function admin_user_edit($id) { global $db; if (isset($_POST['submit'])) { if ($db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'username = \'' . strsave(htmlspecialchars($_POST['username'])) . '\' AND ID != ' . $id) or $_POST['username'] == '') { $_POST['username'] = $db->result(DB_PRE . 'ecp_user', 'username', 'ID = ' . $id); table(ERROR, ACCOUNT_ALLREADY_EXIST); } if ($db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'email = \'' . strsave($_POST['username']) . '\' AND ID != ' . $id) or !check_email($_POST['email'])) { $_POST['email'] = $db->result(DB_PRE . 'ecp_user', 'email', 'ID = ' . $id); if (!check_email($_POST['email'])) { table(ERROR, WRONG_EMAIL); } else { table(ERROR, EMAIL_ALLREADY_EXIST); } } $geburtstag = explode('.', $_POST['birthday']); $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_user SET username = \'%s\',email = \'%s\',country = \'%s\', sex = \'%s\',signatur = \'%s\',realname = \'%s\', geburtstag = \'%s\',homepage = \'%s\',icq = \'%s\', msn = \'%s\',yahoo = \'%s\',skype = \'%s\',xfire = \'%s\', clanname = \'%s\',clanirc = \'%s\',clanhomepage = \'%s\', clanhistory = \'%s\',cpu = \'%s\',mainboard = \'%s\', ram = \'%s\',gkarte = \'%s\',skarte = \'%s\', monitor = \'%s\',maus = \'%s\',tastatur = \'%s\', mauspad = \'%s\',internet = \'%s\',festplatte = \'%s\', headset = \'%s\',aboutme = \'%s\', wohnort = \'%s\', aim = \'%s\' WHERE ID = ' . $id, strsave(htmlspecialchars(@$_POST['username'])), strsave(@$_POST['email']), strsave(@$_POST['country']), @$_POST['sex'] == 'male' ? 'male' : 'female', strsave(comment_save(@$_POST['signatur'])), strsave(htmlspecialchars(@$_POST['realname'])), (int) @$geburtstag[2] . '-' . (int) @$geburtstag[1] . '-' . (int) @$geburtstag[0], strsave(htmlspecialchars(check_url(@$_POST['homepage']))), strsave(htmlspecialchars(@$_POST['icq'])), strsave(htmlspecialchars(@$_POST['msn'])), strsave(htmlspecialchars(@$_POST['yahoo'])), strsave(htmlspecialchars(@$_POST['skype'])), strsave(htmlspecialchars(@$_POST['xfire'])), strsave(htmlspecialchars(@$_POST['clanname'])), strsave(htmlspecialchars(@$_POST['clanirc'])), strsave(htmlspecialchars(check_url(@$_POST['clanhomepage']))), strsave(htmlspecialchars(@$_POST['clanhistory'])), strsave(htmlspecialchars(@$_POST['cpu'])), strsave(htmlspecialchars(@$_POST['mainboard'])), strsave(htmlspecialchars(@$_POST['ram'])), strsave(htmlspecialchars(@$_POST['gkarte'])), strsave(htmlspecialchars(@$_POST['skarte'])), strsave(htmlspecialchars(@$_POST['monitor'])), strsave(htmlspecialchars(@$_POST['maus'])), strsave(htmlspecialchars(@$_POST['tastatur'])), strsave(htmlspecialchars(@$_POST['mauspad'])), strsave(htmlspecialchars(@$_POST['internet'])), strsave(htmlspecialchars(@$_POST['festplatte'])), strsave(htmlspecialchars(@$_POST['headset'])), strsave(comment_save(@$_POST['aboutme'])), strsave(htmlspecialchars(@$_POST['wohnort'])), strsave(htmlspecialchars(@$_POST['aim']))); if ($db->query($sql) and $db->query('UPDATE ' . DB_PRE . 'ecp_user_stats SET comments = ' . (int) $_POST['comments'] . ', money = ' . (double) $_POST['money'] . ' WHERE userID = ' . $id)) { header1('?section=admin&site=user'); } } else { $tpl = new smarty(); $row = $db->fetch_assoc('SELECT `username`, `email`, `country`, `sex`, `signatur`, `realname`, `wohnort`, `geburtstag`, `homepage`, `icq`, `msn`, `yahoo`, `skype`, `xfire`, `clanname`, `clanirc`, `clanhomepage`, `clanhistory`, `cpu`, `mainboard`, `ram`, `gkarte`, `skarte`, `monitor`, `maus`, `tastatur`, `mauspad`, `internet`, `festplatte`, `headset`, `aboutme`, `ondelete`, aim, money, comments FROM ' . DB_PRE . 'ecp_user LEFT JOIN ' . DB_PRE . 'ecp_user_stats ON (userID = ID) WHERE ID = ' . $id); $row['birthday'] = date('d.m.Y', strtotime($row['geburtstag'])); foreach ($row as $key => $value) { $tpl->assign($key, $value); } ob_start(); $tpl->assign('countries', form_country($row['country'])); $tpl->display(DESIGN . '/tpl/admin/user_edit.html'); $content = ob_get_contents(); ob_end_clean(); main_content(ACCOUNT_EDIT, $content, '', 1); } }
function onsave($content) { if ($this->nosuchcomment) { return PANEL_REDIRECT_DEFAULT; } $comment = comment_parse($_REQUEST['entry'], $_REQUEST['comment']); if (isset($comment['loggedin'])) { $content['loggedin'] = $comment['loggedin']; } $content['ip-address'] = $comment['ip-address']; $content['date'] = $comment['date']; $success = comment_save($_REQUEST['entry'], $content); $this->smarty->assign('success', $success ? 1 : -1); return PANEL_REDIRECT_CURRENT; }
