function admin_plugin_externalcontent_run(&$bBlog)
{
    // Determine what our admin is attempting to do
    if (isset($_GET['action'])) {
        $action = $_GET['action'];
    } elseif (isset($_POST['action'])) {
        $action = $_POST['action'];
    } else {
        $action = '';
    }
    switch ($action) {
        case "New":
            // add new provider
            $bBlog->query("insert into " . T_EXT_CONTENT . "\n                set nicename='" . my_addslashes($_POST['nicename']) . "',\n                url='" . my_addslashes($_POST['url']) . "'");
            break;
        case "Delete":
            // delete provider
            $bBlog->query("delete from " . T_EXT_CONTENT . " where id=" . $_POST['providerid']);
            break;
        case "Save":
            // update an existing provider
            if (isset($_POST['enabled'])) {
                $enabled = 'true';
            } else {
                $enabled = 'false';
            }
            $bBlog->query("update " . T_EXT_CONTENT . "\n                set nicename='" . my_addslashes($_POST['nicename']) . "',\n                url='" . my_addslashes($_POST['url']) . "',\n                enabled='" . $enabled . "'\n                where id=" . $_POST['providerid']);
            break;
        default:
            // show form
            break;
    }
    $bBlog->smartyObj->assign('eproviders', $bBlog->get_results("select * from " . T_EXT_CONTENT . " order by nicename"));
}
/**
 * Reads all values from the Request Object either adding slashes or 
 * Removing them based on preference.
 *
 * @param string $buffer the text to remove slashes from.
 *
 * @return string $buffer the converted string.
 */
function parse_incoming($addslashes = false)
{
    global $_REQUEST;
    if ($addslashes) {
        return my_addslashes($_REQUEST);
    } else {
        return my_stripslashes($_REQUEST);
    }
}
 /**
  * Process a trackback someone sent to us
  * 
  * @param string $ip IP Address of the pinger
  * @param array $ext_vars The trackback data, in the format:
  * +================================================+
  * | key       |   value                            |
  * +-----------+------------------------------------+
  * | url*      | URL of the pinging site            |
  * +-----------+------------------------------------+
  * | title     | Title of the referring article     |
  * +-----------+------------------------------------+
  * | excerpt   | Excerpt from the referring article |
  * +-----------+------------------------------------+
  * | blog_name | Name of the referring blog         |
  * +===========+====================================+
  * @param int $commentid If given, the ID of a comment in a blog
  */
 function receiveTrackback($ip, $ext_vars, $commentid = null)
 {
     $this->_ip = $ip;
     $this->_tbdata = $ext_vars;
     $allow = $this->allowTrackback();
     if (is_array($allow)) {
         foreach ($allow['message'] as $msg) {
             $err .= ' ' . $msg;
         }
         $this->userResponse(1, $msg);
     } else {
         $replyto = is_null($commentid) ? $commentid : 0;
         /*
          * According to the spec, only URL is required, all else is optional
          */
         $vars['posterwebsite'] = my_addslashes($this->_tbdata['url']);
         /**
          * Policy:
          *   In the interests of spam-blocking, the only hypertext we allow is the
          *   URL of the poster. This is the only deviance from comment handling
          */
         $vars['title'] = isset($this->_tbdata['title']) ? my_addslashes(StringHandling::removeTags($this->_tbdata['title'])) : '';
         $vars['commenttext'] = isset($this->_tbdata['excerpt']) ? my_addslashes(StringHandling::removeTags($this->_tbdata['excerpt'])) : '';
         $vars['postername'] = isset($this->_tbdata['blog_name']) ? my_addslashes(StringHandling::removeTags($this->_tbdata['blog_name'])) : '';
         $vars['posttime'] = time();
         $vars['ip'] = $this->_ip;
         $vars['postid'] = $this->_post->postid;
         if ($replyto > 0) {
             $vars['parentid'] = $replyto;
         }
         /*
          * Added check for moderation.
          * Follow the same rules as for comments
          */
         $vars['commenttext'] = StringHandling::removeTags(my_addslashes($vars['commenttext']));
         $vars['onhold'] = $this->needsModeration($vars['commenttext']) ? 1 : 0;
         $vars['type'] = 'trackback';
         //Save the trackback
         $id = $this->saveComment($vars);
         if ($id > 0) {
             // notify owner
             if (C_NOTIFY == true) {
                 $this->notify($vars['postername'], $this->_post->permalink, $vars['onhold'], $vars['commenttext']);
             }
             $this->updateCommentCount($this->_db, $this->_post->postid);
             $this->userResponse(0);
         } else {
             $this->userResponse(1, "Error adding trackback : " . mysql_error());
         }
     }
 }
function prep_new_post()
{
    $post->title = my_addslashes($_POST['title_text']);
    $post->body = my_addslashes($_POST['body_text']);
    // there has to be abetter way that this but i'm tired.
    if (!isset($_POST['modifier'])) {
        $post->modifier = C_DEFAULT_MODIFIER;
    } else {
        $post->modifier = my_addslashes($_POST['modifier']);
    }
    if (!isset($_POST['pubstatus'])) {
        $post->status = C_DEFAULT_STATUS;
    } else {
        $post->status = my_addslashes($_POST['pubstatus']);
    }
    if (isset($_POST['sections'])) {
        $_tmp_sections = (array) $_POST['sections'];
    } else {
        $_tmp_sections = null;
    }
    $post->sections = array();
    $post->providing_sections = TRUE;
    // this is so that bBlog knows to delete sections if there are none.
