function upgrade_pre($var) { $sql = e107::getDb(); if (!$sql->isTable('forum_t')) { return false; // e107::getSingleton('e107plugin')->refresh('forum'); } else { e107::getRedirect()->go(e_PLUGIN_ABS . 'forum/forum_update.php'); //Redirect upgrade to customized upgrade routine } //header('Location: '.e_PLUGIN.'forum/forum_update.php'); }
function __construct() { $this->checkPaths(); $this->checkTimezone(); $this->checkWritable(); $this->checkHtmlarea(); $this->checkIncompatiblePlugins(); $this->checkFileTypes(); $this->checkSuspiciousFiles(); $this->checkDeprecated(); if ($this->refresh == true) { e107::getRedirect()->go(e_SELF); } }
public function actionLogin() { $allow = true; $session = e107::getSession(); if ($session->get('HAuthError')) { $allow = false; $session->set('HAuthError', null); } if ($allow && vartrue($_GET['provider'])) { require_once e_HANDLER . "user_handler.php"; $provider = new e_user_provider($_GET['provider']); try { $provider->login($this->backUrl); // redirect to test page is expected, if true - redirect to SITEURL } catch (Exception $e) { e107::getMessage()->addError('[' . $e->getCode() . ']' . $e->getMessage(), 'default', true); } } e107::getRedirect()->redirect(true === $this->backUrl ? SITEURL : $this->backUrl); }
public function actionLogin() { //echo 'Login controller'; // FIXME - pref for default XUP - e.g. Facebook, use it when GET is empty if (vartrue($_GET['provider'])) { require_once e_HANDLER . "user_handler.php"; $provider = new e_user_provider($_GET['provider']); //$provider->setBackUrl(e107::getUrl()->create('system/xup/endpoint', array(), array('full' => true))); try { $provider->login($this->backUrl); // redirect to test page is expected, if true - redirect to SITEURL } catch (Exception $e) { e107::getMessage()->addError('[' . $e->getCode() . ']' . $e->getMessage()); // print_a($provider->getUserProfile()); // echo '<br /><br /><a href="'.e107::getUrl()->create($this->backUrl).'">Test page</a>'; return; } // print_a($provider->getUserProfile()); //return; } e107::getRedirect()->redirect(e107::getUrl()->create($this->backUrl)); }
if (strpos($row['user_perms'], '0') === 0) { $class_list[] = e_UC_MAINADMIN; } } $class_list[] = e_UC_MEMBER; $class_list[] = e_UC_PUBLIC; $user_logging_opts = array_flip(explode(',', varset($pref['user_audit_opts'], ''))); if (isset($user_logging_opts[USER_AUDIT_LOGIN]) && in_array(varset($pref['user_audit_class'], ''), $class_list)) { // Need to note in user audit trail e107::getAdminLog()->user_audit(USER_AUDIT_LOGIN, '', $user_id, $user_name); } $edata_li = array("user_id" => $row['user_id'], "user_name" => $row['user_name'], 'class_list' => implode(',', $class_list), 'user_admin' => $row['user_admin']); // Fix - set cookie before login trigger session_set(e_COOKIE, $cookieval, time() + 3600 * 24 * 30); e107::getEvent()->trigger("login", $edata_li); e107::getRedirect()->redirect(e_ADMIN_ABS . 