public function actionAddPraise() { if (isset($_POST['uid']) & isset($_POST['cid'])) { $comment = comment_load($_POST['cid']); $praise['value'] = $_POST['uid']; if (in_array($praise, $comment->field_praise['und'])) { $res['error_code'] = 1; $res['error_msg'] = "您已点赞"; } else { array_push($comment->field_praise['und'], $praise); comment_save($comment); $res['error_code'] = 0; $res['error_msg'] = null; } $jsonObj = CJSON::encode($res); echo $jsonObj; } else { $basic = new basic(); $basic->error_code = 1; $basic->error_msg = "no input parameters"; $jsonObj = CJSON::encode($basic); echo $jsonObj; die(0); } }
/** * Updates the local content with data from a Lingotek Document. * * @return bool * TRUE if the content updates succeeded, FALSE otherwise. */ public function updateLocalContent() { $success = TRUE; $metadata = $this->metadata(); if (!empty($metadata['document_id'])) { $document_id = $metadata['document_id']; $api = LingotekApi::instance(); $document = $api->getDocument($document_id); foreach ($document->translationTargets as $target) { $document_xml = $api->downloadDocument($metadata['document_id'], $target->language); $target_language = Lingotek::convertLingotek2Drupal($target->language); foreach ($document_xml as $drupal_field_name => $content) { // Figure out which subkey of the field data we're targeting. // "value" for standard text fields, or some other key for // compound text fields (text with summary, for example). $target_key = 'value'; $subfield_parts = explode('__', $drupal_field_name); if (count($subfield_parts) == 2) { $drupal_field_name = $subfield_parts[0]; $target_key = $subfield_parts[1]; } $field = field_info_field($drupal_field_name); if (!empty($field['lingotek_translatable'])) { $comment_field =& $this->comment->{$drupal_field_name}; $index = 0; foreach ($content as $text) { $comment_field[$target_language][$index][$target_key] = decode_entities(lingotek_xml_decode($text)); // Copy filter format from source language field. if (!empty($comment_field[$this->comment->language][0]['format'])) { $comment_field[$target_language][$index]['format'] = $comment_field[$this->comment->language][0]['format']; } $index++; } } } $comment_node = LingotekNode::loadById($this->comment->nid); $comment_fields = array_keys(field_info_instances('comment', 'comment_node_' . $comment_node->type)); foreach ($comment_fields as $field) { // Copy any untranslated fields from the default language into this target. if (isset($this->comment->{$field}[$this->comment->language]) && !isset($this->comment->{$field}[$target_language])) { $this->comment->{$field}[$target_language] = $this->comment->{$field}[$this->comment->language]; } // Ensure that all fields get their LANGUAGE_NONE field data populated with the // comment's default language data, to support toggling off of comment translation // at some point in the future. if (!empty($this->comment->{$field}[$this->comment->language])) { $this->comment->{$field}[LANGUAGE_NONE] = $this->comment->{$field}[$this->comment->language]; } } } // This avoids an infitinite loop when hooks resulting from comment_save() are invoked. self::$content_update_in_progress = TRUE; comment_save($this->comment); self::$content_update_in_progress = FALSE; $this->comment = comment_load($this->comment->cid); } else { LingotekLog::error('Unable to refresh local contents for comment @cid. Could not find Lingotek Document ID.', array('@cid' => $this->comment->cid)); $success = FALSE; } return $success; }
function comment_create($blog_serial, $comment_author, $comment_content, $comment_vcode) { if ($comment_vcode != $_SESSION[$_SERVER['HTTP_HOST']]['vcode']) { return false; } $comment_serial = $blog_serial . '#' . str_replace(' ', '-', microtime()); return comment_save($comment_serial, $comment_author, $comment_content); }
function forum_edit_replay($id, $bid, $tid) { global $db; $thread = $db->fetch_assoc('SELECT `threadID`, `bID`, `threadname`, a.boardparentID, ' . DB_PRE . 'ecp_forum_threads.closed,userID, comment, attachs,postname, adatum, a.editcom,a.editmocom,a.rightsread, a.commentsperpost, a.moneyperpost, a.boardparentID, a.name, a.attachments, a.attachmaxsize, a.postcom, a.attachfiles, b.rightsread as parentRead FROM ' . DB_PRE . 'ecp_forum_threads LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS a ON (bID = a.boardID) LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS b ON (b.boardID = a.boardparentID) LEFT JOIN ' . DB_PRE . 