function get_post_var($var, $pid, $html2bb = false)
{
$var_name = $var . $pid;
if (!isset($_POST[$var_name])) {
cpg_die(_CRITICAL_ERROR, PARAM_MISSING . " ({$var_name})", __FILE__, __LINE__);
}
if ($html2bb) {
return Fix_Quotes(html2bb($_POST[$var_name]));
} else {
return Fix_Quotes($_POST[$var_name], 1);
}
}
$dateCreationEvenement = $rep->datedossier;
$dateFin = '';
if (isset($tabStructureId[$rep->idtypeimage])) {
$idTypeStructure = $tabStructureId[$rep->idtypeimage];
} else {
$idTypeStructure = $tabStructureId['defaut'];
}
// nom dossier
if (empty($rep->titredossier)) {
//$titre = nettoyeChaine($rep->numerovoie.' '.$rep->nomAdresse);
$titre = "";
} else {
$titre = nettoyeChaine($rep->titredossier);
}
$titre = html2bb($titre);
$description = html2bb(nettoyeChaine($rep->description . ' ' . $rep->textecommentaire));
$idCourantArchitectural = $rep->idtypecourantarchitecture;
if (!empty($idCourantArchitectural)) {
$idCourantArchitectural = $tabCourantArchitectural[$idCourantArchitectural];
$stmtLienEvenementCourant->execute() or die($mysqliNew->error);
}
//
// ENREGISTREMENT DU DOSSIER
//
$stmt->execute() or die($mysqliNew->error);
// enregistrement dans la table de correspondance
$tabEvenementId[$rep->iddossier] = $mysqliNew->insert_id;
echo "=>" . $tabEvenementId[$rep->iddossier] . "<br>";
// enregistrement de la liaison à créer avec les anciens ID
// les nouveaux ID ne sont pas toujours connus
if (!empty($rep->iddossierpere)) {
$ft_id = intval($_GET['ft_id']);
$f_id = intval($_GET['f_id']);
$fp_id = intval($_GET['fp_id']);
if ($ft_id <= 0) {
header("LOCATION: forum.php");
exit;
}
if ($f_id <= 0) {
header("LOCATION: forum.php");
exit;
}
if ($fp_id <= 0) {
header("LOCATION: forum.php");
exit;
}
$ft_titel_text = html2bb($_POST['text_l']);
$date = time();
$uid = $userdata['userid'];
$uname = $userdata['username'];
$my_ip = "";
$date_edit_time = date("d.m.Y, H:i", $date);
$ft_titel_text = $ft_titel_text . "<br><br>ge�ndert am :" . $date_edit_time;
if ($ft_titel_text == "") {
show_error('ln_error_9', $modul_name);
header("LOCATION: forum.php?action=new_threadid&ft_id={$ft_id}");
exit;
}
if ($uid <= 0) {
show_error('ln_error_10', $modul_name);
exit;
}
case '3':
trigger_error('<br />The uploaded picture was only partially uploaded.', E_USER_ERROR);
default:
trigger_error('<br />' . NO_PIC_UPLOADED, E_USER_ERROR);
}
} else {
trigger_error(NO_PIC_UPLOADED, E_USER_ERROR);
}
}
// Test if the uploaded picture size is valid
if ($_FILES['userpicture']['size'] > $CONFIG['max_upl_size'] << 10) {
trigger_error('<br />' . sprintf(ERR_IMGSIZE_TOO_LARGE, $_POST['MAX_FILE_SIZE']), E_USER_ERROR);
}
$title = isset($_POST['title']) && !empty($_POST['title']) ? Fix_Quotes($_POST['title'], true) : '';
check_words($title);
$caption = isset($_POST['caption']) && !empty($_POST['caption']) ? Fix_Quotes(html2bb($_POST['caption'], 1)) : '';
check_words($caption);
$keywords = isset($_POST['keywords']) && !empty($_POST['keywords']) ? Fix_Quotes($_POST['keywords'], 1) : '';
check_words($keywords);
$user1 = isset($_POST['user1']) && !empty($_POST['user1']) ? Fix_Quotes($_POST['user1'], 1) : '';
check_words($user1);
$user2 = isset($_POST['user2']) && !empty($_POST['user2']) ? Fix_Quotes($_POST['user2'], 1) : '';
check_words($user2);