    if (!is_null($_tmp_sections)) {
        foreach ($_tmp_sections as $_tmp_section) {
            if (is_numeric($_tmp_section)) {
                $post->sections[] = $_tmp_section;
            }
        }
    }
    if (isset($_POST['hidefromhome']) && $_POST['hidefromhome'] == 'hide') {
        $hidefromhome = 'hide';
    } else {
        $hidefromhome = 'donthide';
    }
    $post->hidefromhome = $hidefromhome;
    $post->allowcomments = $_POST['commentoptions'];
    if (isset($_POST['disallowcommentsdays'])) {
        $disdays = (int) $_POST['disallowcommentsdays'];
    } else {
        $disdays = 0;
    }
    $time = (int) time();
    $autodisabledate = $time + $disdays * 3600 * 24;
    $post->autodisabledate = $autodisabledate;
    return $post;
}
 /**
  * Process a trackback someone sent to us
  * 
  * @param string $ip IP Address of the pinger
  * @param array $ext_vars The trackback data, in the format:
  * +================================================+
  * | key       |   value                            |
  * +-----------+------------------------------------+
  * | url*      | URL of the pinging site            |
  * +-----------+------------------------------------+
  * | title     | Title of the referring article     |
  * +-----------+------------------------------------+
  * | excerpt   | Excerpt from the referring article |
  * +-----------+------------------------------------+
  * | blog_name | Name of the referring blog         |
  * +===========+====================================+
  * @param int $commentid If given, the ID of a comment in a blog
  */
 function receiveTrackback($ip, $ext_vars, $commentid = null)
 {
     $this->_ip = $ip;
     $this->_tbdata = $ext_vars;
     $allow = $this->allowTrackback();
     if (is_array($allow)) {
         foreach ($allow['message'] as $msg) {
             $err .= ' ' . $msg;
         }
         $this->userResponse(1, $msg);
     } else {
         $replyto = is_null($commentid) ? $commentid : 0;
         /*
          * According to the spec, only URL is required, all else is optional
          */
         $vars['posterwebsite'] = my_addslashes($this->_tbdata['url']);
         $vars['title'] = isset($this->_tbdata['title']) ? my_addslashes($this->_tbdata['title']) : '';
         $vars['commenttext'] = isset($this->_tbdata['excerpt']) ? my_addslashes($this->_tbdata['excerpt']) : '';
         $vars['postername'] = isset($this->_tbdata['blog_name']) ? my_addslashes($this->_tbdata['blog_name']) : '';
         $vars['posttime'] = time();
         $vars['ip'] = $this->_ip;
         $vars['postid'] = $this->_post->postid;
         if ($replyto > 0) {
             $vars['parentid'] = $replyto;
         }
         /*
          * Added check for moderation.
          * Follow the same rules as for comments
          */
         $vars['commenttext'] = Comments::processCommentText(my_addslashes($vars['commenttext']));
         $vars['onhold'] = Comments::needsModeration($vars['commenttext']) ? 1 : 0;
         $vars['type'] = 'trackback';
         //Save the trackback
         $id = Comments::saveComment(&$db, $vars);
         if ($id > 0) {
             // notify owner
             if (C_NOTIFY == true) {
                 Comments::notify($vars['postername'], $this->_post->permalink, $vars['onhold'], $vars['commenttext']);
             }
             Comments::updateCommentCount($this->_db, $this->_post->postid);
             $this->userResponse(0);
         } else {
             $this->userResponse(1, "Error adding trackback : " . mysql_error());
         }
     }
 }
예제 #6
0
function saveconfig()
{
    global $db;
    $default_point = intval($_POST['default_point']);
    $zs_points = intval($_POST['zs_points']);
    $getpoints = my_addslashes($_POST['getpoints']);
    $array = array('default_point' => $default_point, 'getpoints' => $getpoints, 'zs_points' => $zs_points);
    $db->update('ve123_zz_config', $array, "config_id='1'");
    $config = $db->get_one('select * from ve123_zz_config limit 1');
    $str .= '<?php' . chr(13) . chr(10);
    $str .= "\$zz_config['default_point']=" . $default_point . ';' . chr(13) . chr(10);
    $str .= "\$zz_config['zs_points']=" . $zs_points . ';' . chr(13) . chr(10);
    $str .= "\$zz_config['getpoints']=\"" . $getpoints . "\";" . chr(13) . chr(10);
    $str .= '?>';
    $fp = @fopen('../cache/zz_config.php', 'w') or die('写方式打开文件失败,请检查程序目录是否为可写');
    @fputs($fp, $str) or die('文件写入失败,请检查程序目录是否为可写');
    @fclose($fp);
    jsalert('修改成功!');
}
예제 #7
0
function saveconfig()
{
    global $db;
    $default_point = intval($_POST["default_point"]);
    $zs_points = intval($_POST["zs_points"]);
    $getpoints = my_addslashes($_POST["getpoints"]);
    $array = array('default_point' => $default_point, 'getpoints' => $getpoints, 'zs_points' => $zs_points);
    $db->update("ve123_tg_config", $array, "config_id='1'");
    $config = $db->get_one("select * from ve123_tg_config limit 1");
    $str .= "<?php" . chr(13) . chr(10);
    $str .= "\$tg_config['default_point']=" . $default_point . ";" . chr(13) . chr(10);
    $str .= "\$tg_config['zs_points']=" . $zs_points . ";" . chr(13) . chr(10);
    $str .= "\$tg_config['getpoints']=\"" . $getpoints . "\";" . chr(13) . chr(10);
    $str .= "?>";
    $fp = @fopen("../cache/tg_config.php", "w") or die("写方式打开文件失败,请检查程序目录是否为可写");
    //配置conn.php文件
    @fputs($fp, $str) or die("文件写入失败,请检查程序目录是否为可写");
    @fclose($fp);
    jsalert("修改成功!");
}
예제 #8
0
 function prepFields($vars, $replyto, $id)
 {
     $rval['postername'] = my_addslashes(htmlspecialchars($vars["name"]));
     if (empty($rval['postername'])) {
         $rval['postername'] = "Anonymous";
     }
     $rval['posteremail'] = my_addslashes(htmlspecialchars($vars["email"]));
     $rval['title'] = my_addslashes(htmlspecialchars($vars["title"]));
     $rval['posterwebsite'] = my_addslashes(StringHandling::transformLinks(htmlspecialchars($vars["website"])));
     $rval['commenttext'] = Comments::processCommentText(my_addslashes($vars["comment"]));
     $rval['pubemail'] = $vars["public_email"] == 1 ? 1 : 0;
     $rval['pubwebsite'] = $vars["public_website"] == 1 ? 1 : 0;
     $rval['posternotify'] = $vars["notify"] == 1 ? 1 : 0;
     $rval['posttime'] = time();
     $rval['ip'] = $_SERVER['REMOTE_ADDR'];
     $rval['onhold'] = Comments::needsModeration($rval['commenttext']) ? 1 : 0;
     $rval['postid'] = $id;
     if ($replyto > 0) {
         $rval['parentid'] = $replyto;
     }
     $rval['type'] = 'comment';
     return $rval;
 }
예제 #9
0
/**
 *
 *
 * @param unknown $bBlog (reference)
 */
function admin_plugin_sections_run(&$bBlog)
{
    // Again, the plugin API needs work.