'admin.php'); //echo "<script type='text/javascript'>document.location.href='admin.php'</script>\n"; } } $e_sub_cat = 'logout'; if (ADMIN == FALSE) { define("e_IFRAME", TRUE); } if (!defset('NO_HEADER')) { require_once e_ADMIN . "header.php"; } if (ADMIN == FALSE) { // Needs help from Deso, Vesko and Stoev! :-) e107::css('inline', "\n\t\t\n\t\t\tbody \t\t\t\t{ \ttext-align: left; font-size:15px; line-height:1.5em; font-weight:normal; font-family:Arial, Helvetica, sans-serif; background:#081D28 url(" . e_IMAGE . "logo_template_large.png) no-repeat 50% 40px; }\n\t\t\ta\t\t\t\t\t{ \tcolor:#F6931E; text-decoration:none; }\n\t\t\ta:hover\t\t\t\t{ \tcolor:silver; text-decoration:none; }\n\t\t\t.bold\t\t\t\t{ \tfont-weight:bold; }\n\t\t\t.field\t\t\t\t{ \ttext-align:center;padding:5px }\n\t\t\t.field input\t\t{\tpadding:5px; \n\t\t\t\t\t\t\t\t\tborder-width:1px;\t\t\t\t\t\t\t\n \t\t\t\t\t\t\t\tborder-style:solid;\n \t\t\t\t\t\t\t\tborder-color:#aaa #c8c8c8 #c8c8c8 #aaa;\n\t\t\t\t\t\t\t\t\tbackground:#fff;\n\t\t\t\t\t\t\t\t\tfont:16px arial, helvetica, sans-serif;\n\t\t\t\t\t\t\t\t\t-moz-border-radius: 4px;\n\t\t\t\t\t\t\t\t\t-webkit-border-radius: 4px;\n\t\t\t\t\t\t\t\t\tborder-radius: 4px;\n\t\t\t\t\t\t\t\t\t-moz-box-shadow: 1px 1px 2px #999 inset;\n\t\t\t\t\t\t\t\t\t-webkit-box-shadow: 1px 1px 2px #999 inset;\n\t\t\t\t\t\t\t\t\tbox-shadow: 1px 1px 2px #999 inset;\n\t\t\t\t\t\t\t\t}\n\t\t\t\n\t\t\t.field input:focus\t{\n\t\t\t\t\t\t\t\t\tborder:1px solid #F6931E;\n\t\t\t\t\t\t\t\t}\n\t\t\t\t\t\t\t\t\n\t\t\t.field input:hover\t{\n\t\t\t\t\t\t\t\t\tborder:1px solid #F6931E;\n\t\t\t\t\t\t\t\t}\n\t\t\t\n\t\t\t#login-admin \t\t{\n\t\t\t\t\t\t\t\t\tmargin-left:auto;\n\t\t\t\t\t\t\t\t\tmargin-right:auto;\n\t\t\t\t\t\t\t\t\tmargin-top:12%;\n\t\t\t\t\t\t\t\t\t\t\n\t\t\t\t\t\t\t\t\twidth:400px; \n\t\t\t\t\t\t\t\t\t/*\t\n\t\t\t\t\t\t\t\t\tpadding: 10px 20px 0 20px;\n\t\t\t\t\t\t\t\t\t-moz-border-radius:5px;\n\t\t\t\t\t\t\t\t\t-webkit-border-radius:5px;\n\t\t\t\t\t\t\t\t\tborder-radius:5px;\n\t\t\t\t\t\t\t\t\t-moz-box-shadow:5px 5px 20px #000000;\n\t\t\t\t\t\t\t\t\t-webkit-box-shadow:5px 5px 20px #000000;\n\t\t\t\t\t\t\t\t\tbox-shadow:5px 5px 20px #000000;\t\n\t\t\t\t\t\t\t\t\tbackground-color: #FEFEFE;\n\t\t\t\t\t\t\t\t\t*/\n\t\t\t\t\t\t\t\t}\n\t\t\t\n\t\t\t#login-admin label \t{ \tdisplay: none; text-align: right\t}\n\t\t\t\t\n\t\t\t\n\t\t\t.admin-submit \t\t{ \ttext-align: center; \tpadding:20px;\t}\n\t\t\t\n\t\t\t.submit\t\t\t\t{ }\n\t\t\t\n\t\t\n\t\t\t.placeholder \t\t{\tcolor: #bbb; font-style:italic\t}\n\t\n\t\t\t::-webkit-input-placeholder { font-style:italic;\tcolor: #bbb; \t}\n\t\t\n\t\t\t:-moz-placeholder \t{ font-style:italic;\tcolor: #bbb; \t\t}\n\t\t\t\n\t\t\th2\t\t\t\t\t{ text-align: center; color: #FAAD3D; }\n\t\t\t\n\t\t\t#username\t\t\t{background: url(" . e_IMAGE . "admin_images/admins_16.png) no-repeat scroll 7px 7px; padding-left:30px; }\n\t\t\t\t \n\t\t\t#userpass\t\t\t{background: url(" . e_IMAGE . "admin_images/lock_16.png) no-repeat scroll 7px 7px; padding-left:30px; }\n\t\t\t\n\t\t\tinput[disabled] \t{\tcolor: silver;\t}\n\t\t\tbutton[disabled] span\t{\tcolor: silver;\t}\n\t\t\n\t\t"); $obj = new auth(); $obj->authform();