$user3 = isset($_POST['user3']) && !empty($_POST['user3']) ? Fix_Quotes($_POST['user3'], 1) : '';
check_words($user3);
$user4 = isset($_POST['user4']) && !empty($_POST['user4']) ? Fix_Quotes($_POST['user4'], 1) : '';
check_words($user4);
$album = isset($_POST['album']) && is_numeric($_POST['album']) ? $_POST['album'] : cpg_die(_CRITICAL_ERROR, PARAM_MISSING, __FILE__, __LINE__);
// Check if the album id provided is valid
if (!GALLERY_ADMIN_MODE) {
$alb_cat = "SELECT category FROM {$CONFIG['TABLE_ALBUMS']} WHERE aid='{$album}' and (uploads = 1 OR category = '" . (USER_ID + FIRST_USER_CAT) . "')";
$db->query("UPDATE cc" . $n . "_allianz SET text='" . $text . "',text_long='" . $text_l . "' WHERE aid='" . $ali_id . "'");
$password = c_trim($_POST['password']);
if ($password != "") {
$db->query("UPDATE cc" . $n . "_allianz SET password='******' WHERE aid='" . $userdata['allianzid'] . "'");
}
header("LOCATION: alliance.php?cxid={$cxid}");
exit;
}
if ($action == "change_news_s") {
$erlaubt = is_allowed("change_news");
$ali_id = $userdata['allianzid'];
if ($erlaubt == 0) {
show_error('ln_allianz_php_2', $modul_name);
exit;
}
$text_l = html2bb($_POST['descr']);
$change_date = time();
$db->query("delete from cc" . $n . "_allianznews WHERE allianz_id ='{$ali_id}'");
$db->query("INSERT INTO cc" . $n . "_allianznews (allianz_id , a_news_text,change_date ) VALUES ('{$ali_id}','{$text_l}','{$change_date}')");
header("LOCATION: alliance.php");
exit;
}
if ($action == "change_news") {
$erlaubt = is_allowed("change_news");
$ali_id = $userdata['allianzid'];
if ($erlaubt == 0) {
show_error('ln_allianz_php_2', $modul_name);
exit;
}
$result_e = $db->query("SELECT * FROM cc" . $n . "_allianznews WHERE allianz_id ='{$ali_id}' ");
while ($row_e = $db->fetch_array($result_e)) {
$username_r = c_trim($_GET['username']);
if ($pmid) {
$result = $db->query("SELECT * FROM cc" . $n . "_messages WHERE pmid='{$pmid}' AND touserid='" . $userdata['userid'] . "'");
$row = $db->fetch_array($result);
$subject_r = "Re: {$row['subject']}";
$message_r = "\n\n---- Nachricht vom " . date("d.m.Y, H:i", $row['time']) . " ----\n" . $row['text'] . "\n\n------------";
}
$tpl->assign('M_U_SEND', $username_r);
$tpl->assign('M_U_SUB', $subject_r);
$tpl->assign('M_U_MESSAGE', $message_r);
template_out('message_send.html', $modul_name);
exit;
}
if ($action == "submit_send") {
$username = c_trim($_POST['username']);
$text = html2bb($_POST['text']);
$user_array = explode(",", $_POST['username']);
$subject = c_trim($_POST['subject']);
$pri = intval($_POST['pri']);
if (!$username || !$text || !$subject) {
show_error('ln_message_1', $modul_name);
exit;
}
for ($i = 0; $i < count($user_array); $i++) {
$userid_c = get_userid($user_array[$i]);
if (!is_username($user_array[$i])) {
show_error('ln_users_e_1', $modul_name);
exit;
}
$db->query("INSERT INTO cc" . $n . "_messages (username,fromuserid,touserid,text,time,isnew,inbox,subject,pri) VALUES ('" . $userdata['username'] . "','" . $userdata['userid'] . "','" . $userid_c . "','" . mysql_real_escape_string($text) . "','" . time() . "','1','1','" . mysql_real_escape_string($subject) . "','" . $pri . "')");
}
get_lang('Submit_News');
require_once 'includes/nbbcode.php';
$pagetitle .= _Submit_NewsLANG;
global $MAIN_CFG, $CPG_SESS;