'ecp_forum_comments ON (comID = ' . $id . ') WHERE threadID = ' . $tid . ' AND bID = ' . $bid); if (@$_SESSION['userID'] and find_access($thread['rightsread']) and find_access($thread['parentRead']) and (find_access($thread['editcom']) and $_SESSION['userID'] == $thread['userID'] or find_access($thread['editmocom'])) and $db->errorNum() == 0) { if (isset($_POST['comment'])) { if ($_POST['comment'] == '' or isset($_POST['username']) and $_POST['username'] == '' or isset($_POST['title']) and $_POST['title'] == '') { table(ERROR, NOT_NEED_ALL_INPUTS); $tpl = new smarty(); $tpl->assign('func', 'edit'); $tpl->assign('func2', '&comID=' . $id); $tpl->assign('comment', $_POST['comment']); if ($db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $tid . ' AND adatum < ' . $thread['adatum'] . ' ORDER BY adatum ASC') == 0) { $tpl->assign('title', $thread['threadname']); } if ($thread['userID'] == 0) { $tpl->assign('username', $thread['postname']); } ob_start(); if ($thread['attachments'] and $thread['attachmaxsize']) { $attachs = $db->result(DB_PRE . 'ecp_forum_attachments', 'COUNT(attachID)', 'mID = ' . $id . ' AND tID = ' . $tid); if ($thread['attachments'] > $attachs) { $rand = get_random_string(16, 2); $tpl->assign('attach', find_access($thread['attachfiles'])); $tpl->assign('maxsize', $thread['attachmaxsize']); $tpl->assign('rand', $rand); $tpl->assign('sid', session_name() . '=' . session_id()); $tpl->assign('maxuploads', $thread['attachments'] - $attachs); $tpl->assign('uploadinfo', str_replace(array('{anzahl}', '{max}'), array($thread['attachments'] - $attachs, goodsize($thread['attachmaxsize'])), FORUM_ATTACH_INFO)); $_SESSION['forum']['attach'][$bid] = $rand; } } $tpl->assign('quote', true); $tpl->display(DESIGN . '/tpl/forum/comments_add_edit' . ((UPLOAD_METHOD == 'old' and $thread['attachments'] and $thread['attachmaxsize']) ? '_old' : '') . '.html'); $content = ob_get_contents(); ob_end_clean(); main_content(FORUM_POST_EDIT, $content, '', 1); } else { if ($db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_forum_comments SET postname = \'%s\', comment = \'%s\', edits =edits +1, editdatum = %d, edituserID = %d WHERE comID = %d', strsave(htmlspecialchars(@$_POST['username'])), strsave(comment_save($_POST['comment'])), time(), @(int) $_SESSION['userID'], $id))) { if (find_access($thread['attachfiles'])) { if (UPLOAD_METHOD == 'old') { $maxattach = $thread['attachments'] - $db->result(DB_PRE . 'ecp_forum_attachments', 'COUNT(attachID)', 'bID = ' . $bid . ' AND mID = ' . $id); foreach ($_FILES as $key => $value) { if ($_FILES[$key] == '' or $maxattach <= 0 or $_FILES[$key]['size'] > $thread['attachmaxsize']) { continue; } $mine = getMimeType($_FILES[$key]['tmp_name'], $_FILES[$key]['name']); if ($mine == 'application/zip' or $mine == 'application/x-rar-compressed' or $mine == 'image/bmp' or $mine == 'image/gif' or $mine == 'image/jpeg' or $mine == 'image/png' or $mine == 'application/pdf' or $mine == 'text/plain' or $mine == 'text/css' or $mine == 'text/html') { $sha1 = sha1_file($_FILES[$key]['tmp_name']); if ($db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_forum_attachments (`bID`, `userID`, `name`, `size`, `strname`, uploadzeit, IP, tID, mID) VALUES (%d, %d, \'%s\', %d, \'%s\', %d, \'%s\', %d, %d)', $bid, @(int) $_SESSION['userID'], strsave($_FILES[$key]['name']), (int) $_FILES[$key]['size'], $sha1, time(), $_SERVER['REMOTE_ADDR'], $tid, $id))) { move_uploaded_file($_FILES[$key]['tmp_name'], 'uploads/forum/' . $db->last_id() . '_' . $sha1); umask(0); chmod('uploads/forum/' . $db->last_id() . '_' . $sha1, CHMOD); $db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET anhaenge = 1 WHERE threadID = ' . $tid); $db->query('UPDATE ' . DB_PRE . 'ecp_forum_comments SET attachs = 1 WHERE comID = ' . $id); } $maxattach--; } } } else { $db->query(sprintf('UPDATE ' . DB_PRE . 'ecp_forum_attachments SET `tID` = %d, `mID` = %d WHERE validation = \'%s\' AND bID = %d', $id, $comid, strsave($_GET['rand']), $bid)); if ($db->affekt_rows()) { $db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET anhaenge = 1 WHERE threadID = ' . $id); $db->query('UPDATE ' . DB_PRE . 'ecp_forum_comments SET attachs = 1 WHERE comID = ' . $comid); } } } if ($db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $tid . ' AND adatum < ' . $thread['adatum'] . ' ORDER BY adatum ASC') == 0) { $db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET threadname = \'' . strsave(htmlspecialchars($_POST['title'])) . '\', vonname = \'' . strsave(htmlspecialchars(@$_POST['username'])) . '\' WHERE threadID = ' . $tid); } $last = $db->fetch_assoc('SELECT userID,postname,adatum, tID FROM ' . DB_PRE . 'ecp_forum_comments WHERE boardID = ' . $bid . ' ORDER BY adatum DESC LIMIT 1'); $db->query('UPDATE ' . DB_PRE . 