include $pl; } /* ===== */ $ruser['user_name'] = cot_import('rusername', 'P', 'TXT', 100, TRUE); $ruser['user_email'] = cot_import('ruseremail', 'P', 'TXT', 64, TRUE); $rpassword1 = cot_import('rpassword1', 'P', 'HTM', 32); $rpassword2 = cot_import('rpassword2', 'P', 'HTM', 32); $ruser['user_country'] = cot_import('rcountry', 'P', 'TXT'); $ruser['user_timezone'] = cot_import('rusertimezone', 'P', 'TXT'); $ruser['user_timezone'] = !$ruser['user_timezone'] ? $cfg['defaulttimezone'] : $ruser['user_timezone']; $ruser['user_gender'] = cot_import('rusergender', 'P', 'TXT'); $ruser['user_email'] = mb_strtolower($ruser['user_email']); // Extra fields if (!empty(cot::$extrafields[cot::$db->users])) { foreach (cot::$extrafields[cot::$db->users] as $exfld) { $ruser['user_' . $exfld['field_name']] = cot_import_extrafields('ruser' . $exfld['field_name'], $exfld, 'P', '', 'user_'); } } $ruser['user_birthdate'] = cot_import_date('ruserbirthdate', false); if (!is_null($ruser['user_birthdate']) && $ruser['user_birthdate'] > cot::$sys['now']) { cot_error('pro_invalidbirthdate', 'ruserbirthdate'); } $user_exists = (bool) cot::$db->query("SELECT user_id FROM " . cot::$db->users . " WHERE user_name = ? LIMIT 1", array($ruser['user_name']))->fetch(); $email_exists = (bool) cot::$db->query("SELECT user_id FROM " . cot::$db->users . " WHERE user_email = ? LIMIT 1", array($ruser['user_email']))->fetch(); if (preg_match('/&#\\d+;/', $ruser['user_name']) || preg_match('/[<>#\'"\\/]/', $ruser['user_name'])) { cot_error('aut_invalidloginchars', 'rusername'); } if (mb_strlen($ruser['user_name']) < 2) { cot_error('aut_usernametooshort', 'rusername'); } if (mb_strlen($rpassword1) < 4) {
} else { cot_error('adm_structure_somenotupdated'); } cot_redirect(cot_url('admin', 'm=structure&n=' . $n . '&mode=' . $mode . '&d=' . $durl, '', true)); } elseif ($a == 'add' && !empty($_POST)) { $rstructure['structure_code'] = preg_replace('#[^\\w\\p{L}\\-]#u', '', cot_import('rstructurecode', 'P', 'TXT')); $rstructure['structure_path'] = cot_import('rstructurepath', 'P', 'TXT'); $rstructure['structure_title'] = cot_import('rstructuretitle', 'P', 'TXT'); $rstructure['structure_desc'] = cot_import('rstructuredesc', 'P', 'TXT'); $rstructure['structure_icon'] = cot_import('rstructureicon', 'P', 'TXT'); $rstructure['structure_locked'] = cot_import('rstructurelocked', 'P', 'BOL') ? 1 : 0; $rstructure['structure_area'] = $n; $rtplmode = cot_import('rtplmode', 'P', 'INT'); $rtplquick = cot_import('rtplquick', 'P', 'TXT'); foreach ($cot_extrafields[$db_structure] as $exfld) { $rstructure['structure_' . $exfld['field_name']] = cot_import_extrafields('rstructure' . $exfld['field_name'], $exfld); } $rstructure['structure_code'] != 'all' || cot_error('adm_structure_code_reserved', 'rstructurecode'); $rstructure['structure_code'] || cot_error('adm_structure_code_required', 'rstructurecode'); $rstructure['structure_path'] || cot_error('adm_structure_path_required', 'rstructurepath'); $rstructure['structure_title'] || cot_error('adm_structure_title_required', 'rstructuretitle'); if (!empty($rtplquick)) { $rstructure['structure_tpl'] = $rtplquick; } elseif ($rtplmode == 3) { $rstructure['structure_tpl'] = cot_import('rtplforced', 'P', 'TXT'); } elseif ($rtplmode == 2) { $rstructure['structure_tpl'] = 'same_as_parent'; } else { $rstructure['structure_tpl'] = ''; } /* === Hook === */