    if (isset($_GET['sectdo'])) {
        $sectdo = $_GET['sectdo'];
    } elseif (isset($_POST['sectdo'])) {
        $sectdo = $_POST['sectdo'];
    } else {
        $sectdo = '';
    }
    switch ($sectdo) {
        case 'new':
            // sections are being editied
            $bBlog->query("insert into " . T_SECTIONS . "\n\t\t\tset nicename='" . my_addslashes($_POST['nicename']) . "',\n\t\t\tname='" . my_addslashes($_POST['urlname']) . "'");
            $insid = $bBlog->insert_id;
            $bBlog->get_sections();
            // update the section cache
            break;
        case "Delete":
            // delete section
            // have to remove all references to the section in the posts
            $sect_id = $bBlog->sect_by_name[$_POST['sname']];
            if ($sect_id > 0) {
                //
                $posts_in_section_q = $bBlog->make_post_query(array("sectionid" => $sect_id));
                $posts_in_section = $bBlog->get_posts($posts_in_section_q, TRUE);
                if ($posts_in_section) {
                    foreach ($posts_in_section as $post) {
                        unset($tmpr);
                        $tmpr = array();
                        $tmpsections = explode(":", $post->sections);
                        foreach ($tmpsections as $tmpsection) {
                            if ($tmpsection != $sect_id) {
                                $tmpr[] = $tmpsection;
                            }
                        }
                        $newsects = implode(":", $tmpr);
                        // update the posts to remove the section
                        $bBlog->query("update " . T_POSTS . " set sections='{$newsects}'\n                                \twhere postid='{$post->postid}'");
                    }
                    // end foreach ($post_in_section as $post)
                }
                // end if($posts_in_section)
                // delete the section
                //$bBlog->get_results("delete from ".T_SECTIONS." where sectionid='$sect_id'");
                $bBlog->query("delete from " . T_SECTIONS . " where sectionid='{$sect_id}'");
                //echo "delete from ".T_SECTIONS." where sectionid='$sect_id'";
                $bBlog->get_sections();
                //$bBlog->debugging=TRUE;
            }
            // else show error
        // else show error
        case "Save":
            $sect_id = $bBlog->sect_by_name[$_POST['sname']];
            if ($sect_id < 1) {
                break;
            }
            $bBlog->query("update " . T_SECTIONS . " set nicename='" . my_addslashes($_POST['nicename']) . "'\n                        where sectionid='{$sect_id}'");
            $bBlog->get_sections();
            // update section cache
            break;
        default:
            // show form
            break;
    }
    $bBlog->assign('esections', $bBlog->sections);
}
예제 #10
0
function saveform()
{
    global $db;
    $keywords = trim($_POST['keywords']);
    $title = trim($_POST['title']);
    $url = trim($_POST['url']);
    $description = trim($_POST['description']);
    $jscode = my_addslashes(trim($_POST['jscode']));
    $price = trim($_POST['price']);
    $pic = trim($_POST['pic']);
    $link_id = intval($_POST['link_id']);
    $do_action = $_POST['do_action'];
    if ($do_action == 'modify') {
        $array = array('keywords' => $keywords, 'title' => $title, 'url' => $url, 'description' => $description, 'jscode' => $jscode, 'price' => $price, 'pic' => $pic);
        $db->update('ve123_zz_open', $array, "link_id='{$link_id}'");
        jsalert('修改成功');
    } else {
        $array = array('keywords' => $keywords, 'title' => $title, 'url' => $url, 'description' => $description, 'jscode' => $jscode, 'price' => $price, 'pic' => $pic);
        $db->insert('ve123_zz_open', $array);
        jsalert('提交成功');
    }
}
예제 #11
0
            $file_htaccess = @fopen('.htaccess', 'w');
            if ($file_htaccess) {
                $saved = fputs($file_htaccess, $htaccess);
                fclose($file_htaccess);
            } else {
                $saved = false;
            }
        }
        if (false !== $saved) {
            $msg = $lang['L_HTACC_CREATED'];
            $tpl->assign_block_vars('CREATE_SUCCESS', array('HTACCESS' => nl2br(my_quotes($htaccess)), 'HTPASSWD' => nl2br(my_quotes($htpasswd))));
            @chmod($config['paths']['root'], 0755);
        } else {
            $tpl->assign_block_vars('CREATE_ERROR', array('HTACCESS' => nl2br(my_quotes($htaccess)), 'HTPASSWD' => nl2br(my_quotes($htpasswd))));
        }
    }
}
if (sizeof($error) > 0 || !isset($_POST['username'])) {
    $tpl->assign_vars(array('PASSWORDS_UNEQUAL' => my_addslashes($lang['L_PASSWORDS_UNEQUAL']), 'HTACC_CONFIRM_DELETE' => my_addslashes($lang['L_HTACC_CONFIRM_DELETE'])));
    $tpl->assign_block_vars('INPUT', array('USERNAME' => my_quotes($username), 'USERPASS1' => my_quotes($userpass1), 'USERPASS2' => my_quotes($userpass2), 'TYPE0_CHECKED' => $type == 0 ? ' checked="checked"' : '', 'TYPE1_CHECKED' => $type == 1 ? ' checked="checked"' : '', 'TYPE2_CHECKED' => $type == 2 ? ' checked="checked"' : '', 'TYPE3_CHECKED' => $type == 3 ? ' checked="checked"' : ''));
}
if (sizeof($error) > 0) {
    $msg = '<span class="error">' . implode('<br>', $error) . '</span>';
}
if ($msg > '') {
    $tpl->assign_block_vars('MSG', array('TEXT' => $msg));
}
$tpl->pparse('show');
echo MSDFooter();
ob_end_flush();
die;
예제 #12
0
function saveform()
{
    global $db, $config;
    $title = addslashes(HtmlReplace(trim($_POST['title'])));
    $content = my_addslashes(trim($_POST['content']));
    $filename = HtmlReplace(trim($_POST['filename']));
    $url = HtmlReplace(trim($_POST['url']));
    $sortid = intval($_POST['sortid']);
    $about_id = intval($_POST['about_id']);
    $do_action = HtmlReplace($_POST['do_action']);
    $is_show = $_POST['is_show'];
    ob_start();
    require 'temp/open.php';
    $str = ob_get_contents();
