'image/jpeg' => '.jpg,.jpeg', 'image/pjpeg' => '.jpg,.jpeg', 'image/x-png' => '.png', 'image/png' => '.png'));
            if (!$upload->setPath($_CONF['path_images'] . 'articles')) {
                $output = COM_showMessageText($upload->printErrors(false), $LANG24[30]);
                $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30]));
                echo $output;
                exit;
            }
            // NOTE: if $_CONF['path_to_mogrify'] is set, the call below will
            // force any images bigger than the passed dimensions to be resized.
            // If mogrify is not set, any images larger than these dimensions
            // will get validation errors
            $upload->setMaxDimensions($_CONF['max_image_width'], $_CONF['max_image_height']);
            $upload->setMaxFileSize($_CONF['max_image_size']);
            // size in bytes, 1048576 = 1MB
            // Set file permissions on file after it gets uploaded (number is in octal)
            $upload->setPerms('0644');
            $filenames = array();
            $end_index = $index_start + $upload->numFiles() - 1;
            for ($z = $index_start; $z <= $end_index; $z++) {
                $curfile = current($_FILES);
                if (!empty($curfile['name'])) {
                    $pos = strrpos($curfile['name'], '.') + 1;
                    $fextension = substr($curfile['name'], $pos);
                    $filenames[] = $sid . '_' . $z . '.' . $fextension;
                }
                next($_FILES);
            }
            $upload->setFileNames($filenames);
            reset($_FILES);
            $upload->uploadFiles();
            if ($upload->areErrors()) {
                $retval = COM_showMessageText($upload->printErrors(false), $LANG24[30]);
                $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[30]));
                echo $retval;
                exit;
            }
            reset($filenames);
            for ($z = $index_start; $z <= $end_index; $z++) {
                DB_query("INSERT INTO {$_TABLES['article_images']} (ai_sid, ai_img_num, ai_filename) VALUES ('{$sid}', {$z}, '" . current($filenames) . "')");
                next($filenames);
            }
        }
        if ($_CONF['maximagesperarticle'] > 0) {
            $errors = $story->checkAttachedImages();
            if (count($errors) > 0) {
                $output .= COM_startBlock($LANG24[54], '', COM_getBlockTemplate('_msg_block', 'header'));
                $output .= $LANG24[55] . LB . '<ul>' . LB;
                foreach ($errors as $err) {
                    $output .= '<li>' . $err . '</li>' . LB;
                }
                $output .= '</ul>' . LB;
                $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
                $output .= storyeditor($sid);
                $output = COM_createHTMLDocument($output, array('pagetitle' => $LANG24[54]));
                echo $output;
                exit;
            }
        }
    }
    $result = $story->saveToDatabase();
    if ($result == STORY_SAVED) {
        // see if any plugins want to act on that story
        if (!empty($args['old_sid']) && $args['old_sid'] != $sid) {
            PLG_itemSaved($sid, 'article', $args['old_sid']);
        } else {
            PLG_itemSaved($sid, 'article');
        }
        // update feed(s)
        COM_rdfUpToDateCheck('article', $story->DisplayElements('tid'), $sid);
        COM_rdfUpToDateCheck('comment');
        STORY_updateLastArticlePublished();
        CMT_updateCommentcodes();
        if ($story->type == 'submission') {
            $output = COM_refresh($_CONF['site_admin_url'] . '/moderation.php?msg=9');
        } else {
            $output = PLG_afterSaveSwitch($_CONF['aftersave_story'], COM_buildURL("{$_CONF['site_url']}/article.php?story={$sid}"), 'story', 9);
        }
        /* @TODO Set the object id here */
        $svc_msg['id'] = $sid;
        return PLG_RET_OK;
    }
}
예제 #5
0
/**
 * Submit static page. The page is updated if it exists, or a new one is created
 *
 * @param   array   args     Contains all the data provided by the client
 * @param   string  &output  OUTPUT parameter containing the returned text
 * @param   string  &svc_msg OUTPUT parameter containing any service messages
 * @return  int		     Response code as defined in lib-plugins.php
 */
function service_submit_staticpages($args, &$output, &$svc_msg)
{
    global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_GROUPS, $_SP_CONF;
    if (!$_CONF['disable_webservices']) {
        require_once $_CONF['path_system'] . 'lib-webservices.php';
    }
    $output = '';
    if (!SEC_hasRights('staticpages.edit')) {
        $output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
        $output .= COM_startBlock($LANG_STATIC['access_denied'], '', COM_getBlockTemplate('_msg_block', 'header'));
        $output .= $LANG_STATIC['access_denied_msg'];
        $output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
        $output .= COM_siteFooter();
        return PLG_RET_AUTH_FAILED;
    }
    $gl_edit = false;
    if (isset($args['gl_edit'])) {
        $gl_edit = $args['gl_edit'];
    }
    if ($gl_edit) {
        // This is EDIT mode, so there should be an sp_old_id
        if (empty($args['sp_old_id'])) {
            if (!empty($args['id'])) {
                $args['sp_old_id'] = $args['id'];
            } else {
                return PLG_RET_ERROR;
            }
            if (empty($args['sp_id'])) {
                $args['sp_id'] = $args['sp_old_id'];
            }
        }
    } else {
        if (empty($args['sp_id']) && !empty($args['id'])) {
            $args['sp_id'] = $args['id'];
        }
    }
    if (empty($args['sp_title']) && !empty($args['title'])) {
        $args['sp_title'] = $args['title'];
    }
    if (empty($args['sp_content']) && !empty($args['content'])) {
        $args['sp_content'] = $args['content'];
    }
    if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) {
        $args['sp_tid'] = $args['category'][0];
    }
    if (!isset($args['owner_id'])) {
        $args['owner_id'] = $_USER['uid'];
    }
    if (empty($args['group_id'])) {
        $args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
    }
    $args['sp_id'] = COM_sanitizeID($args['sp_id']);
    if (!$gl_edit) {
        if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
            $slug = '';
            if (isset($args['slug'])) {
                $slug = $args['slug'];
            }
            if (function_exists('WS_makeId')) {
                $args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
            } else {
                $args['sp_id'] = COM_makeSid();
            }
        }
    }
    // Apply filters to the parameters passed by the webservice
    if ($args['gl_svc']) {
        $par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode');
        $par_num = array('sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode');
        foreach ($par_str as $str) {
            if (isset($args[$str])) {
                $args[$str] = COM_applyBasicFilter($args[$str]);
            } else {
                $args[$str] = '';
            }
        }
        foreach ($par_num as $num) {
            if (isset($args[$num])) {
                $args[$num] = COM_applyBasicFilter($args[$num], true);
            } else {
                $args[$num] = 0;
            }
        }
    }
    // START: Staticpages defaults
    if (empty($args['sp_format'])) {
        $args['sp_format'] = 'allblocks';
    }
    if (empty($args['sp_tid'])) {
        $args['sp_tid'] = 'all';
    }
    if ($args['sp_where'] < 0 || $args['sp_where'] > 3) {
        $args['sp_where'] = 0;
    }
    if ($args['sp_php'] < 0 || $args['sp_php'] > 2) {
        $args['sp_php'] = 0;
    }
    if ($args['commentcode'] < -1 || $args['commentcode'] > 1) {
        $args['commentcode'] = $_CONF['comment_code'];
    }
    if ($args['gl_svc']) {
        // Permissions
        if (!isset($args['perm_owner'])) {
            $args['perm_owner'] = $_SP_CONF['default_permissions'][0];
        } else {
            $args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
        }
        if (!isset($args['perm_group'])) {
            $args['perm_group'] = $_SP_CONF['default_permissions'][1];
        } else {
            $args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
        }
        if (!isset($args['perm_members'])) {
            $args['perm_members'] = $_SP_CONF['default_permissions'][2];
        } else {
            $args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
        }
        if (!isset($args['perm_anon'])) {
            $args['perm_anon'] = $_SP_CONF['default_permissions'][3];
        } else {
            $args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
        }
        if (!isset($args['sp_onmenu'])) {
            $args['sp_onmenu'] = '';
        } elseif ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) {
            $svc_msg['error_desc'] = 'Menu label missing';
            return PLG_RET_ERROR;
        }
        if (empty($args['sp_content'])) {
            $svc_msg['error_desc'] = 'No content';
            return PLG_RET_ERROR;
        }
        if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') {
            $args['sp_inblock'] = 'on';
        }
        if (empty($args['sp_centerblock'])) {
            $args['sp_centerblock'] = '';
        }
        if (empty($args['draft_flag']) && $_SP_CONF['draft_flag'] == '1') {
            $args['draft_flag'] = 'on';
        }
        if (empty($args['template_flag'])) {
            $args['template_flag'] = '';
        }
        if (empty($args['template_id'])) {
            $args['template_id'] = '';
        }
    }
    // END: Staticpages defaults
    $sp_id = $args['sp_id'];
    $sp_title = $args['sp_title'];
    $sp_page_title = $args['sp_page_title'];
    $sp_content = $args['sp_content'];
    $sp_hits = $args['sp_hits'];
    $sp_format = $args['sp_format'];
    $sp_onmenu = $args['sp_onmenu'];
    $sp_label = '';
    if (!empty($args['sp_label'])) {
        $sp_label = $args['sp_label'];
    }
    $meta_description = $args['meta_description'];
    $meta_keywords = $args['meta_keywords'];
    $commentcode = $args['commentcode'];
    $owner_id = $args['owner_id'];
    $group_id = $args['group_id'];
    $perm_owner = $args['perm_owner'];
    $perm_group = $args['perm_group'];
    $perm_members = $args['perm_members'];
    $perm_anon = $args['perm_anon'];
    $sp_php = $args['sp_php'];
    $sp_nf = '';
    if (!empty($args['sp_nf'])) {
        $sp_nf = $args['sp_nf'];
    }
    $sp_old_id = $args['sp_old_id'];
    $sp_centerblock = $args['sp_centerblock'];
    $draft_flag = $args['draft_flag'];
    $template_flag = $args['template_flag'];
    $template_id = $args['template_id'];
    $sp_help = '';
    if (!empty($args['sp_help'])) {
        $sp_help = $args['sp_help'];
    }
    $sp_tid = $args['sp_tid'];
    $sp_where = $args['sp_where'];
    $sp_inblock = $args['sp_inblock'];
    $postmode = $args['postmode'];
    if ($gl_edit && !empty($args['gl_etag'])) {
        // First load the original staticpage to check if it has been modified
        $o = array();
        $s = array();
        $r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s);
        if ($r == PLG_RET_OK) {
            if ($args['gl_etag'] != $o['updated']) {
                $svc_msg['error_desc'] = 'A more recent version of the staticpage is available';
                return PLG_RET_PRECONDITION_FAILED;
            }
        } else {
            $svc_msg['error_desc'] = 'The requested staticpage no longer exists';
            return PLG_RET_ERROR;
        }
    }
    // Check for unique page ID
    $duplicate_id = false;
    $delete_old_page = false;
    if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) {
        if ($sp_id != $sp_old_id) {
            $duplicate_id = true;
        }
    } elseif (!empty($sp_old_id)) {
        if ($sp_id != $sp_old_id) {
            $delete_old_page = true;
        }
    }
    if ($duplicate_id) {
        $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
        $output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2);
        if (!$args['gl_svc']) {
            $output .= staticpageeditor($sp_id);
        }
        $output .= COM_siteFooter();
        $svc_msg['error_desc'] = 'Duplicate ID';
        return PLG_RET_ERROR;
    } elseif (!empty($sp_title) && !empty($sp_content)) {
        if (empty($sp_hits)) {
            $sp_hits = 0;
        }
        if ($sp_onmenu == 'on') {
            $sp_onmenu = 1;
        } else {
            $sp_onmenu = 0;
        }
        if ($sp_nf == 'on') {
            $sp_nf = 1;
        } else {
            $sp_nf = 0;
        }
        if ($sp_centerblock == 'on') {
            $sp_centerblock = 1;
        } else {
            $sp_centerblock = 0;
        }
        if ($sp_inblock == 'on') {
            $sp_inblock = 1;
        } else {
            $sp_inblock = 0;
        }
        if ($draft_flag == 'on') {
            $draft_flag = 1;
        } else {
            $draft_flag = 0;
        }
        if ($template_flag == 'on') {
            $template_flag = 1;
        } else {
            $template_flag = 0;
        }
        // Remove any autotags the user doesn't have permission to use
        $sp_content = PLG_replaceTags($sp_content, '', true);
        // Clean up the text
        if ($_SP_CONF['censor'] == 1) {
            $sp_content = COM_checkWords($sp_content);
            $sp_title = COM_checkWords($sp_title);
        }
        if ($_SP_CONF['filter_html'] == 1) {
            $sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
        }
        $sp_title = strip_tags($sp_title);
        $sp_page_title = strip_tags($sp_page_title);
        $sp_label = strip_tags($sp_label);
        $meta_description = strip_tags($meta_description);
        $meta_keywords = strip_tags($meta_keywords);
        $sp_content = addslashes($sp_content);
        $sp_title = addslashes($sp_title);
        $sp_page_title = addslashes($sp_page_title);
        $sp_label = addslashes($sp_label);
        $meta_description = addslashes($meta_description);
        $meta_keywords = addslashes($meta_keywords);
        // If user does not have php edit perms, then set php flag to 0.
        if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) {
            $sp_php = 0;
        }
        // If marked as a template then set id to nothing and other default settings
        if ($template_flag == 1) {
            $template_id = '';
            $sp_onmenu = 0;
            $sp_label = "";
            $sp_centerblock = 0;
            $sp_php = 0;
            $sp_inblock = 0;
            $sp_nf = 0;
            $sp_hits = 0;
            $meta_description = "";
            $meta_keywords = "";
        } else {
            // See if it was a template before, if so and option changed, remove use from other pages
            if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_old_id}'") == 1) {
                $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_old_id}'";
                $result = DB_query($sql);
            }
            if ($template_id != '') {
                // If using a template, make sure php disabled
                $sp_php = 0;
                // Double check template id exists and is still a template
                $perms = SP_getPerms();
                if (!empty($perms)) {
                    $perms = ' AND ' . $perms;
                }
                if (DB_getItem($_TABLES['staticpage'], 'COUNT(sp_id)', "sp_id = '{$template_id}' AND template_flag = 1 AND (draft_flag = 0)" . $perms) == 0) {
                    $template_id = '';
                }
            }
        }
        // make sure there's only one "entire page" static page per topic
        if ($sp_centerblock == 1 && $sp_where == 0) {
            $sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE (sp_centerblock = 1) AND (sp_where = 0) AND (sp_tid = '{$sp_tid}') AND (draft_flag = 0)";
            // if we're in a multi-language setup, we need to allow one "entire
            // page" centerblock for 'all' or 'none' per language
            if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) {
                $ids = explode('_', $sp_id);
                if (count($ids) > 1) {
                    $lang_id = array_pop($ids);
                    $sql .= " AND sp_id LIKE '%\\_{$lang_id}'";
                }
            }
            DB_query($sql);
        }
        $formats = array('allblocks', 'blankpage', 'leftblocks', 'noblocks');
        if (!in_array($sp_format, $formats)) {
            $sp_format = 'allblocks';
        }
        if (!$args['gl_svc']) {
            list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
        }
        // Retrieve created date
        $datecreated = DB_getItem($_TABLES['staticpage'], 'created', "sp_id = '{$sp_id}'");
        if ($datecreated == '') {
            $datecreated = date('Y-m-d H:i:s');
        }
        DB_save($_TABLES['staticpage'], 'sp_id,sp_title,sp_page_title, sp_content,created,modified,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode', "'{$sp_id}','{$sp_title}','{$sp_page_title}','{$sp_content}','{$datecreated}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}','{$meta_description}','{$meta_keywords}',{$template_flag},'{$template_id}',{$draft_flag},{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}'");
        if ($delete_old_page && !empty($sp_old_id)) {
            // If a template and the id changed, update any staticpages that use it
            if ($template_flag == 1) {
                $sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '{$sp_id}' WHERE template_id = '{$sp_old_id}'";
                $result = DB_query($sql);
            }
            DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id);
        }
        if (empty($sp_old_id) || $sp_id == $sp_old_id) {
            if (!$template_flag) {
                PLG_itemSaved($sp_id, 'staticpages');
            } else {
                // If template then have to notify of all pages that use this template that a change to the page happened
                $sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'";
                $result = DB_query($sql);
                while ($A = DB_fetchArray($result)) {
                    PLG_itemSaved($A['sp_id'], 'staticpages');
                }
            }
        } else {
            DB_change($_TABLES['comments'], 'sid', addslashes($sp_id), array('sid', 'type'), array(addslashes($sp_old_id), 'staticpages'));
            if (!$template_flag) {
                PLG_itemSaved($sp_id, 'staticpages', $sp_old_id);
            } else {
                // If template then have to notify of all pages that use this template that a change to the page happened
                $sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'";
                $result = DB_query($sql);
                while ($A = DB_fetchArray($result)) {
                    PLG_itemSaved($A['sp_id'], 'staticpages');
                }
            }
        }
        $url = COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . $sp_id);
        $output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages', 19);
        $svc_msg['id'] = $sp_id;
        return PLG_RET_OK;
    } else {
        $output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
        $output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2);
        if (!$args['gl_svc']) {
            $output .= staticpageeditor($sp_id);
        }
        $output .= COM_siteFooter();
        return PLG_RET_ERROR;
    }
}
예제 #6
0
function MG_saveMediaEdit($album_id, $media_id, $actionURL)
{
    global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03, $_POST, $_FILES;
    $back = COM_applyFilter($_POST['rpath']);
    if ($back != '') {
        $sLength = strlen($_CONF['site_url']);
        if (substr($back, 0, $sLength) != $_CONF['site_url']) {
            $back = $_CONF['site_url'];
        }
        $actionURL = $back;
    }
    $queue = COM_applyFilter($_POST['queue'], true);
    if (isset($_POST['replacefile'])) {
        $replacefile = COM_applyFilter($_POST['replacefile']);
    } else {
        $replacefile = 0;
    }
    if ($replacefile == 1) {
        require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php';
        $repfilename = $_FILES['repfilename'];
        $filename = $repfilename['name'];
        $file = $repfilename['tmp_name'];
        list($rc, $msg) = MG_getFile($file, $filename, $album_id, '', '', 1, 0, '', 0, '', '', 0, 0, $media_id);
        COM_errorLog($msg);
    }
    // see if we had an attached thumbnail before...
