function get_post_var($var, $pid, $html2bb = false) { $var_name = $var . $pid; if (!isset($_POST[$var_name])) { cpg_die(_CRITICAL_ERROR, PARAM_MISSING . " ({$var_name})", __FILE__, __LINE__); } if ($html2bb) { return Fix_Quotes(html2bb($_POST[$var_name])); } else { return Fix_Quotes($_POST[$var_name], 1); } }
$dateCreationEvenement = $rep->datedossier; $dateFin = ''; if (isset($tabStructureId[$rep->idtypeimage])) { $idTypeStructure = $tabStructureId[$rep->idtypeimage]; } else { $idTypeStructure = $tabStructureId['defaut']; } // nom dossier if (empty($rep->titredossier)) { //$titre = nettoyeChaine($rep->numerovoie.' '.$rep->nomAdresse); $titre = ""; } else { $titre = nettoyeChaine($rep->titredossier); } $titre = html2bb($titre); $description = html2bb(nettoyeChaine($rep->description . ' ' . $rep->textecommentaire)); $idCourantArchitectural = $rep->idtypecourantarchitecture; if (!empty($idCourantArchitectural)) { $idCourantArchitectural = $tabCourantArchitectural[$idCourantArchitectural]; $stmtLienEvenementCourant->execute() or die($mysqliNew->error); } // // ENREGISTREMENT DU DOSSIER // $stmt->execute() or die($mysqliNew->error); // enregistrement dans la table de correspondance $tabEvenementId[$rep->iddossier] = $mysqliNew->insert_id; echo "=>" . $tabEvenementId[$rep->iddossier] . "<br>"; // enregistrement de la liaison à créer avec les anciens ID // les nouveaux ID ne sont pas toujours connus if (!empty($rep->iddossierpere)) {
$ft_id = intval($_GET['ft_id']); $f_id = intval($_GET['f_id']); $fp_id = intval($_GET['fp_id']); if ($ft_id <= 0) { header("LOCATION: forum.php"); exit; } if ($f_id <= 0) { header("LOCATION: forum.php"); exit; } if ($fp_id <= 0) { header("LOCATION: forum.php"); exit; } $ft_titel_text = html2bb($_POST['text_l']); $date = time(); $uid = $userdata['userid']; $uname = $userdata['username']; $my_ip = ""; $date_edit_time = date("d.m.Y, H:i", $date); $ft_titel_text = $ft_titel_text . "<br><br>ge�ndert am :" . $date_edit_time; if ($ft_titel_text == "") { show_error('ln_error_9', $modul_name); header("LOCATION: forum.php?action=new_threadid&ft_id={$ft_id}"); exit; } if ($uid <= 0) { show_error('ln_error_10', $modul_name); exit; }
case '3': trigger_error('<br />The uploaded picture was only partially uploaded.', E_USER_ERROR); default: trigger_error('<br />' . NO_PIC_UPLOADED, E_USER_ERROR); } } else { trigger_error(NO_PIC_UPLOADED, E_USER_ERROR); } } // Test if the uploaded picture size is valid if ($_FILES['userpicture']['size'] > $CONFIG['max_upl_size'] << 10) { trigger_error('<br />' . sprintf(ERR_IMGSIZE_TOO_LARGE, $_POST['MAX_FILE_SIZE']), E_USER_ERROR); } $title = isset($_POST['title']) && !empty($_POST['title']) ? Fix_Quotes($_POST['title'], true) : ''; check_words($title); $caption = isset($_POST['caption']) && !empty($_POST['caption']) ? Fix_Quotes(html2bb($_POST['caption'], 1)) : ''; check_words($caption); $keywords = isset($_POST['keywords']) && !empty($_POST['keywords']) ? Fix_Quotes($_POST['keywords'], 1) : ''; check_words($keywords); $user1 = isset($_POST['user1']) && !empty($_POST['user1']) ? Fix_Quotes($_POST['user1'], 1) : ''; check_words($user1); $user2 = isset($_POST['user2']) && !empty($_POST['user2']) ? Fix_Quotes($_POST['user2'], 1) : ''; check_words($user2); $user3 = isset($_POST['user3']) && !empty($_POST['user3']) ? Fix_Quotes($_POST['user3'], 1) : ''; check_words($user3); $user4 = isset($_POST['user4']) && !empty($_POST['user4']) ? Fix_Quotes($_POST['user4'], 1) : ''; check_words($user4); $album = isset($_POST['album']) && is_numeric($_POST['album']) ? $_POST['album'] : cpg_die(_CRITICAL_ERROR, PARAM_MISSING, __FILE__, __LINE__); // Check if the album id provided is valid if (!GALLERY_ADMIN_MODE) { $alb_cat = "SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='{$album}' and (uploads = 1 OR category = '" . (USER_ID + FIRST_USER_CAT) . "')";
$db->query("UPDATE cc" . $n . "_allianz SET text='" . $text . "',text_long='" . $text_l . "' WHERE aid='" . $ali_id . "'"); $password = c_trim($_POST['password']); if ($password != "") { $db->query("UPDATE cc" . $n . "_allianz SET password='******' WHERE aid='" . $userdata['allianzid'] . "'"); } header("LOCATION: alliance.php?cxid={$cxid}"); exit; } if ($action == "change_news_s") { $erlaubt = is_allowed("change_news"); $ali_id = $userdata['allianzid']; if ($erlaubt == 0) { show_error('ln_allianz_php_2', $modul_name); exit; } $text_l = html2bb($_POST['descr']); $change_date = time(); $db->query("delete from cc" . $n . "_allianznews WHERE allianz_id ='{$ali_id}'"); $db->query("INSERT INTO cc" . $n . "_allianznews (allianz_id , a_news_text,change_date ) VALUES ('{$ali_id}','{$text_l}','{$change_date}')"); header("LOCATION: alliance.php"); exit; } if ($action == "change_news") { $erlaubt = is_allowed("change_news"); $ali_id = $userdata['allianzid']; if ($erlaubt == 0) { show_error('ln_allianz_php_2', $modul_name); exit; } $result_e = $db->query("SELECT * FROM cc" . $n . "_allianznews WHERE allianz_id ='{$ali_id}' "); while ($row_e = $db->fetch_array($result_e)) {
$username_r = c_trim($_GET['username']); if ($pmid) { $result = $db->query("SELECT * FROM cc" . $n . "_messages WHERE pmid='{$pmid}' AND touserid='" . $userdata['userid'] . "'"); $row = $db->fetch_array($result); $subject_r = "Re: {$row['subject']}"; $message_r = "\n\n---- Nachricht vom " . date("d.m.Y, H:i", $row['time']) . " ----\n" . $row['text'] . "\n\n------------"; } $tpl->assign('M_U_SEND', $username_r); $tpl->assign('M_U_SUB', $subject_r); $tpl->assign('M_U_MESSAGE', $message_r); template_out('message_send.html', $modul_name); exit; } if ($action == "submit_send") { $username = c_trim($_POST['username']); $text = html2bb($_POST['text']); $user_array = explode(",", $_POST['username']); $subject = c_trim($_POST['subject']); $pri = intval($_POST['pri']); if (!$username || !$text || !$subject) { show_error('ln_message_1', $modul_name); exit; } for ($i = 0; $i < count($user_array); $i++) { $userid_c = get_userid($user_array[$i]); if (!is_username($user_array[$i])) { show_error('ln_users_e_1', $modul_name); exit; } $db->query("INSERT INTO cc" . $n . "_messages (username,fromuserid,touserid,text,time,isnew,inbox,subject,pri) VALUES ('" . $userdata['username'] . "','" . $userdata['userid'] . "','" . $userid_c . "','" . mysql_real_escape_string($text) . "','" . time() . "','1','1','" . mysql_real_escape_string($subject) . "','" . $pri . "')"); }