    ob_end_clean();
    $str = stripslashes($str);
    file_put_contents('../tg/html/' . $filename . '.html', $str);
    if ($do_action == 'modify') {
        $array = array('title' => $title, 'content' => $content, 'url' => $url, 'filename' => $filename, 'sortid' => $sortid, 'is_show' => $is_show);
        $db->update('ve123_tg_open', $array, "about_id='{$about_id}'");
        jsalert('修改成功');
    } else {
        $array = array('title' => $title, 'content' => $content, 'url' => $url, 'filename' => $filename, 'sortid' => $sortid, 'is_show' => $is_show);
        $db->insert('ve123_tg_open', $array);
        jsalert('提交成功');
    }
}
예제 #13
0
function saveform()
{
    global $db;
    $keywords = trim($_POST["keywords"]);
    $title = trim($_POST["title"]);
    $url = trim($_POST["url"]);
    $description = trim($_POST["description"]);
    $jscode = my_addslashes(trim($_POST["jscode"]));
    $price = trim($_POST["price"]);
    $pic = trim($_POST["pic"]);
    $link_id = intval($_POST["link_id"]);
    $do_action = $_POST["do_action"];
    if ($do_action == "modify") {
        $array = array('keywords' => $keywords, 'title' => $title, 'url' => $url, 'description' => $description, 'jscode' => $jscode, 'price' => $price, 'pic' => $pic);
        $db->update("ve123_tg_links", $array, "link_id='{$link_id}'");
        jsalert("Ð޸ijɹ¦");
    } else {
        $array = array('keywords' => $keywords, 'title' => $title, 'url' => $url, 'description' => $description, 'jscode' => $jscode, 'price' => $price, 'pic' => $pic);
        $db->insert("ve123_tg_links", $array);
        jsalert("Ìá½»³É¹¦");
    }
}
function admin_plugin_sections_run(&$bBlog)
{
    // Again, the plugin API needs work.
    if (isset($_GET['sectdo'])) {
        $sectdo = $_GET['sectdo'];
    } elseif (isset($_POST['sectdo'])) {
        $sectdo = $_POST['sectdo'];
    } else {
        $sectdo = '';
    }
    switch ($sectdo) {
        case 'new':
            // sections are being editied
            $nicename = StringHandling::removeMagicQuotes($_POST['nicename']);
            $urlname = StringHandling::removeMagicQuotes($_POST['urlname']);
            $bBlog->_adb->Execute("insert into " . T_SECTIONS . " set nicename=" . $bBlog->_adb->quote($nicename) . ", name=" . $bBlog->_adb->quote($urlname));
            $insid = $bBlog->_adb->insert_id();
            break;
        case "Delete":
            // delete section
            // have to remove all references to the section in the posts
            $sname = StringHandling::removeMagicQuotes($_POST['sname']);
            $sect_id = $bBlog->section_ids_by_name[$sname];
            if ($sect_id > 0) {
                $ph = $bBlog->_ph;
                $posts_in_section_q = $ph->make_post_query(array("sectionid" => $sect_id));
                $posts_in_section = $ph->get_posts($posts_in_section_q, TRUE);
                if ($posts_in_section) {
                    foreach ($posts_in_section as $post) {
                        unset($tmpr);
                        $tmpr = array();
                        $tmpsections = explode(":", $post->sections);
                        foreach ($tmpsections as $tmpsection) {
                            if ($tmpsection != $sect_id) {
                                $tmpr[] = $tmpsection;
                            }
                        }
                        $newsects = implode(":", $tmpr);
                        // update the posts to remove the section
                        $bBlog->_adb->Execute("update " . T_POSTS . " set sections='{$newsects}' where postid={$post->postid}");
                    }
                    // end foreach ($post_in_section as $post)
                }
                // end if($posts_in_section)
                // delete the section
                $bBlog->_adb->Execute("delete from " . T_SECTIONS . " where sectionid={$sect_id}");
            }
            // else show error
        // else show error
        case "Save":
            $sect_id = $bBlog->sect_by_name[$_POST['sname']];
            if ($sect_id < 1) {
                break;
            }
            $sql = "update " . T_SECTIONS . " set nicename='" . my_addslashes($_POST['nicename']) . "' where sectionid='{$sect_id}'";
            $bBlog->_adb->Execute($sql);
            break;
        default:
            // show form
            break;
    }
    $bBlog->get_sections();
    $bBlog->assign('esections', $bBlog->sections);
}
예제 #15
0
 function admin_logged_in()
 {
     $query = "\n        SELECT\n            `id`,\n            `nickname`,\n            `password`\n        FROM\n            `" . T_AUTHORS . "`\n        WHERE\n                (`nickname`='" . my_addslashes(@$_SESSION['nickname']) . "')\n            AND\n                (`password`='" . my_addslashes(@$_SESSION['password']) . "')\n        ";
     $result = $this->get_row($query);
     if (@$result->id > 0 && @$_SESSION['checksum'] == md5($result->nickname . $result->password . BBLOGID)) {
         return $result->id;
     } else {
         return $this->admin_logged_ip();
     }
 }
예제 #16
0
if (isset($_POST['url']) && is_numeric($tbpost)) {
    // incoming trackback ping.
    // we checked that :
    // a ) url is suplied by POST
    // b ) that the tbpost, suplied by GET, is valid.
    // GET varibles from the trackback url:
    if (is_numeric($tbcid) && $tbcid > 0) {
        $replyto = $tbcid;
    } else {
        $replyto = 0;
    }
    // POST varibles - the trackback protocol no longer supports GET.
    $tb_url = my_addslashes($_POST['url']);
    $title = my_addslashes($_POST['title']);
    $excerpt = my_addslashes($_POST['excerpt']);
    $blog_name = my_addslashes($_POST['blog_name']);
    // according to MT, only url is _required_. So we'll set some useful defaults.
    // if we got this far, we can assume that this file is not included
    // as part of bBlog but is being called seperatly.
    // so we include the config file and therefore have access to the
    // bBlog object.