    $thumb = $_FILES['attthumb'];
    $thumbnail = $thumb['tmp_name'];
    $att = isset($_POST['attachtn']) ? COM_applyFilter($_POST['attachtn'], true) : 0;
    if ($att == 1) {
        $attachtn = 1;
    } else {
        $attachtn = 0;
    }
    if ($queue) {
        $old_attached_tn = DB_getItem($_TABLES['mg_mediaqueue'], 'media_tn_attached', 'media_id="' . DB_escapeString($media_id) . '"');
    } else {
        $old_attached_tn = DB_getItem($_TABLES['mg_media'], 'media_tn_attached', 'media_id="' . DB_escapeString($media_id) . '"');
    }
    if ($old_attached_tn == 0 && $att == 1 && $thumbnail == '') {
        $attachtn = 0;
    }
    if ($old_attached_tn == 1 && $attachtn == 0) {
        $remove_old_tn = 1;
    } else {
        $remove_old_tn = 0;
    }
    if ($queue) {
        $remote_media = DB_getItem($_TABLES['mg_mediaqueue'], 'remote_media', 'media_id="' . DB_escapeString($media_id) . '"');
    } else {
        $remote_media = DB_getItem($_TABLES['mg_media'], 'remote_media', 'media_id="' . DB_escapeString($media_id) . '"');
    }
    if ($remote_media) {
        $remote_url = isset($_POST['remoteurl']) ? DB_escapeString($_POST['remoteurl']) : '';
    } else {
        $remote_url = '';
    }
    if ($_MG_CONF['htmlallowed']) {
        $media_title = COM_checkWords($_POST['media_title']);
        $media_desc = COM_checkWords($_POST['media_desc']);
    } else {
        $media_title = htmlspecialchars(strip_tags(COM_checkWords($_POST['media_title'])));
        $media_desc = htmlspecialchars(strip_tags(COM_checkWords($_POST['media_desc'])));
    }
    $media_time_month = COM_applyFilter($_POST['media_month']);
    $media_time_day = COM_applyFilter($_POST['media_day']);
    $media_time_year = COM_applyFilter($_POST['media_year']);
    $media_time_hour = COM_applyFilter($_POST['media_hour']);
    $media_time_minute = COM_applyFilter($_POST['media_minute']);
    $original_filename = COM_applyFilter($_POST['original_filename']);
    if ($replacefile == 1) {
        $original_filename = $filename;
    }
    $cat_id = COM_applyFilter($_POST['cat_id'], true);
    $media_keywords = $_POST['media_keywords'];
    $media_keywords_safe = substr($media_keywords, 0, 254);
    $media_keywords = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords($media_keywords_safe))));
    $artist = isset($_POST['artist']) ? DB_escapeString(COM_applyFilter($_POST['artist'])) : '';
    $musicalbum = isset($_POST['musicalbum']) ? DB_escapeString(COM_applyFilter($_POST['musicalbum'])) : '';
    $genre = isset($_POST['genre']) ? DB_escapeString(COM_applyFilter($_POST['genre'])) : '';
    $dtObject = new Date('now', $_USER['tzid']);
    $dtObject->setDateTimestamp($media_time_year, $media_time_month, $media_time_day, $media_time_hour, $media_time_minute, 0);
    $media_time = $dtObject->toUnix();
    if (isset($_POST['owner_name'])) {
        $owner_id = COM_applyFilter($_POST['owner_name'], true);
        $owner_sql = ',media_user_id=' . $owner_id . ' ';
    } else {
        $owner_sql = '';
    }
    $sql = "UPDATE " . ($queue ? $_TABLES['mg_mediaqueue'] : $_TABLES['mg_media']) . "\n            SET media_title='" . DB_escapeString($media_title) . "',\n            media_desc='" . DB_escapeString($media_desc) . "',\n            media_original_filename='" . DB_escapeString($original_filename) . "',\n            media_time=" . $media_time . ",\n            media_tn_attached=" . $attachtn . ",\n            media_category=" . intval($cat_id) . ",\n            media_keywords='" . $media_keywords . "',\n            artist='" . $artist . "',\n            album='" . $musicalbum . "',\n            genre='" . $genre . "',\n            remote_url='" . $remote_url . "' " . $owner_sql . "WHERE media_id='" . DB_escapeString($media_id) . "'";
    DB_query($sql);
    if (DB_error() != 0) {
        echo COM_errorLog("Media Gallery: ERROR Updating image in media database");
    }
    PLG_itemSaved($media_id, 'mediagallery');
    $media_id_db = DB_escapeString($media_id);
    // process playback options if any...
    if (isset($_POST['autostart'])) {
        // asf
        $playback_option['autostart'] = intval(COM_applyFilter($_POST['autostart'], true));
        $playback_option['enablecontextmenu'] = intval(COM_applyFilter($_POST['enablecontextmenu'], true));
        $playback_option['stretchtofit'] = isset($_POST['stretchtofit']) ? intval(COM_applyFilter($_POST['stretchtofit'], true)) : 0;
        $playback_option['showstatusbar'] = COM_applyFilter($_POST['showstatusbar'], true);
        $playback_option['uimode'] = COM_applyFilter($_POST['uimode']);
        $playback_option['height'] = isset($_POST['height']) ? COM_applyFilter($_POST['height'], true) : 0;
        $playback_option['width'] = isset($_POST['width']) ? COM_applyFilter($_POST['width'], true) : 0;
        $playback_option['bgcolor'] = isset($_POST['bgcolor']) ? COM_applyFilter($_POST['bgcolor']) : 0;
        $playback_option['playcount'] = isset($_POST['playcount']) ? COM_applyFilter($_POST['playcount'], true) : 0;
        $playback_option['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0;
        if ($playback_option['playcount'] < 1) {
            $playback_option['playcount'] = 1;
        }
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','autostart',{$playback_option['autostart']}");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','enablecontextmenu',{$playback_option['enablecontextmenu']}");
        if ($playback_option['stretchtofit'] != '') {
            DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','stretchtofit',{$playback_option['stretchtofit']}");
        }
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','showstatusbar',{$playback_option['showstatusbar']}");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','uimode', '{$playback_option['uimode']}'");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','height',{$playback_option['height']}");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','width',{$playback_option['width']}");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','bgcolor','{$playback_option['bgcolor']}'");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','playcount','{$playback_option['playcount']}'");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','loop','{$playback_option['loop']}'");
    }
    if (isset($_POST['play'])) {
        //swf
        $playback_option['play'] = COM_applyFilter($_POST['play'], true);
        $playback_option['menu'] = isset($_POST['menu']) ? COM_applyFilter($_POST['menu'], true) : '';
        $playback_option['quality'] = isset($_POST['quality']) ? DB_escapeString(COM_applyFilter($_POST['quality'])) : '';
        $playback_option['flashvars'] = isset($_POST['flashvars']) ? DB_escapeString(COM_applyFilter($_POST['flashvars'])) : '';
        $playback_option['height'] = COM_applyFilter($_POST['height'], true);
        $playback_option['width'] = COM_applyFilter($_POST['width'], true);
        $playback_option['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0;
        $playback_option['scale'] = isset($_POST['scale']) ? DB_escapeString(COM_applyFilter($_POST['scale'])) : '';
        $playback_option['wmode'] = isset($_POST['wmode']) ? DB_escapeString(COM_applyFilter($_POST['wmode'])) : '';
        $playback_option['allowscriptaccess'] = isset($_POST['allowscriptaccess']) ? DB_escapeString(COM_applyFilter($_POST['allowscriptaccess'])) : '';
        $playback_option['bgcolor'] = isset($_POST['bgcolor']) ? DB_escapeString(COM_applyFilter($_POST['bgcolor'])) : '';
        $playback_option['swf_version'] = isset($_POST['swf_version']) ? COM_applyFilter($_POST['swf_version'], true) : 9;
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','play',              {$playback_option['play']}");
        if ($playback_option['menu'] != '') {
            DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','menu',              {$playback_option['menu']}");
        }
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','quality',          '{$playback_option['quality']}'");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','height',            {$playback_option['height']}");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','width',             {$playback_option['width']}");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','flashvars',        '{$playback_option['flashvars']}'");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','scale',            '{$playback_option['scale']}'");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','wmode',            '{$playback_option['wmode']}'");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','loop',             '{$playback_option['loop']}'");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','allowscriptaccess','{$playback_option['allowscriptaccess']}'");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','bgcolor',          '{$playback_option['bgcolor']}'");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id}','swf_version',      '{$playback_option['swf_version']}'");
    }
    if (isset($_POST['autoplay'])) {
        //quicktime
        $playback_option['autoplay'] = COM_applyFilter($_POST['autoplay'], true);
        $playback_option['autoref'] = COM_applyFilter($_POST['autoref'], true);
        $playback_option['controller'] = COM_applyFilter($_POST['controller'], true);
        $playback_option['kioskmode'] = COM_applyFilter($_POST['kioskmode'], true);
        $playback_option['scale'] = DB_escapeString(COM_applyFilter($_POST['scale']));
        $playback_option['height'] = COM_applyFilter($_POST['height'], true);
        $playback_option['width'] = COM_applyFilter($_POST['width'], true);
        $playback_option['bgcolor'] = COM_applyFilter($_POST['bgcolor']);
        $playback_option['loop'] = COM_applyFilter($_POST['loop'], true);
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','autoref',{$playback_option['autoref']}");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','autoplay',{$playback_option['autoplay']}");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','controller',{$playback_option['controller']}");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','kioskmode',{$playback_option['kioskmode']}");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','scale','{$playback_option['scale']}'");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','height',{$playback_option['height']}");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','width',{$playback_option['width']}");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','bgcolor','{$playback_option['bgcolor']}'");
        DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','loop','{$playback_option['loop']}'");
    }
    if ($attachtn == 1 && $thumbnail != '') {
        require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php';
        $media_filename = DB_getItem($_TABLES['mg_media'], 'media_filename', 'media_id="' . $media_id . '"');
        $thumbFilename = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
        MG_attachThumbnail($album_id, $thumbnail, $thumbFilename);
    }
    if ($remove_old_tn == 1) {
        $media_filename = DB_getItem($_TABLES['mg_media'], 'media_filename', 'media_id="' . $media_id . '"');
        foreach ($_MG_CONF['validExtensions'] as $ext) {
            if (file_exists($_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename . $ext)) {
                @unlink($_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename . $ext);
                break;
            }
        }
    }
    if ($queue) {
        echo COM_refresh($_MG_CONF['site_url'] . '/admin.php?album_id=' . $album_id . '&amp;mode=moderate');
    } else {
        require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
        MG_buildAlbumRSS($album_id);
        CACHE_remove_instance('whatsnew');
        echo COM_refresh($actionURL);
    }
    exit;
}
예제 #7
0
function nexdoc_moveQueuefile($id, $newcid)
{
    global $_CONF, $_TABLES, $_USER, $_FMCONF;
    $filemoved = false;
    if ($newcid > 0) {
        $query = DB_query("SELECT orig_filename,queue_filename,timestamp,uid,size,mimetype FROM {$_TABLES['nxfile_import_queue']} WHERE id={$id}");
        list($fname, $qname, $date, $submitter, $filesize, $mimetype) = DB_fetchArray($query);
        $sourcefile = $_FMCONF['storage_path'] . "queue/{$qname}";
        $targetfile = $_FMCONF['storage_path'] . "{$newcid}/{$fname}";
        if (!empty($qname) and !empty($fname) and file_exists($sourcefile)) {
            if ($submitter == $_USER['uid'] or fm_getPermission($newcid, 'admin')) {
                /* Need to move the file  */
                $pos = strrpos($fname, '.') + 1;
                $fileExtension = substr($fname, $pos);
                $ret = @rename($sourcefile, $targetfile);
                if ($ret and file_exists($targetfile)) {
                    @unlink($sourcefile);
                    $filemoved = true;
                } elseif (file_exists($targetfile)) {
                    COM_errorLog("Move failed - file of same name exists - {$sourcefile}");
                    // Let's give the new file a random name and try the move again - add the numerical MonthDayHourSecond
                    $targetfile = $_FMCONF['storage_path'] . "{$newcid}/{$fname}-" . date('mdHms');
                    COM_errorLog("Attempting to move with a random name - {$targetfile}");
                    $ret = @rename($sourcefile, $targetfile);
                    if ($ret and file_exists($targetfile)) {
                        @unlink($sourcefile);
                        $filemoved = true;
                    } else {
                        COM_errorLog("Move with random filename also failed");
                    }
                }
                if ($filemoved) {
                    // File successfully moved - create new records
                    // Set status of file to 1 - online
                    $fname = addslashes($fname);
                    $qname = addslashes($qname);
                    $sql = "INSERT INTO {$_TABLES['nxfile_files']} (cid,fname,title,version,ftype,size,mimetype,extension,submitter,status,date) ";
                    $sql .= "VALUES ({$newcid},'{$fname}','{$fname}','1','file',";
                    $sql .= "'{$filesize}','{$mimetype}','{$fileExtension}',{$submitter},1,'{$date}')";
                    DB_query($sql);
                    $fid = DB_insertId();
                    // New File ID
                    DB_query("INSERT INTO {$_TABLES['nxfile_filedetail']} (fid,description,hits,rating,votes,comments)\r\n                        VALUES ('{$fid}','File uploaded with no description','0','0','0','0')");
                    DB_query("INSERT INTO {$_TABLES['nxfile_fileversions']} (fid,fname,ftype,version,notes,size,date,uid,status)\r\n                        VALUES ('{$fid}','{$fname}','file','1','','{$filesize}','{$date}','{$submitter}','1')");
                    PLG_itemSaved($fid, 'nexfile_filesaved');
                    // Optionally add notification records and send out notifications to all users with view access to this new file
                    if (DB_getItem($_TABLES['nxfile_categories'], 'auto_create_notifications', "cid={$newcid}") == 1) {
                        fm_autoCreateNotifications($fid, $newcid);
                    }
                    // Send out notifications of update
                    if ($_POST['notification'] == 1) {
                        fm_sendNotification($fid);
                    }
                    fm_updateAuditLog("Direct upload of File ID: {$fid}, in Category: {$newcid}");
                    // Remove the incoming queue file
                    DB_query("DELETE FROM  {$_TABLES['nxfile_import_queue']} WHERE id={$id}");
                } else {
                    $GLOBALS['fm_errmsg'] = 'Error moving file';
                }
            } else {
                COM_errorLog("User {$_USER['username']} does not have access to move file: {$fid} {$fname} to category: {$newcid}");
            }
        } else {
            $GLOBALS['fm_errmsg'] = "Error moving file - source file {$gname} missing";
            COM_errorLog("Nexfile: {$GLOBALS['fm_errmsg']}");
        }
    }
    return $filemoved;
}
예제 #8
0
파일: index.php 프로젝트: mystralkk/geeklog
/**
 * Saves a poll
 * Saves a poll topic and potential answers to the database
 *
 * @param    string $pid          Poll topic ID
 * @param    string $old_pid      Previous poll topic ID
 * @param    array  $Q            Array of poll questions
 * @param    string $mainPage     Checkbox: poll appears on homepage
 * @param    string $topic        The text for the topic
 * @param    string $meta_description
 * @param    string $meta_keywords
 * @param    int    $statusCode   (unused)
 * @param    string $open         Checkbox: poll open for voting
 * @param    string $hideResults  Checkbox: hide results until closed
 * @param    int    $commentCode  Indicates if users can comment on poll
 * @param    array  $A            Array of possible answers
 * @param    array  $V            Array of vote per each answer
 * @param    array  $R            Array of remark per each answer
 * @param    int    $owner_id     ID of poll owner
 * @param    int    $group_id     ID of group poll belongs to
 * @param    int    $perm_owner   Permissions the owner has on poll
 * @param    int    $perm_group   Permissions the group has on poll
 * @param    int    $perm_members Permissions logged in members have on poll
 * @param    int    $perm_anon    Permissions anonymous users have on poll
 * @param    bool   $allow_multipleanswers
 * @param    string $topic_description
 * @param    string $description
 * @return   string|void
 */
function savepoll($pid, $old_pid, $Q, $mainPage, $topic, $meta_description, $meta_keywords, $statusCode, $open, $hideResults, $commentCode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $allow_multipleanswers, $topic_description, $description)
{
    global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF;
    $retval = '';
    // Convert array values to numeric permission values
    list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    $topic = COM_stripslashes($topic);
    $topic = COM_checkHTML($topic);
    $topic_description = strip_tags(COM_stripslashes($topic_description));
    $meta_description = strip_tags(COM_stripslashes($meta_description));
    $meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
    $pid = COM_sanitizeID($pid);
    $old_pid = COM_sanitizeID($old_pid);
    if (empty($pid)) {
        if (empty($old_pid)) {
            $pid = COM_makeSid();
        } else {
            $pid = $old_pid;
        }
    }
    // check if any question was entered
    if (empty($topic) || count($Q) === 0 || strlen($Q[0]) === 0 || strlen($A[0][0]) === 0) {
        $retval .= COM_showMessageText($LANG25[2], $LANG21[32]);
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG25[5]));
        return $retval;
    }
    if (!SEC_checkToken()) {
        COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks.");
        COM_redirect($_CONF['site_admin_url'] . '/plugins/polls/index.php');
    }
    // check for poll id change
    if (!empty($old_pid) && $pid != $old_pid) {
        // check if new pid is already in use
        if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
            // TBD: abort, display editor with all content intact again
            $pid = $old_pid;
            // for now ...
        }
    }
    // start processing the poll topic
    if ($_POLL_VERBOSE) {
        COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
    }
    if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
        $P = DB_fetchArray($result);
        $access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !SEC_inGroup($group_id)) {
        $display = COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
        $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
        COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}.");
        COM_output($display);
        exit;
    }
    if ($_POLL_VERBOSE) {
        COM_errorLog('owner permissions: ' . $perm_owner, 1);
        COM_errorLog('group permissions: ' . $perm_group, 1);
        COM_errorLog('member permissions: ' . $perm_members, 1);
        COM_errorLog('anonymous permissions: ' . $perm_anon, 1);
    }
    // we delete everything and re-create it with the input from the form
    $del_pid = $pid;
    if (!empty($old_pid) && $pid != $old_pid) {
        $del_pid = $old_pid;
        // delete by old pid, create using new pid below
    }
    // Retrieve Created Date before delete
    $created_date = DB_getItem($_TABLES['polltopics'], 'created', "pid = '{$del_pid}'");
    if ($created_date == '') {
        $created_date = date('Y-m-d H:i:s');
    }
    DB_delete($_TABLES['polltopics'], 'pid', $del_pid);
    DB_delete($_TABLES['pollanswers'], 'pid', $del_pid);
    DB_delete($_TABLES['pollquestions'], 'pid', $del_pid);
    $topic = GLText::remove4byteUtf8Chars($topic);
    $topic = DB_escapeString($topic);
    $topic_description = GLText::remove4byteUtf8Chars($topic_description);
    $topic_description = DB_escapeString($topic_description);
    $meta_description = GLText::remove4byteUtf8Chars($meta_description);
    $meta_description = DB_escapeString($meta_description);
    $meta_keywords = GLText::remove4byteUtf8Chars($meta_keywords);
    $meta_keywords = DB_escapeString($meta_keywords);
    $k = 0;
    // set up a counter to make sure we do assign a straight line of question id's
    // first dimension of array are the questions
    $num_questions = count($Q);
    $num_total_votes = 0;
    $num_questions_exist = 0;
    for ($i = 0; $i < $num_questions; $i++) {
        $Q[$i] = COM_stripslashes($Q[$i]);
        $Q[$i] = COM_checkHTML($Q[$i]);
        $Q[$i] = GLText::remove4byteUtf8Chars($Q[$i]);
        $allow_multipleanswers[$i] = GLText::remove4byteUtf8Chars(COM_stripslashes($allow_multipleanswers[$i]));
        $description[$i] = GLText::remove4byteUtf8Chars(COM_checkHTML(COM_stripslashes($description[$i])));
        if ($allow_multipleanswers[$i] == 'on') {
            $allow_multipleanswers[$i] = 1;
        } else {
            $allow_multipleanswers[$i] = 0;
        }
        if (strlen($Q[$i]) > 0) {
            // only insert questions that exist
            $num_questions_exist++;
            $Q[$i] = DB_escapeString($Q[$i]);
            DB_save($_TABLES['pollquestions'], 'qid, pid, question,allow_multipleanswers,description', "'{$k}', '{$pid}', '{$Q[$i]}','{$allow_multipleanswers[$i]}','{$description[$i]}'");
            // within the questions, we have another dimensions with answers,
            // votes and remarks
            $num_answers = count($A[$i]);
            for ($j = 0; $j < $num_answers; $j++) {
                $A[$i][$j] = COM_stripslashes($A[$i][$j]);
                $A[$i][$j] = COM_checkHTML($A[$i][$j]);
                $A[$i][$j] = GLText::remove4byteUtf8Chars($A[$i][$j]);
                $R[$i][$j] = COM_stripslashes($R[$i][$j]);
                $R[$i][$j] = COM_checkHTML($R[$i][$j]);
                $R[$i][$j] = GLText::remove4byteUtf8Chars($R[$i][$j]);
                if (strlen($A[$i][$j]) > 0) {
                    // only insert answers etc that exist
                    if (!is_numeric($V[$i][$j])) {
                        $V[$i][$j] = "0";
                    }
                    $A[$i][$j] = DB_escapeString($A[$i][$j]);
                    $R[$i][$j] = DB_escapeString($R[$i][$j]);
                    $sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');";
                    DB_query($sql);
                    $num_total_votes = $num_total_votes + $V[$i][$j];
                }
            }
            $k++;
        }
    }
    // determine the number of voters (cannot use records in pollvoters table since they get deleted after a time $_PO_CONF['polladdresstime'])
    if ($num_questions_exist > 0) {
        $numVoters = $num_total_votes / $num_questions_exist;
    } else {
        // This shouldn't happen
        $numVoters = $num_total_votes;
    }
    // save topics after the questions so we can include question count into table
    $sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$numVoters}, {$k}, '{$created_date}', '" . date('Y-m-d H:i:s');
    if ($mainPage == 'on') {
        $sql .= "',1";
    } else {
        $sql .= "',0";
    }
    if ($open == 'on') {
        $sql .= ",1";
    } else {
        $sql .= ",0";
    }
    if ($hideResults == 'on') {
        $sql .= ",1";
    } else {
        $sql .= ",0";
    }
    $sql .= ",'{$statusCode}','{$commentCode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$topic_description}'";
    // Save poll topic
    DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, created, modified, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon,description", $sql);
    if (empty($old_pid) || $old_pid == $pid) {
        PLG_itemSaved($pid, 'polls');
    } else {
        DB_change($_TABLES['comments'], 'sid', DB_escapeString($pid), array('sid', 'type'), array(DB_escapeString($old_pid), 'polls'));
        DB_change($_TABLES['pollvoters'], 'pid', DB_escapeString($pid), 'pid', DB_escapeString($old_pid));
        PLG_itemSaved($pid, 'polls', $old_pid);
    }
    if ($_POLL_VERBOSE) {
        COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
    }
    return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19);
}
예제 #9
0
/**
* Toggle status of a staticpage from enabled to disabled and back
*
* @param    array   $enabledstaticpages    array of sp_id's available
* @param    array   $spidarray             array of status (1/0)
* @return   void
*
*/
function CALENDAR_toggleStatus($enabledevents, $eidarray)
{
    global $_TABLES, $_DB_table_prefix;
    if (isset($eidarray) && is_array($eidarray)) {
        foreach ($eidarray as $eid => $junk) {
            $eid = COM_applyFilter($eid);
            if (isset($enabledevents[$eid])) {
                DB_query("UPDATE {$_TABLES['events']} SET status = '1' WHERE eid = '" . DB_escapeString($eid) . "'");
            } else {
                DB_query("UPDATE {$_TABLES['events']} SET status = '0' WHERE eid = '" . DB_escapeString($eid) . "'");
            }
        }
    }
    PLG_itemSaved($eid, 'calendar');
    CTL_clearCache();
    /* fixme - add logic to update personal events table as well */
    /* logic should enable/disable all personal_event 'children' */
}
예제 #10
0
function FF_saveTopic($forumData, $postData, $action)
{
    global $_CONF, $_TABLES, $_FF_CONF, $_USER, $LANG03, $LANG_GF01, $LANG_GF02;
    $retval = '';
    $uploadErrors = '';
    $msg = '';
    $errorMessages = '';
    $email = '';
    $forumfiles = array();
    $okToSave = true;
    $dt = new Date('now', $_USER['tzid']);
    $date = $dt->toUnix();
    $REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
    if (COM_isAnonUser()) {
        $uid = 1;
    } else {
        $uid = $_USER['uid'];
    }
    // verify postmode is allowed
    if (strtolower($postData['postmode']) == 'html') {
        if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) {
            $postData['postmode'] = 'html';
        } else {
            $postData['postmode'] = 'text';
        }
    }
    // is forum readonly?
