function install()
{
global $installer;
if (!$installer->table_exists('bbattachments_config') || !$installer->table_exists('bbconfig') || !$installer->table_exists('bbthemes') || !$installer->table_exists('bbwords')) {
cpg_error($this->modname . ' still depends on the Forums module. Install forums first', 'Install ERROR');
}
$installer->add_query('CREATE', 'bbprivmsgs', '
privmsgs_id mediumint(8) NOT NULL auto_increment,
privmsgs_type tinyint(4) NOT NULL default "0",
privmsgs_subject varchar(255) NOT NULL default "0",
privmsgs_from_userid mediumint(8) NOT NULL default "0",
privmsgs_to_userid mediumint(8) NOT NULL default "0",
privmsgs_date int(11) NOT NULL default "0",
privmsgs_ip varchar(16) binary NOT NULL default "",
privmsgs_enable_bbcode tinyint(1) NOT NULL default "1",
privmsgs_enable_html tinyint(1) NOT NULL default "0",
privmsgs_enable_smilies tinyint(1) NOT NULL default "1",
privmsgs_attach_sig tinyint(1) NOT NULL default "1",
privmsgs_attachment TINYINT(1) DEFAULT "0" NOT NULL,
PRIMARY KEY (privmsgs_id),
KEY privmsgs_from_userid (privmsgs_from_userid),
KEY privmsgs_to_userid (privmsgs_to_userid)', 'bbprivmsgs');
$installer->add_query('CREATE', 'bbprivmsgs_text', '
privmsgs_text_id mediumint(8) NOT NULL default "0",
privmsgs_text text,
PRIMARY KEY (privmsgs_text_id)', 'bbprivmsgs_text');
return true;
}
function DownloadsAddCat()
{
global $downloadsprefix, $db, $op;
$title = Fix_Quotes($_POST['title']);
$parentid = intval($_POST['parentid']);
$result = $db->sql_query("select cid from " . $downloadsprefix . "_categories where title='{$title}' AND parentid='{$parentid}'");
if ($db->sql_numrows($result) > 0) {
require_once 'header.php';
GraphicAdmin('_AMENU6');
cpg_error(_ERRORTHESUBCATEGORY . " {$title} " . _ALREADYEXIST);
} else {
$db->sql_query("insert into " . $downloadsprefix . "_categories values (NULL, '{$title}', '" . Fix_Quotes($_POST['cdescription']) . "', '" . Fix_Quotes($_POST['ldescription']) . "', '{$parentid}')");
url_redirect(adminlink($op));
}
}
function __construct($name = 'CMSSESSID', $time = 180)
{
global $CPG_SESS, $MAIN_CFG;
$this->sess_name = $name;
$this->sess_time = $time;
$this->start = time();
$expired = time() - $time * 60;
$new_session = true;
if (ini_get('session.auto_start')) {
session_destroy();
session_write_close();
}
session_name($name);
// http://www.php.net/session_set_cookie_params
session_set_cookie_params(0, $MAIN_CFG['cookie']['path'], $MAIN_CFG['cookie']['domain']);
// [, bool secure]
/*
session_cache_limiter('private_no_expire');
// Setting new_cache_expire is of value only,
// if session.cache_limiter is set to a value different from nocache
session_cache_expire($time);
*/
if (CAN_MOD_INI) {
$this->old_handler = ini_set('session.save_handler', 'files');
// ini_set('session.gc_maxlifetime', $expired); # bug not deleting ?
ini_set('session.use_trans_sid', 0);
ini_set('session.use_only_cookies', '1');
ini_set('url_rewriter.tags', 'nourlrewrite');
}
$this->started = session_start();
if (empty($_SESSION['CPG_SESS']) && isset($_COOKIE[$name]) && $_COOKIE[$name] == session_id()) {
$sid = $_COOKIE[$name];
$this->destroy();
$this->started = session_start();
if ($sid == session_id()) {
$this->destroy();
cpg_error('Your cookie has expired, the page will be refreshed to set a new cookie.', 'Cookie expired', URL::uri());
}
}
$this->sess_id = session_id();
$CPG_SESS = empty($_SESSION['CPG_SESS']) ? array() : $_SESSION['CPG_SESS'];
$this->new = empty($_SESSION);
return $this->sess_id;
}
function del_folder($folder)
{
if (file_exists('language/' . $folder)) {
$dir = dir('language/' . $folder);
while ($file = $dir->read()) {
if ($file != '.' && $file != '..') {
if (is_dir('language/' . $folder . '/' . $file)) {
del_folder($folder . '/' . $file);
} else {
if (!unlink('language/' . $folder . '/' . $file)) {
cpg_error('Cannot remove file ' . $file);
}
}
}
}
$dir->close();
if (!rmdir('language/' . $folder)) {
cpg_error('Cannot remove folder language/' . $folder);
}
}
}
function df_compile_cache()
{
global $AdminCache;
$source = $AdminCache->file;
# path level too high eg "/"
if (empty($source) || preg_match('#(classes)/$#', $source)) {
return;
}
# will backup any file before compile them
if (!backup_create($source, 'bcompiler_backup/' . $source) && !defined('DF_BACKUP_SKIP_ERRORS')) {
cpg_error('File backup could not be completed, see footer warning for more infos');
} else {
if (preg_match('#/$#', $source)) {
df_bcompile_dir(BASEDIR . $source, BASEDIR . 'bcompiler_backup/' . $source);
} else {
if (preg_match('#\\.(php[\\d]?|inc)$#', $source)) {
df_bcompile_file(BASEDIR . $source, BASEDIR . 'bcompiler_backup/' . $source);
}
}
}
}
function check_fields(&$fieldlist, &$valuelist, &$fields, $post = true)
{
global $db, $user_prefix;
$input = $post ? $_POST : $fields;
$content = '';
$result = $db->sql_uquery("SELECT * FROM " . $user_prefix . "_users_fields WHERE visible > 0");
while ($row = $db->sql_fetchrow($result)) {
$var = $row['field'] == 'name' ? 'realname' : $row['field'];
$info = $row['langdef'];
if ($info[0] == '_' && defined($info)) {
$info = constant($info);
}
if (empty($input[$var]) && $row['visible'] == 2) {
cpg_error('Required field "' . $info . '" can\'t be empty');
} else {
$val = Fix_Quotes($input[$var], 1);
//if (strlen($val) > 0) {
if ($row['type'] == 1 || $row['type'] == 4) {
$val = intval($val);
} elseif ($row['type'] != 3) {
$val = substr($val, 0, $row['size']);
}
$fieldlist .= ", " . $row['field'];
$valuelist .= ", '{$val}'";
$fields[$var] = htmlprepare($val);
if ($row['type'] == 1) {
$val = $val ? _YES : _NO;
}
$content .= "<tr><td><b>{$info}:</b></td><td>{$val}</td></tr>\n";
if ($row['field'] == 'user_timezone') {
$fields['user_dst'] = intval($input['user_dst']);
$fieldlist .= ', user_dst';
$valuelist .= ', ' . $fields['user_dst'];
}
//}
}
}
return $content;
}
function sql_db($server, $user, $password, $database, $persistent = false)
{
if (!function_exists('mysql_connect')) {