    $now = time();
    $remaddr = $_SERVER['REMOTE_ADDR'];
    $q = "insert into " . T_COMMENTS . "\n\t\t\tset \n\t\t\tpostid='{$tbpost}',\n\t\t\tparentid='{$replyto}',\n\t\t\tposttime='{$now}',\n\t\t\tpostername='{$blog_name}',\n\t\t\tposteremail='',\n\t\t\tposterwebsite='{$tb_url}',\n\t\t\tposternotify='0',\n\t\t\tpubemail='0',\n\t\t\tpubwebsite='1',\n\t\t\tip='{$remaddr}',\n\t\t\ttitle='{$title}',\n\t\t\tcommenttext='{$excerpt}',\n\t\t\ttype='trackback'";
    $bBlog->_adb->Execute($q);
    $insid = $bBlog->insert_id;
    if ($insid < 1) {
        trackback_response(1, "Error adding trackback : " . mysql_error());
    } else {
        // notify owner
        include_once BBLOGROOT . 'inc/mail.php';
예제 #17
0
 function new_comment($postid, $replyto = 0)
 {
     $post = $this->get_post($postid, FALSE, TRUE);
     if (!$post) {
         // this needs to be fixed...
         $this->standalone_message("Error adding comment", "couldn't find post id {$postid}");
     } elseif ($post->allowcomments == 'disallow' or $post->allowcomments == 'timed' and $post->autodisabledate < time()) {
         $this->standalone_message("Error adding comment", "Comments have been turned off for this post");
     } else {
         $postername = my_addslashes(htmlspecialchars($_POST["name"]));
         if ($postername == '') {
             $postername = "Anonymous";
         }
         $posteremail = my_addslashes(htmlspecialchars($_POST["email"]));
         $title = my_addslashes(htmlspecialchars($_POST["title"]));
         $posterwebsite = my_addslashes(htmlspecialchars($_POST["website"]));
         if (substr(strtolower($posterwebsite), 0, 7) != 'http://' && $posterwebsite != '') {
             $posterwebsite = 'http://' . $posterwebsite;
         }
         $comment = my_addslashes($_POST["comment"]);
         if ($_POST["public_email"] == 1) {
             $pubemail = 1;
         } else {
             $pubemail = 0;
         }
         if ($_POST["public_website"] == 1) {
             $pubwebsite = 1;
         } else {
             $pubwebsite = 0;
         }
         if ($_POST["notify"] == 1) {
             $notify = 1;
         } else {
             $notify = 0;
         }
         $now = time();
         $remaddr = $_SERVER['REMOTE_ADDR'];
         if ($_POST['set_cookie']) {
             $value = base64_encode(serialize(array('web' => $posterwebsite, 'mail' => $posteremail, 'name' => $postername)));
             setcookie("bBcomment", $value, time() + 86400 * 360);
         }
         $moderated = FALSE;
         $onhold = '0';
         if (C_COMMENT_MODERATION == 'all') {
             $moderated = TRUE;
         } elseif (C_COMMENT_MODERATION == 'urlonly') {
             if ($comment != preg_replace('!<[^>]*?>!', ' ', $comment)) {
                 // found html tags
                 $moderated = TRUE;
             }
             if ($comment != preg_replace("#([\t\r\n ])([a-z0-9]+?){1}://([\\w\\-]+\\.([\\w\\-]+\\.)*[\\w]+(:[0-9]+)?(/[^ \"\n\r\t<]*)?)#i", '\\1<a href="\\2://\\3" target="_blank">\\2://\\3</a>', $comment)) {
                 $moderated = TRUE;
             }
             if ($comment != preg_replace("#([\t\r\n ])(www|ftp)\\.(([\\w\\-]+\\.)*[\\w]+(:[0-9]+)?(/[^ \"\n\r\t<]*)?)#i", '\\1<a href="http://\\2.\\3" target="_blank">\\2.\\3</a>', $comment)) {
                 $moderated = TRUE;
             }
         }
         if ($moderated == TRUE) {
             $onhold = '1';
         }
         if (C_COMMENT_TIME_LIMIT > 0) {
             $fromtime = $now - C_COMMENT_TIME_LIMIT * 60;
             $this->query("select * from " . T_COMMENTS . " where ip='{$remaddr}' and posttime > {$fromtime}");
             if ($this->num_rows > 0) {
                 $this->standalone_message("Comment Flood Protection", "Error adding comment. You have tried to make a comment too soon after your last one. Please try again later. This is a bBlog spam prevention mesaure");
             }
         }
         if ($replyto > 0 && is_numeric($replyto)) {
             $parentidq = " parentid='{$replyto}', ";
         }
         $q = "insert into " . T_COMMENTS . "\n\t\t\tset {$parentidq}\n\t\t\tpostid='{$postid}',\n\t\t\ttitle='{$title}',\n\t\t\tposttime='{$now}',\n\t\t\tpostername='{$postername}',\n\t\t\tposteremail='{$posteremail}',\n\t\t\tposterwebsite='{$posterwebsite}',\n\t\t\tposternotify='{$notify}',\n\t\t\tpubemail='{$pubemail}',\n\t\t\tpubwebsite='{$pubwebsite}',\n\t\t\tip='{$remaddr}',\n\t\t\tcommenttext='{$comment}',\n\t\t\tonhold='{$onhold}',\n\t\t\ttype='comment'";
         $this->query($q);
         $insid = $this->insert_id;
         if ($insid < 1) {
             $this->standalone_message("Error", "Error inserting comment : " . mysql_error());
         } else {
             // notify
             include_once BBLOGROOT . "inc/mail.php";
             $message = htmlspecialchars($postername) . " has posted a comment in reply to your blog entry at " . $this->_get_entry_permalink($postid) . "\n";
             if ($onhold == 1) {
                 $message .= "You have selected comment moderation and this comment will not appear until you approve it, so please visit your blog and log in to approve or reject any comments\n";
             }
             notify_owner("New comment on your blog", $message);
             $newnumcomments = $this->get_var("SELECT count(*) as c FROM " . T_COMMENTS . " WHERE postid='{$postid}' and deleted='false' group by postid");
             $this->query("update " . T_POSTS . " set commentcount='{$newnumcomments}' where postid='{$postid}'");
             $this->modifiednow();
             // This is used when an alternate location is desired as the result of a successful post.
             if (isset($_POST['return_url'])) {
                 $ru = str_replace('%commentid%', $insid, $_POST['return_url']);
                 header("Location: " . $ru);
             } else {
                 header("Location: " . $this->_get_entry_permalink($postid) . "#comment" . $insid);
             }
             ob_end_clean();
             // or here.. hmm.
             exit;
         }
     }
 }
function admin_plugin_usermanager_run(&$bBlog)
{
    // Again, the plugin API needs work.