    if ($forumData['is_readonly'] == 1) {
        // Check if this user has moderation rights now to allow a post to a locked topic
        if (!forum_modPermission($forumData['forum'], $uid, 'mod_edit')) {
            _ff_accessError();
        }
    }
    if ($action == 'saveedit') {
        // does the forum match the forum id of the posted data?
        if ($forumData['forum'] != 0 && $forumData['forum'] != $postData['forum']) {
            _ff_accessError();
        }
        $editid = COM_applyFilter($postData['editid'], true);
        $forum = COM_applyFilter($postData['forum'], true);
        $editAllowed = false;
        if (forum_modPermission($forumData['forum'], $_USER['uid'], 'mod_edit')) {
            $editAllowed = true;
        } else {
            if ($_FF_CONF['allowed_editwindow'] > 0) {
                $t1 = DB_getItem($_TABLES['ff_topic'], 'date', "id=" . (int) $postData['id']);
                $t2 = $_FF_CONF['allowed_editwindow'];
                $time = time();
                if (time() - $t2 < $t1) {
                    $editAllowed = true;
                }
            } else {
                $editAllowed = true;
            }
        }
        if ($postData['editpid'] < 1 && trim($postData['subject']) == '') {
            $retval .= FF_BlockMessage('', $LANG_GF02['msg18'], false);
            $okToSave = false;
        } elseif (!$editAllowed) {
            $link = $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . (int) $postData['$id'];
            $retval .= _ff_alertMessage('', $LANG_GF02['msg189'], sprintf($LANG_GF02['msg187'], $link));
            $okToSave = false;
        }
    } else {
        if (!COM_isAnonUser() && $_FF_CONF['use_sfs']) {
            $email = isset($_USER['email']) ? $_USER['email'] : '';
        }
    }
    if (isset($postData['name']) && $postData['name'] != '') {
        $name = _ff_preparefordb(@htmlspecialchars(strip_tags(trim(COM_checkWords(USER_sanitizeName($postData['name'])))), ENT_QUOTES, COM_getEncodingt()), 'text');
        $name = urldecode($name);
    } else {
        $okToSave = false;
        $errorMessages .= $LANG_GF02['invalid_name'] . '<br />';
    }
    // speed limit check
    if (!SEC_hasRights('forum.edit')) {
        COM_clearSpeedlimit($_FF_CONF['post_speedlimit'], 'forum');
        $last = COM_checkSpeedlimit('forum');
        if ($last > 0) {
            $errorMessages .= sprintf($LANG_GF01['SPEEDLIMIT'], $last, $_FF_CONF['post_speedlimit']) . '<br/>';
            $okToSave = false;
        }
    }
    // standard edit checks
    if (strlen(trim($postData['name'])) < $_FF_CONF['min_username_length'] || strlen(trim($postData['subject'])) < $_FF_CONF['min_subject_length'] || strlen(trim($postData['comment'])) < $_FF_CONF['min_comment_length']) {
        $errorMessages .= $LANG_GF02['msg18'] . '<br/>';
        $okToSave = false;
    }
    // CAPTCHA check
    if (function_exists('plugin_itemPreSave_captcha') && $okToSave == true) {
        if (!isset($postData['captcha'])) {
            $postData['captcha'] = '';
        }
        $msg = plugin_itemPreSave_captcha('forum', $postData['captcha']);
        if ($msg != '') {
            $errorMessages .= $msg . '<br/>';
            $okToSave = false;
        }
    }
    // spamx check
    if ($_FF_CONF['use_spamx_filter'] == 1 && $okToSave == true) {
        // Check for SPAM
        $spamcheck = '<h1>' . $postData['subject'] . '</h1><p>' . $postData['comment'] . '</p>';
        $result = PLG_checkforSpam($spamcheck, $_CONF['spamx']);
        // Now check the result and redirect to index.php if spam action was taken
        if ($result > 0) {
            // then tell them to get lost ...
            $errorMessages .= $LANG_GF02['spam_detected'];
            $okToSave = false;
        }
    }
    if ($_FF_CONF['use_sfs'] == 1 && COM_isAnonUser() && function_exists('plugin_itemPreSave_spamx')) {
        $spamCheckData = array('username' => $postData['name'], 'email' => $email, 'ip' => $REMOTE_ADDR);
        $msg = plugin_itemPreSave_spamx('forum', $spamCheckData);
        if ($msg) {
            $errorMessages .= $msg;
            $okToSave = false;
        }
    }
    if ($okToSave == false) {
        $retval .= _ff_alertMessage($errorMessages, $LANG_GF01['ERROR'], '&nbsp;');
        return array(false, $retval);
    }
    if ($okToSave == true) {
        if (!isset($postData['postmode_switch'])) {
            $postData['postmode_switch'] = 0;
        }
        $postmode = _ff_chkpostmode($postData['postmode'], $postData['postmode_switch']);
        // validate postmode
        if ($postmode == 'html' || $postmode == 'HTML') {
            if ($_FF_CONF['allow_html'] || SEC_inGroup('Root') || SEC_hasRights('forum.html')) {
                $postmode = 'html';
            } else {
                $postmode = 'text';
            }
        }
        $subject = _ff_preparefordb(strip_tags($postData['subject']), 'text');
        $comment = _ff_preparefordb($postData['comment'], $postmode);
        $mood = isset($postData['mood']) ? COM_applyFilter($postData['mood']) : '';
        $id = COM_applyFilter($postData['id'], true);
        $forum = COM_applyFilter($postData['forum'], true);
        $notify = isset($postData['notify']) ? COM_applyFilter($postData['notify']) : '';
        $status = 0;
        if (isset($postData['disable_bbcode']) && $postData['disable_bbcode'] == 1) {
            $status += DISABLE_BBCODE;
        }
        if (isset($postData['disable_smilies']) && $postData['disable_smilies'] == 1) {
            $status += DISABLE_SMILIES;
        }
        if (isset($postData['disable_urlparse']) && $postData['disable_urlparse'] == 1) {
            $status += DISABLE_URLPARSE;
        }
        // If user has moderator edit rights only
        $locked = 0;
        $sticky = 0;
        if (isset($postData['modedit']) && $postData['modedit'] == 1) {
            if (isset($postData['locked_switch']) && $postData['locked_switch'] == 1) {
                $locked = 1;
            }
            if (isset($postData['sticky_switch']) && $postData['sticky_switch'] == 1) {
                $sticky = 1;
            }
        }
        if ($action == 'savetopic') {
            $fields = "forum,name,email,date,lastupdated,subject,comment,postmode,ip,mood,uid,pid,sticky,locked,status";
            $sql = "INSERT INTO {$_TABLES['ff_topic']} ({$fields}) ";
            $sql .= "VALUES (" . (int) $forum . "," . "'" . DB_escapeString($name) . "'," . "'" . DB_escapeString($email) . "'," . "'" . DB_escapeString($date) . "'," . "'" . DB_escapeString($date) . "'," . "'" . $subject . "'," . "'" . $comment . "'," . "'" . DB_escapeString($postmode) . "'," . "'" . DB_escapeString($REMOTE_ADDR) . "'," . "'" . DB_escapeString($mood) . "'," . (int) $uid . "," . "0," . (int) $sticky . "," . (int) $locked . "," . (int) $status . ")";
            DB_query($sql);
            // Find the id of the last inserted topic
            list($lastid) = DB_fetchArray(DB_query("SELECT max(id) FROM {$_TABLES['ff_topic']} "));
            $savedPostID = $lastid;
            $topicPID = $lastid;
            /* Check for any uploaded files - during add of new topic */
            $uploadErrors = _ff_check4files($lastid);
            // Check and see if there are no [file] bbcode tags in content and reset the show_inline value
            // This is needed in case user had used the file bbcode tag and then removed it
            $imagerecs = '';
            $imagerecs = implode(',', $forumfiles);
            $sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $lastid . " ";
            if ($imagerecs != '') {
                $sql .= "AND id NOT IN ({$imagerecs})";
            }
            DB_query($sql);
            // Update forums record
            DB_query("UPDATE {$_TABLES['ff_forums']} SET post_count=post_count+1, topic_count=topic_count+1, last_post_rec=" . (int) $lastid . " WHERE forum_id=" . (int) $forum);
            if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $lastid)) {
                DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $lastid);
            }
            DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0");
        } else {
            if ($action == 'savereply') {
                $fields = "name,email,date,subject,comment,postmode,ip,mood,uid,pid,forum,status";
                $sql = "INSERT INTO {$_TABLES['ff_topic']} ({$fields}) ";
                $sql .= "VALUES  (" . "'" . DB_escapeString($name) . "'," . "'" . DB_escapeString($email) . "'," . "'" . DB_escapeString($date) . "'," . "'{$subject}'," . "'{$comment}'," . "'" . DB_escapeString($postmode) . "'," . "'" . DB_escapeString($REMOTE_ADDR) . "'," . "'" . DB_escapeString($mood) . "'," . (int) $uid . "," . (int) $id . "," . (int) $forum . "," . (int) $status . ")";
                DB_query($sql);
                // Find the id of the last inserted topic
                list($lastid) = DB_fetchArray(DB_query("SELECT max(id) FROM {$_TABLES['ff_topic']} "));
                $savedPostID = $lastid;
                $topicPID = $id;
                /* Check for any uploaded files  - during adding reply post */
                $uploadErrors = _ff_check4files($lastid);
                // Check and see if there are no [file] bbcode tags in content and reset the show_inline value
                // This is needed in case user had used the file bbcode tag and then removed it
                $imagerecs = '';
                $imagerecs = implode(',', $forumfiles);
                $sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $lastid;
                if ($imagerecs != '') {
                    $sql .= " AND id NOT IN ({$imagerecs})";
                }
                DB_query($sql);
                DB_query("UPDATE {$_TABLES['ff_topic']} SET replies=replies+1, lastupdated='" . DB_escapeString($date) . "',last_reply_rec=" . (int) $lastid . " WHERE id=" . (int) $id);
                DB_query("UPDATE {$_TABLES['ff_forums']} SET post_count=post_count+1, last_post_rec=" . (int) $lastid . " WHERE forum_id=" . (int) $forum);
                if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $lastid)) {
                    DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $id);
                }
                DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0");
            } elseif ($action == 'saveedit') {
                $sql = "UPDATE {$_TABLES['ff_topic']} SET " . "subject='{$subject}'," . "comment='{$comment}'," . "postmode='" . DB_escapeString($postmode) . "'," . "mood='" . DB_escapeString($mood) . "'," . "sticky=" . (int) $sticky . "," . "locked=" . (int) $locked . "," . "status=" . (int) $status . " " . "WHERE (id=" . (int) $editid . ")";
                DB_query($sql);
                /* Check for any uploaded files  - during save of edit */
                $uploadErrors = _ff_check4files($editid);
                // Check and see if there are no [file] bbcode tags in content and reset the show_inline value
                // This is needed in case user had used the file bbcode tag and then removed it
                $imagerecs = '';
                $imagerecs = implode(',', $forumfiles);
                $sql = "UPDATE {$_TABLES['ff_attachments']} SET show_inline = 0 WHERE topic_id=" . (int) $editid . " ";
                if ($imagerecs != '') {
                    $sql .= "AND id NOT IN ({$imagerecs})";
                }
                DB_query($sql);
                $topicPID = DB_getITEM($_TABLES['ff_topic'], "pid", "id=" . (int) $editid);
                if ($topicPID == 0) {
                    $topicPID = $editid;
                }
                $savedPostID = $editid;
                if ($postData['silentedit'] != 1) {
                    DB_query("UPDATE {$_TABLES['ff_topic']} SET lastupdated='" . DB_escapeString($date) . "' WHERE id=" . (int) $topicPID);
                    //Remove any lastviewed records in the log so that the new updated topic indicator will appear
                    DB_query("DELETE FROM {$_TABLES['ff_log']} WHERE topic=" . (int) $topicPID . " and time > 0");
                }
                if (DB_Count($_TABLES['ff_attachments'], 'topic_id', (int) $editid)) {
                    DB_query("UPDATE {$_TABLES['ff_topic']} SET attachments=1 WHERE id=" . (int) $topicPID);
                }
                $topicparent = $topicPID;
            }
        }
        COM_updateSpeedLimit('forum');
        PLG_itemSaved($savedPostID, 'forum');
        CACHE_remove_instance('forumcb');
        if (!COM_isAnonUser()) {
            //NOTIFY - Checkbox variable in form set to "on" when checked and they don't already have subscribed to forum or topic
            $nid = -$topicPID;
            $currentForumNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id=0 AND uid=" . (int) $uid);
            $currentTopicNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id='" . DB_escapeString($topicPID) . "' AND uid=" . (int) $uid);
            $currentTopicUnNotifyRecID = (int) DB_getItem($_TABLES['subscriptions'], 'sub_id', "type='forum' AND category='" . DB_escapeString($forum) . "' AND id='" . DB_escapeString($nid) . "' AND uid=" . (int) $uid);
            $forum_name = DB_getItem($_TABLES['ff_forums'], 'forum_name', 'forum_id=' . (int) $forum);
            $topic_name = $subject;
            if ($notify == 'on' and ($currentForumNotifyRecID < 1 and $currentTopicNotifyRecID < 1)) {
                $sql = "INSERT INTO {$_TABLES['subscriptions']} (type,category,category_desc,id,id_desc,uid,date_added) ";
                $sql .= "VALUES ('forum','" . DB_escapeString($forum) . "','" . DB_escapeString($forum_name) . "','" . DB_escapeString($topicPID) . "','" . $subject . "'," . (int) $uid . ",now() )";
                DB_query($sql);
            } elseif ($notify == 'on' and $currentTopicUnNotifyRecID > 1) {
                // Had un-subcribed to topic and now wants to subscribe
                DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE sub_id=" . (int) $currentTopicUnNotifyRecID);
            } elseif ($notify == '' and $currentTopicNotifyRecID > 1) {
                // Subscribed to topic - but does not want to be notified anymore
                DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($topicPID) . "'");
            } elseif ($notify == '' and $currentForumNotifyRecID > 1) {
                // Subscribed to forum - but does not want to be notified about this topic
                DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($topicPID) . "'");
                DB_query("DELETE FROM {$_TABLES['subscriptions']} WHERE type='forum' AND uid=" . (int) $uid . " AND category='" . DB_escapeString($forum) . "' and id = '" . DB_escapeString($nid) . "'");
                DB_query("INSERT INTO {$_TABLES['subscriptions']} (type,category,category_desc,id,id_desc,uid,date_added) VALUES ('forum','" . DB_escapeString($forum) . "','" . DB_escapeString($forum_name) . "','" . DB_escapeString($nid) . "','" . $subject . "'," . (int) $uid . ",now() )");
            }
        }
        if ($action != 'saveedit') {
            _ff_chknotifications($forum, $savedPostID, $uid);
        }
        $link = $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . $topicPID . '&topic=' . $savedPostID . '#' . $savedPostID;
        if ($uploadErrors != '') {
            $autorefresh = false;
        } else {
            $autorefresh = true;
        }
        $retval .= FF_statusMessage($uploadErrors . $LANG_GF02['msg19'], $link, $LANG_GF02['msg19'], false, '', $autorefresh);
    } else {
        $retval .= _ff_alertMessage($LANG_GF02['msg18']);
    }
    return array(true, $retval);
}
예제 #11
0
 /**
  * Saves a story submission.
  *
  * @return  integer result code explaining behaviour.
  */
 public function saveSubmission()
 {
     global $_USER, $_CONF, $_TABLES;
     $this->_sid = COM_makeSid();
     if (COM_isAnonUser()) {
         $this->_uid = 1;
     } else {
         $this->_uid = $_USER['uid'];
     }
     // Remove any autotags the user doesn't have permission to use
     $introText = PLG_replaceTags($this->_introtext, '', true);
     $bodyText = PLG_replaceTags($this->_bodytext, '', true);
     if (!TOPIC_hasMultiTopicAccess('topic')) {
         // user doesn't have access to one or more topics - bail
         return STORY_NO_ACCESS_TOPIC;
     }
     if ($_CONF['storysubmission'] == 1 && !SEC_hasRights('story.submit')) {
         $sid = DB_escapeString($this->_sid);
         $title = DB_escapeString($this->_title);
         $introText = DB_escapeString($introText);
         $bodyText = DB_escapeString($bodyText);
         $postMode = DB_escapeString($this->_postmode);
         DB_save($_TABLES['storysubmission'], 'sid,uid,title,introtext,bodytext,date,postmode,text_version', "{$sid},{$this->_uid},'{$title}'," . "'{$introText}','{$bodyText}',NOW(),'{$postMode}','{$this->_text_version}'");
         // Save Topics selected
         TOPIC_saveTopicSelectionControl('article', $sid);
         return STORY_SAVED_SUBMISSION;
     } else {
         // post this story directly. First establish the necessary missing data.