'ecp_forum_boards SET `lastpostuserID` = ' . (int) $last['userID'] . ', `lastpostuser` = \'' . $last['postname'] . '\', `lastpost` = ' . (int) $last['adatum'] . ', lastthreadID = ' . (int) $last['tID'] . ' WHERE (boardID = ' . $bid . ' OR boardID = ' . $thread['boardparentID'] . ')'); $last = $db->fetch_assoc('SELECT userID,postname,adatum FROM ' . DB_PRE . 'ecp_forum_comments WHERE tID = ' . $tid . ' ORDER BY adatum DESC LIMIT 1'); $db->query('UPDATE ' . DB_PRE . 'ecp_forum_threads SET `lastuserID` = ' . $last['userID'] . ', `lastusername` = \'' . $last['postname'] . '\', `lastreplay` = ' . $last['adatum'] . ' WHERE threadID = ' . $tid); unset($_SESSION['forum']['attach'][$bid]); $anzahl = $db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $tid . ' AND boardID =' . $bid . ' AND adatum < ' . $thread['adatum']); header1('?section=forum&action=thread&boardID=' . $bid . '&threadID=' . $tid . '&page=' . (ceil(($anzahl - 1) / LIMIT_FORUM_COMMENTS) + 1) . '#com_' . $id); } } } else { $tpl = new smarty(); $tpl->assign('comment', htmlspecialchars($thread['comment'])); $tpl->assign('func', 'edit'); $tpl->assign('func2', '&comID=' . $id); if ($db->result(DB_PRE . 'ecp_forum_comments', 'COUNT(comID)', 'tID = ' . $tid . ' AND adatum < ' . $thread['adatum'] . ' ORDER BY adatum ASC') == 0) { $tpl->assign('title', $thread['threadname']); } if ($thread['userID'] == 0) { $tpl->assign('username', $thread['postname']); } ob_start(); if ($thread['attachments'] and $thread['attachmaxsize']) { $attachs = $db->result(DB_PRE . 'ecp_forum_attachments', 'COUNT(attachID)', 'mID = ' . $id . ' AND tID = ' . $tid); if ($thread['attachments'] > $attachs) { $rand = get_random_string(16, 2); $tpl->assign('attach', find_access($thread['attachfiles'])); $tpl->assign('maxsize', $thread['attachmaxsize']); $tpl->assign('rand', $rand); $tpl->assign('sid', session_name() . '=' . session_id()); $tpl->assign('maxuploads', $thread['attachments'] - $attachs); $tpl->assign('uploadinfo', str_replace(array('{anzahl}', '{max}'), array($thread['attachments'] - $attachs, goodsize($thread['attachmaxsize'])), FORUM_ATTACH_INFO)); $_SESSION['forum']['attach'][$bid] = $rand; } } $tpl->assign('quote', true); $tpl->display(DESIGN . '/tpl/forum/comments_add_edit' . ((UPLOAD_METHOD == 'old' and $thread['attachments'] and $thread['attachmaxsize']) ? '_old' : '') . '.html'); $content = ob_get_contents(); ob_end_clean(); main_content(FORUM_POST_EDIT, $content, '', 1); } } else { table(ERROR, ACCESS_DENIED); } }
$node->casetracker['case_status_id'] = $tditem_completed ? 5 : 4; // Save the node. node_save($node); // Hack to work around node.module's autotimestamping. db_query('UPDATE {node} SET changed = %d WHERE nid = %d', $tditem_date, $node->nid); // Get a clean copy of the casetracker datastructure. $ct_copy = (array) $node->casetracker; unset($ct_copy['nid'], $ct_copy['vid'], $ct_copy['case_number']); foreach ($item->end()->find('>comments>comment') as $comment) { $tdcomment_aid = $comment->find('>author-id')->text(); $tdcomment_author = $userMap[$tdcomment_aid]; $tdcomment_body = $comment->end()->find('>body')->text(); $tdcomment_subject = substr($tdcomment_body, 0, 32); $tdcomment_date = @strtotime($comment->end()->find('>created-at:first')->text()); printf(' ' . $cformat, $tdcomment_author, $tdcomment_date); // Write comment. $comment = array('author' => $usernameMap[$tdcomment_aid], 'comment' => $tdcomment_body, 'format' => $default_format, 'nid' => $node->nid, 'uid' => $tdcomment_author, 'status' => 0, 'timestamp' => $tdcomment_date, 'subject' => $tdcomment_subject, 'op' => 'Save', 'submit' => 'Save', 'notifications_content_disable' => 0, 'notifications_team' => array('selected' => TRUE), 'casetracker' => $ct_copy); //print_r($comment); $cid = comment_save($comment); // Hack to get around comment.module's automatic timestamp. db_query('UPDATE {comments} SET timestamp = %s WHERE cid = %d', $tdcomment_date, $cid); _comment_update_node_statistics($node->nid); } print PHP_EOL; } } // Cleans up ordering for 'User Recent Activity' view. // Updates all nodes from the past 24 hours (the ones just imported) // that weren't caught and updates them. $yesterday = time() - 24 * 60 * 60; $q = db_query('UPDATE {node} SET changed = created WHERE changed > %s', $yesterday);