/** * Imports product data from request parameters. * @param string $source Source request method for parameters * @param array $ritem Existing product data from database * @param array $auth Permissions array * @return array Product data */ function cot_market_import($source = 'POST', $ritem = array(), $auth = array()) { global $cfg, $db_market, $cot_extrafields, $usr, $sys; if (count($auth) == 0) { $auth = cot_page_auth($ritem['item_cat']); } if ($source == 'D' || $source == 'DIRECT') { // A trick so we don't have to affect every line below global $_PATCH; $_PATCH = $ritem; $source = 'PATCH'; } $ritem['item_cat'] = cot_import('rcat', $source, 'TXT'); $ritem['item_title'] = cot_import('rtitle', $source, 'TXT'); $ritem['item_alias'] = cot_import('ralias', $source, 'TXT'); $ritem['item_text'] = cot_import('rtext', $source, 'HTM'); $ritem['item_cost'] = cot_import('rcost', $source, 'NUM'); $ritem['item_parser'] = cot_import('rparser', $source, 'ALP'); if (empty($ritem['item_date'])) { $ritem['item_date'] = (int) $sys['now']; } else { $ritem['item_update'] = (int) $sys['now']; } if ($auth['isadmin'] && isset($ritem['item_userid'])) { $ritem['item_count'] = cot_import('rcount', $source, 'INT'); $ritem['item_userid'] = $ritem['item_userid']; } else { $ritem['item_userid'] = $usr['id']; } // Extra fields foreach ($cot_extrafields[$db_market] as $exfld) { $ritem['item_' . $exfld['field_name']] = cot_import_extrafields('ritem' . $exfld['field_name'], $exfld, $source, $ritem['item_' . $exfld['field_name']]); } return $ritem; }
include $pl; } /* ===== */ $roffer['offer_cost_min'] = (int) cot_import('costmin', 'P', 'NUM'); $roffer['offer_cost_max'] = (int) cot_import('costmax', 'P', 'NUM'); $roffer['offer_time_min'] = (int) cot_import('timemin', 'P', 'INT'); $roffer['offer_time_max'] = (int) cot_import('timemax', 'P', 'INT'); $roffer['offer_time_type'] = (int) cot_import('timetype', 'P', 'INT'); $roffer['offer_hidden'] = (int) cot_import('hidden', 'P', 'BOL'); $roffer['offer_text'] = cot_import('offertext', 'P', 'HTM'); $roffer['offer_pid'] = (int) $id; $roffer['offer_userid'] = (int) $usr['id']; $roffer['offer_date'] = (int) $sys['now']; // Extra fields foreach ($cot_extrafields[$db_projects_offers] as $exfld) { $roffer['offer_' . $exfld['field_name']] = cot_import_extrafields('roffer' . $exfld['field_name'], $exfld, 'P', $roffer['offer_' . $exfld['field_name']]); } /* === Hook === */ foreach (cot_getextplugins('projects.offers.add.import') as $pl) { include $pl; } /* ===== */ cot_check(empty($roffer['offer_text']), $L['offers_empty_text']); /* === Hook === */ foreach (cot_getextplugins('projects.offers.add.error') as $pl) { include $pl; } /* ===== */ if (!cot_error_found()) { $db->insert($db_projects_offers, $roffer); $offerid = $db->lastInsertId();
/** * Imports page data from request parameters. * @param string $source Source request method for parameters * @param array $rpage Existing page data from database * @param array $auth Permissions array * @return array Page data */ function cot_page_import($source = 'POST', $rpage = array(), $auth = array()) { global $cfg, $db_pages, $cot_extrafields, $usr, $sys; if (count($auth) == 0) { $auth = cot_page_auth($rpage['page_cat']); } if ($source == 'D' || $source == 'DIRECT') { // A trick so we don't have to affect every line below global $_PATCH; $_PATCH = $rpage; $source = 'PATCH'; } $rpage['page_cat'] = cot_import('rpagecat', $source, 'TXT'); $rpage['page_keywords'] = cot_import('rpagekeywords', $source, 'TXT'); $rpage['page_alias'] = cot_import('rpagealias', $source, 'TXT'); $rpage['page_title'] = cot_import('rpagetitle', $source, 'TXT'); $rpage['page_desc'] = cot_import('rpagedesc', $source, 'TXT'); $rpage['page_text'] = cot_import('rpagetext', $source, 'HTM'); $rpage['page_parser'] = cot_import('rpageparser', $source, 'ALP'); $rpage['page_author'] = cot_import('rpageauthor', $source, 'TXT'); $rpage['page_file'] = intval(cot_import('rpagefile', $source, 'INT')); $rpage['page_url'] = cot_import('rpageurl', $source, 'TXT'); $rpage['page_size'] = (int) cot_import('rpagesize', $source, 'INT'); $rpage['page_file'] = $rpage['page_file'] == 0 && !empty($rpage['page_url']) ? 