         $this->sanitizeData();
         if (!isset($_CONF['show_topic_icon'])) {
             $_CONF['show_topic_icon'] = 1;
         }
         /*
                     if (DB_getItem($_TABLES['topics'], 'archive_flag', "tid = '{$tmptid}'") == 1) { // A bug using undefined variable $tmptid
                         $this->_frontpage = 0;
                     } elseif (isset($_CONF['frontpage'])) {
                         $this->_frontpage = $_CONF['frontpage'];
                     } else {
                         $this->_frontpage = 1;
                     }
         
                     $this->_oldsid = $this->_sid; // dead code
         */
         $this->_date = mktime();
         $this->_featured = 0;
         $this->_commentcode = $_CONF['comment_code'];
         $this->_trackbackcode = $_CONF['trackback_code'];
         $this->_statuscode = 0;
         $this->_show_topic_icon = $_CONF['show_topic_icon'];
         $this->_cache_time = $_CONF['default_cache_time_article'];
         if (COM_isAnonUser()) {
             $this->_owner_id = 1;
         } else {
             $this->_owner_id = $_USER['uid'];
         }
         /*
         $this->_group_id = $T['group_id'];
         $this->_perm_owner = $T['perm_owner'];
         $this->_perm_group = $T['perm_group'];
         $this->_perm_members = $T['perm_members'];
         $this->_perm_anon = $T['perm_anon'];
         */
         // Save Topics selected
         TOPIC_saveTopicSelectionControl('article', $this->_sid);
         $sql = "SELECT group_id,perm_owner,perm_group,perm_members,perm_anon,archive_flag " . "FROM {$_TABLES['topics']} t, {$_TABLES['topic_assignments']} ta " . "WHERE ta.type = 'article' AND ta.id = '{$this->_sid}' " . "AND ta.tdefault = 1 AND ta.tid = t.tid";
         $result = DB_query($sql);
         $A = DB_fetchArray($result);
         if ($A['archive_flag'] == 1) {
             $this->_frontpage = 0;
         } elseif (isset($_CONF['frontpage'])) {
             $this->_frontpage = $_CONF['frontpage'];
         } else {
             $this->_frontpage = 1;
         }
         $this->_group_id = $A['group_id'];
         $this->_perm_owner = $A['perm_owner'];
         $this->_perm_group = $A['perm_group'];
         $this->_perm_members = $A['perm_members'];
         $this->_perm_anon = $A['perm_anon'];
         $this->saveToDatabase();
         PLG_itemSaved($this->_sid, 'article');
         COM_rdfUpToDateCheck('article');
         COM_rdfUpToDateCheck('comment');
         STORY_updateLastArticlePublished();
         return STORY_SAVED;
     }
 }
예제 #12
0
 $filter->cleanData('int', array('catparent' => $_POST['catparent'], 'catinherit' => $_POST['catinherit']));
 $filter->cleanData('text', array('catname' => $_POST['catname'], 'catdesc' => $_POST['catdesc']));
 $_CLEAN = $filter->getDbData();
 $catpid = $_CLEAN['int']['catparent'];
 $catname = $_CLEAN['text']['catname'];
 $catdesc = $_CLEAN['text']['catdesc'];
 $catinherit = $_CLEAN['int']['catinherit'];
 if (fm_getPermission($catpid, 'admin')) {
     $catresult = fm_createCategory($catpid, $catname, $catdesc);
     if ($catresult['0'] > 0) {
         $newcid = $catresult['0'];
         if ($autonotify == 1) {
             // Version 3.0 -- not presently being used
             DB_query("UPDATE {$_TABLES['nxfile_categories']} set auto_create_notifications='1' WHERE cid='{$newcid}'");
         }
         PLG_itemSaved($newcid, 'nexfile_folder_create');
         fm_updateAuditLog("New Category: {$newcid} created");
         $data['retcode'] = 200;
         $data['cid'] = $newcid;
         if ($catpid == 0) {
             $data['displaycid'] = $newcid;
         } else {
             $data['displaycid'] = $catpid;
         }
     } else {
         $data['retcode'] = 500;
         $data['errmsg'] = $catresult['1'];
         COM_errorLog("nexfile: Error creating new folder -> {$catresult['1']}");
     }
 } else {
     $data['errmsg'] = 'Insufficent Permissions';
예제 #13
0
function MG_batchCaptionSave($album_id, $actionURL)
{
    global $_CONF, $_TABLES, $_MG_CONF;
    $media_title = array();
    $media_desc = array();
    $media_id = array();
    $media_title = $_POST['media_title'];
    $media_desc = $_POST['media_desc'];
    $media_id = $_POST['media_id'];
    $total_media = count($media_id);
    $table = $_TABLES['mg_media'];
    $id = DB_getItem($table, 'media_id', 'media_id="' . addslashes($media_id[0]) . '"');
    if (empty($id)) {
        $table = $_TABLES['mg_mediaqueue'];
    }
    for ($i = 0; $i < $total_media; $i++) {
        if ($_MG_CONF['htmlallowed']) {
            $title = addslashes(COM_checkWords(COM_stripslashes($media_title[$i])));
            $desc = addslashes(COM_checkWords(COM_stripslashes($media_desc[$i])));
        } else {
            $title = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_stripslashes($media_title[$i])))));
            $desc = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_stripslashes($media_desc[$i])))));
        }
        $media_time = time();
        $sql = "UPDATE " . $table . " SET media_title='" . $title . "', media_time='" . $media_time . "', media_upload_time='" . $media_time . "', media_desc='" . $desc . "' WHERE media_id='" . addslashes(COM_applyFilter($media_id[$i])) . "'";
        DB_query($sql);
        PLG_itemSaved($media_id[$i], 'mediagallery');
    }
    require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
    MG_buildAlbumRSS($album_id);
    echo COM_refresh($actionURL);
    exit;
}
예제 #14
0
     }
 }
 DB_query("DELETE FROM {$_TABLES['forum_log']} WHERE topic='{$id}' and time > 0");
 // Check for any users subscribed notifications
 gf_chknotifications($forum, $id, $uid);
 $postmode = gf_chkpostmode($postmode, $mode_switch);
 $subject = gf_preparefordb($_POST['subject'], 'text');
 $comment = gf_preparefordb($_POST['comment'], $postmode);
 $fields = "name,date,subject,comment,postmode,ip,mood,uid,pid,forum";
 $sql = "INSERT INTO {$_TABLES['forum_topic']} ({$fields}) ";
 $sql .= "VALUES  ('{$name}','{$date}','{$subject}','{$comment}',";
 $sql .= "'{$postmode}','{$REMOTE_ADDR}','{$mood}','{$uid}','{$id}','{$forum}')";
 DB_query($sql);
 // Find the id of the last inserted topic
 list($lastid) = DB_fetchArray(DB_query("SELECT max(id) FROM {$_TABLES['forum_topic']} "));
 PLG_itemSaved($lastid, 'forum');
 DB_query("UPDATE {$_TABLES['forum_topic']} SET replies=replies + 1, lastupdated = {$date},last_reply_rec={$lastid} WHERE id={$id}");
 DB_query("UPDATE {$_TABLES['forum_forums']} SET post_count=post_count+1, last_post_rec={$lastid} WHERE forum_id={$forum}");
 //NOTIFY - Checkbox variable in form set to "on" when checked and they don't already have subscribed to forum or topic
 $nid = -$id;
 // Negative Topic ID Value
 $currentForumNotifyRecID = DB_getItem($_TABLES['forum_watch'], 'id', "forum_id='{$forum}' AND topic_id=0 AND uid='{$uid}'");
 $currentTopicNotifyRecID = DB_getItem($_TABLES['forum_watch'], 'id', "forum_id='{$forum}' AND topic_id={$id} AND uid='{$uid}'");
 $currentTopicUnNotifyRecID = DB_getItem($_TABLES['forum_watch'], 'id', "forum_id='{$forum}' AND topic_id={$nid} AND uid='{$uid}'");
 if ($notify == 'on' and $currentForumNotifyRecID < 1) {
     $sql = "INSERT INTO {$_TABLES['forum_watch']} (forum_id,topic_id,uid,date_added) ";
     $sql .= "VALUES ('{$forum}','{$id}','{$_USER['uid']}',now() )";
     DB_query($sql);
 } elseif ($notify == 'on' and $currentTopicUnNotifyRecID > 1) {
     // Had un-subcribed to topic and now wants to subscribe
     DB_query("DELETE FROM {$_TABLES['forum_watch']} WHERE id={$currentTopicUnNotifyRecID}");
예제 #15
0
/**
* Saves link to the database
*
* @param    string  $lid            ID for link
* @param    string  $old_lid        old ID for link
* @param    string  $cid            cid of category link belongs to
* @param    string  $categorydd     Category links belong to
* @param    string  $url            URL of link to save
* @param    string  $description    Description of link
* @param    string  $title          Title of link
* @param    int     $hits           Number of hits for link
* @param    int     $owner_id       ID of owner
* @param    int     $group_id       ID of group link belongs to
* @param    int     $perm_owner     Permissions the owner has
* @param    int     $perm_group     Permissions the group has
* @param    int     $perm_members   Permissions members have
* @param    int     $perm_anon      Permissions anonymous users have
* @return   string                  HTML redirect or error message
* @global array core config vars
* @global array core group data
* @global array core table data
* @global array core user data
* @global array core msg data
* @global array links plugin lang admin vars
*
*/
function savelink($lid, $old_lid, $cid, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
    global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF;
    $retval = '';
    // Convert array values to numeric permission values
    if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) {
        list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    // Remove any autotags the user doesn't have permission to use
    $description = PLG_replaceTags($description, '', true);
    // clean 'em up
    $description = DB_escapeString(COM_checkHTML(COM_checkWords($description), 'links.edit'));
    $title = DB_escapeString(strip_tags(COM_checkWords($title)));
    $cid = DB_escapeString($cid);
    if (empty($owner_id)) {
        // this is new link from admin, set default values
        $owner_id = $_USER['uid'];
        if (isset($_GROUPS['Links Admin'])) {
            $group_id = $_GROUPS['Links Admin'];
        } else {
            $group_id = SEC_getFeatureGroup('links.edit');
        }
        $perm_owner = 3;
        $perm_group = 2;
        $perm_members = 2;
        $perm_anon = 2;
    }
    $lid = COM_sanitizeID($lid);
    $old_lid = COM_sanitizeID($old_lid);
    if (empty($lid)) {
        if (empty($old_lid)) {
            $lid = COM_makeSid();
        } else {
            $lid = $old_lid;
        }
    }
    // check for link id change
    if (!empty($old_lid) && $lid != $old_lid) {
        // check if new lid is already in use
        if (DB_count($_TABLES['links'], 'lid', $lid) > 0) {
            // TBD: abort, display editor with all content intact again
            $lid = $old_lid;
            // for now ...
        }
    }
    $access = 0;
    $old_lid = DB_escapeString($old_lid);
    if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'");
        $A = DB_fetchArray($result);
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !SEC_inGroup($group_id)) {
        $display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
        $display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
        COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}.");
        COM_output($display);
        exit;
    } elseif (!empty($title) && !empty($description) && !empty($url)) {
        if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) {
            $cid = DB_escapeString($categorydd);
        } else {
            if ($categorydd != $LANG_LINKS_ADMIN[7]) {
                echo COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php');
            }
        }
        DB_delete($_TABLES['linksubmission'], 'lid', $old_lid);
        DB_delete($_TABLES['links'], 'lid', $old_lid);
        DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$lid}','{$cid}','{$url}','{$description}','{$title}',NOW(),'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
        if (empty($old_lid) || $old_lid == $lid) {
            PLG_itemSaved($lid, 'links');
        } else {
            PLG_itemSaved($lid, 'links', $old_lid);
        }
        // Get category for rdf check
        $category = DB_getItem($_TABLES['linkcategories'], "category", "cid='{$cid}'");
        COM_rdfUpToDateCheck('links', $category, $lid);
        return PLG_afterSaveSwitch($_LI_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/links/portal.php?what=link&item={$lid}"), 'links', 2);
    } else {
        // missing fields
        $retval .= COM_errorLog($LANG_LINKS_ADMIN[10], 2);
        if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
            $retval .= editlink('edit', $old_lid);
        } else {
            $retval .= editlink('edit', '');
        }
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LINKS_ADMIN[1]));
        return $retval;
    }
}
예제 #16
0
function MG_batchCaptionSave($album_id, $start, $actionURL)
{
    global $_USER, $_CONF, $_TABLES, $MG_albums, $_MG_CONF, $LANG_MG00, $LANG_MG01;
    $media_title = array();
    $media_desc = array();
    $media_id = array();
    $media_title = $_POST['media_title'];
    $media_desc = $_POST['media_desc'];
    $media_id = $_POST['media_id'];
    $total_media = count($media_id);
    for ($i = 0; $i < $total_media; $i++) {
        $queue = DB_count($_TABLES['mg_mediaqueue'], 'media_id', DB_escapeString($media_id[$i]));
        if ($queue) {
            $tablename = $_TABLES['mg_mediaqueue'];
        } else {
            $tablename = $_TABLES['mg_media'];
        }
        if ($MG_albums[$album_id]->enable_html) {
            //        if ( $_MG_CONF['htmlallowed'] ) {
            $title = DB_escapeString(COM_checkWords($media_title[$i]));
            $desc = DB_escapeString(COM_checkWords($media_desc[$i]));
        } else {
            $title = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords($media_title[$i]))));
            $desc = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords($media_desc[$i]))));
        }
        $sql = "UPDATE " . $tablename . " SET media_title='" . $title . "', `media_desc` ='" . $desc . "' WHERE media_id='" . DB_escapeString(COM_applyFilter($media_id[$i])) . "'";
        DB_query($sql);
        PLG_itemSaved($media_id[$i], 'mediagallery');
    }
    require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
    MG_buildAlbumRSS($album_id);
    echo COM_refresh($actionURL);
    exit;
}
예제 #17
0
function MG_getFile($filename, $file, $album_id, $opt = array())
{
    global $_CONF, $_MG_CONF, $_USER, $_TABLES, $LANG_MG00, $LANG_MG01, $LANG_MG02, $_SPECIAL_IMAGES_MIMETYPE, $new_media_id;
    $caption = isset($opt['caption']) ? $opt['caption'] : '';
    $description = isset($opt['description']) ? $opt['description'] : '';
    $upload = isset($opt['upload']) ? $opt['upload'] : 1;
    $purgefiles = isset($opt['purgefiles']) ? $opt['purgefiles'] : 0;
    $filetype = isset($opt['filetype']) ? $opt['filetype'] : '';
    $atttn = isset($opt['atttn']) ? $opt['atttn'] : 0;
    $thumbnail = isset($opt['thumbnail']) ? $opt['thumbnail'] : '';
    $keywords = isset($opt['keywords']) ? $opt['keywords'] : '';
    $category = isset($opt['category']) ? $opt['category'] : 0;
    $dnc = isset($opt['dnc']) ? $opt['dnc'] : 0;
    $replace = isset($opt['replace']) ? $opt['replace'] : 0;
    $artist = '';
    $musicAlbum = '';
    $genre = '';
    $video_attached_thumbnail = 0;
    $successfulWatermark = 0;
    $dnc = 1;
    // What is this?
    $errors = 0;
    $errMsg = '';
    require_once $_CONF['path'] . 'plugins/mediagallery/include/classAlbum.php';
    $album = new mgAlbum($album_id);
    $root_album = new mgAlbum(0);
    if ($_MG_CONF['verbose']) {
        COM_errorLog("MG Upload: *********** Beginning media upload process...");
        COM_errorLog("Filename to process: " . $filename);
        COM_errorLog("UID=" . $_USER['uid']);
        COM_errorLog("album access=" . $album->access);
        COM_errorLog("album owner_id=" . $album->owner_id);
        COM_errorLog("member_uploads=" . $album->member_uploads);
    }
    clearstatcache();
    if (!file_exists($filename)) {
        $errMsg = $LANG_MG02['upload_not_found'];
        return array(false, $errMsg);
    }
    if (!is_readable($filename)) {
        $errMsg = $LANG_MG02['upload_not_readable'];
        return array(false, $errMsg);
    }
    // make sure we have the proper permissions to upload to this album....
    if (!isset($album->id)) {
        $errMsg = $LANG_MG02['album_nonexist'];
        // "Album does not exist, unable to process uploads";
        return array(false, $errMsg);
    }
    if ($album->access != 3 && !$root_album->owner_id && $album->member_uploads == 0) {
        COM_errorLog("Someone has tried to illegally upload to an album in Media Gallery. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: " . $_SERVER['REMOTE_ADDR'], 1);
        return array(false, $LANG_MG00['access_denied_msg']);
    }
    sleep(0.1);
    // We do this to make sure we don't get dupe sid's
    /*
     * The following section of code will generate a unique name for a temporary
     * file and copy the uploaded file to the Media Gallery temp directory.
     * We do this to prevent any SAFE MODE issues when we later open the
     * file to determine the mime type.