if (!$MAIN_CFG['global']['anonpost'] && !is_user()) {
cpg_error('<p>' . _MODULEUSERS . ($MAIN_CFG['member']['allowuserreg'] ? _MODULEUSERS2 : '') . '</p>', 401);
} else {
if (isset($_POST['submit'])) {
if (!isset($CPG_SESS['submit_story']) && !$CPG_SESS['submit_story']) {
cpg_error(_SPAMGUARDPROTECTED);
}
$uid = is_user() ? $userinfo['user_id'] : 1;
$name = is_user() ? $userinfo['username'] : _ANONYMOUS;
$subject = isset($_POST['subject']) ? Fix_Quotes($_POST['subject']) : '';
$story = isset($_POST['story']) ? Fix_Quotes(html2bb($_POST['story'])) : '';
$storyext = isset($_POST['storyext']) ? Fix_Quotes(html2bb($_POST['storyext'])) : '';
$topic = isset($_POST['topic']) ? intval($_POST['topic']) : 1;
$alanguage = isset($_POST['alanguage']) ? Fix_Quotes($_POST['alanguage']) : '';
$subject = check_words($subject);
$story = encode_bbcode(check_words($story));
$storyext = encode_bbcode(check_words($storyext));
$db->sql_query('INSERT INTO ' . $prefix . '_queue (qid, uid, uname, subject, story, storyext, timestamp, topic, alanguage) ' . "VALUES (DEFAULT, '{$uid}', '{$name}', '{$subject}', '{$story}', '{$storyext}', " . time() . ", {$topic}, '{$alanguage}')");
if ($MAIN_CFG['global']['notify']) {
$notify_message = "{$MAIN_CFG['global']['notify_message']}\n\n\n========================================================\n{$subject}\n\n\n" . decode_bbcode($story, 1, true) . "\n\n" . decode_bbcode($storyext, 1, true) . "\n\n{$name}";
if (!send_mail($mailer_message, $notify_message, 0, $MAIN_CFG['global']['notify_subject'], $MAIN_CFG['global']['notify_email'], $MAIN_CFG['global']['notify_email'], $MAIN_CFG['global']['notify_from'], $name)) {
echo $mailer_message;
}
}
$CPG_SESS['submit_story'] = false;
unset($CPG_SESS['submit_story']);
list($waiting) = $db->sql_ufetchrow("SELECT COUNT(*) FROM {$prefix}_queue", SQL_NUM);
$mysqliNew->query("SET NAMES 'utf8'");
$mysqliOld->query("SET NAMES 'utf8'");
function html2bb($html = '')
{
$html = nl2br(trim(stripslashes($html)));
$html = tidy_repair_string($html, array('output-xhtml' => true, 'show-body-only' => true, 'doctype' => 'strict', 'drop-font-tags' => true, 'drop-proprietary-attributes' => true, 'lower-literals' => true, 'quote-ampersand' => true, 'wrap' => 0), 'utf8');
$html = trim($html);
$html = preg_replace('!<a(.*)href=(.+)>(.+)</a>!isU', '[url=$2]$3[/url]', $html);
$html = preg_replace('!<a(.*)>(.+)</a>!isU', '$2', $html);
$html = preg_replace('!<a(.*)href=(.+)></a>!isU', '[url]$2[/url]', $html);
$html = preg_replace('!<br(.*)>!isU', '\\r\\n', $html);
$html = str_replace('<p>', '\\r\\n', $html);
$html = str_replace('</p>', '\\r\\n', $html);
return htmlspecialchars($html);
}
$regex = '#<#';
echo '<h1>Dossiers</h1>';
if ($resOld = $mysqliOld->query("SELECT iddossier,titredossier, commentaires, textecommentaire FROM dossier\n\t\t\t\tLEFT JOIN commentaire USING(iddossier)")) {
while ($rep = $resOld->fetch_object()) {
//echo '<h3>'.$rep->iddossier.'</h3>';
if (preg_match_all($regex, $rep->commentaires, $match)) {
echo '<p>' . html2bb($rep->commentaires) . '</p>';
}
if (preg_match_all($regex, $rep->titredossier, $match)) {
echo '<p>' . html2bb($rep->titredossier) . '</p>';
}
if (preg_match_all($regex, $rep->textecommentaire, $match)) {
echo '<p>' . html2bb($rep->textecommentaire) . '</p>';
}
}
}