} //$newsfrom = (!is_numeric($action) || !e_QUERY ? 0 : ($action ? $action : e_QUERY)); // Usually the first query parameter is the action. // For any of the 'list' modes (inc month, day), the action being second is a legacy situation // .... which can hopefully go sometime //SecretR: Gone, gone... if (is_numeric($action) && isset($tmp[1]) && ($tmp[1] == 'list' || $tmp[1] == 'month' || $tmp[1] == 'day')) { $action = $tmp[1]; $sub_action = varset($tmp[0], ''); } if ($action == 'all' || $action == 'cat') { $sub_action = intval(varset($tmp[1], 0)); } if ($action == 'extend' && empty($sub_action)) { $defaultUrl = e107::getUrl()->create('news/list/items'); e107::getRedirect()->go($defaultUrl, null, 301); exit; } /* Variables Used: $action - the basic display format/filter $sub_action - category number or news item number $newsfrom - first item number in list (default 0) - derived from nextprev $order - sets the listing order for 'list' format */ $ix = new news(); $nobody_regexp = "'(^|,)(" . str_replace(",", "|", e_UC_NOBODY) . ")(,|\$)'"; // URL settings (nextprev) $newsUrlparms = array('page' => '--FROM--'); if ($sub_action) { switch ($action) {
function init() { global $forum; $e107 = e107::getInstance(); $this->threadId = (int) varset($_GET['id']); $this->perPage = varset($_GET['perpage']) ? (int) $_GET['perpage'] : $forum->prefs->get('postspage'); $this->page = varset($_GET['p']) ? (int) $_GET['p'] : 1; if (!$this->threadId && e_QUERY) { list($id, $page) = explode(".", e_QUERY); $this->threadId = intval($id); $this->page = intval($page); } //If threadId doesn't exist, or not given, redirect to main forum page if (!$this->threadId || !($this->threadInfo = $forum->threadGet($this->threadId))) { if (E107_DEBUG_LEVEL > 0) { e107::getMessage()->addError("Thread not found or query error: " . __METHOD__ . ' Line: ' . __LINE__); return; // exit; } $url = e107::url('forum', 'index', 'full'); e107::getRedirect()->go($url); // header('Location:' . $e107->url->create('forum/forum/main', array(), 'encode=0&full=1')); exit; } //If not permitted to view forum, redirect to main forum page if (!$forum->checkPerm($this->threadInfo['thread_forum_id'], 'view')) { if (E107_DEBUG_LEVEL > 0) { echo __METHOD__ . ' Line: ' . __LINE__; exit; } $url = e107::url('forum', 'index', 'full'); e107::getRedirect()->go($url); // header('Location:' . $e107->url->create('forum/forum/main', array(), 'encode=0&full=1')); exit; } $totalPosts = $this->threadInfo['thread_total_replies']; // + 1; // add 1 for the original post . ie. not a reply. $this->pages = ceil($totalPosts / $this->perPage); $this->noInc = false; }
function pluginXml() { //TODO Plugin.xml Form Fields. . $data = array('main' => array('name', 'lang', 'version', 'date', 'compatibility'), 'author' => array('name', 'url'), 'summary' => array('summary'), 'description' => array('description'), 'keywords' => array('one', 'two'), 'category' => array('category'), 'copyright' => array('copyright')); // Load old plugin.php file if it exists; $legacyFile = e_PLUGIN . $this->pluginName . "/plugin.php"; if (file_exists($legacyFile)) { $eplug_name = $eplug_author = $eplug_url = $eplug_description = ""; $eplug_tables = array(); require_once $legacyFile; $mes = e107::getMessage(); $mes->addInfo("Loading plugin.php file"); $defaults = array("main-name" => $eplug_name, "author-name" => $eplug_author, "author-url" => $eplug_url, "description-description" => $eplug_description, "summary-summary" => $eplug_description); if (count($eplug_tables) && !file_exists(e_PLUGIN . $this->pluginName . "/" . $this->pluginName . "_sql.php")) { $cont = ''; foreach ($eplug_tables as $tab) { if (strpos($tab, "INSERT INTO") !== FALSE) { continue; } $cont .= "\n" . str_replace("\t", " ", $tab); } if (file_put_contents(e_PLUGIN . $this->pluginName . "/" . $this->pluginName . "_sql.php", $cont)) { $info = str_replace('[x]', $this->pluginName . "_sql.php", EPL_ADLAN_132); $mes->addInfo($info, 'default', true); $red = e107::getRedirect(); $red->redirect(e_REQUEST_URL, true); // $red->redirect(e_SELF."?mode=create&newplugin=".$this->pluginName."&createFiles=1&step=2",true); } else { $msg = str_replace('[x]', $this->pluginName . "_sql.php", EPL_ADLAN_133) . "<br />"; $msg .= str_replace(array('[x]', '[y]'), array($this->pluginName . "_sql.php", $cont), EPL_ADLAN_134); $mes->addWarning($msg); } } } $existingXml = e_PLUGIN . $this->pluginName . "/plugin.xml"; if (file_exists($existingXml)) { $p = e107::getXml()->loadXMLfile($existingXml, true); // print_a($p); $defaults = array("main-name" => varset($p['@attributes']['name']), "author-name" => varset($p['author']['@attributes']['name']), "author-url" => varset($p['author']['@attributes']['url']), "description-description" => varset($p['description']), "summary-summary" => varset($p['summary'], $p['description']), "category-category" => varset($p['category']), "keywords-one" => varset($p['keywords']['word'][0]), "keywords-two" => varset($p['keywords']['word'][1])); unset($p); } $text = "<table class='table adminform'>"; foreach ($data as $key => $val) { $text .= "<tr><td>{$key}</td><td>\n\t\t\t\t<div class='controls'>"; foreach ($val as $type) { $nm = $key . '-' . $type; $name = "xml[{$nm}]"; $size = count($val) == 1 ? 'span7 col-md-7' : 'span2 col-md-2'; $text .= "<div class='{$size}'>" . $this->xmlInput($name, $key . "-" . $type, vartrue($defaults[$nm])) . "</div>"; } $text .= "</div></td></tr>"; } $text .= "</table>"; return $text; }
e107::redirect(); } if ($adminEdit && $message) { $mes->addSuccess($message); } if (isset($USERSETTINGS_MESSAGE)) { $message = str_replace("{MESSAGE}", $message, $USERSETTINGS_MESSAGE); } elseif (!deftrue('BOOTSTRAP')) { $message = "<div style='text-align:center'>" . $message . '</div>'; } $caption = isset($USERSETTINGS_MESSAGE_CAPTION) ? $USERSETTINGS_MESSAGE_CAPTION : LAN_OK; } // End - if (!$error)... if (!$error && !$promptPassword) { if (isset($_POST) && vartrue($changedUserData['user_name'])) { $redirect = e107::getRedirect(); $url = e107::getUrl(); $to = $_uid ? $url->create('user/profile/edit', array('id' => $_uid, 'name' => $changedUserData['user_name'])) : $url->create('user/myprofile/edit'); if ($message) { e107::getMessage()->addSuccess($message, 'default', true); } $redirect->redirect($to); } unset($_POST); } if ($error) { // require_once (e_HANDLER.'message_handler.php'); $temp = array(); if (count($extraErrors)) { $temp[] = implode('<br />', $extraErrors); }