     */
    if (empty($_USER['username'])) {
        $_USER['username'] = '******';
    }
    $tmpPath = $_MG_CONF['tmp_path'] . $_USER['username'] . COM_makesid() . '.tmp';
    if ($upload) {
        $rc = @move_uploaded_file($filename, $tmpPath);
    } else {
        $rc = @copy($filename, $tmpPath);
        $importSource = $filename;
    }
    if ($rc != 1) {
        COM_errorLog("Media Upload - Error moving uploaded file in generic processing....");
        COM_errorLog("Media Upload - Unable to copy file to: " . $tmpPath);
        $errors++;
        $errMsg .= sprintf($LANG_MG02['move_error'], $filename);
        @unlink($tmpPath);
        COM_errorLog("MG Upload: Problem uploading a media object");
        return array(false, $errMsg);
    }
    $filename = $tmpPath;
    $new_media_id = $replace > 0 ? $replace : COM_makesid();
    $media_time = time();
    $media_upload_time = $media_time;
    if (!isset($_USER['uid']) || $_USER['uid'] < 1) {
        $media_user_id = 1;
    } else {
        $media_user_id = $_USER['uid'];
    }
    $mimeInfo = MG_getMediaMetaData($filename);
    $mimeExt = strtolower(substr(strrchr($file, '.'), 1));
    $mimeInfo['type'] = $mimeExt;
    // override the determination for some filetypes
    $filetype = MG_getFileTypeFromExt($mimeExt, $filetype);
    if (empty($mimeInfo['mime_type'])) {
        COM_errorLog("MG Upload: getID3 was unable to detect mime type - using PHP detection");
        $mimeInfo['mime_type'] = $filetype;
    }
    $gotTN = 0;
    if ($mimeInfo['id3v2']['APIC'][0]['mime'] == 'image/jpeg') {
        $mp3AttachdedThumbnail = $mimeInfo['id3v2']['APIC'][0]['data'];
        $gotTN = 1;
    }
    if ($_MG_CONF['verbose']) {
        COM_errorLog("MG Upload: found mime type of " . $mimeInfo['type']);
    }
    if ($mimeExt == '' || $mimeInfo['mime_type'] == 'application/octet-stream' || $mimeInfo['mime_type'] == '') {
        // assume format based on file upload info...
        switch ($filetype) {
            case 'audio/mpeg':
                $mimeInfo['type'] = 'mp3';
                $mimeInfo['mime_type'] = 'audio/mpeg';
                $mimeExt = 'mp3';
                break;
            case 'image/tga':
                $mimeInfo['type'] = 'tga';
                $mimeInfo['mime_type'] = 'image/tga';
                $mimeExt = 'tga';
                break;
            case 'image/psd':
                $mimeInfo['type'] = 'psd';
                $mimeInfo['mime_type'] = 'image/psd';
                $mimeExt = 'psd';
                break;
            case 'image/gif':
                $mimeInfo['type'] = 'gif';
                $mimeInfo['mime_type'] = 'image/gif';
                $mimeExt = 'gif';
                break;
            case 'image/jpeg':
            case 'image/jpg':
                $mimeInfo['type'] = 'jpg';
                $mimeInfo['mime_type'] = 'image/jpeg';
                $mimeExt = 'jpg';
                break;
            case 'image/png':
                $mimeInfo['type'] = 'png';
                $mimeInfo['mime_type'] = 'image/png';
                $mimeExt = 'png';
                break;
            case 'image/bmp':
                $mimeInfo['type'] = 'bmp';
                $mimeInfo['mime_type'] = 'image/bmp';
                $mimeExt = 'bmp';
                break;
            case 'application/x-shockwave-flash':
                $mimeInfo['type'] = 'swf';
                $mimeInfo['mime_type'] = 'application/x-shockwave-flash';
                $mimeExt = 'swf';
                break;
            case 'application/zip':
                $mimeInfo['type'] = 'zip';
                $mimeInfo['mime_type'] = 'application/zip';
                $mimeExt = 'zip';
                break;
            case 'audio/mpeg':
                $mimeInfo['type'] = 'mp3';
                $mimeInfo['mime_type'] = 'audio/mpeg';
                $mimeExt = 'mp3';
                break;
            case 'video/quicktime':
                $mimeInfo['type'] = 'mov';
                $mimeInfo['mime_type'] = 'video/quicktime';
                $mimeExt = 'mov';
                break;
            case 'video/x-m4v':
                $mimeInfo['type'] = 'mov';
                $mimeInfo['mime_type'] = 'video/x-m4v';
                $mimeExt = 'mov';
                break;
            case 'video/x-flv':
                $mimeInfo['type'] = 'flv';
                $mimeInfo['mime_type'] = 'video/x-flv';
                $mimeExt = 'flv';
                break;
            case 'audio/x-ms-wma':
                $mimeInfo['type'] = 'wma';
                $mimeInfo['mime_type'] = 'audio/x-ms-wma';
                $mimeExt = 'wma';
                break;
            default:
                switch ($mimeExt) {
                    case 'flv':
                        $mimeInfo['type'] = 'flv';
                        $mimeInfo['mime_type'] = 'video/x-flv';
                        break;
                    case 'wma':
                        $mimeInfo['type'] = 'wma';
                        $mimeInfo['mime_type'] = 'audio/x-ms-wma';
                        break;
                    default:
                        $mimeInfo['type'] = 'file';
                        $mimeInfo['mime_type'] = 'application/octet-stream';
                        if ($filetype != '') {
                            $mimeInfo['mime_type'] = $filetype;
                        }
                        break;
                }
                break;
        }
        if ($_MG_CONF['verbose']) {
            COM_errorLog("MG Upload: override mime type to: " . $mimeInfo['type'] . ' based upon file extension of: ' . $filetype);
        }
    }
    switch ($mimeInfo['mime_type']) {
        case 'audio/mpeg':
            $format_type = MG_MP3;
            break;
        case 'image/gif':
            $format_type = MG_GIF;
            break;
        case 'image/jpeg':
        case 'image/jpg':
            $format_type = MG_JPG;
            break;
        case 'image/png':
            $format_type = MG_PNG;
            break;
        case 'image/bmp':
            $format_type = MG_BMP;
            break;
        case 'application/x-shockwave-flash':
            $format_type = MG_SWF;
            break;
        case 'application/zip':
            $format_type = MG_ZIP;
            break;
        case 'video/mpeg':
        case 'video/x-motion-jpeg':
        case 'video/quicktime':
        case 'video/mpeg':
        case 'video/x-mpeg':
        case 'video/x-mpeq2a':
        case 'video/x-qtc':
        case 'video/x-m4v':
            $format_type = MG_MOV;
            break;
        case 'video/x-flv':
            $format_type = MG_FLV;
            break;
        case 'image/tiff':
            $format_type = MG_TIF;
            break;
        case 'image/x-targa':
        case 'image/tga':
            $format_type = MG_TGA;
            break;
        case 'image/psd':
            $format_type = MG_PSD;
            break;
        case 'application/ogg':
            $format_type = MG_OGG;
            break;
        case 'audio/x-ms-wma':
        case 'audio/x-ms-wax':
        case 'audio/x-ms-wmv':
        case 'video/x-ms-asf':
        case 'video/x-ms-asf-plugin':
        case 'video/avi':
        case 'video/msvideo':
        case 'video/x-msvideo':
        case 'video/avs-video':
        case 'video/x-ms-wmv':
        case 'video/x-ms-wvx':
        case 'video/x-ms-wm':
        case 'application/x-troff-msvideo':
        case 'application/x-ms-wmz':
        case 'application/x-ms-wmd':
            $format_type = MG_ASF;
            break;
        case 'application/pdf':
            $format_type = MG_OTHER;
            break;
        default:
            $format_type = MG_OTHER;
            break;
    }
    if (!($album->valid_formats & $format_type)) {
        return array(false, $LANG_MG02['format_not_allowed']);
    }
    $mimeType = $mimeInfo['mime_type'];
    if ($_MG_CONF['verbose']) {
        COM_errorLog("MG Upload: PHP detected mime type is : " . $filetype);
    }
    if ($filetype == 'video/x-m4v') {
        $mimeType = 'video/x-m4v';
        $mimeInfo['mime_type'] = 'video/x-m4v';
    }
    if ($replace > 0) {
        $sql = "SELECT * FROM {$_TABLES['mg_media']} WHERE media_id='" . addslashes($replace) . "'";
        $result = DB_query($sql);
        $row = DB_fetchArray($result);
        $media_filename = $row['media_filename'];
    } else {
        if ($_MG_CONF['preserve_filename'] == 1) {
            $loopCounter = 0;
            $digitCounter = 1;
            $file_name = stripslashes($file);
            $file_name = MG_replace_accents($file_name);
            $file_name = preg_replace("#[ ]#", "_", $file_name);
            // change spaces to underscore
            $file_name = preg_replace('#[^\\.\\-,\\w]#', '_', $file_name);
            //only parenthesis, underscore, letters, numbers, comma, hyphen, period - others to underscore
            $file_name = preg_replace('#(_)+#', '_', $file_name);
            //eliminate duplicate underscore
            $pos = strrpos($file_name, '.');
            if ($pos === false) {
                $basefilename = $file_name;
            } else {
                $basefilename = strtolower(substr($file_name, 0, $pos));
            }
            do {
                clearstatcache();
                $media_filename = substr(md5(uniqid(rand())), 0, $digitCounter) . '_' . $basefilename;
                $loopCounter++;
                if ($loopCounter > 16) {
                    $digitCounter++;
                    $loopCounter = 0;
                }
            } while (MG_file_exists($media_filename));
        } else {
            do {
                clearstatcache();
                $media_filename = md5(uniqid(rand()));
            } while (MG_file_exists($media_filename));
        }
    }
    // replace a few mime extentions here...
    //
    if ($mimeExt == 'php') {
        $mimeExt = 'phps';
    }
    if (in_array($mimeExt, array('pl', 'cgi', 'py', 'sh', 'rb'))) {
        $mimeExt = 'txt';
    }
    $disp_media_filename = $media_filename . '.' . $mimeExt;
    if ($_MG_CONF['verbose']) {
        COM_errorLog("MG Upload: Stored filename is : " . $disp_media_filename);
        COM_errorLog("MG Upload: Mime Type: " . $mimeType);
    }
    switch ($mimeType) {
        case 'image/psd':
        case 'image/x-targa':
        case 'image/tga':
        case 'image/photoshop':
        case 'image/x-photoshop':
        case 'image/psd':
        case 'application/photoshop':
        case 'application/psd':
        case 'image/tiff':
        case 'image/gif':
        case 'image/jpeg':
        case 'image/jpg':
        case 'image/png':
        case 'image/bmp':
            $dispExt = $mimeExt;
            if (in_array($mimeType, $_SPECIAL_IMAGES_MIMETYPE)) {
                $dispExt = 'jpg';
            }
            $media_orig = MG_getFilePath('orig', $media_filename, $mimeExt);
            $media_disp = MG_getFilePath('disp', $media_filename, $dispExt);
            $media_tn = MG_getFilePath('tn', $media_filename, $dispExt);
            $mimeType = $mimeInfo['mime_type'];
            // process image file
            $media_time = getOriginationTimestamp($filename);
            if ($media_time == null || $media_time < 0) {
                $media_time = time();
            }
            if ($_MG_CONF['verbose']) {
                COM_errorLog("MG Upload: About to move/copy file");
            }
            $rc = @copy($filename, $media_orig);
            if ($rc != 1) {
                COM_errorLog("Media Upload - Error moving uploaded file....");
                COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig);
                $errors++;
                $errMsg .= sprintf($LANG_MG02['move_error'], $filename);
            } else {
                if ($purgefiles) {
                    @unlink($importSource);
                }
                @chmod($media_orig, 0644);
                list($rc, $msg) = MG_convertImage($media_orig, $media_tn, $media_disp, $mimeExt, $mimeType, $album_id, $media_filename, $dnc);
                if ($rc == false) {
                    $errors++;
                    $errMsg .= $msg;
                    // sprintf($LANG_MG02['convert_error'],$filename);
                } else {
                    $mediaType = 0;
                    if ($_MG_CONF['discard_original'] == 1 && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg' || $mimeType == 'image/png' || $mimeType == 'image/bmp' || $mimeType == 'image/gif')) {
                        if ($_MG_CONF['jhead_enabled'] && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg')) {
                            $rc = MG_execWrapper('"' . $_MG_CONF['jhead_path'] . "/jhead" . '"' . " -te " . $media_orig . " " . $media_disp);
                        }
                        @unlink($media_orig);
                    }
                    if ($album->wm_auto) {
                        if ($_MG_CONF['discard_original'] == 1) {
                            $rc = MG_watermark($media_disp, $album_id, 1);
                            if ($rc == true) {
                                $successfulWatermark = 1;
                            }
                        } else {
                            $rc1 = MG_watermark($media_orig, $album_id, 1);
                            $rc2 = MG_watermark($media_disp, $album_id, 0);
                            if ($rc1 == ture && $rc2 == true) {
                                $successfulWatermark = 1;
                            }
                        }
                    }
                    if ($dnc != 1) {
                        if (!in_array($mimeType, $_SPECIAL_IMAGES_MIMETYPE)) {
                            $mimeExt = 'jpg';
                            $mimeType = 'image/jpeg';
                        }
                    }
                }
            }
            break;
        case 'video/quicktime':
        case 'video/mpeg':
        case 'video/x-flv':
        case 'video/x-ms-asf':
        case 'video/x-ms-asf-plugin':
        case 'video/avi':
        case 'video/msvideo':
        case 'video/x-msvideo':
        case 'video/avs-video':
        case 'video/x-ms-wmv':
        case 'video/x-ms-wvx':
        case 'video/x-ms-wm':
        case 'application/x-troff-msvideo':
        case 'application/x-shockwave-flash':
        case 'video/mp4':
        case 'video/x-m4v':
            $mimeType = $mimeInfo['mime_type'];
            if ($filetype == 'video/mp4') {
                $mimeExt = 'mp4';
            }
            // process video format
            $media_orig = MG_getFilePath('orig', $media_filename, $mimeExt);
            $rc = @copy($filename, $media_orig);
            if ($rc != 1) {
                COM_errorLog("MG Upload: Error moving uploaded file in video processing....");
                COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig);
                $errors++;
                $errMsg .= sprintf($LANG_MG02['move_error'], $filename);
            } else {
                if ($purgefiles) {
                    @unlink($importSource);
                }
                @chmod($media_orig, 0644);
                $mediaType = 1;
            }
            $video_attached_thumbnail = MG_videoThumbnail($album_id, $media_orig, $media_filename);
            break;
        case 'application/ogg':
        case 'audio/mpeg':
        case 'audio/x-ms-wma':
        case 'audio/x-ms-wax':
        case 'audio/x-ms-wmv':
            $mimeType = $mimeInfo['mime_type'];
            // process audio format
            $media_orig = MG_getFilePath('orig', $media_filename, $mimeExt);
            $rc = @copy($filename, $media_orig);
            COM_errorLog("MG Upload: Extracting audio meta data");
            if (isset($mimeInfo['tags']['id3v1']['title'][0])) {
                if ($caption == '') {
                    $caption = $mimeInfo['tags']['id3v1']['title'][0];
                }
            }
            if (isset($mimeInfo['tags']['id3v1']['artist'][0])) {
                $artist = addslashes($mimeInfo['tags']['id3v1']['artist'][0]);
            }
            if (isset($mimeInfo['tags']['id3v2']['genre'][0])) {
                $genre = addslashes($mimeInfo['tags']['id3v2']['genre'][0]);
            }
            if (isset($mimeInfo['tags']['id3v1']['album'][0])) {
                $musicAlbum = addslashes($mimeInfo['tags']['id3v1']['album'][0]);
            }
            if ($rc != 1) {
                COM_errorLog("Media Upload - Error moving uploaded file in audio processing....");
                COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig);
                $errors++;
                $errMsg .= sprintf($LANG_MG02['move_error'], $filename);
            } else {
                if ($purgefiles) {
                    @unlink($importSource);
                }
                $mediaType = 2;
            }
            break;
        case 'zip':
        case 'application/zip':
            if ($_MG_CONF['zip_enabled']) {
                $errMsg .= MG_processZip($filename, $album_id, $purgefiles, $media_filename);
                break;
            }
            // NO BREAK HERE, fall through if enable zip isn't allowed
        // NO BREAK HERE, fall through if enable zip isn't allowed
        default:
            $media_orig = MG_getFilePath('orig', $media_filename, $mimeExt);
            $mimeType = $mimeInfo['mime_type'];
            $rc = @copy($filename, $media_orig);
            if ($rc != 1) {
                COM_errorLog("Media Upload - Error moving uploaded file in generic processing....");
                COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig);
                $errors++;
                $errMsg .= sprintf($LANG_MG02['move_error'], $filename);
            } else {
                if ($purgefiles) {
                    @unlink($importSource);
                }
                $mediaType = 4;
            }
            $mediaType = 4;
            break;
    }
    // update quota
    $quota = $album->album_disk_usage;
    $quota += @filesize(MG_getFilePath('orig', $media_filename, $mimeExt));
    if ($_MG_CONF['discard_original'] == 1) {
        $quota += @filesize(MG_getFilePath('disp', $media_filename, 'jpg'));
    }
    DB_change($_TABLES['mg_albums'], 'album_disk_usage', $quota, 'album_id', intval($album_id));
    if ($errors) {
        @unlink($tmpPath);
        COM_errorLog("MG Upload: Problem uploading a media object");
        return array(false, $errMsg);
    }
    if (($mimeType != 'application/zip' || $_MG_CONF['zip_enabled'] == 0) && $errors == 0) {
        // Now we need to process an uploaded thumbnail
        if ($gotTN == 1) {
            $mp3TNFilename = $_MG_CONF['tmp_path'] . 'mp3tn' . time() . '.jpg';
            $fn = fopen($mp3TNFilename, "w");
            fwrite($fn, $mp3AttachdedThumbnail);
            fclose($fn);
            $saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
            MG_attachThumbnail($album_id, $mp3TNFilename, $saveThumbnailName);
            @unlink($mp3TNFilename);
            $atttn = 1;
        } else {
            if ($atttn == 1) {
                $saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
                MG_attachThumbnail($album_id, $thumbnail, $saveThumbnailName);
            }
        }
        if ($video_attached_thumbnail) {
            $atttn = 1;
        }
        if ($_MG_CONF['verbose']) {
            COM_errorLog("MG Upload: Building SQL and preparing to enter database");
        }
        if ($_MG_CONF['htmlallowed'] != 1) {
            $media_desc = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description)))));
            $media_caption = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption)))));
            $media_keywords = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords)))));
        } else {
            $media_desc = addslashes(COM_checkHTML(COM_killJS($description)));
            $media_caption = addslashes(COM_checkHTML(COM_killJS($caption)));
            $media_keywords = addslashes(COM_checkHTML(COM_killJS($keywords)));
        }
        // Check and see if moderation is on.  If yes, place in mediasubmission
        if ($album->moderate == 1 && !$root_album->owner_id) {
            $tableMedia = $_TABLES['mg_mediaqueue'];
            $tableMediaAlbum = $_TABLES['mg_media_album_queue'];
            $queue = 1;
        } else {
            $tableMedia = $_TABLES['mg_media'];
            $tableMediaAlbum = $_TABLES['mg_media_albums'];
            $queue = 0;
        }
        $original_filename = addslashes($file);
        if ($album->filename_title) {
            if ($media_caption == '') {
                $pos = strrpos($original_filename, '.');
                if ($pos === false) {
                    $media_caption = $original_filename;
                } else {
                    $media_caption = substr($original_filename, 0, $pos);
                }
            }
        }
        if ($_MG_CONF['verbose']) {
            COM_errorLog("MG Upload: Inserting media record into mg_media");
        }
        $resolution_x = 0;
        $resolution_y = 0;
        // try to find a resolution if video...
        if ($mediaType == 1) {
            switch ($mimeType) {
                case 'application/x-shockwave-flash':
                case 'video/quicktime':
                case 'video/mpeg':
                case 'video/x-m4v':
                    $resolution_x = -1;
                    $resolution_y = -1;
                    if (isset($mimeInfo['video']['resolution_x']) && isset($mimeInfo['video']['resolution_x'])) {
                        $resolution_x = $mimeInfo['video']['resolution_x'];
                        $resolution_y = $mimeInfo['video']['resolution_y'];
                    }
                    break;
                case 'video/x-flv':
                    if ($mimeInfo['video']['resolution_x'] < 1 || $mimeInfo['video']['resolution_y'] < 1) {
                        $resolution_x = -1;
                        $resolution_y = -1;
                        if (isset($mimeInfo['meta']['onMetaData']['width']) && isset($mimeInfo['meta']['onMetaData']['height'])) {
                            $resolution_x = $mimeInfo['meta']['onMetaData']['width'];
                            $resolution_y = $mimeInfo['meta']['onMetaData']['height'];
                        }
                    } else {
                        $resolution_x = $mimeInfo['video']['resolution_x'];
                        $resolution_y = $mimeInfo['video']['resolution_y'];
                    }
                    break;
                case 'video/x-ms-asf':
                case 'video/x-ms-asf-plugin':
                case 'video/avi':
                case 'video/msvideo':
                case 'video/x-msvideo':
                case 'video/avs-video':
                case 'video/x-ms-wmv':
                case 'video/x-ms-wvx':
                case 'video/x-ms-wm':
                case 'application/x-troff-msvideo':
                    $resolution_x = -1;
                    $resolution_y = -1;
                    if (isset($mimeInfo['video']['streams']['2']['resolution_x']) && isset($mimeInfo['video']['streams']['2']['resolution_y'])) {
                        $resolution_x = $mimeInfo['video']['streams']['2']['resolution_x'];
                        $resolution_y = $mimeInfo['video']['streams']['2']['resolution_y'];
                    }
                    break;
            }
        }
        if ($replace > 0) {
            $sql = "UPDATE " . $tableMedia . " SET " . "media_filename='" . addslashes($media_filename) . "'," . "media_original_filename='" . $original_filename . "'," . "media_mime_ext='" . addslashes($mimeExt) . "'," . "mime_type='" . addslashes($mimeType) . "'," . "media_time='" . addslashes($media_time) . "'," . "media_user_id='" . addslashes($media_user_id) . "'," . "media_type='" . addslashes($mediaType) . "'," . "media_upload_time='" . addslashes($media_upload_time) . "'," . "media_watermarked='" . addslashes($successfulWatermark) . "'," . "media_resolution_x='" . intval($resolution_x) . "'," . "media_resolution_y='" . intval($resolution_y) . "' " . "WHERE media_id='" . addslashes($replace) . "'";
            DB_query($sql);
        } else {
            $sql = "INSERT INTO " . $tableMedia . " (media_id,media_filename,media_original_filename,media_mime_ext," . "media_exif,mime_type,media_title,media_desc,media_keywords,media_time," . "media_views,media_comments,media_votes,media_rating,media_tn_attached," . "media_tn_image,include_ss,media_user_id,media_user_ip,media_approval," . "media_type,media_upload_time,media_category,media_watermarked,v100," . "maint,media_resolution_x,media_resolution_y,remote_media,remote_url," . "artist,album,genre) " . "VALUES ('" . addslashes($new_media_id) . "','" . addslashes($media_filename) . "','" . $original_filename . "','" . addslashes($mimeExt) . "','1','" . addslashes($mimeType) . "','" . addslashes($media_caption) . "','" . addslashes($media_desc) . "','" . addslashes($media_keywords) . "','" . addslashes($media_time) . "','0','0','0','0.00','" . addslashes($atttn) . "','','1','" . addslashes($media_user_id) . "','','0','" . addslashes($mediaType) . "','" . addslashes($media_upload_time) . "','" . addslashes($category) . "','" . addslashes($successfulWatermark) . "','0','0'," . intval($resolution_x) . "," . intval($resolution_y) . ",0,'','" . addslashes($artist) . "','" . addslashes($musicAlbum) . "','" . addslashes($genre) . "');";
            DB_query($sql);
            if ($_MG_CONF['verbose']) {
                COM_errorLog("MG Upload: Updating Album information");
            }
            $x = 0;
            $sql = "SELECT MAX(media_order) + 10 AS media_seq FROM {$_TABLES['mg_media_albums']} WHERE album_id = " . intval($album_id);
            $result = DB_query($sql);
            $row = DB_fetchArray($result);
            $media_seq = $row['media_seq'];
            if ($media_seq < 10) {
                $media_seq = 10;
            }
            $sql = "INSERT INTO " . $tableMediaAlbum . " (media_id, album_id, media_order) " . "VALUES ('" . addslashes($new_media_id) . "', " . intval($album_id) . ", " . intval($media_seq) . ")";
            DB_query($sql);
            if ($mediaType == 1 && $resolution_x > 0 && $resolution_y > 0 && $_MG_CONF['use_default_resolution'] == 0) {
                DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','width', '{$resolution_x}'");
                DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','height','{$resolution_y}'");
            }
            PLG_itemSaved($new_media_id, 'mediagallery');
            // update the media count for the album, only if no moderation...