get_lang('Submit_News'); require_once 'includes/nbbcode.php'; $pagetitle .= _Submit_NewsLANG; global $MAIN_CFG, $CPG_SESS; if (!$MAIN_CFG['global']['anonpost'] && !is_user()) { cpg_error('<p>' . _MODULEUSERS . ($MAIN_CFG['member']['allowuserreg'] ? _MODULEUSERS2 : '') . '</p>', 401); } else { if (isset($_POST['submit'])) { if (!isset($CPG_SESS['submit_story']) && !$CPG_SESS['submit_story']) { cpg_error(_SPAMGUARDPROTECTED); } $uid = is_user() ? $userinfo['user_id'] : 1; $name = is_user() ? $userinfo['username'] : _ANONYMOUS; $subject = isset($_POST['subject']) ? Fix_Quotes($_POST['subject']) : ''; $story = isset($_POST['story']) ? Fix_Quotes(html2bb($_POST['story'])) : ''; $storyext = isset($_POST['storyext']) ? Fix_Quotes(html2bb($_POST['storyext'])) : ''; $topic = isset($_POST['topic']) ? intval($_POST['topic']) : 1; $alanguage = isset($_POST['alanguage']) ? Fix_Quotes($_POST['alanguage']) : ''; $subject = check_words($subject); $story = encode_bbcode(check_words($story)); $storyext = encode_bbcode(check_words($storyext)); $db->sql_query('INSERT INTO ' . $prefix . '_queue (qid, uid, uname, subject, story, storyext, timestamp, topic, alanguage) ' . "VALUES (DEFAULT, '{$uid}', '{$name}', '{$subject}', '{$story}', '{$storyext}', " . time() . ", {$topic}, '{$alanguage}')"); if ($MAIN_CFG['global']['notify']) { $notify_message = "{$MAIN_CFG['global']['notify_message']}\n\n\n========================================================\n{$subject}\n\n\n" . decode_bbcode($story, 1, true) . "\n\n" . decode_bbcode($storyext, 1, true) . "\n\n{$name}"; if (!send_mail($mailer_message, $notify_message, 0, $MAIN_CFG['global']['notify_subject'], $MAIN_CFG['global']['notify_email'], $MAIN_CFG['global']['notify_email'], $MAIN_CFG['global']['notify_from'], $name)) { echo $mailer_message; } } $CPG_SESS['submit_story'] = false; unset($CPG_SESS['submit_story']); list($waiting) = $db->sql_ufetchrow("SELECT COUNT(*) FROM {$prefix}_queue", SQL_NUM);
$mysqliNew->query("SET NAMES 'utf8'"); $mysqliOld->query("SET NAMES 'utf8'"); function html2bb($html = '') { $html = nl2br(trim(stripslashes($html))); $html = tidy_repair_string($html, array('output-xhtml' => true, 'show-body-only' => true, 'doctype' => 'strict', 'drop-font-tags' => true, 'drop-proprietary-attributes' => true, 'lower-literals' => true, 'quote-ampersand' => true, 'wrap' => 0), 'utf8'); $html = trim($html); $html = preg_replace('!<a(.*)href=(.+)>(.+)</a>!isU', '[url=$2]$3[/url]', $html); $html = preg_replace('!<a(.*)>(.+)</a>!isU', '$2', $html); $html = preg_replace('!<a(.*)href=(.+)></a>!isU', '[url]$2[/url]', $html); $html = preg_replace('!<br(.*)>!isU', '\\r\\n', $html); $html = str_replace('<p>', '\\r\\n', $html); $html = str_replace('</p>', '\\r\\n', $html); return htmlspecialchars($html); } $regex = '#<#'; echo '<h1>Dossiers</h1>'; if ($resOld = $mysqliOld->query("SELECT iddossier,titredossier, commentaires, textecommentaire FROM dossier\n\t\t\t\tLEFT JOIN commentaire USING(iddossier)")) { while ($rep = $resOld->fetch_object()) { //echo '<h3>'.$rep->iddossier.'</h3>'; if (preg_match_all($regex, $rep->commentaires, $match)) { echo '<p>' . html2bb($rep->commentaires) . '</p>'; } if (preg_match_all($regex, $rep->titredossier, $match)) { echo '<p>' . html2bb($rep->titredossier) . '</p>'; } if (preg_match_all($regex, $rep->textecommentaire, $match)) { echo '<p>' . html2bb($rep->textecommentaire) . '</p>'; } } }