    if (isset($_GET['userdo'])) {
        $userdo = $_GET['userdo'];
    } elseif (isset($_POST['userdo'])) {
        $userdo = $_POST['userdo'];
    } else {
        $userdo = "";
    }
    switch ($userdo) {
        case "Delete":
            // delete author
            if (is_numeric($_POST['userid'])) {
                $bBlog->query("DELETE FROM " . T_AUTHORS . " WHERE id='" . $_POST['userid'] . "'");
            }
            break;
        case "Add":
            $user = array();
            $user['id'] = "-1";
            $bBlog->smartyObj->assign('user', $user);
            $bBlog->smartyObj->assign('showeditform', TRUE);
            break;
        case "addsave":
            $nickname = my_addslashes($_POST['nickname']);
            $email = my_addslashes($_POST['email']);
            $fullname = my_addslashes($_POST['fullname']);
            $password = sha1(my_addslashes($_POST['password']));
            $location = my_addslashes($_POST['location']);
            $ip_domain = my_addslashes($_POST['ip_domain']);
            $url = my_addslashes($_POST['url']);
            $icq = my_addslashes($_POST['icq']);
            $secretQuestion = my_addslashes($_POST['secretQuestion']);
            $secretAnswer = my_addslashes($_POST['secretAnswer']);
            $q = "insert into " . T_AUTHORS . " (nickname, email, fullname, password, location, url, icq, secret_question, secret_answer) values ('{$nickname}', '{$email}', '{$fullname}', '{$password}', '{$location}', '{$url}', '{$icq}', '{$secretQuestion}', '{$secretAnswer}')";
            $bBlog->query($q);
            break;
        case "Edit":
            if (!is_numeric($_POST['userid'])) {
                break;
            }
            $user = $bBlog->get_results("SELECT * from " . T_AUTHORS . " WHERE id='" . $_POST['userid'] . "'", ARRAY_A);
            if (!$user) {
                break;
            }
            $bBlog->smartyObj->assign('user', $user[0]);
            $bBlog->smartyObj->assign('showeditform', TRUE);
            break;
        case "editsave":
            if (!is_numeric($_POST['userid'])) {
                break;
            }
            $oldpass = $bBlog->db->get_var("SELECT `password` FROM `" . T_AUTHORS . "` WHERE `id` = '" . $_POST['userid'] . "'");
            $nickname = my_addslashes($_POST['nickname']);
            $email = my_addslashes($_POST['email']);
            $fullname = my_addslashes($_POST['fullname']);
            $password = $_POST['password'] == '***OLDPASSWORD***' ? $oldpass : sha1($_POST['password']);
            $location = my_addslashes($_POST['location']);
            $ip_domain = my_addslashes($_POST['ip_domain']);
            $url = my_addslashes($_POST['url']);
            $icq = my_addslashes($_POST['icq']);
            $secretQuestion = my_addslashes($_POST['secretQuestion']);
            $secretAnswer = my_addslashes($_POST['secretAnswer']);
            $q = "update " . T_AUTHORS . " set nickname='{$nickname}', email='{$email}', fullname='{$fullname}', password='******', location='{$location}', url='{$url}', icq='{$icq}', secret_question='{$secretQuestion}', secret_answer='{$secretAnswer}', ip_domain='{$ip_domain}' where id='{$_POST['userid']}'";
            $bBlog->query($q);
            break;
        default:
            // show form
            break;
    }
    $bBlog->smartyObj->assign('message', 'Showing users. ');
    $bBlog->smartyObj->assign('users', $bBlog->get_results("SELECT * FROM `" . T_AUTHORS . "` order by nickname"));
    $posts_with_comments_q = "SELECT " . T_POSTS . ".postid, " . T_POSTS . ".title, count(*) c FROM " . T_COMMENTS . ",  " . T_POSTS . " \tWHERE " . T_POSTS . ".postid = " . T_COMMENTS . ".postid GROUP BY " . T_POSTS . ".postid ORDER BY " . T_POSTS . ".posttime DESC  LIMIT 0 , 30 ";
    $posts_with_comments = $bBlog->get_results($posts_with_comments_q, ARRAY_A);
    $bBlog->smartyObj->assign("postselect", $posts_with_comments);
}
예제 #19
0
function photobblog_update(&$bBlog, $postid, $imageLoc, $caption)
{
    $bBlog->query("update " . TBL_PREFIX . "photobblog set imageLoc='" . $imageLoc . "' , caption='" . my_addslashes($caption) . "' where postid=" . $postid);
}
예제 #20
0
			@chmod($config['paths']['root'],0755);
		}
		else
		{
			$tpl->assign_block_vars('CREATE_ERROR',array(
				'HTACCESS' => htmlspecialchars($htaccess),
				'HTPASSWD' => htmlspecialchars($htpasswd)));
		}
	}
}

if (sizeof($error)>0||!isset($_POST['username']))
{
	$tpl->assign_vars(array(
		'PASSWORDS_UNEQUAL' => my_addslashes($lang['L_PASSWORDS_UNEQUAL']),
		'HTACC_CONFIRM_DELETE' => my_addslashes($lang['L_HTACC_CONFIRM_DELETE'])));

	$tpl->assign_block_vars('INPUT',array(
		'USERNAME' => htmlspecialchars($username),
		'USERPASS1' => htmlspecialchars($userpass1),
		'USERPASS2' => htmlspecialchars($userpass2),
		'TYPE0_CHECKED' => $type==0 ? ' checked="checked"' : '',
		'TYPE1_CHECKED' => $type==1 ? ' checked="checked"' : '',
		'TYPE2_CHECKED' => $type==2 ? ' checked="checked"' : '',