            if ($queue == 0) {
                $album->media_count++;
                DB_change($_TABLES['mg_albums'], 'media_count', $album->media_count, 'album_id', $album->id);
                MG_updateAlbumLastUpdate($album->id);
                if ($album->cover == -1 && ($mediaType == 0 || $atttn == 1)) {
                    if ($atttn == 1) {
                        $covername = 'tn_' . $media_filename;
                    } else {
                        $covername = $media_filename;
                    }
                    DB_change($_TABLES['mg_albums'], 'album_cover_filename', $covername, 'album_id', $album->id);
                }
                //                MG_resetAlbumCover($album->id);
            }
            $x++;
        }
    }
    if ($queue) {
        $errMsg .= $LANG_MG01['successful_upload_queue'];
        // ' successfully placed in Moderation queue';
    } else {
        $errMsg .= $LANG_MG01['successful_upload'];
        // ' successfully uploaded to album';
    }
    if ($queue == 0) {
        require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
        MG_buildFullRSS();
        MG_buildAlbumRSS($album_id);
    }
    COM_errorLog("MG Upload: Successfully uploaded a media object");
    @unlink($tmpPath);
    return array(true, $errMsg);
}
예제 #18
0
function SP_toggleStatus($enabledstaticpages, $sp_idarray)
{
    global $_TABLES, $_DB_table_prefix;
    if (!_sec_checkToken(1)) {
        $retval['statusMessage'] = 'Invalid security token. Please refresh the page.';
        $retval['errorCode'] = 1;
    } else {
        if (isset($sp_idarray) && is_array($sp_idarray)) {
            foreach ($sp_idarray as $sp_id => $junk) {
                $sp_id = COM_applyFilter($sp_id);
                if (isset($enabledstaticpages[$sp_id])) {
                    DB_query("UPDATE {$_TABLES['staticpage']} SET sp_status = '1' WHERE sp_id = '" . DB_escapeString($sp_id) . "'");
                } else {
                    DB_query("UPDATE {$_TABLES['staticpage']} SET sp_status = '0' WHERE sp_id = '" . DB_escapeString($sp_id) . "'");
                }
            }
        }
        PLG_itemSaved($sp_id, 'staticpages');
        CTL_clearCache();
        $retval['statusMessage'] = 'StaticPage state has been toggled.';
        $retval['errorCode'] = 0;
        $return["json"] = json_encode($retval);
        echo json_encode($return);
    }
}
예제 #19
0
파일: index.php 프로젝트: NewRoute/glfusion
/**
* Toggle status of a staticpage from enabled to disabled and back
*
* @param    array   $enabledstaticpages    array of sp_id's available
* @param    array   $spidarray             array of status (1/0)
* @return   void
*
*/
function PAGE_toggleStatus($enabledstaticpages, $sp_idarray)
{
    global $_TABLES, $_DB_table_prefix;
    if (isset($sp_idarray) && is_array($sp_idarray)) {
        foreach ($sp_idarray as $sp_id => $junk) {
            $sp_id = COM_applyFilter($sp_id);
            if (isset($enabledstaticpages[$sp_id])) {
                DB_query("UPDATE {$_TABLES['staticpage']} SET sp_status = '1' WHERE sp_id = '" . DB_escapeString($sp_id) . "'");
            } else {
                DB_query("UPDATE {$_TABLES['staticpage']} SET sp_status = '0' WHERE sp_id = '" . DB_escapeString($sp_id) . "'");
            }
        }
    }
    PLG_itemSaved($sp_id, 'staticpages');
    CTL_clearCache();
}
예제 #20
0
/**
* Moderates an item
*
* This will actually perform moderation (approve or delete) one or more items
*
* @param    array   $mid        Array of items
* @param    array   $action     Array of actions to perform on items
* @param    string  $type       Type of items ('story', etc.)
* @param    int     $count      Number of items to moderate
* @return   string              HTML for "command and control" page
*
*/
function moderation($mid, $action, $type, $count)
{
    global $_CONF, $_TABLES;
    $retval = '';
    switch ($type) {
        case 'story':
            $id = 'sid';
            $table = $_TABLES['stories'];
            $submissiontable = $_TABLES['storysubmission'];
            $fields = 'sid,uid,tid,title,introtext,date,postmode';
            break;
        case 'comment':
            $id = 'cid';
            $submissiontable = $_TABLES['commentsubmissions'];
            $sidArray[] = '';
            break;
        default:
            if (strlen($type) <= 0) {
                // something is terribly wrong, bail
                $retval .= COM_errorLog("Unable to find type of {$type} in moderation() in moderation.php");
                return $retval;
            }
            list($id, $table, $fields, $submissiontable) = PLG_getModerationValues($type);
    }
    // Set true if an valid action other than delete_all is selected
    $formaction = false;
    for ($i = 0; $i < $count; $i++) {
        if (isset($action[$i]) and $action[$i] != '') {
            $formaction = true;
        } else {
            continue;
        }
        switch ($action[$i]) {
            case 'delete':
                if (!empty($type) && $type != 'story' && $type != 'draft') {
                    // There may be some plugin specific processing that needs to
                    // happen first.
                    $retval .= PLG_deleteSubmission($type, $mid[$i]);
                }
                if (empty($mid[$i])) {
                    $retval .= COM_errorLog("moderation.php just tried deleting everything in table {$submissiontable} because it got an empty id.  Please report this immediately to your site administrator");
                    return $retval;
                }
                if ($type == 'draft') {
                    STORY_deleteStory($mid[$i]);
                } else {
                    DB_delete($submissiontable, "{$id}", $mid[$i]);
                }
                break;
            case 'approve':
                if ($type == 'story') {
                    $result = DB_query("SELECT * FROM {$_TABLES['storysubmission']} WHERE sid = '{$mid[$i]}'");
                    $A = DB_fetchArray($result);
                    $A['related'] = addslashes(implode("\n", STORY_extractLinks($A['introtext'])));
                    $A['owner_id'] = $A['uid'];
                    $A['title'] = addslashes($A['title']);
                    $A['introtext'] = addslashes($A['introtext']);
                    $A['bodytext'] = addslashes($A['bodytext']);
                    $result = DB_query("SELECT group_id,perm_owner,perm_group,perm_members,perm_anon,archive_flag FROM {$_TABLES['topics']} WHERE tid = '{$A['tid']}'");
                    $T = DB_fetchArray($result);
                    if ($T['archive_flag'] == 1) {
                        $frontpage = 0;
                    } else {
                        if (isset($_CONF['frontpage'])) {
                            $frontpage = $_CONF['frontpage'];
                        } else {
                            $frontpage = 1;
                        }
                    }
                    DB_save($_TABLES['stories'], 'sid,uid,tid,title,introtext,bodytext,related,date,show_topic_icon,commentcode,trackbackcode,postmode,frontpage,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$A['sid']}',{$A['uid']},'{$A['tid']}','{$A['title']}','{$A['introtext']}','{$A['bodytext']}','{$A['related']}','{$A['date']}','{$_CONF['show_topic_icon']}','{$_CONF['comment_code']}','{$_CONF['trackback_code']}','{$A['postmode']}',{$frontpage},{$A['owner_id']},{$T['group_id']},{$T['perm_owner']},{$T['perm_group']},{$T['perm_members']},{$T['perm_anon']}");
                    DB_delete($_TABLES['storysubmission'], "{$id}", $mid[$i]);
                    PLG_itemSaved($A['sid'], 'article');
                    COM_rdfUpToDateCheck();
                    COM_olderStuff();
                } else {
                    if ($type == 'draft') {
                        DB_query("UPDATE {$_TABLES['stories']} SET draft_flag = 0 WHERE sid = '{$mid[$i]}'");
                        COM_rdfUpToDateCheck();
                        COM_olderStuff();
                    } else {
                        if ($type == 'comment') {
                            $sid = CMT_approveModeration($mid[$i]);
                            if (!in_array($sid, $sidArray)) {
                                $sidArray[$i] = $sid;
                            }
                        } else {
                            // This is called in case this is a plugin. There may be some
                            // plugin specific processing that needs to happen.
                            DB_copy($table, $fields, $fields, $submissiontable, $id, $mid[$i]);
                            $retval .= PLG_approveSubmission($type, $mid[$i]);
                        }
                    }
                }
                break;
        }
    }
    // after loop update comment tree and count for each story
    if (isset($sidArray)) {
        foreach ($sidArray as $sid) {
            CMT_rebuildTree($sid);
            //update comment count of stories;
            $comments = DB_count($_TABLES['comments'], 'sid', $sid);
            DB_change($_TABLES['stories'], 'comments', $comments, 'sid', $sid);
        }
    }
    //Add new comment users to group comment.submit group
    if (isset($_POST['publishfuture'])) {
        for ($i = 0; $i < count($_POST['publishfuture']); $i++) {
            $uid = COM_applyFilter($_POST['publishfuture'][$i], true);
            if ($uid > 1 && !SEC_inGroup('Comment Submitters', $uid)) {
                SEC_addUserToGroup($uid, 'Comment Submitters');
            }
        }
    }
    // Check if there was no direct action used on the form
    // and if the delete_all submit action was used
    if (!$formaction and isset($_POST['delitem'])) {
        foreach ($_POST['delitem'] as $delitem) {
            $delitem = COM_applyFilter($delitem);
            if (!empty($type) && $type != 'story' && $type != 'draft') {
                // There may be some plugin specific processing that needs to
                // happen first.
                $retval .= PLG_deleteSubmission($type, $delitem);
            }
            if ($type == 'draft') {
                STORY_deleteStory($delitem);
            } else {
                DB_delete($submissiontable, "{$id}", $delitem);
            }
        }
    }
    $retval .= commandcontrol(SEC_createToken());
    return $retval;
}
예제 #21
0
파일: index.php 프로젝트: NewRoute/glfusion
function approve()
{
    global $_TABLES, $_TABLES, $_CONF, $myts, $eh, $filemgmt_FileStore, $filemgmt_SnapStore, $filemgmt_Emailoption, $filemgmtFilePermissions;
    $lid = (int) COM_applyFilter($_POST['lid'], true);
    $title = $_POST['title'];
    $cid = intval($_POST['cid']);
    if (empty($cid)) {
        $cid = 0;
    }
    $homepage = $_POST['homepage'];
    $version = $_POST['version'];
    $size = isset($_POST['size']) ? COM_applyFilter($_POST['size'], true) : 0;
    $description = $_POST['description'];
    if ($_POST['url'] || $_POST['url'] != '') {
        $name = $myts->makeTboxData4Save($_POST['url']);
        $url = rawurlencode($name);
    }
    if ($_POST['logourl'] || $_POST['logourl'] != '') {
        $shotname = $myts->makeTboxData4Save($_POST['logourl']);
        $logourl = $myts->makeTboxData4Save(rawurlencode($_POST['logourl']));
    } else {
        $logourl = '';
        $shotname = '';
    }
    $result = DB_query("SELECT COUNT(*) FROM {$_TABLES['filemgmt_filedetail']} WHERE url='{$url}' and status=1");
    list($numrows) = DB_fetchArray($result);
    // Comment out this check if you want to allow duplicate filelistings for same file in the repository
    // Check for duplicate files of the same filename (actual filename in repository)
    if ($numrows > 0) {
        $eh->show("1108");
    }
    $title = $myts->makeTboxData4Save($title);
    $homepage = $myts->makeTboxData4Save($homepage);
    $version = $myts->makeTboxData4Save($_POST['version']);
    $size = $myts->makeTboxData4Save($size);
    $description = $myts->makeTareaData4Save($description);
    $commentoption = (int) COM_applyFilter($_POST["commentoption"], true);
    // Move file from tmp directory under the document filestore to the main file directory
    // Now to extract the temporary names for both the file and optional thumbnail. I've used th platform field which I'm not using now for anything.
    $tmpnames = explode(";", DB_getItem($_TABLES['filemgmt_filedetail'], 'platform', "lid='{$lid}'"));
    $tmpfilename = $tmpnames[0];
    if (isset($tmpnames[1])) {
        $tmpshotname = $tmpnames[1];
    } else {
        $tmpshotname = '';
    }
    $tmp = $filemgmt_FileStore . "tmp/" . $tmpfilename;
    if (file_exists($tmp) && !is_dir($tmp)) {
        // if this temporary file was really uploaded?
        $newfile = $filemgmt_FileStore . $name;
        COM_errorLOG("File move from " . $tmp . " to " . $newfile);
        $rename = @rename($tmp, $newfile);
        COM_errorLOG("Results of rename is: " . $rename);
        $chown = @chmod($newfile, $filemgmtFilePermissions);
        if (!file_exists($newfile)) {
            COM_errorLOG("Filemgmt upload approve error: New file does not exist after move of tmp file: '" . $newfile . "'");
            $AddNewFile = false;
            // Set false again - in case it was set true above for actual file
            $eh->show("1101");
        } else {
            $AddNewFile = true;
        }
    } else {
        COM_errorLOG("Filemgmt upload approve error: Temporary file does not exist: '" . $tmp . "'");
        $eh->show("1101");
    }
    if ($tmpshotname != "") {
        $tmp = $filemgmt_SnapStore . "tmp/" . $tmpshotname;
        if (file_exists($tmp) && !is_dir($tmp)) {
            // if this temporary Thumbnail was really uploaded?
            $newfile = $filemgmt_SnapStore . $shotname;
            $rename = @rename($tmp, $newfile);
            $chown = @chmod($newfile, $filemgmtFilePermissions);
            if (!file_exists($newfile)) {
                COM_errorLOG("Filemgmt upload approve error: New file does not exist after move of tmp file: '" . $newfile . "'");
                $AddNewFile = false;
                // Set false again - in case it was set true above for actual file
                $eh->show("1101");
            }
        } else {
            COM_errorLOG("Filemgmt upload approve error: Temporary file does not exist: '" . $tmp . "'");
            $eh->show("1101");
        }
    }
    if ($AddNewFile) {
        DB_query("UPDATE {$_TABLES['filemgmt_filedetail']} SET cid='{$cid}', title='{$title}', url='{$url}', homepage='{$homepage}', version='{$version}', logourl='{$logourl}', status=1, date=" . time() . ", comments={$commentoption} where lid='{$lid}'");
        DB_query("UPDATE {$_TABLES['filemgmt_filedesc']} SET description='{$description}' where lid='{$lid}'");
        PLG_itemSaved($lid, 'filemgmt');
        CACHE_remove_instance('whatsnew');
        // Send a email to submitter notifying them that file was approved
        if ($filemgmt_Emailoption) {
            $result = DB_query("SELECT username, email FROM {$_TABLES['users']} a, {$_TABLES['filemgmt_filedetail']} b WHERE a.uid=b.submitter and b.lid='{$lid}'");
            list($submitter_name, $emailaddress) = DB_fetchArray($result);
            $mailtext = sprintf(_MD_HELLO, $submitter_name);
            $mailtext .= ",\n\n" . _MD_WEAPPROVED . " " . $title . " \n" . _MD_THANKSSUBMIT . "\n\n";
            $mailtext .= "{$_CONF["site_name"]}\n";
            $mailtext .= "{$_CONF['site_url']}\n";
            //COM_errorLOG("email: ".$emailaddress.", text: ".$mailtext);
            $to = array();
            $to = COM_formatEmailAddress($submitter_name, $emailaddress);
            COM_mail($to, _MD_APPROVED, $mailtext);
        }
    }
    CACHE_remove_instance('whatsnew');
    redirect_header("{$_CONF['site_admin_url']}/plugins/filemgmt/index.php?op=listNewDownloads", 2, _MD_NEWDLADDED);
    exit;
}
예제 #22
0
                 DB_query("UPDATE {$_TABLES['forum_forums']} SET topic_count=topic_count-1, post_count=post_count-{$numreplies} WHERE forum_id={$forum}");
             }
             $display = COM_refresh($_CONF['site_url'] . "/forum/viewtopic.php?msg=7&amp;showtopic={$moveid}");
         } else {
             // Move complete topic
             $moveResult = DB_query("SELECT id FROM {$_TABLES['forum_topic']} WHERE pid={$moveid}");
             $postCount = DB_numRows($moveResult) + 1;
             // Need to account for the parent post
             while ($movetopic = DB_fetchArray($moveResult)) {
                 DB_query("UPDATE {$_TABLES['forum_topic']} SET forum='{$newforumid}' WHERE id='{$movetopic['id']}'");
                 PLG_itemSaved($movetopic['id'], 'forum');
             }
             // Update any topic subscription records - need to change the forum ID record
             DB_query("UPDATE {$_TABLES['forum_watch']} SET forum_id = '{$newforumid}' WHERE topic_id='{$moveid}'");
             DB_query("UPDATE {$_TABLES['forum_topic']} SET forum = '{$newforumid}', moved = '1' WHERE id={$moveid}");
             PLG_itemSaved($moveid, 'forum');
             // Update the Last Post Information
             gf_updateLastPost($newforumid, $moveid);
             gf_updateLastPost($forum);
             // Update Topic and Post Count for the effected forums
             DB_query("UPDATE {$_TABLES['forum_forums']} SET topic_count=topic_count+1, post_count=post_count+{$postCount} WHERE forum_id={$newforumid}");
             DB_query("UPDATE {$_TABLES['forum_forums']} SET topic_count=topic_count-1, post_count=post_count-{$postCount} WHERE forum_id={$forum}");
             // Remove any lastviewed records in the log so that the new updated topic indicator will appear
             DB_query("DELETE FROM {$_TABLES['forum_log']} WHERE topic='{$moveid}'");
             $display = COM_refresh($_CONF['site_url'] . "/forum/viewtopic.php?msg=8&amp;showtopic={$moveid}");
         }
         echo $display;
         exit;
     }
 }
 if ($modfunction == 'deletepost' and forum_modPermission($forum, $_USER['uid'], 'mod_delete') and $fortopicid != 0) {
예제 #23
0
/**
* Saves a poll
*
* Saves a poll topic and potential answers to the database
*
* @param    string  $pid            Poll topic ID
* @param    string  $old_pid        Previous poll topic ID
* @param    array   $Q              Array of poll questions
* @param    string  $mainpage       Checkbox: poll appears on homepage
* @param    string  $topic          The text for the topic
* @param    string  $meta_description
* @param    string  $meta_keywords
* @param    int     $statuscode     (unused)
* @param    string  $open           Checkbox: poll open for voting
* @param    string  $hideresults    Checkbox: hide results until closed
* @param    int     $commentcode    Indicates if users can comment on poll
* @param    array   $A              Array of possible answers
* @param    array   $V              Array of vote per each answer
* @param    array   $R              Array of remark per each answer
* @param    int     $owner_id       ID of poll owner
* @param    int     $group_id       ID of group poll belongs to
* @param    int     $perm_owner     Permissions the owner has on poll
* @param    int     $perm_grup      Permissions the group has on poll
* @param    int     $perm_members   Permissions logged in members have on poll
* @param    int     $perm_anon      Permissions anonymous users have on poll
* @return   string                  HTML redirect or error message
*
*/
function savepoll($pid, $old_pid, $Q, $mainpage, $topic, $meta_description, $meta_keywords, $statuscode, $open, $hideresults, $commentcode, $A, $V, $R, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
    global $_CONF, $_TABLES, $_USER, $LANG21, $LANG25, $MESSAGE, $_POLL_VERBOSE, $_PO_CONF;
    $retval = '';
    // Convert array values to numeric permission values
    list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    $topic = COM_stripslashes($topic);
    $meta_description = strip_tags(COM_stripslashes($meta_description));
    $meta_keywords = strip_tags(COM_stripslashes($meta_keywords));
    $pid = COM_sanitizeID($pid);
    $old_pid = COM_sanitizeID($old_pid);
    if (empty($pid)) {
        if (empty($old_pid)) {
            $pid = COM_makeSid();
        } else {
            $pid = $old_pid;
        }
    }
    // check if any question was entered
    if (empty($topic) or count($Q) == 0 or strlen($Q[0]) == 0 or strlen($A[0][0]) == 0) {
        $retval .= COM_siteHeader('menu', $LANG25[5]);
        $retval .= COM_startBlock($LANG21[32], '', COM_getBlockTemplate('_msg_block', 'header'));
        $retval .= $LANG25[2];
        $retval .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
        $retval .= COM_siteFooter();
        return $retval;
    }
    if (!SEC_checkToken()) {
        COM_accessLog("User {$_USER['username']} tried to save poll {$pid} and failed CSRF checks.");
        return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php');
    }
    // check for poll id change
    if (!empty($old_pid) && $pid != $old_pid) {
        // check if new pid is already in use
        if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
            // TBD: abort, display editor with all content intact again
            $pid = $old_pid;
            // for now ...