1 : $rpage['page_file']; $rpagedatenow = cot_import('rpagedatenow', $source, 'BOL'); $rpage['page_date'] = cot_import_date('rpagedate', true, false, $source); $rpage['page_date'] = $rpagedatenow || is_null($rpage['page_date']) ? $sys['now'] : (int) $rpage['page_date']; $rpage['page_begin'] = (int) cot_import_date('rpagebegin'); $rpage['page_expire'] = (int) cot_import_date('rpageexpire'); $rpage['page_expire'] = $rpage['page_expire'] <= $rpage['page_begin'] ? 0 : $rpage['page_expire']; $rpage['page_updated'] = $sys['now']; $rpage['page_keywords'] = cot_import('rpagekeywords', $source, 'TXT'); $rpage['page_metatitle'] = cot_import('rpagemetatitle', $source, 'TXT'); $rpage['page_metadesc'] = cot_import('rpagemetadesc', $source, 'TXT'); $rpublish = cot_import('rpublish', $source, 'ALP'); // For backwards compatibility $rpage['page_state'] = $rpublish == 'OK' ? 0 : cot_import('rpagestate', $source, 'INT'); if ($auth['isadmin'] && isset($rpage['page_ownerid'])) { $rpage['page_count'] = cot_import('rpagecount', $source, 'INT'); $rpage['page_ownerid'] = cot_import('rpageownerid', $source, 'INT'); $rpage['page_filecount'] = cot_import('rpagefilecount', $source, 'INT'); } else { $rpage['page_ownerid'] = $usr['id']; } $parser_list = cot_get_parsers(); if (empty($rpage['page_parser']) || !in_array($rpage['page_parser'], $parser_list) || $rpage['page_parser'] != 'none' && !cot_auth('plug', $rpage['page_parser'], 'W')) { $rpage['page_parser'] = isset($sys['parser']) ? $sys['parser'] : $cfg['page']['parser']; } // Extra fields foreach ($cot_extrafields[$db_pages] as $exfld) { $rpage['page_' . $exfld['field_name']] = cot_import_extrafields('rpage' . $exfld['field_name'], $exfld, $source, $rpage['page_' . $exfld['field_name']]); } return $rpage; }
$rtopic['ft_desc'] = cot_import('rtopicdesc', 'P', 'TXT', 255); $rmsg = array(); $rmsg['fp_text'] = cot_import('rmsgtext', 'P', 'HTM'); $rmsg['fp_updater'] = $rowpost['fp_posterid'] == $usr['id'] && $sys['now'] < $rowpost['fp_updated'] + 300 && empty($rowpost['fp_updater']) ? '' : $usr['name']; $rmsg['fp_updated'] = $sys['now']; if (isset($_POST['rtopictitle']) && mb_strlen($rtopic['ft_title']) < $cfg['forums']['mintitlelength']) { cot_error('forums_titletooshort', 'rtopictitle'); } if (mb_strlen($rmsg['fp_text']) < $cfg['forums']['minpostlength']) { cot_error('forums_messagetooshort', 'rmsgtext'); } foreach ($cot_extrafields[$db_forum_topics] as $exfld) { $rtopic['ft_' . $exfld['field_name']] = cot_import_extrafields('rtopic' . $exfld['field_name'], $exfld); } foreach ($cot_extrafields[$db_forum_posts] as $exfld) { $rmsg['fp_' . $exfld['field_name']] = cot_import_extrafields('rmsg' . $exfld['field_name'], $exfld); } if (!cot_error_found()) { $db->update($db_forum_posts, $rmsg, "fp_id={$p}"); if (!empty($rtopic['ft_title']) && $db->query("SELECT fp_id FROM {$db_forum_posts} WHERE fp_topicid = {$q} ORDER BY fp_id ASC LIMIT 1")->fetchColumn() == $p) { if (mb_substr($rtopic['ft_title'], 0, 1) == "#") { $rtopic['ft_title'] = str_replace('#', '', $rtopic['ft_title']); } $rtopic['ft_preview'] = mb_substr(htmlspecialchars($rmsg['fp_text']), 0, 128); $db->update($db_forum_topics, $rtopic, "ft_id = {$q}"); } cot_extrafield_movefiles(); } /* === Hook === */ foreach (cot_getextplugins('forums.editpost.update.done') as $pl) { include $pl;