cpg_error('MySQL extension not loaded in PHP.<br />Recompile PHP, edit php.ini or choose a different SQL layer.');
}
$stime = get_microtime();
$this->persistent = $persistent;
$this->connect_id = $persistent ? mysql_pconnect($server, $user, $password) : mysql_connect($server, $user, $password);
if ($this->connect_id) {
if (!empty($database) && !mysql_select_db($database) && !defined('INSTALL')) {
mysql_close($this->connect_id);
$this->connect_id = false;
define('NO_DB', 'It seems that the database doesn\'t exist');
}
$this->time += get_microtime() - $stime;
# http://dev.mysql.com/doc/refman/5.0/en/charset-connection.html
if (DB_CHARSET) {
mysql_query('SET NAMES \'' . DB_CHARSET . "'", $this->connect_id);
mysql_query('SET CHARACTER SET \'' . DB_CHARSET . "'", $this->connect_id);
}
} else {
define('NO_DB', 'The connection to the database server failed');
}
}
function sql_db($server, $user, $password, $database, $persistent = false)
{
if (!function_exists('pg_connect')) {
cpg_error('PostgreSQL extension not loaded in PHP.<br />Recompile PHP, edit php.ini or choose a different SQL layer.');
}
$stime = get_microtime();
$this->persistent = $persistent;
$connect_string = '';
if ($server) {
if (strpos($server, ':')) {
$server = explode(':', $server, 2);
$connect_string .= "host={$server['0']} port={$server['1']} ";
} else {
if ($server != 'localhost') {
$connect_string .= "host={$server} ";
}
}
}
if (!empty($database)) {
$connect_string .= "dbname=" . pg_escape_string($database) . " ";
}
if ($user) {
$connect_string .= "user="******" ";
}
if ($password) {
$connect_string .= "password="******"SET client_encoding = 'UTF8'");
$this->time += get_microtime() - $stime;
} else {
define('NO_DB', 'Connection to the database server failed.');
}
}
public function __construct()
{
self::parseCompilers();
if (Security::check_post()) {
foreach ($_POST as $key => $val) {
if (!preg_match('#^[a-z_/]+$#i', $key) || !preg_match('#^[a-z0-9\\-_\\s]+$#i', $val)) {
break;
}
$this->post[] = $key;
$this->post[] = $val;
}
if (!isset($this->installed[$this->post[0]])) {
cpg_error('No such compiler');
}
$this->compiler = $this->post[0];
$this->call = strtolower($this->post[1]);
if ($this->post[0] === 'tpl' && $this->post[1] === 'show') {
$this->current_file = $this->post[2];
}
}
/*else {*/
self::index();
/*}*/
}
case 'posts':
$order_by = 'user_posts';
break;
case 'website':
$order_by = 'user_website';
break;
default:
$order_by = 'user_id';
break;
}
$order_by .= " {$sort_order}";
$template_name = file_exists("themes/{$CPG_SESS['theme']}/template/forums/images.cfg") ? $CPG_SESS['theme'] : 'default';
$current_template_path = 'themes/' . $template_name . '/images/forums';
include 'themes/' . $template_name . '/template/forums/images.cfg';
if (!defined('TEMPLATE_CONFIG')) {
cpg_error("Could not open {$template_name} template config file");
}
$img_lang = file_exists(realpath($current_template_path . '/lang_' . $MAIN_CFG['global']['language'])) ? $MAIN_CFG['global']['language'] : 'english';
while (list($key, $value) = each($images)) {
if (!is_array($value)) {
$images[$key] = str_replace('{LANG}', 'lang_' . $img_lang, $value);
}
}
$ranksrow = $db->sql_ufetchrowset("SELECT * FROM " . $prefix . "_bbranks\n\tORDER BY rank_special, rank_min", SQL_ASSOC);
$sql = "SELECT username, user_id, user_posts, user_rank, user_regdate, user_from, user_website, user_icq, user_aim, user_yim, user_msnm, user_avatar, user_avatar_type, user_allowavatar\n\tFROM " . $user_prefix . "_users\n\tWHERE username!='Anonymous'\n\tAND user_level > 0\n\tORDER BY {$order_by}\n\tLIMIT {$members_per_page} OFFSET {$start}";
$result = $db->sql_query($sql);
if ($row = $db->sql_fetchrow($result)) {
$i = 0;
do {
$username = $row['username'];
$user_id = $row['user_id'];
show($mode, $tablelist, $query);
break;
case 'RestoreDB':
require_once 'header.php';
GraphicAdmin('_AMENU0');
require_once CORE_PATH . 'classes/sqlctrl.php';
if (!SQLCtrl::query_file($_FILES['sqlfile'], $error)) {
cpg_error($error);
}
OpenTable();
echo '<span class="genmed"><strong>' . _DATABASE . ': ' . $dbname . '</strong></span><br /><br />Importation of <em>' . $_FILES['sqlfile']['name'] . '</em> was successful';
CloseTable();
break;
case 'Installer':
if (!is_dir('cache') || !is_writable('cache')) {
cpg_error('Cache directory doesn\'t exists or not writable');
}
require_once 'header.php';
GraphicAdmin('_AMENU0');
foreach ($tablelist as $table) {
$list = $db->list_columns($table);
if (0 === strpos($table, $prefix . '_')) {
$table = str_replace($prefix . '_', '', $table);
} else {
if (0 === strpos($table, $user_prefix . '_')) {
$table = str_replace($user_prefix . '_', '', $table);
}
}
$ids = false;
$space = ' ';
$filename = "cache/installer_{$table}.php";
$gfxid = isset($_POST['gfxid']) ? $_POST['gfxid'] : 0;
$code = $CPG_SESS['gfx'][$gfxid];
$gfx_check = isset($_POST['gfx_contact_check']) ? $_POST['gfx_contact_check'] : '';
if (strlen($gfx_check) < 2 || $code != $gfx_check) {
$error = _SECURITYCODE . ' incorrect';
}
}
if (isset($error)) {
cpg_error('<div style="text-align:center;">' . $error . '</div>');
} else {
if (!send_mail($mailer_message, $personal_message, $html, $subject, $recipient_email, $recipient_name, $sender_email, $sender_name)) {
cpg_error('<div style="text-align:center;"><strong>' . $mailer_message . '</strong></div>');
} else {
$CPG_SESS['tell_friend'] = false;
unset($CPG_SESS['tell_friend']);
cpg_error(_MESSAGESENT, _Tell_a_FriendLANG, $mainindex);
}
}
} else {
$CPG_SESS['tell_friend'] = true;
$sender_name = $sender_email = '';
if (is_user()) {
$sender_name = !empty($userinfo['name']) ? $userinfo['name'] : $userinfo['username'];
$sender_email = $userinfo['user_email'];
}
$message_insert = _HEY . " {recipient},\n\n" . _OURSITE . "\n\n" . _ITSCALLED . " {sitename} " . _SOMESTATS . "\n\n" . _SLOGAN . " {slogan}\n" . _FOUNDEDON . " {founded}\n" . _REGISTEREDUSERS . " {users}\n" . _TOTALSITEHITS . " {hits}\n\n" . _VISITTHEM . ($html ? ' [url={url}]{url}[/url]' : ' {url}') . "\n\n" . _KINDREGARDS . ",\n\n{sender}";