        }
    }
    // start processing the poll topic
    if ($_POLL_VERBOSE) {
        COM_errorLog('**** Inside savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
    }
    $access = 0;
    if (DB_count($_TABLES['polltopics'], 'pid', $pid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['polltopics']} WHERE pid = '{$pid}'");
        $P = DB_fetchArray($result);
        $access = SEC_hasAccess($P['owner_id'], $P['group_id'], $P['perm_owner'], $P['perm_group'], $P['perm_members'], $P['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !SEC_inGroup($group_id)) {
        $display .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
        COM_accessLog("User {$_USER['username']} tried to illegally submit or edit poll {$pid}.");
        COM_output($display);
        exit;
    }
    if (empty($voters)) {
        $voters = 0;
    }
    if ($_POLL_VERBOSE) {
        COM_errorLog('owner permissions: ' . $perm_owner, 1);
        COM_errorLog('group permissions: ' . $perm_group, 1);
        COM_errorLog('member permissions: ' . $perm_members, 1);
        COM_errorLog('anonymous permissions: ' . $perm_anon, 1);
    }
    // we delete everything and re-create it with the input from the form
    $del_pid = $pid;
    if (!empty($old_pid) && $pid != $old_pid) {
        $del_pid = $old_pid;
        // delete by old pid, create using new pid below
    }
    DB_delete($_TABLES['polltopics'], 'pid', $del_pid);
    DB_delete($_TABLES['pollanswers'], 'pid', $del_pid);
    DB_delete($_TABLES['pollquestions'], 'pid', $del_pid);
    $topic = addslashes($topic);
    $meta_description = addslashes($meta_description);
    $meta_keywords = addslashes($meta_keywords);
    $k = 0;
    // set up a counter to make sure we do assign a straight line of question id's
    $v = 0;
    // re-count votes sine they might have been changed
    // first dimension of array are the questions
    $num_questions = count($Q);
    for ($i = 0; $i < $num_questions; $i++) {
        $Q[$i] = COM_stripslashes($Q[$i]);
        if (strlen($Q[$i]) > 0) {
            // only insert questions that exist
            $Q[$i] = addslashes($Q[$i]);
            DB_save($_TABLES['pollquestions'], 'qid, pid, question', "'{$k}', '{$pid}', '{$Q[$i]}'");
            // within the questions, we have another dimensions with answers,
            // votes and remarks
            $num_answers = count($A[$i]);
            for ($j = 0; $j < $num_answers; $j++) {
                $A[$i][$j] = COM_stripslashes($A[$i][$j]);
                if (strlen($A[$i][$j]) > 0) {
                    // only insert answers etc that exist
                    if (!is_numeric($V[$i][$j])) {
                        $V[$i][$j] = "0";
                    }
                    $A[$i][$j] = addslashes($A[$i][$j]);
                    $R[$i][$j] = addslashes($R[$i][$j]);
                    $sql = "INSERT INTO {$_TABLES['pollanswers']} (pid, qid, aid, answer, votes, remark) VALUES " . "('{$pid}', '{$k}', " . ($j + 1) . ", '{$A[$i][$j]}', {$V[$i][$j]}, '{$R[$i][$j]}');";
                    DB_query($sql);
                    $v = $v + $V[$i][$j];
                }
            }
            $k++;
        }
    }
    // save topics after the questions so we can include question count into table
    $sql = "'{$pid}','{$topic}','{$meta_description}','{$meta_keywords}',{$v}, {$k}, '" . date('Y-m-d H:i:s');
    if ($mainpage == 'on') {
        $sql .= "',1";
    } else {
        $sql .= "',0";
    }
    if ($open == 'on') {
        $sql .= ",1";
    } else {
        $sql .= ",0";
    }
    if ($hideresults == 'on') {
        $sql .= ",1";
    } else {
        $sql .= ",0";
    }
    $sql .= ",'{$statuscode}','{$commentcode}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}";
    // Save poll topic
    DB_save($_TABLES['polltopics'], "pid, topic, meta_description, meta_keywords, voters, questions, date, display, is_open, hideresults, statuscode, commentcode, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon", $sql);
    if (empty($old_pid) || $old_pid == $pid) {
        PLG_itemSaved($pid, 'polls');
    } else {
        DB_change($_TABLES['comments'], 'sid', addslashes($pid), array('sid', 'type'), array(addslashes($old_pid), 'polls'));
        PLG_itemSaved($pid, 'polls', $old_pid);
    }
    if ($_POLL_VERBOSE) {
        COM_errorLog('**** Leaving savepoll() in ' . $_CONF['site_admin_url'] . '/plugins/polls/index.php ***');
    }
    return PLG_afterSaveSwitch($_PO_CONF['aftersave'], $_CONF['site_url'] . '/polls/index.php?pid=' . $pid, 'polls', 19);
    return COM_refresh($_CONF['site_admin_url'] . '/plugins/polls/index.php?msg=19');
}
예제 #24
0
/**
* Saves an event to the database
*
* (parameters should be obvious - old list was incomplete anyway)
* @return   string                  HTML redirect or error message
*
*/
function CALENDAR_saveEvent($eid, $title, $event_type, $url, $allday, $start_month, $start_day, $start_year, $start_hour, $start_minute, $start_ampm, $end_month, $end_day, $end_year, $end_hour, $end_minute, $end_ampm, $location, $address1, $address2, $city, $state, $zipcode, $description, $postmode, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $hour_mode)
{
    global $_CONF, $_TABLES, $_USER, $LANG_CAL_ADMIN, $MESSAGE, $_CA_CONF;
    $retval = '';
    // Convert array values to numeric permission values
    list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    $access = 0;
    if (DB_count($_TABLES['events'], 'eid', $eid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group," . "perm_members,perm_anon FROM {$_TABLES['events']} " . "WHERE eid = '{$eid}'");
        $A = DB_fetchArray($result);
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !SEC_inGroup($group_id)) {
        $retval .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $MESSAGE[30]));
        COM_accessLog("User {$_USER['username']} tried to illegally submit or edit event {$eid}.");
        return $retval;
    }
    if ($hour_mode == 24) {
        // to avoid having to mess with the tried and tested code below, map
        // the 24-hour values onto their 12-hour counterparts and use those
        if ($start_hour >= 12) {
            $start_ampm = 'pm';
            $start_hour = $start_hour - 12;
        } else {
            $start_ampm = 'am';
            $start_hour = $start_hour;
        }
        if ($start_hour == 0) {
            $start_hour = 12;
        }
        if ($end_hour >= 12) {
            $end_ampm = 'pm';
            $end_hour = $end_hour - 12;
        } else {
            $end_ampm = 'am';
            $end_hour = $end_hour;
        }
        if ($end_hour == 0) {
            $end_hour = 12;
        }
    }
    if ($allday == 'on') {
        $allday = 1;
    } else {
        $allday = 0;
    }
    // Make sure start date is before end date
    if (checkdate($start_month, $start_day, $start_year)) {
        $datestart = sprintf('%4d-%02d-%02d', $start_year, $start_month, $start_day);
        $timestart = $start_hour . ':' . $start_minute . ':00';
    } else {
        $retval .= COM_showMessageText($LANG_CAL_ADMIN[23], $LANG_CAL_ADMIN[2]);
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
        return $retval;
    }
    if (checkdate($end_month, $end_day, $end_year)) {
        $dateend = sprintf('%4d-%02d-%02d', $end_year, $end_month, $end_day);
        $timeend = $end_hour . ':' . $end_minute . ':00';
    } else {
        $retval .= COM_showMessageText($LANG_CAL_ADMIN[24], $LANG_CAL_ADMIN[2]);
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
        return $retval;
    }
    if ($allday == 0) {
        if ($dateend < $datestart) {
            $retval .= COM_showMessageText($LANG_CAL_ADMIN[25], $LANG_CAL_ADMIN[2]);
            $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
            return $retval;
        }
    } else {
        if ($dateend < $datestart) {
            // Force end date to be same as start date
            $dateend = $datestart;
        }
    }
    // Remove any autotags the user doesn't have permission to use
    $description = PLG_replaceTags($description, '', true);
    // clean 'em up
    if ($postmode == 'html') {
        $description = COM_checkHTML(COM_checkWords($description), 'calendar.edit');
    } else {
        $postmode = 'plaintext';
        $description = htmlspecialchars(COM_checkWords($description));
    }
    $description = DB_escapeString($description);
    $title = DB_escapeString(strip_tags(COM_checkWords($title)));
    $location = DB_escapeString(COM_checkHTML(COM_checkWords($location), 'calendar.edit'));
    $address1 = DB_escapeString(strip_tags(COM_checkWords($address1)));
    $address2 = DB_escapeString(strip_tags(COM_checkWords($address2)));
    $city = DB_escapeString(strip_tags(COM_checkWords($city)));
    $zipcode = DB_escapeString(strip_tags(COM_checkWords($zipcode)));
    $event_type = DB_escapeString(strip_tags(COM_checkWords($event_type)));
    $url = DB_escapeString(strip_tags($url));
    if ($allday == 0) {
        // Add 12 to make time on 24 hour clock if needed
        if ($start_ampm == 'pm' and $start_hour != 12) {
            $start_hour = $start_hour + 12;
        }
        // If 12AM set hour to 00
        if ($start_ampm == 'am' and $start_hour == 12) {
            $start_hour = '00';
        }
        // Add 12 to make time on 24 hour clock if needed
        if ($end_ampm == 'pm' and $end_hour != 12) {
            $end_hour = $end_hour + 12;
        }
        // If 12AM set hour to 00
        if ($end_ampm == 'am' and $end_hour == 12) {
            $end_hour = '00';
        }
        $timestart = $start_hour . ':' . $start_minute . ':00';
        $timeend = $end_hour . ':' . $end_minute . ':00';
    }
    if (!empty($eid) and !empty($description) and !empty($title)) {
        if (!SEC_checkToken()) {
            COM_accessLog("User {$_USER['username']} tried to save event {$eid} and failed CSRF checks.");
            COM_redirect($_CONF['site_admin_url'] . '/plugins/calendar/index.php');
        }
        $hits = DB_getItem($_TABLES['events'], 'hits', "eid = '{$eid}'");
        if (empty($hits)) {
            $hits = 0;
        }
        DB_delete($_TABLES['eventsubmission'], 'eid', $eid);
        DB_save($_TABLES['events'], 'eid,title,event_type,url,allday,datestart,dateend,timestart,' . 'timeend,location,address1,address2,city,state,zipcode,description,' . 'postmode,owner_id,group_id,perm_owner,perm_group,perm_members,' . 'perm_anon,hits', "'{$eid}','{$title}','{$event_type}','{$url}',{$allday},'{$datestart}'," . "'{$dateend}','{$timestart}','{$timeend}','{$location}','{$address1}'," . "'{$address2}','{$city}','{$state}','{$zipcode}','{$description}','{$postmode}'," . "{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},{$hits}");
        if (DB_count($_TABLES['personal_events'], 'eid', $eid) > 0) {
            $result = DB_query("SELECT uid FROM {$_TABLES['personal_events']} " . "WHERE eid = '{$eid}'");
            $numrows = DB_numRows($result);
            for ($i = 1; $i <= $numrows; $i++) {
                $P = DB_fetchArray($result);
                DB_save($_TABLES['personal_events'], 'eid,title,event_type,datestart,dateend,address1,address2,' . 'city,state,zipcode,allday,url,description,postmode,' . 'group_id,owner_id,perm_owner,perm_group,perm_members,' . 'perm_anon,uid,location,timestart,timeend', "'{$eid}','{$title}','{$event_type}','{$datestart}','{$dateend}'," . "'{$address1}','{$address2}','{$city}','{$state}','{$zipcode}'," . "{$allday},'{$url}','{$description}','{$postmode}',{$group_id}," . "{$owner_id},{$perm_owner},{$perm_group},{$perm_members}," . "{$perm_anon},{$P['uid']},'{$location}','{$timestart}','{$timeend}'");
            }
        }
        PLG_itemSaved($eid, 'calendar');
        COM_rdfUpToDateCheck('calendar', $event_type, $eid);
        return PLG_afterSaveSwitch($_CA_CONF['aftersave'], $_CONF['site_url'] . '/calendar/event.php?eid=' . $eid, 'calendar', 17);
    } else {
        $retval .= COM_showMessageText($LANG_CAL_ADMIN[10], $LANG_CAL_ADMIN[2]);
        $retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_CAL_ADMIN[2]));
        return $retval;
    }
}
예제 #25
0
         for ($i = 0; $i < 12; $i++) {
             $random_name .= $charset[mt_rand(0, strlen($charset) - 1)];
         }
         $random_name .= '.' . $fileExtension;
         if (fm_uploadfile($directory, $random_name)) {
             if (!get_magic_quotes_gpc()) {
                 $uploadfilename = addslashes($uploadfilename);
             }
             // Status of file record will default to 0 -- not online
             $sql = "INSERT INTO {$_TABLES['nxfile_filesubmissions']} ";
             $sql .= "(cid,fname,tempname,title,ftype,description,version_note,size,mimetype,extension,submitter,date,tags) ";
             $sql .= "VALUES ({$_CLEAN['cid']},'{$uploadfilename}','{$random_name}','{$_CLEAN['filetitle']}','file',";
             $sql .= "'{$_CLEAN['description']}','{$_CLEAN['vernote']}','{$filesize}','{$mimetype}','{$fileExtension}','{$uid}','{$date}','{$_CLEAN['tags']}')";
             DB_query($sql);
             $sid = DB_insertId();
             PLG_itemSaved($sid, 'nexfile_filesubmission');
             // Determine if any users that have upload.admin permission for this category
             // or nexfile admin rights should be notified of new file awaiting approval
             fm_sendAdminApprovalNofications($cid, $sid);
             fm_updateAuditLog("New upload submission, in Category: {$cid}");
             $data['message'] = "File successfully uploaded and you will be notified once it's approved";
             $data['error'] = 'File successfully uploaded';
             $data['retcode'] = 200;
         }
     } else {
         $data['retcode'] = 400;
         $data['error'] = 'Error: You do not have upload permission for that folder';
     }
     $retval = json_encode($data);
     break;
 case 'saveversion':
예제 #26
0
 /**
  * Saves a story submission.
  *
  * @return  integer result code explaining behaviour.
  */
 function saveSubmission()
 {
     global $_USER, $_CONF, $_TABLES;
     $this->_sid = COM_makeSid();
     if (COM_isAnonUser()) {
         $this->_uid = 1;
     } else {
         $this->_uid = $_USER['uid'];
     }
     $tmptid = addslashes(COM_sanitizeID($this->_tid));
     $result = DB_query('SELECT group_id,perm_owner,perm_group,perm_members,perm_anon FROM ' . "{$_TABLES['topics']} WHERE tid = '{$tmptid}'" . COM_getTopicSQL('AND'));
     if (DB_numRows($result) == 0) {
         // user doesn't have access to this topic - bail
         return STORY_NO_ACCESS_TOPIC;
     }
     $T = DB_fetchArray($result);
     if ($_CONF['storysubmission'] == 1 && !SEC_hasRights('story.submit')) {
         $this->_sid = addslashes($this->_sid);
         $this->_tid = $tmptid;
         $this->_title = addslashes($this->_title);
         $this->_introtext = addslashes($this->_introtext);
         $this->_bodytext = addslashes($this->_bodytext);
         $this->_postmode = addslashes($this->_postmode);
         DB_save($_TABLES['storysubmission'], 'sid,tid,uid,title,introtext,bodytext,date,postmode', "{$this->_sid},'{$this->_tid}',{$this->_uid},'{$this->_title}'," . "'{$this->_introtext}','{$this->_bodytext}',NOW(),'{$this->_postmode}'");
         return STORY_SAVED_SUBMISSION;
     } else {
         // post this story directly. First establish the necessary missing data.
         $this->_sanitizeData();
         if (!isset($_CONF['show_topic_icon'])) {
             $_CONF['show_topic_icon'] = 1;
         }
         if (DB_getItem($_TABLES['topics'], 'archive_flag', "tid = '{$tmptid}'") == 1) {
             $this->_frontpage = 0;
         } elseif (isset($_CONF['frontpage'])) {
             $this->_frontpage = $_CONF['frontpage'];
         } else {
             $this->_frontpage = 1;
         }
         $this->_oldsid = $this->_sid;
         $this->_date = mktime();
         $this->_featured = 0;
         $this->_commentcode = $_CONF['comment_code'];
         $this->_trackbackcode = $_CONF['trackback_code'];
         $this->_statuscode = 0;
         $this->_show_topic_icon = $_CONF['show_topic_icon'];
         if (COM_isAnonUser()) {
             $this->_owner_id = 1;
         } else {
             $this->_owner_id = $_USER['uid'];
         }
         $this->_group_id = $T['group_id'];
         $this->_perm_owner = $T['perm_owner'];
         $this->_perm_group = $T['perm_group'];
         $this->_perm_members = $T['perm_members'];
         $this->_perm_anon = $T['perm_anon'];
         $this->saveToDatabase();
         PLG_itemSaved($this->_sid, 'article');
         COM_rdfUpToDateCheck();
         COM_olderStuff();
         return STORY_SAVED;
     }
 }
예제 #27
0
function MG_saveMediaEdit($album_id, $media_id, $actionURL)
{
    global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03;
    $back = COM_applyFilter($_POST['rpath']);
    if ($back != '') {
        $actionURL = $back;
    }
    $queue = COM_applyFilter($_POST['queue'], true);
    $replacefile = 0;
    if (isset($_POST['replacefile'])) {
        $replacefile = COM_applyFilter($_POST['replacefile']);
    }
    if ($replacefile == 1) {
        require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php';
        $repfilename = $_FILES['repfilename'];
        $filename = $repfilename['name'];
        $file = $repfilename['tmp_name'];
        $opt = array('replace' => $media_id);
        list($rc, $msg) = MG_getFile($file, $filename, $album_id, $opt);
        COM_errorLog($msg);
    }
    // see if we had an attached thumbnail before...