function sc_admin_lang($parm) { if (!ADMIN || !e107::getPref('multilanguage')) { return ''; } $e107 = e107::getInstance(); $sql = e107::getDb(); $pref = e107::getPref(); $ns = e107::getRender(); e107::plugLan('user_menu', '', true); $params = array(); parse_str($parm, $params); $lanlist = explode(',', e_LANLIST); sort($lanlist); $text = ''; $lanperms = array(); foreach ($lanlist as $langval) { if (getperms($langval)) { $lanperms[] = $langval; } } $slng = e107::getLanguage(); if (!getperms($sql->mySQLlanguage) && $lanperms) { $slng->set($lanperms[0]); if ($pref['user_tracking'] == "session" && $pref['multilanguage_subdomain']) { e107::getRedirect()->redirect($slng->subdomainUrl($lanperms[0])); } /*$sql->mySQLlanguage = ($lanperms[0] != $pref['sitelanguage']) ? $lanperms[0] : ""; if ($pref['user_tracking'] == "session") { $_SESSION['e107language_'.$pref['cookie_name']] = $lanperms[0]; if($pref['multilanguage_subdomain']){ header("Location:".$slng->subdomainUrl($lanperms[0])); } } else { setcookie('e107language_'.$pref['cookie_name'], $lanperms[0], time() + 86400, '/'); $_COOKIE['e107language_'.$pref['cookie_name']]= $lanperms[0]; }*/ } if (varset($GLOBALS['mySQLtablelist'])) { foreach ($GLOBALS['mySQLtablelist'] as $tabs) { $clang = strtolower($sql->mySQLlanguage); if (strpos($tabs, "lan_" . $clang) && $clang != "") { $aff[] = str_replace(MPREFIX . "lan_" . $clang . "_", "", $tabs); } } } $text .= "\n\t\t<div>\n\t\t"; if (isset($aff)) { $text .= $sql->mySQLlanguage; $text .= " (" . $slng->convert($sql->mySQLlanguage) . ")\n\t\t\t: <span class='btn btn-default button' style='cursor: pointer;' onclick='expandit(\"lan_tables\");'><a style='text-decoration:none' title='' href=\"javascript:void(0);\" > " . count($aff) . " " . UTHEME_MENU_L3 . " </a></span><br />\n\t\t\t<span style='display:none' id='lan_tables'>\n\t\t\t"; $text .= implode('<br />', $aff); $text .= '</span>'; } elseif ($sql->mySQLlanguage && $sql->mySQLlanguage != $pref['sitelanguage']) { $text .= $sql->mySQLlanguage; $text .= ' (' . $slng->convert($sql->mySQLlanguage) . '): ' . LAN_INACTIVE; } else { $text .= $pref['sitelanguage']; } $text .= "<br /><br /></div>"; $select = ''; if (isset($pref['multilanguage_subdomain']) && $pref['multilanguage_subdomain']) { // TODO - JS independent $select .= "\n\t\t\t<select class='tbox' name='lang_select' id='sitelanguage' onchange=\"location.href=this.options[selectedIndex].value\">"; foreach ($lanperms as $lng) { $selected = $lng == $sql->mySQLlanguage || $lng == $pref['sitelanguage'] && !$sql->mySQLlanguage ? " selected='selected'" : ""; $urlval = $slng->subdomainUrl($lng); $select .= "<option value='" . $urlval . "' {$selected}>{$lng}</option>\n"; } $select .= "</select>"; } else { $select .