if ($html) {
require_once 'includes/nbbcode.php';
$bbcode = bbcode_table('personal_message', 'tell_friend', 0);
} else {
$bbcode = '<div style="color: #ff0000"><strong>.: ' . _BBCODEDISABLED . ' :.</strong></div><br />';
private function loginadmin()
{
$aid = isset($_POST['alogin']) ? Fix_Quotes($_POST['alogin']) : NULL;
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : NULL;
if ($aid && $pwd) {
global $sec_code, $CPG_SESS;
if ($sec_code & 1) {
$gfxid = isset($_POST['gfxid']) ? $_POST['gfxid'] : 0;
$code = $CPG_SESS['gfx'][$gfxid];
$gfx_check = isset($_POST['gfx_check']) ? $_POST['gfx_check'] : '';
if (strlen($gfx_check) < 2 || $code != $gfx_check) {
return false;
}
}
global $db, $prefix;
$pwd = md5($pwd);
$result = $db->sql_query('SELECT * FROM ' . $prefix . "_admins WHERE aid='{$aid}'");
$row = $db->sql_fetchrow($result, SQL_ASSOC);
if (isset($row['admin_id'])) {
if (!($login = Cache::array_load('login', 'a', false)) || !isset($login[$row['admin_id']])) {
$login[$row['admin_id']] = 1;
} else {
if ($login[$row['admin_id']] >= 5) {
cpg_error('Too many failed login attempts');
} else {
$login[$row['admin_id']]++;
}
}
if ($row['pwd'] == $pwd && $row['pwd'] != '') {
$this->setadmcookie(true, $row['admin_id'], $pwd, isset($_POST['persistent']));
unset($row['pwd']);
$this->admin = $row;
$this->admin_id = $row['aid'];
$this->demo = CPGN_DEMO && false !== strpos($this->admin_id, 'demo');
unset($CPG_SESS['admin']);
$login[$row['admin_id']] = 1;
}
Cache::array_save('login', 'a', $login);
}
}
return $this->admin_id;
}
public static function query_file($file, &$error, $replace_prefix = false)
{
$error = false;
if (!is_array($file)) {
$tmp['name'] = $tmp['tmp_name'] = $file;
$tmp['type'] = preg_match("/\\.gz\$/is", $file) ? 'application/x-gzip' : 'text/plain';
$file = $tmp;
}
if (empty($file['tmp_name']) || empty($file['name'])) {
cpg_error('ERROR no file specified!');
}
// Most servers identify a .gz as x-tar
if (preg_match("/^(text\\/[a-zA-Z]+)|(application\\/(x\\-)?(gzip|tar)(\\-compressed)?)|(application\\/octet-stream)\$/is", $file['type'])) {
$filedata = '';
$open = 'gzopen';
$eof = 'gzeof';
$read = 'gzgets';
$close = 'gzclose';
if (!GZIPSUPPORT) {
if (preg_match("/\\.gz\$/is", $file['name'])) {
$error = "Can't decompress file";
return false;
}
$open = 'fopen';
$eof = 'feof';
$read = 'fread';
$close = 'fclose';
}
$rc = $open($file['tmp_name'], 'rb');
if ($rc) {
while (!$eof($rc)) {
$filedata .= $read($rc, 100000);
}
$close($rc);
} else {
$error = 'Couldn\'t open ' . $file['tmp_name'] . ' for processing';
}
} else {
$error = "Invalid filename: {$file['type']} {$file['name']}";
}
if ($error) {
return false;
}
$filedata = DBCtrl::remove_remarks($filedata);
$queries = DBCtrl::split_sql_file($filedata, ";\n");
if (count($queries) < 1) {
$error = 'There are no queries in ' . $file['name'];
return false;
}
global $db, $prefix;
set_time_limit(0);
foreach ($queries as $query) {
if (!$replace_prefix) {
$query = preg_replace('#(TABLE|INTO|EXISTS|ON) ([a-zA-Z]*?(_))#i', "\\1 {$prefix}" . '_', $query);
} else {
foreach ($replace_prefix as $oldprefix => $newprefix) {
if ($oldprefix != $newprefix) {
$query = preg_replace("/{$oldprefix}/", $newprefix, $query);
}
}
}
if (SQL_LAYER == 'mysql' && preg_match('#^CREATE TABLE #', $query) && false === stripos($query, 'ENGINE=MyISAM')) {
$query .= ' ENGINE=MyISAM';
}
$db->sql_query($query);
}
return true;
}
function send_file_to_browser($attachment, $upload_dir)
{
global $_SERVER, $lang, $db, $attach_config, $board_config;
$filename = $upload_dir == '' ? $attachment['physical_filename'] : $upload_dir . '/' . $attachment['physical_filename'];
$gotit = FALSE;
if (!intval($attach_config['allow_ftp_upload'])) {
if (!file_exists(amod_realpath($filename))) {
message_die(GENERAL_ERROR, $lang['Error_no_attachment'] . "<br /><br /><b>404 File Not Found:</b> The File <i>" . $filename . "</i> does not exist.");
} else {
$gotit = TRUE;
}
}
//
// Determine the Browser the User is using, because of some nasty incompatibilities.
// Most of the methods used in this function are from phpMyAdmin. :)
//
$HTTP_USER_AGENT = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
if (preg_match('#Opera(/| )([0-9].[0-9]{1,2})#', $HTTP_USER_AGENT)) {
$browser_agent = 'opera';
} else {
if (preg_match('#MSIE ([0-9].[0-9]{1,2})#', $HTTP_USER_AGENT)) {
$browser_agent = 'ie';
} else {
if (preg_match('#OmniWeb/([0-9].[0-9]{1,2})#', $HTTP_USER_AGENT)) {
$browser_agent = 'omniweb';
} else {
if (preg_match('#Netscape([0-9]{1})#', $HTTP_USER_AGENT)) {
$browser_agent = 'netscape';
} else {
if (preg_match('#Mozilla/([0-9].[0-9]{1,2})#', $HTTP_USER_AGENT)) {
$browser_agent = 'mozilla';
} else {
if (preg_match('#Konqueror/([0-9].[0-9]{1,2})#', $HTTP_USER_AGENT)) {
$browser_agent = 'konqueror';
} else {
$browser_agent = 'other';
}
}
}
}
}
}
if (GZIPSUPPORT) {
while (ob_end_clean()) {
}
header('Content-Encoding: none');
}
// Now the tricky part... let's dance
/*
header('Pragma: public');
header('Content-Transfer-Encoding: none');
header("Expires: 0"); // set expiration time
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
*/
//
// Now send the File Contents to the Browser
//
if ($gotit) {
$size = filesize($filename);
if ($attachment['mimetype'] == 'application/x-zip-compressed') {
if (intval($attach_config['allow_ftp_upload'])) {
if (trim($attach_config['download_path']) == '') {
message_die(GENERAL_ERROR, 'Physical Download not possible with the current Attachment Setting');
}
$url = trim($attach_config['download_path']) . '/' . $attachment['physical_filename'];
$redirect_path = $url;
} else {
$redirect_path = '/' . $upload_dir . '/' . $attachment['physical_filename'];
}
URL::redirect($redirect_path);
} else {
// Correct the mime type - we force application/octetstream for all files, except images
// Please do not change this, it is a security precaution
if (false === stripos($attachment['mimetype'], 'image')) {