$tpl->display(DESIGN . '/tpl/joinus/joinus.html'); $content = ob_get_contents(); ob_end_clean(); main_content(JOINUS, $content, '', 1); } elseif (!$db->result(DB_PRE . 'ecp_teams', 'COUNT(tID)', 'joinus = 1 AND tID = ' . (int) $_POST['teamID'])) { table(ERROR, JOINUS_NO_TEAM); $tpl = new smarty(); ob_start(); $tpl->assign('countries', form_country($_POST['country'])); $tpl->assign('teams', get_teams_form_joinus($_POST['teamID'])); $tpl->display(DESIGN . '/tpl/joinus/joinus.html'); $content = ob_get_contents(); ob_end_clean(); main_content(JOINUS, $content, '', 1); } else { $sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_joinus (`name`, `username`, `email`, `icq`, `msn`, `age`, `country`, `teamID`, `comment`, `IP`, `datum`) VALUES (\'%s\',\'%s\',\'%s\',\'%s\',\'%s\',%d,\'%s\',%d,\'%s\',\'%s\',%d)', strsave(htmlspecialchars($_POST['name'])), strsave(htmlspecialchars($_POST['username'])), strsave($_POST['email']), strsave(htmlspecialchars($_POST['icq'])), strsave(htmlspecialchars($_POST['msn'])), (int) $_POST['age'], strsave(htmlspecialchars($_POST['country'])), (int) $_POST['teamID'], strsave(comment_save($_POST['comment'])), strsave($_SERVER['REMOTE_ADDR']), time()); if ($db->query($sql)) { $id = $db->last_id(); $result = $db->query('SELECT groupID FROM ' . DB_PRE . 'ecp_groups WHERE admin LIKE "%joinus:view%"'); $search = 'gID = 1 '; while ($row = $db->fetch_assoc()) { $search .= 'OR gID = ' . $row['groupID']; } $result = $db->query('SELECT DISTINCT(userID) as userID, username, country FROM ' . DB_PRE . 'ecp_user_groups LEFT JOIN ' . DB_PRE . 'ecp_user ON ID = userID WHERE ' . $search); $db->query('SELECT * FROM ' . DB_PRE . 'ecp_texte WHERE name = "NEW_JOINUS"'); $text = array(); while ($row = $db->fetch_assoc()) { $text[$row['lang']] = $row; } while ($row = mysql_fetch_assoc($result)) { $search = array('{username}', '{from_username}', '{id}');
function bootstrap_theme_create_comment_form_submit(&$form, &$form_state) { global $user; $comment_form = $form_state['values']; $comment = (object) array('nid' => $comment_form['nid'], 'uid' => $user->uid, 'mail' => '', 'is_anonymous' => FALSE, 'status' => COMMENT_PUBLISHED, 'language' => LANGUAGE_NONE, 'comment_body' => array(LANGUAGE_NONE => array(0 => array('value' => $comment_form['body'], 'format' => 'filtered_html')))); comment_submit($comment); comment_save($comment); drupal_set_message('Successfully created new comment.'); $form_state['no_redirect'] = TRUE; $form_state['rebuild'] = TRUE; $form_state['programmed'] = FALSE; }
/** * Implement the save function for the entity. */ public function entity_save($entity) { comment_save($entity); }
function guestbook_add() { global $db; if (isset($_POST['submit'])) { $last = @$db->result(DB_PRE . 'ecp_comments', 'datum', 'bereich="guestbook" AND IP =\'' . strsave($_SERVER['REMOTE_ADDR']) . '\''); if ($_POST['author'] == '' or $_POST['commentstext'] == '' or $_POST['captcha'] == '') { table(ERROR, NOT_NEED_ALL_INPUTS); $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html'); $content = ob_get_contents(); ob_end_clean(); main_content(GUESTBOOK_ADD, $content, '', 1); } elseif (!check_email($_POST['email']) and $_POST['email'] != '') { table(ERROR, WRONG_EMAIL); $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html'); $content = ob_get_contents(); ob_end_clean(); main_content(GUESTBOOK_ADD, $content, '', 1); } elseif (strtolower($_POST['captcha']) != strtolower($_SESSION['captcha'])) { table(ERROR, CAPTCHA_WRONG); $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html'); $content = ob_get_contents(); ob_end_clean(); main_content(GUESTBOOK_ADD, $content, '', 1); } elseif ($last > time() - SPAM_GUESTBOOK or @(int) $_COOKIE['guestbook'] > time() - SPAM_GUESTBOOK) { $last > time() - SPAM_GUESTBOOK ? $zeit = SPAM_GUESTBOOK + $last - time() : ($zeit = SPAM_GUESTBOOK + $_COOKIE['guestbook'] - time()); table(ERROR, str_replace(array('{sek}', '{zeit}'), array(SPAM_GUESTBOOK, $zeit), SPAM_PROTECTION_MSG)); $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html'); $content = ob_get_contents(); ob_end_clean(); main_content(GUESTBOOK_ADD, $content, '', 1); } else { $sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_comments (`bereich`, `author`, `beitrag`, `email`, `homepage`, `datum`, `IP`) VALUES ("guestbook", \'%s\', \'%s\', \'%s\', \'%s\', %d, \'%s\')', strsave(htmlspecialchars($_POST['author'])), strsave(comment_save($_POST['commentstext'])), strsave(htmlspecialchars($_POST['email'])), strsave(htmlspecialchars(check_url($_POST['homepage']))), time(), strsave($_SERVER['REMOTE_ADDR'])); if ($db->query($sql)) { setcookie('guestbook', time(), time() + 365 * 86400); header1('?section=guestbook'); } } unset($_SESSION['captcha']); } else { $tpl = new smarty(); ob_start(); $tpl->display(DESIGN . '/tpl/guestbook/guestbook_add.html'); $content = ob_get_contents(); ob_end_clean(); main_content(GUESTBOOK_ADD, $content, '', 1); } }