    $thumb = $_FILES['attthumb'];
    $thumbnail = $thumb['tmp_name'];
    $att = isset($_POST['attachtn']) ? COM_applyFilter($_POST['attachtn'], true) : 0;
    $attachtn = $att == 1 ? 1 : 0;
    $table = $queue ? $_TABLES['mg_mediaqueue'] : $_TABLES['mg_media'];
    $old_attached_tn = DB_getItem($table, 'media_tn_attached', 'media_id="' . addslashes($media_id) . '"');
    if ($old_attached_tn == 0 && $att == 1 && $thumbnail == '') {
        $attachtn = 0;
    }
    $remove_old_tn = 0;
    if ($old_attached_tn == 1 && $attachtn == 0) {
        $remove_old_tn = 1;
    }
    $remote_media = DB_getItem($table, 'remote_media', 'media_id="' . addslashes($media_id) . '"');
    $remote_url = addslashes(COM_stripslashes($_POST['remoteurl']));
    if ($_MG_CONF['htmlallowed']) {
        $media_title = COM_checkWords(COM_stripslashes($_POST['media_title']));
        $media_desc = COM_checkWords(COM_stripslashes($_POST['media_desc']));
    } else {
        $media_title = htmlspecialchars(strip_tags(COM_checkWords(COM_stripslashes($_POST['media_title']))));
        $media_desc = htmlspecialchars(strip_tags(COM_checkWords(COM_stripslashes($_POST['media_desc']))));
    }
    $media_time_month = COM_applyFilter($_POST['media_month']);
    $media_time_day = COM_applyFilter($_POST['media_day']);
    $media_time_year = COM_applyFilter($_POST['media_year']);
    $media_time_hour = COM_applyFilter($_POST['media_hour']);
    $media_time_minute = COM_applyFilter($_POST['media_minute']);
    $original_filename = COM_applyFilter(COM_stripslashes($_POST['original_filename']));
    if ($replacefile == 1) {
        $original_filename = $filename;
    }
    $cat_id = COM_applyFilter($_POST['cat_id'], true);
    $media_keywords = COM_stripslashes($_POST['media_keywords']);
    $media_keywords_safe = substr($media_keywords, 0, 254);
    $media_keywords = addslashes(htmlspecialchars(strip_tags(COM_checkWords($media_keywords_safe))));
    $artist = addslashes(COM_applyFilter(COM_stripslashes($_POST['artist'])));
    $musicalbum = addslashes(COM_applyFilter(COM_stripslashes($_POST['musicalbum'])));
    $genre = addslashes(COM_applyFilter(COM_stripslashes($_POST['genre'])));
    $media_time = mktime($media_time_hour, $media_time_minute, 0, $media_time_month, $media_time_day, $media_time_year, 1);
    $owner_sql = '';
    if (isset($_POST['owner_name'])) {
        $owner_id = COM_applyFilter($_POST['owner_name'], true);
        $owner_sql = ',media_user_id=' . $owner_id . ' ';
    }
    $sql = "UPDATE " . $table . "\n            SET media_title='" . addslashes($media_title) . "',\n            media_desc='" . addslashes($media_desc) . "',\n            media_original_filename='" . addslashes($original_filename) . "',\n            media_time=" . $media_time . ",\n            media_tn_attached=" . $attachtn . ",\n            media_category=" . intval($cat_id) . ",\n            media_keywords='" . $media_keywords . "',\n            artist='" . $artist . "',\n            album='" . $musicalbum . "',\n            genre='" . $genre . "',\n            remote_url='" . $remote_url . "' " . $owner_sql . "WHERE media_id='" . addslashes($media_id) . "'";
    DB_query($sql);
    if (DB_error() != 0) {
        echo COM_errorLog("Media Gallery: ERROR Updating image in media database");
    }
    PLG_itemSaved($media_id, 'mediagallery');
    // process playback options if any...
    if (isset($_POST['autostart'])) {
        // asf
        $opt['autostart'] = COM_applyFilter($_POST['autostart'], true);
        $opt['enablecontextmenu'] = COM_applyFilter($_POST['enablecontextmenu'], true);
        $opt['stretchtofit'] = isset($_POST['stretchtofit']) ? COM_applyFilter($_POST['stretchtofit'], true) : 0;
        $opt['showstatusbar'] = COM_applyFilter($_POST['showstatusbar'], true);
        $opt['uimode'] = COM_applyFilter($_POST['uimode']);
        $opt['height'] = isset($_POST['height']) ? COM_applyFilter($_POST['height'], true) : 0;
        $opt['width'] = isset($_POST['width']) ? COM_applyFilter($_POST['width'], true) : 0;
        $opt['bgcolor'] = isset($_POST['bgcolor']) ? COM_applyFilter($_POST['bgcolor']) : 0;
        $opt['playcount'] = isset($_POST['playcount']) ? COM_applyFilter($_POST['playcount'], true) : 0;
        $opt['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0;
        if ($opt['playcount'] < 1) {
            $opt['playcount'] = 1;
        }
        MG_savePBOption($media_id, 'autostart', $opt['autostart'], true);
        MG_savePBOption($media_id, 'enablecontextmenu', $opt['enablecontextmenu'], true);
        if ($opt['stretchtofit'] != '') {
            MG_savePBOption($media_id, 'stretchtofit', $opt['stretchtofit'], true);
        }
        MG_savePBOption($media_id, 'showstatusbar', $opt['showstatusbar'], true);
        MG_savePBOption($media_id, 'uimode', $opt['uimode']);
        MG_savePBOption($media_id, 'height', $opt['height'], true);
        MG_savePBOption($media_id, 'width', $opt['width'], true);
        MG_savePBOption($media_id, 'bgcolor', $opt['bgcolor']);
        MG_savePBOption($media_id, 'playcount', $opt['playcount'], true);
        MG_savePBOption($media_id, 'loop', $opt['loop'], true);
    }
    if (isset($_POST['play'])) {
        // swf
        $opt['play'] = COM_applyFilter($_POST['play'], true);
        $opt['menu'] = isset($_POST['menu']) ? COM_applyFilter($_POST['menu'], true) : 0;
        $opt['quality'] = isset($_POST['quality']) ? COM_applyFilter($_POST['quality']) : '';
        $opt['flashvars'] = isset($_POST['flashvars']) ? COM_applyFilter($_POST['flashvars']) : '';
        $opt['height'] = COM_applyFilter($_POST['height'], true);
        $opt['width'] = COM_applyFilter($_POST['width'], true);
        $opt['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0;
        $opt['scale'] = isset($_POST['scale']) ? COM_applyFilter($_POST['scale']) : '';
        $opt['wmode'] = isset($_POST['wmode']) ? COM_applyFilter($_POST['wmode']) : '';
        $opt['allowscriptaccess'] = isset($_POST['allowscriptaccess']) ? COM_applyFilter($_POST['allowscriptaccess']) : '';
        $opt['bgcolor'] = isset($_POST['bgcolor']) ? COM_applyFilter($_POST['bgcolor']) : '';
        $opt['swf_version'] = isset($_POST['swf_version']) ? COM_applyFilter($_POST['swf_version'], true) : 9;
        MG_savePBOption($media_id, 'play', $opt['play'], true);
        if ($opt['menu'] != '') {
            MG_savePBOption($media_id, 'menu', $opt['menu'], true);
        }
        MG_savePBOption($media_id, 'quality', $opt['quality']);
        MG_savePBOption($media_id, 'flashvars', $opt['flashvars']);
        MG_savePBOption($media_id, 'height', $opt['height'], true);
        MG_savePBOption($media_id, 'width', $opt['width'], true);
        MG_savePBOption($media_id, 'loop', $opt['loop'], true);
        MG_savePBOption($media_id, 'scale', $opt['scale']);
        MG_savePBOption($media_id, 'wmode', $opt['wmode']);
        MG_savePBOption($media_id, 'allowscriptaccess', $opt['allowscriptaccess']);
        MG_savePBOption($media_id, 'bgcolor', $opt['bgcolor']);
        MG_savePBOption($media_id, 'swf_version', $opt['swf_version'], true);
    }
    if (isset($_POST['autoplay'])) {
        // quicktime
        $opt['autoplay'] = COM_applyFilter($_POST['autoplay'], true);
        $opt['autoref'] = COM_applyFilter($_POST['autoref'], true);
        $opt['controller'] = COM_applyFilter($_POST['controller'], true);
        $opt['kioskmode'] = COM_applyFilter($_POST['kioskmode'], true);
        $opt['scale'] = COM_applyFilter($_POST['scale']);
        $opt['height'] = COM_applyFilter($_POST['height'], true);
        $opt['width'] = COM_applyFilter($_POST['width'], true);
        $opt['bgcolor'] = COM_applyFilter($_POST['bgcolor']);
        $opt['loop'] = COM_applyFilter($_POST['loop'], true);
        MG_savePBOption($media_id, 'autoref', $opt['autoref'], true);
        MG_savePBOption($media_id, 'autoplay', $opt['autoplay'], true);
        MG_savePBOption($media_id, 'controller', $opt['controller'], true);
        MG_savePBOption($media_id, 'kioskmode', $opt['kioskmode'], true);
        MG_savePBOption($media_id, 'scale', $opt['scale']);
        MG_savePBOption($media_id, 'height', $opt['height'], true);
        MG_savePBOption($media_id, 'width', $opt['width'], true);
        MG_savePBOption($media_id, 'bgcolor', $opt['bgcolor'], true);
        MG_savePBOption($media_id, 'loop', $opt['loop'], true);
    }
    if ($attachtn == 1 && $thumbnail != '') {
        require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php';
        $media_filename = DB_getItem($_TABLES['mg_media'], 'media_filename', 'media_id="' . addslashes($media_id) . '"');
        $thumbFilename = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
        MG_attachThumbnail($album_id, $thumbnail, $thumbFilename);
    }
    if ($remove_old_tn == 1) {
        $media_filename = DB_getItem($_TABLES['mg_media'], 'media_filename', 'media_id="' . addslashes($media_id) . '"');
        $tmpstr = 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
        $ext = Media::getMediaExt($_MG_CONF['path_mediaobjects'] . $tmpstr);
        if (!empty($ext)) {
            @unlink($_MG_CONF['path_mediaobjects'] . $tmpstr . $ext);
        }
    }
    if ($queue) {
        echo COM_refresh($actionURL);
    } else {
        require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
        MG_buildAlbumRSS($album_id);
        echo COM_refresh($actionURL);
    }
    exit;
}
예제 #28
0
function migrateComments($forum, $sid, $parent)
{
    global $verbose, $_TABLES, $_CONF, $migratedcomments;
    $sql = "SELECT sid,date,uid,title,comment " . "FROM {$_TABLES['comments']} WHERE sid = '{$sid}' ORDER BY date ASC";
    $result = DB_query($sql);
    $num_comments = DB_numRows($result);
    if ($verbose) {
        echo "Found {$num_comments} Comments to migrate for this topic";
    }
    $i = 0;
    while (list($sid, $commentdate, $uid, $subject, $comment) = DB_fetchArray($result)) {
        $sqlid = DB_query("SELECT id FROM {$_TABLES['forum_topic']} ORDER BY id DESC LIMIT 1");
        list($lastid) = DB_fetchArray($sqlid);
        $comment = prepareStringForDB($comment);
        $subject = prepareStringForDB($subject);
        $postmode = "HTML";
        $name = DB_getItem($_TABLES['users'], 'username', "uid={$uid}");
        $email = DB_getItem($_TABLES['users'], 'email', "uid={$uid}");
        $website = DB_getItem($_TABLES['users'], 'homepage', "uid={$uid}");
        $datetime = explode(" ", $commentdate);
        $date = explode("-", $datetime[0]);
        $time = explode(":", $datetime[1]);
        $year = $date[0] > 1969 ? $date[0] : "2001";
        $month = $date[1];
        $day = $date[2];
        $hour = $time[0];
        $min = $time[1];
        $timestamp = mktime($hour, $min, 0, $month, $day, $year);
        $lastupdated = $timestamp;
        $migratedcomments++;
        DB_query("INSERT INTO {$_TABLES['forum_topic']} " . "(forum,name,date,lastupdated, email, website, subject, " . "comment, postmode, ip, mood, uid, pid, sticky, locked) " . "VALUES ('{$forum}','{$name}','{$timestamp}','{$lastupdated}','{$email}'," . "'{$website}','{$subject}','{$comment}','{$postmode}','',''," . "'{$uid}','{$parent}','0','0')");
        PLG_itemSaved(DB_insertID(), 'forum');
        $i++;
    }
    DB_query("UPDATE {$_TABLES['forum_topic']} SET replies = {$num_comments} WHERE id={$parent}");
    return $num_comments;
}
예제 #29
0
파일: topic.php 프로젝트: mystralkk/geeklog
/**
 * Move topic UP and Down
 *
 * @param    string $tid         Topic ID
 * @param    string $where       Where to move the topic specified by $tid.
 *                               Valid values are "up" and "dn", which stand for
 *                               move 'Up' or 'Down' through the sort number.
 * @return   void
 */
function moveTopics($tid, $where)
{
    global $_TABLES;
    if (empty($tid) || empty($where)) {
        return;
    }
    $sortnum = DB_getItem($_TABLES['topics'], 'sortnum', "tid = '{$tid}'");
    $parent_id = DB_getItem($_TABLES['topics'], 'parent_id', "tid = '{$tid}'");
    if (empty($sortnum) || empty($parent_id)) {
        return;
    }
    if ($where == 'up') {
        $A = getTopicChildTreeArray(TOPIC_ROOT, array(), 'DESC');
        foreach ($A as $B) {
            $order = $B['sortnum'] - 1;
            if ($B['sortnum'] < $sortnum && $B['parent_id'] == $parent_id) {
                break;
            }
        }
    } else {
        $A = getTopicChildTreeArray(TOPIC_ROOT, array(), 'ASC');
        foreach ($A as $B) {
            $order = $B['sortnum'] + 1;
            if ($B['sortnum'] > $sortnum && $B['parent_id'] == $parent_id) {
                break;
            }
        }
    }
    DB_query("UPDATE {$_TABLES['topics']} SET sortnum = {$order} WHERE tid = '{$tid}'");
    PLG_itemSaved($tid, 'topic');
    // Reorder Topics, Delete topic cache and reload topic tree
    reorderTopics();
}
예제 #30
0
파일: topic.php 프로젝트: alxstuart/ajfs.me
/**
* Save topic to the database
*
* @param    string  $tid            Topic ID
* @param    string  $topic          Name of topic (what the user sees)
* @param    string  $imageurl       (partial) URL to topic image
* @param    string  $meta_description    Topic meta description
* @param    string  $meta_keywords       Topic meta keywords
* @param    int     $sortnum        number for sort order in "Topics" block
* @param    int     $limitnews      number of stories per page for this topic
* @param    int     $owner_id       ID of owner
* @param    int     $group_id       ID of group topic belongs to
* @param    int     $perm_owner     Permissions the owner has
* @param    int     $perm_group     Permissions the group has
* @param    int     $perm_member    Permissions members have
* @param    int     $perm_anon      Permissions anonymous users have
* @param    string  $is_default     'on' if this is the default topic
* @param    string  $is_archive     'on' if this is the archive topic
* @return   string                  HTML redirect or error message
*/
function savetopic($tid, $topic, $imageurl, $meta_description, $meta_keywords, $sortnum, $limitnews, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon, $is_default, $is_archive)
{
    global $_CONF, $_TABLES, $LANG27, $MESSAGE;
    $retval = '';
    // Convert array values to numeric permission values
    list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
    $tid = COM_sanitizeID($tid);
    $access = 0;
    if (DB_count($_TABLES['topics'], 'tid', $tid) > 0) {
        $result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['topics']} WHERE tid = '{$tid}'");
        $A = DB_fetchArray($result);
        $access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
    } else {
        $access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
    }
    if ($access < 3 || !SEC_inGroup($group_id)) {
        $retval .= COM_siteHeader('menu', $MESSAGE[30]) . COM_showMessageText($MESSAGE[29], $MESSAGE[30]) . COM_siteFooter();
        COM_accessLog("User {$_USER['username']} tried to illegally create or edit topic {$tid}.");
    } elseif (!empty($tid) && !empty($topic)) {
        if ($imageurl == '/images/topics/') {
            $imageurl = '';
        }
        $topic = addslashes($topic);
        $meta_description = addslashes(strip_tags($meta_description));
        $meta_keywords = addslashes(strip_tags($meta_keywords));
        if ($is_default == 'on') {
            $is_default = 1;
            DB_query("UPDATE {$_TABLES['topics']} SET is_default = 0 WHERE is_default = 1");
        } else {
            $is_default = 0;
        }
        $is_archive = $is_archive == 'on' ? 1 : 0;
        $archivetid = DB_getItem($_TABLES['topics'], 'tid', "archive_flag=1");
        if ($is_archive) {
            // $tid is the archive topic
            // - if it wasn't already, mark all its stories "archived" now
            if ($archivetid != $tid) {
                DB_query("UPDATE {$_TABLES['stories']} SET featured = 0, frontpage = 0, statuscode = " . STORY_ARCHIVE_ON_EXPIRE . " WHERE tid = '{$tid}'");
                DB_query("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1");
            }
        } else {
            // $tid is not the archive topic
            // - if it was until now, reset the "archived" status of its stories
            if ($archivetid == $tid) {
                DB_query("UPDATE {$_TABLES['stories']} SET statuscode = 0 WHERE tid = '{$tid}'");
                DB_query("UPDATE {$_TABLES['topics']} SET archive_flag = 0 WHERE archive_flag = 1");
            }
        }
        if (isset($_POST['old_tid'])) {
            $old_tid = COM_applyFilter($_POST['old_tid']);
            if (!empty($old_tid)) {
                $old_tid = COM_sanitizeID($old_tid);
                changetopicid($tid, $old_tid);
                $old_tid = addslashes($old_tid);
                DB_delete($_TABLES['topics'], 'tid', $old_tid);
            }
        }
        DB_save($_TABLES['topics'], 'tid, topic, imageurl, meta_description, meta_keywords, sortnum, limitnews, is_default, archive_flag, owner_id, group_id, perm_owner, perm_group, perm_members, perm_anon', "'{$tid}', '{$topic}', '{$imageurl}', '{$meta_description}', '{$meta_keywords}','{$sortnum}','{$limitnews}',{$is_default},'{$is_archive}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
        if ($old_tid != $tid) {
            PLG_itemSaved($tid, 'topic', $old_tid);
        } else {
            PLG_itemSaved($tid, 'topic');
        }
        // update feed(s) and Older Stories block
        COM_rdfUpToDateCheck('article', $tid);
        COM_olderStuff();
        $retval = COM_refresh($_CONF['site_admin_url'] . '/topic.php?msg=13');
    } else {
        $retval .= COM_siteHeader('menu', $LANG27[1]);
        $retval .= COM_errorLog($LANG27[7], 2);
        $retval .= COM_siteFooter();
    }
    return $retval;
}