$attachment['mimetype'] = $browser_agent == 'ie' || $browser_agent == 'opera' ? 'application/octetstream' : 'application/octet-stream';
}
if (!($fp = fopen($filename, 'rb'))) {
cpg_error('Could not open file for sending');
}
// Send out the Headers
header('Content-Type: ' . $attachment['mimetype'] . '; name="' . $attachment['real_filename'] . '"');
header('Content-Disposition: inline; filename="' . $attachment['real_filename'] . '"');
print fread($fp, $size);
fclose($fp);
}
} else {
if (!$gotit && intval($attach_config['allow_ftp_upload'])) {
$tmp_path = !ini_get('safe_mode') ? '/tmp' : $upload_dir . '/tmp';
$tmp_filename = tempnam($tmp_path, 't0000');
unlink($tmp_filename);
include_once 'includes/classes/cpg_ftp.php';
$ftp = new cpg_ftp($attach_config['ftp_server'], $attach_config['ftp_user'], $attach_config['ftp_pass'], $attach_config['ftp_path'], $attach_config['ftp_pasv_mode']);
$mode = FTP_BINARY;
if (preg_match("/text/i", $attachment['mimetype']) || preg_match("/html/i", $attachment['mimetype'])) {
$mode = FTP_ASCII;
}
$result = ftp_get($ftp->connect_id, $tmp_filename, $filename, $mode);
$ftp->close();
if (!$result) {
message_die(GENERAL_ERROR, $lang['Error_no_attachment'] . "<br /><br /><b>404 File Not Found:</b> The File <i>" . $filename . "</i> does not exist.");
}
$size = filesize($tmp_filename);
if ($size) {
header("Content-length: {$size}");
}
if ($attachment['mimetype'] == 'application/x-zip-compressed') {
if (intval($attach_config['allow_ftp_upload'])) {
if (trim($attach_config['download_path']) == '') {
message_die(GENERAL_ERROR, 'Physical Download not possible with the current Attachment Setting');
}
$url = trim($attach_config['download_path']) . '/' . $attachment['physical_filename'];
$redirect_path = $url;
} else {
$redirect_path = $upload_dir . '/' . $attachment['physical_filename'];
}
URL::redirect($redirect_path);
} else {
// Correct the mime type - we force application/octetstream for all files, except images
// Please do not change this, it is a security precaution
if (!strstr($attachment['mimetype'], 'image')) {
$attachment['mimetype'] = $browser_agent == 'ie' || $browser_agent == 'opera' ? 'application/octetstream' : 'application/octet-stream';
}
// Send out the Headers
header('Content-Type: ' . $attachment['mimetype'] . '; name="' . $attachment['real_filename'] . '"');
header('Content-Disposition: inline; filename="' . $attachment['real_filename'] . '"');
print readfile($filename);
unlink($tmp_filename);
}
} else {
message_die(GENERAL_ERROR, $lang['Error_no_attachment'] . "<br /><br /><b>404 File Not Found:</b> The File <i>" . $filename . "</i> does not exist.");
}
}
exit;
}
function saveuser(&$userinfo)
{
global $db, $user_prefix, $MAIN_CFG, $allowusertheme, $CPG_SESS, $SESS;
$mode = isset($_POST['save']) ? $_POST['save'] : 'profile';
if ($mode == 'admin' && !defined('ADMIN_PAGES')) {
$mode = 'profile';
}
if ($mode == 'profile') {
$section = 'section=1 OR section=2';
} elseif ($mode == 'private') {
$section = 'section=3';
} elseif ($mode == 'prefs') {
$section = 'section=5';
}
$sql = $pass_change = false;
if ($mode == 'reg_details') {
global $allowmailchange;
$current_password = isset($_POST['current_password']) ? md5($_POST['current_password']) : '';
if (isset($_POST['new_password'])) {
$new_password = $_POST['new_password'];
$verify_password = isset($_POST['verify_password']) ? $_POST['verify_password'] : '';
if ($new_password != $verify_password) {
cpg_error(_PASSDIFFERENT, 'ERROR: Password mismatch');
} elseif ($new_password != '') {
if (strlen($new_password) < $MAIN_CFG['member']['minpass']) {
cpg_error(_YOUPASSMUSTBE . ' <b>' . $MAIN_CFG['member']['minpass'] . '</b> ' . _CHARLONG, 'ERROR: Password too short');
}
$new_password = md5($new_password);
if ($new_password != $userinfo['user_password']) {
if (!defined('ADMIN_PAGES') && $current_password != $userinfo['user_password']) {
cpg_error('Password incorrect');
}
$sql = " user_password='******'";
$pass_change = true;
}
}
}
$user_email = isset($_POST['user_email']) ? $_POST['user_email'] : $userinfo['user_email'];
if (($allowmailchange || defined('ADMIN_PAGES')) && $user_email != $userinfo['user_email']) {
if ($current_password != $userinfo['user_password'] && !defined('ADMIN_PAGES')) {
cpg_error('Password incorrect');
}
if (is_email($user_email) < 1) {
cpg_error(_ERRORINVEMAIL);
}
if ($sql) {
$sql .= ', ';
}
$sql .= "user_email='{$user_email}'";
}
if (defined('ADMIN_PAGES') && isset($_POST['username']) && $_POST['username'] != $userinfo['username']) {
if (preg_match('#(\\ |\\*|#|\\\\|%|"|\'|`|&|\\^|@)', $_POST['username'])) {
cpg_error(_ERRORINVNICK);
}
if ($db->sql_count($user_prefix . '_users u, ' . $user_prefix . '_users_temp t', "u.username='******'username']}' OR t.username='******'username']}' LIMIT 1") > 0) {
cpg_error(_NICKTAKEN);
}
if ($sql) {
$sql .= ', ';
}
$sql .= "username='******'username']}'";
}
} elseif ($mode == 'avatar') {
require_once 'modules/' . basename(dirname(__FILE__)) . '/avatars.php';
// Local avatar?
$avatar_local = isset($_POST['user_avatar']) ? $_POST['user_avatar'] : '';
// Remote avatar?
$avatar_remoteurl = !empty($_POST['avatarremoteurl']) ? htmlprepare($_POST['avatarremoteurl']) : '';
// Upload avatar thru remote or upload?
$avatar_upload = !empty($_POST['avatarurl']) ? trim($_POST['avatarurl']) : (!empty($_FILES['avatar']) && $_FILES['avatar']['tmp_name'] != "none" ? $_FILES['avatar']['tmp_name'] : '');
$avatar_name = !empty($_FILES['avatar']['name']) ? $_FILES['avatar']['name'] : '';
// 0 = USER_AVATAR_NONE
if (isset($_POST['avatardel']) || $avatar_local == '') {
$sql = avatar_delete($userinfo);
}
// 1 = USER_AVATAR_UPLOAD
if ((!empty($avatar_upload) || !empty($avatar_name)) && $MAIN_CFG['avatar']['allow_upload']) {
if (!empty($avatar_upload)) {
$sql = avatar_upload(empty($avatar_name), $userinfo, $avatar_upload, $_FILES['avatar']);
} elseif (!empty($avatar_name)) {
cpg_error(sprintf(_AVATAR_FILESIZE, round($MAIN_CFG['avatar']['filesize'] / 1024)), 'ERROR: Filesize');
}