public function post($route, $form) { global $user; if ($route == 'comments.json') { $options = $this->getOptions(); $node = node_load($options['nid']); if ($options['uid'] != $user->uid || !is_object($node)) { return false; } // Should we let the comment pass ? if ($node->comment != COMMENT_NODE_OPEN || !user_access('post comments')) { // Access denied. return false; } if (!empty($form->values['cid'])) { $comment = comment_load($form->values['cid']); if (!is_object($comment)) { // Not existent CID.. Access denied return false; } $nodeSubmittedComment = node_load($comment->nid); if (!is_object($nodeSubmittedComment) || $nodeSubmittedComment->nid != $node->nid) { return FALSE; // BAD nid.. Or node non existent } // Publish if ($form->values['toPublish']) { if (user_access('administer comments') && user_access('post comments')) { $comment->status = COMMENT_PUBLISHED; comment_save($comment); } return; } // Deletion if ($form->values['toDelete']) { if (user_access('administer comments') && user_access('post comments')) { comment_delete($comment->cid); } return; } if (!comment_access('edit', $comment)) { return FALSE; // No access to edit the comment. } } if (empty($comment)) { $pid = NULL; if (!empty($form->values['pid'])) { if ($form->values['pid'] == (int) $form->values['pid']) { if ($comment_parent = comment_load((int) $form->values['pid'])) { $pid = $form->values['pid']; } } } $comment = new stdClass(); $comment->nid = $node->nid; $comment->pid = $pid; $comment->uid = $user->uid; $comment->name = check_plain($form->values['author']); } $comment->subject = check_plain($form->values['subject']); $field = field_info_field('comment_body'); $langcode = field_is_translatable('comment', $field) ? entity_language('comment', $comment) : LANGUAGE_NONE; $field_infos = field_info_instance('comment', 'comment_body', 'comment_node_' . $node->type); $format = $options['comment-body-format']; $text_processing = $field_infos['settings']['text_processing']; $body = $form->values['body']; $body = $format != 'plain_text' && $text_processing ? check_markup($body, $format) : check_plain($body); if ($text_processing) { $comment->comment_body[$langcode][0]['format'] = $format; } $comment->comment_body = array($langcode => array()); $comment->comment_body[$langcode][0]['value'] = $body; comment_submit($comment); comment_save($comment); cache_clear_all(); } }
function commentform() { global $smarty, $lang, $fpdb, $fp_params; $comment_formid = 'fp-comments'; $smarty->assign('comment_formid', $comment_formid); if (!empty($_POST)) { # utils_nocache_headers(); // add http to url if (!empty($_POST['url']) && strpos($_POST['url'], 'http://') === false) { $_POST['url'] = 'http://' . $_POST['url']; } // custom hook here!! if ($arr = comment_validate()) { global $fp_config; $id = comment_save($fp_params['entry'], $arr); do_action('comment_post', $fp_params['entry'], array($id, $arr)); $q = new FPDB_Query(array('id' => $fp_params['entry'], 'fullparse' => false), null); list($entryid, $e) = $q->getEntry(); if ($fp_config['general']['notify'] && !user_loggedin()) { global $post; $comm_mail = isset($arr['email']) ? "<{$arr['email']}>" : ''; $from_mail = $fp_config['general']['email']; $post = $e; // plugin such as prettyurls might need this... $lang = lang_load('comments'); $mail = str_replace(array('%toname%', '%fromname%', '%frommail%', '%entrytitle%', '%commentlink%', '%content%', '%blogtitle%'), array($fp_config['general']['author'], $arr['name'], $comm_mail, $e['subject'], get_comments_link($entryid) . '#' . $id, $arr['content'], $fp_config['general']['title']), $lang['comments']['mail']); @utils_mail($from_mail, "New comment on {$fp_config['general']['title']}", $mail); } // if comment is valid, this redirect will clean the postdata $location = str_replace('&', '&', get_comments_link($entryid)) . '#' . $id; utils_redirect($location, true); exit; } else { $smarty->assign('values', $_POST); } } // Cookies $smarty->assign('cookie', array('name' => @$_COOKIE['comment_author_' . COOKIEHASH], 'email' => @$_COOKIE['comment_author_email_' . COOKIEHASH], 'url' => @$_COOKIE['comment_author_url_' . COOKIEHASH])); }