function update() { global $db, $db_mavatars, $sys, $cot_extrafields; if ($this->code != 'new') { $mavatars['mav_enabled'] = cot_import('mavatar_enabled', 'P', 'ARR'); $mavatars['mav_order'] = cot_import('mavatar_order', 'P', 'ARR'); $mavatars['mav_desc'] = cot_import('mavatar_desc', 'P', 'ARR'); $mavatars['mav_new'] = cot_import('mavatar_new', 'P', 'ARR'); $mavatars['mav_enabled'] = count($mavatars['mav_enabled']) > 0 ? $mavatars['mav_enabled'] : array(); foreach ($cot_extrafields[$db_mavatars] as $exfld) { if ($exfld['field_type'] != 'file' || $exfld['field_type'] != 'filesize') { $mavatars[$exfld['field_name']] = cot_import('mavatar_' . $exfld['field_name'], 'P', 'ARR'); } elseif ($exfld['field_type'] == 'file') { // TODO FIXME! //$rstructureextrafieldsarr[$exfld['field_name']] = cot_import_filesarray('rstructure'.$exfld['field_name']); } } foreach ($mavatars['mav_enabled'] as $id => $enabled) { $mavatar_info = $this->get_mavatar_byid($id); $mavatar = array(); $enabled = cot_import($enabled, 'D', 'BOL') ? true : false; $mavatar['mav_order'] = cot_import($mavatars['mav_order'][$id], 'D', 'INT'); $mavatar['mav_desc'] = cot_import($mavatars['mav_desc'][$id], 'D', 'TXT'); foreach ($cot_extrafields[$db_mavatars] as $exfld) { $mavarray['mav_' . $exfld['field_name']] = cot_import_extrafields($mavatars['mav_' . $exfld['field_name']][$id], $exfld, 'D', $mavatar_info['mav_' . $exfld['field_name']]); } $new = cot_import($mavatars['mav_new'][$id], 'D', 'BOL'); if ($enabled) { $mavatar['mav_extension'] = $this->extension; $mavatar['mav_category'] = $this->category; $mavatar['mav_code'] = $this->code; $mavatar['mav_filename'] = $this->rename_file($mavatar_info, $mavatar['mav_desc']); $mavatar['mav_date'] = $sys['now']; $db->update($db_mavatars, $mavatar, 'mav_id=' . (int) $id); } else { $mavatar = $this->get_mavatar_byid($id); $this->delete_mavatar($mavatar); } } $this->get_mavatars(); } }
$rmsg['fp_updater'] = $rowpost['fp_posterid'] == cot::$usr['id'] && cot::$sys['now'] < $rowpost['fp_updated'] + 300 && empty($rowpost['fp_updater']) ? '' : cot::$usr['name']; $rmsg['fp_updated'] = cot::$sys['now']; if (isset($_POST['rtopictitle']) && mb_strlen($rtopic['ft_title']) < cot::$cfg['forums']['mintitlelength']) { cot_error('forums_titletooshort', 'rtopictitle'); } if (mb_strlen($rmsg['fp_text']) < cot::$cfg['forums']['minpostlength']) { cot_error('forums_messagetooshort', 'rmsgtext'); } if (!empty(cot::$extrafields[cot::$db->forum_topics])) { foreach (cot::$extrafields[cot::$db->forum_topics] as $exfld) { $rtopic['ft_' . $exfld['field_name']] = cot_import_extrafields('rtopic' . $exfld['field_name'], $exfld, 'P', '', 'forums_topic_'); } } if (!empty(cot::$extrafields[cot::$db->forum_posts])) { foreach (cot::$extrafields[cot::$db->forum_posts] as $exfld) { $rmsg['fp_' . $exfld['field_name']] = cot_import_extrafields('rmsg' . $exfld['field_name'], $exfld, 'P', '', 'forums_post_'); } } if (!cot_error_found()) { cot::$db->update(cot::$db->forum_posts, $rmsg, "fp_id={$p}"); if (!empty($rtopic['ft_title']) && cot::$db->query("SELECT fp_id FROM " . cot::$db->forum_posts . " WHERE fp_topicid = {$q} ORDER BY fp_id ASC LIMIT 1")->fetchColumn() == $p) { if (mb_substr($rtopic['ft_title'], 0, 1) == "#") { $rtopic['ft_title'] = str_replace('#', '', $rtopic['ft_title']); } $rtopic['ft_preview'] = mb_substr(htmlspecialchars($rmsg['fp_text']), 0, 128); cot::$db->update(cot::$db->forum_topics, $rtopic, "ft_id = {$q}"); } cot_extrafield_movefiles(); } /* === Hook === */ foreach (cot_getextplugins('forums.editpost.update.done') as $pl) {