} elseif ($avatar_remoteurl != $userinfo['user_avatar'] && $avatar_remoteurl != '' && $MAIN_CFG['avatar']['allow_remote']) {
if (!preg_match('#^(http)|(ftp):\\/\\/#i', $avatar_remoteurl)) {
$avatar_remoteurl = 'http://' . $avatar_remoteurl;
}
if (preg_match('#^((http)|(ftp):\\/\\/[\\w\\-]+?\\.([\\w\\-]+\\.)+[\\w]+(:[0-9]+)*\\/.*?\\.(gif|jpg|jpeg|png)$)#is', $avatar_remoteurl)) {
if (in_array('getimagesize', explode(',', ini_get('disable_functions'))) || ini_get('disable_functions') == 'getimagesize') {
cpg_error('getimagesize is disabled', _AVATAR_ERR_URL);
} elseif (!getimagesize($avatar_remoteurl)) {
cpg_error('Image has wrong filetype', _AVATAR_ERR_URL);
} elseif (!($file_data = get_fileinfo($avatar_remoteurl, !$MAIN_CFG['avatar']['animated']))) {
cpg_error(_AVATAR_ERR_URL);
} elseif ($file_data['size'] > $MAIN_CFG['avatar']['filesize']) {
cpg_error(sprintf(_AVATAR_FILESIZE, round($MAIN_CFG['avatar']['filesize'] / 1024)));
} elseif (!$MAIN_CFG['avatar']['animated'] && $file_data['animation']) {
cpg_error('Animated avatar not allowed');
}
if (avatar_size($avatar_remoteurl)) {
avatar_delete($userinfo);
$sql = "user_avatar='{$avatar_remoteurl}', user_avatar_type=2";
}
} else {
cpg_error('Image has wrong filetype', 'ERROR: Image filetype');
}
} elseif ($avatar_local != $userinfo['user_avatar'] && $avatar_local != '' && $MAIN_CFG['avatar']['allow_local'] && file_exists($MAIN_CFG['avatar']['gallery_path'] . '/' . $avatar_local)) {
avatar_delete($userinfo);
$sql = "user_avatar='{$avatar_local}', user_avatar_type=3";
}
} elseif ($mode == 'admin') {
$sql = 'user_allow_pm=' . intval($_POST['user_allow_pm']) . ', user_allowavatar=' . intval($_POST['user_allowavatar']) . ', user_rank=' . intval($_POST['user_rank']);
$suspendreason = isset($_POST['suspendreason']) ? $_POST['suspendreason'] : 'no reason';
if ($_POST['suspendreason'] != $userinfo['susdel_reason']) {
$sql .= ', susdel_reason=\'' . Fix_Quotes($suspendreason) . "'";
}
if (intval($_POST['user_suspend']) == 0 && $userinfo['user_level'] == 0) {
$sql .= ', user_level=1';
} elseif (intval($_POST['user_suspend']) > 0 && $userinfo['user_level'] > 0) {
$message = _SORRYTO . ' ' . $MAIN_CFG['global']['sitename'] . ' ' . _HASSUSPEND;
if ($suspendreason > '') {
$message .= "\n\n" . _SUSPENDREASON . "\n{$suspendreason}";
}
$from = 'noreply@' . str_replace('www.', '', $MAIN_CFG['server']['domain']);
if (!send_mail($mailer_message, $message, 0, _ACCTSUSPEND, $userinfo['user_email'], $userinfo['username'], $from)) {
trigger_error($mailer_message, E_USER_WARNING);
}
$sql .= ', user_level=0, susdel_reason=\'' . Fix_Quotes($suspendreason) . "'";
}
} else {
$result = $db->sql_query('SELECT field, type FROM ' . $user_prefix . '_users_fields WHERE ' . $section);
if ($db->sql_numrows($result) > 0) {
while ($row = $db->sql_fetchrow($result)) {
$field = $row['field'] == 'name' ? 'realname' : $row['field'];
$value = Fix_Quotes($_POST[$field], 1);
if ($row['field'] == 'user_lang' && !$MAIN_CFG['global']['multilingual']) {
continue;
}
if ($row['type'] == 1 || $row['type'] == 4) {
$value = intval($value);
} else {
if ($field == 'user_website') {
if (!preg_match('#^http[s]?:\\/\\/#i', $value)) {
$value = 'http://' . $value;
}
if (!preg_match('#^(http[s]?\\:\\/\\/)?([a-z0-9\\-\\.]+)?[a-z0-9\\-]+\\.[a-z]{2,4}$#i', $value)) {
$value = '';
}
}
}
if ($row['type'] == 7 && !$allowusertheme) {
$value = $MAIN_CFG['global']['Default_Theme'];
}
if ($row['type'] == 6) {
$value = date_raw($value);
if (checkdate(substr($value, 4, 2), substr($value, 6, 2), substr($value, 0, 4))) {
$sql .= ", {$row['field']}='{$value}'";
}
} elseif (array_key_exists($row['field'], $userinfo) && $userinfo[$row['field']] != $value) {
$sql .= ", {$row['field']}='{$value}'";
}
if ($field == 'user_timezone') {
$sql .= ', user_dst=' . intval($_POST['user_dst']);
}
}
if ($sql) {
$sql = substr($sql, 2);
}
}
}
if ($sql) {
$db->sql_query('UPDATE ' . $user_prefix . '_users SET ' . $sql . " WHERE user_id=" . intval($userinfo['user_id']));
$_SESSION['CPG_USER'] = false;
unset($_SESSION['CPG_USER']);
if (!defined('ADMIN_PAGES')) {
if ($pass_change) {
global $CLASS;
$CLASS['member']->setmemcookie($userinfo['user_id'], $userinfo['username'], $new_password);
}
if (isset($_POST['theme']) && $allowusertheme) {
$CPG_SESS['theme'] = $_POST['theme'];
unset($CPG_SESS['prevtheme']);
}
cpg_error(_TASK_COMPLETED, _TB_INFO, URL::index('&edit=' . $mode));
} else {
cpg_error(_TASK_COMPLETED, _TB_INFO, URL::admin('users&mode=edit&edit=' . $mode . '&id=' . $userinfo['user_id']));
}
}
if (!defined('ADMIN_PAGES')) {
URL::redirect(URL::index('&edit=' . $mode));
} else {
cpg_error('Nothing changed', 'No update', URL::admin('users&mode=edit&edit=' . $mode . '&id=' . $userinfo['user_id']));
}
}
list($row) = $db->sql_ufetchrow("SELECT group_moderator FROM " . GROUPS_TABLE . " WHERE group_id = {$group_id}");
list($moderator_email) = $db->sql_ufetchrow("SELECT user_email FROM " . USERS_TABLE . " WHERE user_id = {$row}");
// 12/29/2004 8:30PM
send_mail($dummy, $message, 0, 'A request to join your group has been made.', $moderator_email, '', $userinfo['user_email'], $userinfo['username']);
cpg_error($lang['Group_joined'], 'Joined group', $groupurl);
} else {
if (isset($_POST['unsub']) || isset($_POST['unsubpending']) && $group_id) {
//
// Unsubscribe from a group
//
if (!is_user()) {
URL::redirect(URL::index('Your_Account'), true);
}
if (isset($_POST['confirm'])) {
$db->sql_query("DELETE FROM " . USER_GROUP_TABLE . " WHERE user_id=" . $userinfo['user_id'] . " AND group_id={$group_id}");
cpg_error($lang['Unsub_success'], 'Unsubscribed', URL::index());
} else {
$unsub_msg = isset($_POST['unsub']) ? $lang['Confirm_unsub'] : $lang['Confirm_unsub_pending'];
$hidden_fields = '<input type="hidden" name="g" value="' . $group_id . '" /><input type="hidden" name="unsub" value="1" />';
cpg_delete_msg(URL::index(), $unsub_msg, $hidden_fields);
}
} else {
if ($group_id) {
//
// Did the group moderator get here through an email?
// If so, check to see if they are logged in.