		'TYPE3_CHECKED' => $type==3 ? ' checked="checked"' : ''));
}

if (sizeof($error)>0) $msg='<span class="error">'.implode('<br>',$error).'</span>';
if ($msg>'') $tpl->assign_block_vars('MSG',array(
	'TEXT' => $msg));
예제 #21
0
function admin_plugin_links_run(&$bBlog)
{
    if (isset($_GET['linkdo'])) {
        $linkdo = $_GET['linkdo'];
    } elseif (isset($_POST['linkdo'])) {
        $linkdo = $_POST['linkdo'];
    } else {
        $linkdo = '';
    }
    switch ($linkdo) {
        case "New":
            // add new link
            $maxposition = $bBlog->get_var("select position from " . T_LINKS . " order by position desc limit 0,1");
            $position = $maxposition + 10;
            $bBlog->_adb->Execute("insert into " . T_LINKS . "\n            set nicename='" . my_addslashes($_POST['nicename']) . "',\n            url='" . my_addslashes($_POST['url']) . "',\n            category='" . my_addslashes($_POST['category']) . "',\n\t    position='{$position}'");
            break;
        case "Delete":
            // delete link
            $bBlog->_adb->Execute("delete from " . T_LINKS . " where linkid=" . $_POST['linkid']);
            break;
        case "Save":
            // update an existing link
            $bBlog->_adb->Execute("update " . T_LINKS . "\n            set nicename='" . my_addslashes($_POST['nicename']) . "',\n            url='" . my_addslashes($_POST['url']) . "',\n            category='" . my_addslashes($_POST['category']) . "'\n            where linkid=" . $_POST['linkid']);
            break;
        case "Up":
            $bBlog->_adb->Execute("update " . T_LINKS . " set position=position-15 where linkid=" . $_POST['linkid']);
            reorder_links();
            break;
        case "Down":
            $bBlog->_adb->Execute("update " . T_LINKS . " set position=position+15 where linkid=" . $_POST['linkid']);
            reorder_links();
            break;
        default:
            // show form
            break;
    }
    if (isset($_GET['catdo'])) {
        $catdo = $_GET['catdo'];
    } elseif (isset($_POST['catdo'])) {
        $catdo = $_POST['catdo'];
    } else {
        $catdo = '';
    }
    switch ($catdo) {
        case "New":
            // add new category
            $bBlog->_adb->Execute("insert into " . T_CATEGORIES . "\n            set name='" . my_addslashes($_POST['name']) . "'");
            break;
        case "Delete":
            // delete category
            // have to remove all references to the category in the links
            $bBlog->_adb->Execute("update " . T_LINKS . "\n            set linkid=0 where linkid=" . $_POST['categoryid']);
            // delete the category
            $bBlog->_adb->Execute("delete from " . T_CATEGORIES . " where categoryid=" . $_POST['categoryid']);
            break;
        case "Save":
            // update an existing category
            $bBlog->_adb->Execute("update " . T_CATEGORIES . "\n            set name='" . my_addslashes($_POST['name']) . "'\n            where categoryid=" . $_POST['categoryid']);
            break;
        default:
            // show form
            break;
    }
    $rs = $bBlog->_adb->Execute("select * from " . T_CATEGORIES);
    if ($rs !== false && !$rs->EOF) {
        $bBlog->assign('ecategories', $rs->GetRows(-1));
    }
    $rs = $bBlog->_adb->Execute("select * from " . T_LINKS . " order by position");
    if ($rs !== false && !$rs->EOF) {
        $bBlog->assign('elinks', $rs->GetRows(-1));
    }
}
예제 #22
0
/**
 * !runs my_addslashes on an array item
 * used by my_addslashes_array_walk
 *
 * @param unknown $item (reference)
 * @param unknown $key
 */
function my_addslashes_array(&$item, $key)
{
    $item = my_addslashes($item);
}
예제 #23
0
function mt_setPostCategories($params)
{
    global $loq;
    if ($loq->userauth($params[1], $params[2])) {
        // password accepted
        $postid = $params[0];
        $post = $loq->get_post($postid, TRUE, TRUE);
        $sections = array();
        foreach ($params[3] as $section) {
            $sections[] = $section['categoryId'];
        }
        $sections = implode(":", $sections);
        $result = $loq->edit_post(array('title' => my_addslashes($post->title), 'body' => my_addslashes($post->body), 'postid' => $params[0], 'sections' => $sections, 'edit_sections' => 1));
        ob_start();
        XMLRPC_response(XMLRPC_prepare($result), WEBLOG_XMLPRPC_USERAGENT);
    } else {
        XMLRPC_error("301", "The username and password you entered was not accepted. Please try again.", WEBLOG_XMLRPC_USERAGENT);
    }
}
     }
     $timestamp = maketimestamp($_POST['ts_day'], $_POST['ts_month'], $_POST['ts_year'], $_POST['ts_hour'], $_POST['ts_minute']);
 } else {
     $timestamp = FALSE;
 }
 if ($_POST['hidefromhome'] == 'hide') {
     $hidefromhome = 'hide';
 } else {
     $hidefromhome = 'donthide';
 }
 // there is a reason for not using booleans here.
 // is because the bBlog->edit_post function needs to know if to change it or not.