function message_send($to, $from, $title, $msg, $save = 1, $system = 0) { global $db; if ($system) { if ($db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_messages (`touser`, `title`, `msg`, `fromdel`, `datum`) VALUES (%d, \'%s\', \'%s\', 1, %d)', (int) $to, strsave($title), strsave($msg), time()))) { $db->query('UPDATE ' . DB_PRE . 'ecp_user_stats SET msg_r = msg_r + 1 WHERE userID = ' . (int) $to); return true; } else { return false; } } else { if ($db->query(sprintf('INSERT INTO ' . DB_PRE . 'ecp_messages (`touser`, `title`, `msg`, `fromdel`, `datum`, fromuser) VALUES (%d, \'%s\', \'%s\', 0, %d, %d)', (int) $to, strsave(htmlspecialchars($title)), strsave(comment_save($msg)), time(), (int) $from))) { $db->query('UPDATE ' . DB_PRE . 'ecp_user_stats SET msg_r = msg_r + 1 WHERE userID = ' . (int) $to); $db->query('UPDATE ' . DB_PRE . 'ecp_user_stats SET msg_s = msg_s + 1 WHERE userID = ' . (int) $from); return true; } else { return false; } } }
$content = ob_get_contents(); ob_end_clean(); echo html_ajax_convert($content); } } else { echo html_ajax_convert(ACCESS_DENIED); } break; case 'thread_survey_edit': $array = $db->fetch_assoc('SELECT ende, frage, antworten, c.threadID, bID, vonID, a.boardID, a.boardparentID, a.rightsread, a.editcom, a.editmocom, a.delcom, b.rightsread as parentRead FROM ' . DB_PRE . 'ecp_forum_survey AS s LEFT JOIN ' . DB_PRE . 'ecp_forum_threads AS c ON (c.threadID = s.threadID) LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS a ON (s.boardID = a.boardID) LEFT JOIN ' . DB_PRE . 'ecp_forum_boards AS b ON (a.boardparentID = b.boardID) WHERE s.fsurveyID = ' . (int) $_GET['id']); if (isset($array['rightsread']) and find_access($array['rightsread']) and find_access($array['parentRead']) and (isset($array['delcom']) and find_access($array['delcom']) or isset($array['editcom']) and find_access($array['editcom']) and $array['userID'] == @$_SESSION['userID'] or isset($array['editmocom']) and find_access($array['editmocom']))) { if (isset($_POST['frage'])) { if ($_POST['frage'] == '') { echo NOT_NEED_ALL_INPUTS; } else { if ($db->query('UPDATE ' . DB_PRE . 'ecp_forum_survey SET frage = \'' . strsave(comment_save($_POST['frage'])) . '\', ende = ' . (int) @strtotime($_POST['ende']) . ', antworten = ' . (int) $_POST['antworten'] . ' WHERE fsurveyID = ' . (int) $_GET['id'])) { echo 'ok'; } } } else { ob_start(); $tpl = new Smarty(); $tpl->assign('id', (int) $_GET['id']); $tpl->assign('frage', $array['frage']); if ($array['ende'] != 0) { $tpl->assign('ende', date('Y-m-d H:i:s', $array['ende'])); } $tpl->assign('antworten', $array['antworten']); $tpl->display(DESIGN . '/tpl/forum/survey_edit.html'); $content = ob_get_contents(); ob_end_clean();
function account_edit() { global $db; if (isset($_POST['submit'])) { if ($db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'username = \'' . strsave(htmlspecialchars($_POST['username'])) . '\' AND ID != ' . $_SESSION['userID']) or $_POST['username'] == '') { $_POST['username'] = $db->result(DB_PRE . 'ecp_user', 'username', 'ID = ' . $_SESSION['userID']); table(ERROR, ACCOUNT_ALLREADY_EXIST); } if ($db->result(DB_PRE . 'ecp_user', 'COUNT(ID)', 'email = \'' . strsave($_POST['username']) . '\' AND ID != ' . $_SESSION['userID']) or !check_email($_POST['email'])) { $_POST['email'] = $db->result(DB_PRE . 'ecp_user', 'email', 'ID = ' . $_SESSION['userID']); if (!check_email($_POST['email'])) { table(ERROR, WRONG_EMAIL); } else { table(ERROR, EMAIL_ALLREADY_EXIST); } } $geburtstag = explode('.', $_POST['birthday']); $sql = sprintf('UPDATE ' . DB_PRE . 'ecp_user SET username = \'%s\',email = \'%s\',country = \'%s\', sex = \'%s\',signatur = \'%s\',realname = \'%s\', geburtstag = \'%s\',homepage = \'%s\',icq = \'%s\', msn = \'%s\',yahoo = \'%s\',skype = \'%s\',xfire = \'%s\', clanname = \'%s\',clanirc = \'%s\',clanhomepage = \'%s\', clanhistory = \'%s\',cpu = \'%s\',mainboard = \'%s\', ram = \'%s\',gkarte = \'%s\',skarte = \'%s\', monitor = \'%s\',maus = \'%s\',tastatur = \'%s\', mauspad = \'%s\',internet = \'%s\',festplatte = \'%s\', headset = \'%s\',aboutme = \'%s\', wohnort = \'%s\', aim = \'%s\', koord = \'%s\' WHERE ID = ' . $_SESSION['userID'], strsave(htmlspecialchars(@$_POST['username'])), strsave(@$_POST['email']), strsave(@$_POST['country']), @$_POST['sex'] == 'male' ? 