//
if (isset($_GET['validate']) && !is_user()) {
URL::redirect(URL::index('Your_Account'), true);
}
//
function group_msg($message)
{
cpg_error($message, 'Groups', URL::admin('groups'));
}
private static function flood()
{
global $db, $prefix, $MAIN_CFG;
$ip = NET::get_ip();
$ipn = $db->binary_safe($ip);
$delay = $MAIN_CFG['_security']['delay'];
$flood_time = $flood_count = 0;
$log = array();
$time = time();
if (!isset($_SESSION['SECURITY']['flood_start'])) {
$db->sql_query('DELETE FROM ' . $prefix . '_security_flood WHERE flood_time <= ' . $time);
} else {
$_SESSION['SECURITY']['flood_start'] = false;
}
if ($MAIN_CFG['_security']['debug'] || empty($_SESSION['SECURITY']['flood_time'])) {
# try to load time from log
if ($row = $db->sql_ufetchrow('SELECT * FROM ' . $prefix . '_security_flood WHERE flood_ip =' . $ipn, SQL_ASSOC)) {
if (!empty($row)) {
$flood_time = $row['flood_time'];
$flood_count = $row['flood_count'];
if (!empty($row['log']) && $MAIN_CFG['_security']['debug']) {
$log = unserialize($row['log']);
}
}
}
} else {
$flood_time = $_SESSION['SECURITY']['flood_time'];
$flood_count = $_SESSION['SECURITY']['flood_count'];
}
if ($flood_time >= $time) {
# die with message and report
++$flood_count;
if ($flood_count <= 5) {
if (empty($_SESSION['SECURITY']['shield']) && $flood_count > 2 && $flood_count <= 5) {
Security::flood_log($ipn, !empty($row), $delay, $time, $log, $flood_count);
global $LNG;
get_lang('errors');
$flood_time = ($flood_count + 1) * 2 / $delay;
header($_SERVER['SERVER_PROTOCOL'] . ' 503 Service Unavailable');
header('Retry-After: ' . $flood_time);
$msg = sprintf($LNG['_SECURITY_MSG']['_FLOOD'], $flood_time);
if ($flood_count == 5) {
$msg .= $LNG['_SECURITY_MSG']['Last_warning'];
}
$msg = sprintf(_JS_ALERT, $msg);
cpg_error($msg, 'Flood Protection');
}
} else {
if ($MAIN_CFG['_security']['debug']) {
if (!empty($log)) {
$log = Security::log_serializer($log);
} else {
if (!empty($_SESSION['FLOODING'])) {
$log = Security::log_serializer($_SESSION['FLOODING']);
}
}
$log = "'{$log}'";
if (!empty($_SESSION['SECURITY']['shield'])) {
if ($_SESSION['SECURITY']['shield'] == 4) {
list(, $ip4) = unpack('N', $ip);
$db->sql_query('UPDATE ' . $prefix . "_security SET log={$log} WHERE ban_type=8 AND (ban_ipv4_s = {$ip4} OR (ban_ipv4_s < {$ip4} AND ban_ipv4_e >= {$ip4}))");
} else {
$mac = strlen($ip) == 16 ? ' OR ban_ipn=' . $db->binary_safe(substr($ip, -8)) : '';
$db->sql_query('UPDATE ' . $prefix . "_security SET log={$log} WHERE ban_type=8 AND (ban_ipn={$ipn}{$mac})");
}
$flood_time = $_SESSION['SECURITY']['flood_time'] = 0;
$flood_count = $_SESSION['SECURITY']['flood_count'] = 0;
return;
}
} else {
$log = 'DEFAULT';
}
$db->sql_query('INSERT INTO ' . $prefix . "_security (ban_ipn, ban_type, ban_time, ban_details, log) VALUES ({$ipn}, '7', '" . ($time + $MAIN_CFG['_security']['bantime']) . "', 'Flooding detected by User-Agent:\n{$_SERVER['HTTP_USER_AGENT']}', {$log})", TRUE, TRUE);
global $SESS;
if (is_object($SESS)) {
$SESS->destroy();
}
cpg_error('', 803);
}
} else {
$log = null;
$flood_count = 0;
$_SESSION['FLOODING'] = array();
}
Security::flood_log($ipn, !empty($row), $delay, $time, $log, $flood_count);
}
$querylang = $MAIN_CFG['global']['multilingual'] ? "(alanguage='{$currentlang}' OR alanguage='')" : '';
if ($MAIN_CFG['global']['multilingual']) {
$querylang = "AND {$querylang}";
}
$topic = isset($_GET['topic']) ? intval($_GET['topic']) : (isset($_GET['new_topic']) ? intval($_GET['new_topic']) : 0);
$catid = isset($_GET['catid']) ? intval($_GET['catid']) : 0;
if ($topic > 0) {
$qdb = "topic='{$topic}'";
} else {
// $qdb = '(s.ihome=1 OR s.catid=0)';
$qdb = 's.ihome=1';
}
$total = $db->sql_count($prefix . '_stories s', ($catid > 0 ? "s.catid='{$catid}'" : $qdb) . " {$querylang}");
$pages = ceil($total / $storynum);
if ($pages < $page && $storynum > 0) {
cpg_error(_PAGE . ' ' . $page . ' does not exist');
}
require_once 'header.php';
require_once 'modules/News/functions.php';
automated_news();
if ($topic > 0) {
$result_a = $db->sql_query("SELECT topictext FROM " . $prefix . "_topics WHERE topicid='{$topic}'");
$row_a = $db->sql_fetchrow($result_a);
$topic_title = $row_a['topictext'];
if ($db->sql_numrows($result_a) < 1) {
$cpgtpl->assign_block_vars('newsempty', array('S_NOTOPIC' => _NOINFO4TOPIC, 'S_GONEWS' => _GOTONEWSINDEX, 'S_SELECT' => _SELECTNEWTOPIC, 'S_SITENAME' => $MAIN_CFG['global']['sitename'], 'U_NEWSINDEX' => URL::index('News'), 'U_TOPICS' => URL::index('Topics')));
} else {
$cpgtpl->assign_block_vars('newscat', array('S_GOHOME' => _GOTOHOME, 'S_SEARCH' => _SEARCH, 'S_SEARCHON' => _SEARCHONTOPIC, 'S_SELECT' => _SELECTNEWTOPIC, 'S_SITENAME' => $MAIN_CFG['global']['sitename'], 'S_TOPIC_T' => $topic_title, 'I_TOPIC' => $topic, 'U_HOME' => $mainindex, 'U_SEARCH' => URL::index('Search'), 'U_TOPICS' => URL::index('Topics')));
}
$db->sql_freeresult($result_a);
}
}
require_once 'includes/nbbcode.php';
require_once 'modules/' . $module_name . '/functions/categories.inc';
require_once 'modules/' . $module_name . '/functions/display.inc';
require_once 'modules/' . $module_name . '/functions/info.inc';
require_once 'modules/' . $module_name . '/functions/linking.inc';
if (!isset($_GET['id'])) {
URL::redirect(URL::index());
}
$row = $db->sql_ufetchrow("SELECT d.*, SUM(s.hits) AS hits, SUM(s.views) AS views, i.url AS img_url, u.username FROM " . $dl_prefix . "_downloads d\n\tLEFT JOIN " . $dl_prefix . "_stats s ON (s.id = d.lid)\n\tLEFT JOIN " . $dl_prefix . "_screenshots i ON (i.id = d.screen)\n\tLEFT JOIN " . $user_prefix . "_users u ON (u.user_id = d.submitter)\n\tWHERE d.lid='{$global_id}' \n\tGROUP BY d.lid, d.cid, d.active, d.access, d.title, d.screen, d.desc_short, d.desc_long, d.notes, d.date, d.updated, d.name, d.email, d.submitter, d.filesize, d.version, d.homepage, d.compat, d.pick, i.url, u.username");
list($row['score'], $row['votes']) = $db->sql_ufetchrow("SELECT SUM(score), COUNT(score) FROM " . $dl_prefix . "_ratings \n\tWHERE lid='{$global_id}' AND active=1 \n\tGROUP BY lid");
if (!isset($row['title'])) {
cpg_error(_DLP_UNKNOWNDL, 404);