 $disdays = (int) $_POST['disallowcommentsdays'];
 $time = (int) time();
 $autodisabledate = $time + $disdays * 3600 * 24;
 $params = array("postid" => $_POST['postid'], "title" => my_addslashes($_POST['title_text']), "body" => my_addslashes($_POST['body_text']), "modifier" => my_addslashes($_POST['modifier']), "status" => my_addslashes($_POST['pubstatus']), "edit_sections" => TRUE, "hidefromhome" => $hidefromhome, "allowcomments" => my_addslashes($_POST['commentoptions']), "autodisabledate" => $autodisabledate, "sections" => $newsections, "timestamp" => $timestamp);
 //$bBlog->edit_post($params);
 if ($ph->edit_post($params)) {
     $bBlog->modifiednow();
 }
 if (isset($_POST['send_trackback']) && $_POST['send_trackback'] == "TRUE") {
     // send a trackback
     include "./trackback.php";
     if (!isset($_POST['title_text'])) {
         $_POST['title_text'] = "";
     }
     if (!isset($_POST['excerpt'])) {
         $_POST['excerpt'] = "";
     }
     if (!isset($_POST['tburl'])) {
         $_POST['tburl'] = "";
예제 #25
0
function my_get()
{
    return my_addslashes($_GET);
}
예제 #26
0
/**
* Save the changes made to a comment
*
* @param object $bBlog Instance of bBlog class
*/
function saveEdit(&$bBlog)
{
    $rval = true;
    $cid = intval($_POST['commentid']);
    if ($cid === 0) {
        $rval = false;
    } else {
        $title = my_addslashes($_POST['title']);
        $author = my_addslashes($_POST['author']);
        $email = my_addslashes($_POST['email']);
        $websiteurl = my_addslashes($_POST['websiteurl']);
        $body = my_addslashes($_POST['body']);
        if ($rval === true) {
            $q = "update " . T_COMMENTS . " set title='{$title}', postername='{$author}', posterwebsite='{$websiteurl}', posteremail='{$email}', commenttext='{$body}' where commentid='{$_POST['commentid']}'";
            if ($bBlog->query($q) === true) {
                $bBlog->assign('message', 'Comment <em>' . $title . '</em> saved');
            }
        }
    }
    return $rval;
}
예제 #27
0
function WriteParams($as = 0, $restore_values = false)
{
    // wenn $as=1 wird versucht den aktuellen Index der Datenbank nach dem Einlesen wieder zu ermitteln
    // auch wenn sich die Indexnummer durch Loeschaktionen geaendert hat
    global $config, $databases, $config_dontsave;
    $nl = "\n";
    // alte Werte retten
    if ($as) {
        if (is_array($restore_values)) {
            if ($restore_values['cron_dbindex'] < 0) {
                // Multidump oder "alle Datenbanken" war gewaehlt
                $config['cron_dbindex'] = $restore_values['cron_dbindex'];
            } else {
                //den Index der konkreten Datenbank aus der alten Konfiguration ermitteln
                $db_names = array();
                $db_names = array_flip($databases['Name']);
                if (isset($db_names[$restore_values['db_actual']])) {
                    // alte Db existiert noch -> Index uebernehmen
                    $databases['db_actual'] = $restore_values['db_actual'];
                } else {
                    $databases['db_actual'] = $databases['Name'][0];
                }
                //Cron-Index wiederfinden
                if (isset($db_names[$restore_values['cron_dbindex']])) {
                    $config['cron_dbindex'] = $db_names[$restore_values['cron_dbindex']];
                } else {
                    // DB wurde zwischenzeitlich geloescht - sicherheitshalber alle DBs sichern
                    $databases['cron_dbindex'] = -3;
                }
            }
        }
    }
    FillMultiDBArrays();
    //Parameter zusammensetzen
    $config['multipart_groesse'] = $config['multipartgroesse1'] * ($config['multipartgroesse2'] == 1 ? 1024 : 1024 * 1024);
    $param = $pars_all = '<?php ' . $nl;
    if (!isset($config['email_maxsize'])) {
        $config['email_maxsize'] = $config['email_maxsize1'] * ($config['email_maxsize2'] == 1 ? 1024 : 1024 * 1024);
    }
    if (!isset($config['cron_execution_path'])) {
        $config['cron_execution_path'] = "msd_cron/";
    }
    if ($as == 0) {
        $config['paths']['root'] = addslashes(Realpfad("./"));
    }
    $config['files']['parameter'] = $config['paths']['config'] . $config['config_file'] . '.php';
    $config['files']['iconpath'] = './css/' . $config['theme'] . '/icons/';
    foreach ($config as $var => $val) {
        if (!in_array($var, $config_dontsave)) {
            if (is_array($val)) {
                $pars_all .= '$config[\'' . $var . '\']=array();' . $nl;
                foreach ($val as $var2 => $val2) {
                    if ($config['magic_quotes_gpc'] == 1) {
                        $val2 = stripslashes($val2);
                    }
                    $pars_all .= '$config[\'' . $var . '\'][' . (is_int($var2) ? $var2 : "'" . $var2 . "'") . '] = \'' . my_addslashes($val2) . "';{$nl}";
                }
            } else {
                if ($config['magic_quotes_gpc'] == 1) {
                    $val = stripslashes($val);
                }
                if (!in_array($var, $config_dontsave)) {
                    $pars_all .= '$config[\'' . $var . '\'] = \'' . my_addslashes($val) . "';{$nl}";
                }
            }
        }
    }
    foreach ($databases as $var => $val) {
        if (is_array($val)) {
            $pars_all .= '$databases[\'' . $var . '\']=array();' . $nl;
            foreach ($val as $var2 => $val2) {
                if ($config['magic_quotes_gpc'] == 1 || $as == 1) {
                    $pars_all .= '$databases[\'' . $var . '\'][' . (is_int($var2) ? $var2 : "'" . $var2 . "'") . '] = \'' . my_addslashes(stripslashes($val2)) . "';{$nl}";
                } else {
                    $pars_all .= '$databases[\'' . $var . '\'][' . (is_int($var2) ? $var2 : "'" . $var2 . "'") . '] = \'' . my_addslashes($val2) . "';{$nl}";
                }
            }
        } else {
            if ($config['magic_quotes_gpc'] == 0 || $as == 1) {
                $pars_all .= '$databases[\'' . $var . '\'] = \'' . addslashes($val) . "';{$nl}";
            } else {
                $pars_all .= '$databases[\'' . $var . '\'] = \'' . $val . "';{$nl}";
            }
        }
    }
    $param .= '?>';
    $pars_all .= '?>';
    //Datei öffnen und schreiben
    $ret = true;
    $file = $config['paths']['config'] . $config['config_file'] . '.php';
    if ($fp = fopen($file, "wb")) {
        if (!fwrite($fp, $pars_all)) {
            $ret = false;
        }
        if (!fclose($fp)) {
            $ret = false;
        }
        @chmod($file, 0777);
    } else {
        $ret = false;
    }
    $ret = WriteCronScript($restore_values);
    return $ret;
}
}
$bBlog->get_modifiers();
$optionformrows = array();
$options = get_options();
if (isset($_POST['submit']) && $_POST['submit'] == 'Save Options') {
    // saving options..
    $updatevars = array();
    foreach ($options as $option) {
        if (!isset($_POST[$option['name']])) {
            break;
        }
        switch ($option['type']) {
            case "text":
            case "email":
            case "url":
                $updatevars[] = array("name" => $option['name'], "value" => my_addslashes($_POST[$option['name']]));
                break;
            case "password":
                if ($_POST[$option['name']] != '') {
                    $updatevars[] = array("name" => $option['name'], "value" => md5($_POST[$option['name']]));
                }
                break;
            case "templateselect":
                // make sure we're not being poked.
                if (ereg('^[[:alnum:]]+$', $_POST[$option['name']])) {
                    $updatevars[] = array("name" => $option['name'], "value" => strtolower($_POST[$option['name']]));
                }
                break;
            case "statusselect":
                if ($_POST[$option['name']] == 'live') {
                    $updatevars[] = array("name" => $option['name'], "value" => 'live');