'male' : 'female', strsave(comment_save(@$_POST['signatur'])), strsave(htmlspecialchars(@$_POST['realname'])), (int) @$geburtstag[2] . '-' . (int) @$geburtstag[1] . '-' . (int) @$geburtstag[0], strsave(htmlspecialchars(check_url(@$_POST['homepage']))), strsave(htmlspecialchars(@$_POST['icq'])), strsave(htmlspecialchars(@$_POST['msn'])), strsave(htmlspecialchars(@$_POST['yahoo'])), strsave(htmlspecialchars(@$_POST['skype'])), strsave(htmlspecialchars(@$_POST['xfire'])), strsave(htmlspecialchars(@$_POST['clanname'])), strsave(htmlspecialchars(@$_POST['clanirc'])), strsave(htmlspecialchars(check_url(@$_POST['clanhomepage']))), strsave(htmlspecialchars(@$_POST['clanhistory'])), strsave(htmlspecialchars(@$_POST['cpu'])), strsave(htmlspecialchars(@$_POST['mainboard'])), strsave(htmlspecialchars(@$_POST['ram'])), strsave(htmlspecialchars(@$_POST['gkarte'])), strsave(htmlspecialchars(@$_POST['skarte'])), strsave(htmlspecialchars(@$_POST['monitor'])), strsave(htmlspecialchars(@$_POST['maus'])), strsave(htmlspecialchars(@$_POST['tastatur'])), strsave(htmlspecialchars(@$_POST['mauspad'])), strsave(htmlspecialchars(@$_POST['internet'])), strsave(htmlspecialchars(@$_POST['festplatte'])), strsave(htmlspecialchars(@$_POST['headset'])), strsave(comment_save(@$_POST['aboutme'])), strsave(htmlspecialchars(@$_POST['wohnort'])), strsave(htmlspecialchars(@$_POST['aim'])), strsave(htmlspecialchars(@$_POST['koord']))); $_SESSION['username'] = htmlspecialchars($_POST['username']); $_SESSION['email'] = $_POST['email']; if ($db->query($sql)) { if ($_POST['password1'] != '') { if ($_POST['password1'] != $_POST['password2']) { table(ERROR, DIFFERENT_PW); } elseif (strlen($_POST['password1']) < PW_MIN_LENGTH) { table(ERROR, SHORT_PW . PW_MIN_LENGTH . SHORT_PW_1); } elseif ($db->result(DB_PRE . 'ecp_user', 'passwort', 'ID = ' . $_SESSION['userID']) != sha1($_POST['password'])) { table(ERROR, WRONG_OLD_PW); } else { $db->query('UPDATE ' . DB_PRE . 'ecp_user SET passwort = \'' . strsave(sha1($_POST['password1'])) . '\' WHERE ID = ' . $_SESSION['userID']); table(INFO, PW_SUCCESS_CHANGE); } } table(INFO, ACCOUNT_EDIT_SUCCESS); unset($_POST['submit']); account_edit(); } } else { $tpl = new smarty(); $row = $db->fetch_assoc('SELECT `username`, `email`, `country`, `sex`, `signatur`, `realname`, `wohnort`, `geburtstag`, `homepage`, `icq`, `msn`, `yahoo`, `skype`, `xfire`, `clanname`, `clanirc`, `clanhomepage`, `clanhistory`, `cpu`, `mainboard`, `ram`, `gkarte`, `skarte`, `monitor`, `maus`, `tastatur`, `mauspad`, `internet`, `festplatte`, `headset`, `aboutme`, `ondelete`, aim, koord FROM ' . DB_PRE . 'ecp_user WHERE ID = ' . $_SESSION['userID']); if ($row['ondelete']) { table(INFO, str_replace('{zeit}', date('d.m.Y H:i', $row['ondelete']), ACCOUNT_DELETE_ON)); } //$row['birthday'] = date('d.m.Y', strtotime($row['geburtstag'])); $geb = explode('-', $row['geburtstag']); $row['birthday'] = "{$geb['2']}.{$geb['1']}.{$geb['0']}"; foreach ($row as $key => $value) { $tpl->assign($key, $value); } ob_start(); $tpl->assign('countries', form_country($row['country'])); $tpl->display(DESIGN . '/tpl/account/account_edit.html'); $content = ob_get_contents(); ob_end_clean(); main_content(ACCOUNT_EDIT, $content, '', 1); } }
main_content(FIGHTUS, $content, '', 1); } elseif (strtolower(@$_SESSION['captcha']) != strtolower($_POST['captcha'])) { table(ERROR, CAPTCHA_WRONG); $tpl = new smarty(); $tpl->assign('games', get_games_form((int) $_POST['gameID'], 0)); $tpl->assign('teams', get_teams_form((int) $_POST['teamID'], 0)); $tpl->assign('liggen', get_matchtype_form((int) $_POST['matchtypeID'], 0)); ob_start(); $tpl->display(DESIGN . '/tpl/fightus/fightus.html'); $content = ob_get_contents(); ob_end_clean(); main_content(FIGHTUS, $content, '', 1); } else { global $db; $sql = sprintf('INSERT INTO ' . DB_PRE . 'ecp_fightus (`gID`, `mID`, `teamID`, `clanname`, `homepage`, `email`, `icq`, `skype`, `msn`, `wardatum`, `serverip`, `info`, `IP`, datum) VALUES (%d, %d, %d, \'%s\',\'%s\',\'%s\',\'%s\',\'%s\',\'%s\',%d,\'%s\',\'%s\',\'%s\', %d)', (int) $_POST['gameID'], (int) $_POST['matchtypeID'], (int) $_POST['teamID'], strsave(htmlspecialchars($_POST['clanname'])), strsave(check_url(htmlspecialchars($_POST['homepage']))), strsave($_POST['email']), strsave(htmlspecialchars($_POST['icq'])), strsave(htmlspecialchars($_POST['skype'])), strsave(htmlspecialchars($_POST['msn'])), strtotime($_POST['datum']), strsave(htmlspecialchars($_POST['serverip'])), strsave(comment_save($_POST['info'])), $_SERVER['REMOTE_ADDR'], time()); if ($db->query($sql)) { $id = $db->last_id(); $result = $db->query('SELECT groupID FROM ' . DB_PRE . 'ecp_groups WHERE admin LIKE "%fightus:view%"'); $search = 'gID = 1 '; while ($row = $db->fetch_assoc()) { $search .= ' OR gID = ' . $row['groupID']; } $result = $db->query('SELECT DISTINCT(userID) as userID, username, country FROM ' . DB_PRE . 'ecp_user_groups LEFT JOIN ' . DB_PRE . 'ecp_user ON ID = userID WHERE ' . $search); $db->query('SELECT * FROM ' . DB_PRE . 'ecp_texte WHERE name = "NEW_FIGHTUS"'); $text = array(); while ($row = $db->fetch_assoc()) { $text[$row['lang']] = $row; } while ($row = mysql_fetch_assoc($result)) { $search = array('{username}', '{from_clan}', '{id}');