}
if ($row['active'] != 1 && !can_admin($module_name)) {
cpg_error(_DLP_INACTIVEDL);
}
$rating_info = get_rating($row['score'], $row['votes']);
if (!is_admin() && $row['submitter'] != is_user()) {
update_views($global_id);
}
//$modheader .= '<link rel="stylesheet" type="text/css" href="modules/'.$module_name.'/include/style.css" />';
$pagetitle .= $module_title . ' ' . _BC_DELIM . ' ' . $row['title'];
if ($row['img_url']) {
if (ereg('://', $row['img_url'])) {
$row['img_url'] .= '" width="' . $dl_config['dimension_thumb'];
} else {
$row['img_url'] = dl_thumbimage($row['img_url']);
}
}
$can_dl = can_download($row['active'], $row['access']);
foreach ($recipients AS $email => $name) {
send_mail($mailer_message, sprintf($content, $name), 1, $subject, $email, $name, $MAIN_CFG['global']['adminmail'], $MAIN_CFG['global']['sitename']);
}
*/
cpg_error(_NEWSLETTERSENT, _NEWSLETTER, $adminindex);
}
$title = _NEWSLETTER;
$preview = $notes = $submit = '';
if (isset($_POST['preview'])) {
$pagetitle .= ' ' . _BC_DELIM . ' ' . _PREVIEW;
$title .= ' ' . _PREVIEW;
if (empty($subject)) {
cpg_error(sprintf(_ERROR_NOT_SET, _SUBJECT));
}
if (empty($content)) {
cpg_error(sprintf(_ERROR_NOT_SET, _CONTENT));
}
if ($group == 0) {
$num_users = $db->sql_count($user_prefix . "_users", 'user_level > 0 AND user_id > 1');
$group_name = strtolower(_NL_ALLUSERS);
} elseif ($group == 2) {
$num_users = $db->sql_count($prefix . "_admins");
$group_name = strtolower(_NL_ADMINS);
} elseif ($group > 2) {
$group_id = $group - 2;
$num_users = $db->sql_count($prefix . "_bbuser_group", "group_id={$group_id} AND user_pending=0");
list($group_name) = $db->sql_ufetchrow("SELECT group_name FROM " . $prefix . "_bbgroups WHERE group_id={$group_id}", SQL_NUM);
} else {
$num_users = $db->sql_count($user_prefix . "_users", 'user_level > 0 AND newsletter=1');
$group_name = strtolower(_SUBSCRIBEDUSERS);
}
if (isset($_GET['ok'])) {
$db->sql_query("UPDATE " . $prefix . "_modules_links SET cat_id=0 WHERE cat_id=" . $cid);
$db->sql_query("UPDATE " . $prefix . "_modules SET cat_id=0 WHERE cat_id=" . $cid);
$db->sql_query("DELETE FROM " . $prefix . "_modules_cat WHERE cid=" . $cid);
URL::redirect(URL::admin('cpgmm'));
}
$cat['name'] = defined($cat['name']) ? constant($cat['name']) : $cat['name'];
$pagetitle .= ' ' . _BC_DELIM . ' Delete Category: ' . $cat['name'];
require 'header.php';
GraphicAdmin('_AMENU1');
OpenTable();
echo '<center>' . sprintf(_ERROR_DELETE_CONF, '<i>' . $cat['name'] . '</i>');
echo '<br /><br />[ <a href="' . URL::admin('cpgmm') . '">' . _NO . '</a> | <a href="' . URL::admin("cpgmm&cid={$cid}&mode=delcat&ok=1") . '">' . _YES . '</a> ]</center>';
CloseTable();
} else {
cpg_error(_CPG_MMNOCAT);
}
} else {
if (Security::check_post() && isset($_POST['updatecpgmm']) && intval($_POST['id']) && intval($_POST['parent']) && intval($_POST['pos'])) {
$cats = -1;
for ($i = 0; $i < count($_POST['id']); ++$i) {
if ($_POST['parent'][$i] == 0) {
++$cats;
if ($_POST['id'][$i] > 0 && $_POST['pos'][$i] != $i) {
$db->sql_update($prefix . '_modules_cat', array('pos' => $i), 'cid=' . $_POST['id'][$i]);
}
$parent = $_POST['id'][$i] == -1 ? '0' : $_POST['id'][$i];
}
if ($_POST['id'][$i] > 0 && $_POST['parent'][$i] != 0 && $_POST['pos'][$i] != $i) {
$db->sql_update($prefix . '_modules_links', array('pos' => $i - $cats, 'cat_id' => $parent), 'lid=' . $_POST['id'][$i]);
} elseif ($_POST['id'][$i] < 0 && $_POST['parent'][$i] != 0 && $_POST['pos'][$i] != $i) {
if ($shoutconf['nameblock']) {
$nameresult = $db->sql_query("SELECT name FROM " . $prefix . "_shoutblock_nameblock WHERE name = '" . Fix_Quotes($username, true) . "' LIMIT 0,1");
while ($badname = $db->sql_fetchrow($nameresult)) {
if ($username == $badname[0]) {
$error = _SHOUTUSERBAN;
}
}
$db->sql_freeresult($nameresult);
}
//look for bad words, then censor them.
if ($shoutconf['censor']) {
$comment = check_words($comment);
}
//if error just reload page, else add posting.
if ($error) {
cpg_error($error);
} else {
$db->sql_query("INSERT INTO " . $prefix . "_shoutblock VALUES (NULL, '" . Fix_Quotes($username) . "', '" . Fix_Quotes($comment) . "', '" . gmtime() . "')");
url_redirect($CPG_SESS['user']['uri']);
}
}
function nav_shouts()
{
global $prefix, $db, $offset, $number, $shoutconf, $userinfo;
$offset = intval($offset);
$result = $db->sql_query("SELECT * FROM " . $prefix . "_shoutblock ORDER BY id DESC LIMIT {$offset},25");
$loop = $db->sql_numrows($result);
while ($row = $db->sql_fetchrow($result)) {
echo '<div class="content">';
$row[2] = set_smilies($row[2]);
echo '<a href="' . getlink('Your_Account&profile=' . $row[1]) . '"><strong>' . $row[1] . ':</strong></a>';
if ($fields['version']) {
$db->sql_query("INSERT INTO " . $dl_prefix . "_history \n\t\t\t\t(id, vers, author, date, comment) \n\t\t\t\tVALUES \n\t\t\t\t({$next_id}, '{$fields['version']}', '{$fields['submitter']}', " . time() . ", 'Initial Version')");
}
if (!can_admin($module_name)) {
$d_queue = $db->sql_count($dl_prefix . '_downloads', "lid!='{$next_id}' AND active=2");
cpg_error('Your download has been queued for review by an administrator<br /><br />At this time, we have <strong>' . $d_queue . '</strong> other downloads awaiting approval', _TB_INFO, URL::index('&file=manage&s=1', true, true));
}
DL_Cat::count_dl();
URL::redirect(URL::index('&file=details&id=' . $next_id));
}
}
}
$cats = array();
DL_Cat::list_all($cats);
if (count($cats) < 1) {
cpg_error('There are no categories in which you can add a download');
}
if (can_admin($module_name) || $dl_config['user_catparent']) {
$selects = DL_Cat::selectbox($in['cat'], 'in[cat]', false);
} else {
$selects = '<select class="set" name="in[cat]" id="in[cat]">
<option selected="selected" label="none" value="none">select a category</option>';
foreach ($cats as $cat) {
if ($cat['level'] == 1) {
if ($selects != '') {
$selects .= '</optgroup>';
}
$selects .= '<optgroup label="' . $cat['crumb'] . '">';
} else {
$selects .= '<option value="' . $cat['cid'] . '"' . (isset($_GET['c']) && $cat['cid'] == intval($_GET['c']) || $cat['cid'] == $in['cat'] ? ' selected="selected"' : '') . '>' . $cat['crumb'] . '</option>';