} /* == Hook == */ foreach (cot_getextplugins('comments.edit.tags') as $pl) { include $pl; } /* ===== */ $t->parse('MAIN.COMMENTS_FORM_EDIT'); } if ($a == 'send' && $usr['auth_write']) { cot_shield_protect(); $rtext = cot_import('rtext', 'P', 'HTM'); $rname = cot_import('rname', 'P', 'TXT'); $comarray = array(); // Extra fields foreach ($cot_extrafields[$db_com] as $exfld) { $comarray['com_' . $exfld['field_name']] = cot_import_extrafields('rcomments' . $exfld['field_name'], $exfld); } /* == Hook == */ foreach (cot_getextplugins('comments.send.first') as $pl) { include $pl; } /* ===== */ if (empty($rname) && $usr['id'] == 0) { cot_error($L['com_authortooshort'], 'rname'); } if (mb_strlen($rtext) < $cfg['plugin']['comments']['minsize']) { cot_error($L['com_commenttooshort'], 'rtext'); } if ($cfg['plugin']['comments']['commentsize'] && mb_strlen($rtext) > $cfg['plugin']['comments']['commentsize']) { cot_error($L['com_commenttoolong'], 'rtext'); }
} } $tplfile = cot_import('tpl', 'G', 'TXT'); $mskin = cot_tplfile(array('contact', $tplfile), 'plug'); $t = new XTemplate($mskin); $rtext = cot_import('rtext', 'P', 'TXT'); if (!empty($rtext)) { //Import the variables $rcontact['contact_text'] = $rtext; $rcontact['contact_author'] = cot_import('ruser', 'P', 'TXT'); $rcontact['contact_email'] = cot_import('remail', 'P', 'TXT'); $rcontact['contact_subject'] = cot_import('rsubject', 'P', 'TXT'); // Extra fields if (!empty(cot::$extrafields[cot::$db->contact])) { foreach (cot::$extrafields[cot::$db->contact] as $exfld) { $rcontact['contact_' . $exfld['field_name']] = cot_import_extrafields('rcontact' . $exfld['field_name'], $exfld, 'P', '', 'contact_'); } } if (cot::$usr['id'] == 0 && !empty($cot_captcha)) { $rverify = cot_import('rverify', 'P', 'TXT'); if (!cot_captcha_validate($rverify)) { cot_error('captcha_verification_failed', 'rverify'); } } if ($rcontact['contact_author'] == '') { cot_error('contact_noname', 'ruser'); } if (!cot_check_email($rcontact['contact_email'])) { cot_error('contact_emailnotvalid', 'remail'); } if (mb_strlen($rcontact['contact_text']) < cot::$cfg['plugin']['contact']['minchars']) {
} else { $db->update($db_config, array('config_value' => $data), "config_name = ? AND config_owner = ?\n\t\t\t\t\tAND config_cat = ? AND config_subcat = ?)", array($key, $o, $p, $editconfig)); } } } } $oldrow = $db->query("SELECT * FROM {$db_structure} WHERE structure_id=" . (int) $id)->fetch(); $rstructure['structure_code'] = preg_replace('#[^\\w\\p{L}\\-]#u', '', cot_import('rstructurecode', 'P', 'TXT')); // $rstructure['structure_path'] = cot_import('rstructurepath', 'P', 'TXT'); $rstructure['structure_title'] = cot_import('rstructuretitle', 'P', 'TXT'); $rstructure['structure_desc'] = cot_import('rstructuredesc', 'P', 'TXT'); $rstructure['structure_icon'] = cot_import('rstructureicon', 'P', 'TXT'); $rstructure['structure_tpl'] = cot_import('rstructuretpl', 'P', 'TXT'); $rstructure['structure_locked'] = cot_import('rstructurelocked', 'P', 'BOL') ? 1 : 0; foreach ($cot_extrafields[$db_structure] as $exfld) { $rstructure['structure_' . $exfld['field_name']] = cot_import_extrafields('rstructure' . $exfld['field_name'], $exfld, 'P', $oldrow['structure_' . $exfld['field_name']]); } $rstructure['structure_code'] != 'all' || cot_error('adm_structure_code_reserved', 'rstructurecode'); $rstructure['structure_title'] || cot_error('adm_structure_title_required', 'rstructuretitle'); if (!cot_error_found()) { if (empty($rstructure['structure_code'])) { $rstructure['structure_code'] = $cot_structure->autoalias($rstructure['structure_title']); } $res = cot_structure_update($n, $id, $oldrow, $rstructure, $is_module); if (is_array($res)) { cot_error($res[0], $res[1]); } } cot_extrafield_movefiles(); cot_auth_clear('all'); if ($cache) {