}
while (list($entry_id, $entry_year, $entry_content, $entry_lang) = $db->sql_fetchrow($result)) {
echo '<strong>' . $entry_year . '</strong> ' . ($MAIN_CFG['global']['multilingual'] && !empty($entry_lang) ? '(' . $entry_lang . ') ' : '') . '(<a href="' . URL::admin('&edit=' . $entry_id) . '">' . _EDIT . '</a> / <a href="' . URL::admin('&delete=' . $entry_id) . '">' . _DELETE . '</a>)<br />' . $entry_content;
if ($i < $db->sql_numrows($result)) {
echo '<hr size="1" noshade="noshade" />';
}
$i++;
}
if ($db->sql_numrows($result) < 1) {
echo sprintf(_ERROR_NONE_TO_DISPLAY, 'entries');
}
$db->sql_freeresult($result);
CloseTable();
} elseif (isset($_GET['edit'])) {
$entry_id = intval($_GET['edit']);
if (strlen($_GET['edit'] < 1)) {
cpg_error(sprintf(_ERROR_NOT_SET, 'ID'), _SEC_ERROR);
}
list($entry_year, $entry_content, $entry_lang) = $db->sql_ufetchrow("SELECT yid, content, language FROM " . $prefix . "_history WHERE eid='{$entry_id}'", SQL_NUM);
$pagetitle .= ' ' . _BC_DELIM . ' ' . _EPHEMEDIT;
require_once 'header.php';
GraphicAdmin('_AMENU5');
OpenTable();
echo '<span class="genmed"><strong>' . _EPHEMADMIN . '</strong></span><br /><br />' . open_form(URL::admin('history'), false, _EPHEMEDIT) . _YEAR . ': <input type="text" name="entry_year" value="' . $entry_year . '" size="5" maxlength="4" /><br /><br />';
if ($MAIN_CFG['global']['multilingual']) {
echo _LANGUAGE . ': ' . lang_selectbox($entry_lang, 'entry_lang') . '<br /><br />';
} else {
echo '<input type="hidden" name="entry_lang" value="' . $entry_lang . '" />';
}
echo _EPHEMDESC . ':<br />
<textarea name="entry_content" cols="60" rows="10">' . $entry_content . '</textarea><br /><br />
<input type="hidden" name="entry_id" value="' . $entry_id . '" />
function df_delete_cache()
{
if (preg_match('#^(a_|bb_|config_)[a-z]+$#i', $GLOBALS['AdminCache']->file) && unlink(BASEDIR . 'cache/' . $GLOBALS['AdminCache']->file . '.php')) {
cpg_error($GLOBALS['AdminCache']->file . '.php gone.', _DELETE, URL::admin('cache'));
} else {
if ($tpl = glob(BASEDIR . 'cache/tpl_' . $GLOBALS['AdminCache']->file . '*.html.inc')) {
while ($file = array_shift($tpl)) {
if (!unlink($file)) {
trigger_error(str_replace(BASEDIR . 'cache/', '', $file) . ' couldn\'t be deleted.', E_USER_WARNING);
}
}
} else {
if ($tpl = glob(BASEDIR . 'cache/' . $GLOBALS['AdminCache']->file . '*.php')) {
while ($file = array_shift($tpl)) {
if (!unlink($file)) {
trigger_error(str_replace(BASEDIR . 'cache/', '', $file) . ' couldn\'t be deleted.', E_USER_WARNING);
}
}
}
}
}
global $pagetitle;
cpg_error(_TASK_COMPLETED, $pagetitle, URL::admin('cache'));
}
$msg = intval($_POST['page_id']) > 0 ? 'replace the current page.' : 'be added.';
$db->sql_query('INSERT INTO ' . $module_prefix . "_pages_wait (page_id, parent_id, title, user_id, comment, body) VALUES (" . intval($_POST['page_id']) . ", " . intval($_POST['parent_id']) . ", '" . Fix_Quotes($_POST['title']) . "', " . is_user() . ", '" . Fix_Quotes($_POST['comment']) . "', '" . Fix_Quotes($_POST['content']) . "')");
cpg_error('Page is added and is awaiting approval to ' . $msg, '', $MAIN_CFG['server']['path'] . URL::index());
}
// page_id is used for modifications
if (intval($_POST['page_id']) > 0) {
$id = intval($_POST['page_id']);
$sql = 'UPDATE ' . $module_prefix . "_pages SET" . ' parent_id=' . intval($_POST['parent_id']) . ', active=1' . ", title='" . Fix_Quotes($_POST['title']) . "', version=version+1" . ', supercede=' . time() . ', upd_user_id=' . is_user() . ", upd_author='" . Fix_Quotes($userinfo['username']) . "', comment='" . Fix_Quotes($_POST['comment']) . "', body='" . Fix_Quotes($_POST['content']) . "' WHERE id={$id}";
$db->sql_query($sql);
} else {
list($pos) = $db->sql_ufetchrow("SELECT COUNT(*) FROM " . $module_prefix . "_pages WHERE parent_id=" . intval($_POST['parent_id']));
$sql = 'INSERT INTO ' . $module_prefix . '_pages (parent_id, active, pos, title, time, user_id, author, comment, body) VALUES (' . intval($_POST['parent_id']) . ', 1, ' . ($pos + 1) . ", '" . Fix_Quotes($_POST['title']) . "', " . time() . ', ' . is_user() . ", '" . Fix_Quotes($userinfo['username']) . "', '" . Fix_Quotes($_POST['comment']) . "', '" . Fix_Quotes($_POST['content']) . "')";
$db->sql_query($sql);
$id = $db->sql_nextid('id');
}
cpg_error('Page is added', '', $MAIN_CFG['server']['path'] . URL::index('&id=' . $id));
} else {
$row['id'] = 0;
$row['parent_id'] = 0;
$row['title'] = '';
$row['comment'] = '';
$row['content'] = '<b>nothing</b> yet';
if (isset($_POST['wysiwyg']) || isset($_POST['preview'])) {
$row['id'] = $_POST['page_id'];
$row['parent_id'] = $_POST['parent_id'];
$row['title'] = $_POST['title'];
$row['comment'] = $_POST['comment'];
if (isset($_POST['content'])) {
$row['content'] = $_POST['content'];
}
} elseif (isset($_GET['id'])) {
function getit()
{
global $downloadsprefix, $db, $CPG_SESS;
$lid = intval($_GET['lid']);
$db->sql_query('UPDATE ' . $downloadsprefix . '_downloads SET hits=hits+1 WHERE lid=' . $lid);
$result = $db->sql_query('SELECT url FROM ' . $downloadsprefix . '_downloads WHERE lid=' . $lid);
if ($db->sql_numrows($result) > 0) {
list($url) = $db->sql_fetchrow($result);
url_redirect($url);
} else {
cpg_error(_DL_NOEXISTS);
}
}
require_once 'footer.php';
} else {
cpg_error('The requested file, modules/' . $op . '/admin/' . $file . '.inc, didn\'t output data correctly');
}
} elseif (file_exists('admin/modules/' . $op . '.php')) {
$module_name = $op;
get_lang($op, -1);
include 'admin/modules/' . $op . '.php';
if (defined('HEADER_OPEN')) {
require_once 'footer.php';
} else {
cpg_error('The requested file, admin/modules/' . $op . '.php, didn\'t output data correctly');
}
} elseif (is_dir('admin/case')) {
$casedir = dir('admin/case');
while ($func = $casedir->read()) {
if (substr($func, 0, 5) == 'case.') {
include $casedir->path . "/{$func}";
}
}
closedir($casedir->handle);
}
cpg_error(sprintf(_MODULENOEXIST, ''), 404);
} else {
// WebTV hack
if (!strstr($_SERVER['HTTP_USER_AGENT'], 'WebTV')) {
header('HTTP/1.0 403 Forbidden');
}
login();
}
}