= "\n\t\t\t<form method='post' action='" . e_SELF . (e_QUERY ? '?' . e_QUERY : '') . "'>\n\t\t\t<div>\n\t\t\t<select name='sitelanguage' id='sitelanguage' class='tbox' onchange='this.form.submit()'>"; foreach ($lanperms as $lng) { // FIXME - language detection is a mess - db handler, mysql handler, session handler and language handler + constants invlolved // Too complex, doesn't work!!! SIMPLIFY!!! //$langval = ($lng == $pref['sitelanguage'] && $lng == 'English') ? "" : $lng; //$selected = ($lng == $sql->mySQLlanguage || ($lng == $pref['sitelanguage'] && !$sql->mySQLlanguage)) ? " selected='selected'" : ""; //$select .= "<option value='".$langval."'{$selected}>$lng</option>\n"; $selected = $lng == e_LANGUAGE ? " selected='selected'" : ""; $select .= "<option value='" . $lng . "'{$selected}>{$lng}</option>\n"; } $select .= "</select> " . (!isset($params['nobutton']) ? "<button class='update e-hide-if-js' type='submit' name='setlanguage' value='no-value'><span>" . UTHEME_MENU_L1 . "</span></button>" : '') . "\n\t\t\t" . e107::getForm()->hidden('setlanguage', '1') . "\n\t\t\t</div>\n\t\t\t</form>\n\t\t\t"; } if (isset($params['nomenu'])) { return $select; } if ($select) { $text .= "<div class='center'>{$select}</div>"; } return $ns->tablerender(UTHEME_MENU_L2, $text, '', true); }
function sendFile($data) { $sql = e107::getDb(); $post_id = intval($data['id']); // forum (post) id $file_id = intval($data['dl']); // file id $forum_id = $sql->retrieve('forum_post', 'post_forum', 'post_id=' . $post_id); // Check if user is allowed to download this file (has 'view' permissions to forum) if (!$this->checkPerm($forum_id, 'view')) { if (E107_DEBUG_LEVEL > 0) { echo "You don't have 'view' access to forum-id: : " . $forum_id; print_a($this->permList); return; } $url = e107::url('forum', 'index', 'full'); e107::getRedirect()->go($url); // header('Location:'.e107::getUrl()->create('forum/forum/main')); // FIXME needs proper redirect and 403 header exit; } $array = $sql->retrieve('forum_post', 'post_user,post_attachments', 'post_id=' . $post_id); $attach = e107::unserialize($array['post_attachments']); $file = $this->getAttachmentPath($array['post_user']) . varset($attach['file'][$file_id]); // Check if file exists. Send file for download if it does, return 404 error code when file does not exist. if (file_exists($file)) { e107::getFile()->send($file); } else { if (E107_DEBUG_LEVEL > 0) { echo "Couldn't find file: " . $file; return; } $url = e107::url('forum', 'index', 'full'); e107::getRedirect()->go($url); // header('Location:'.e107::getUrl()->create('forum/forum/main', TRUE, 404)); // FIXME needs proper redirect and 404 header exit; } }
function upgrade_pre($var) { //Redirect upgrade to customized upgrade routine e107::getRedirect()->redirect(e_PLUGIN_ABS . 'forum/forum_update.php'); //header('Location: '.e_PLUGIN.'forum/forum_update.php'); }
function manager_category() { global $plugintable, $qs, $sql, $ns, $rs, $aa; if (!getperms("0")) { //jsx_location(e_SELF); $url = e_SELF; e107::getRedirect()->go($url); } if (!is_numeric($qs[1])) { //jsx_location(e_SELF); $url = e_SELF; e107::getRedirect()->go($url); } if (!is_object($sql)) { $sql = new db(); } if (!$sql->db_Select($plugintable, "content_id, content_heading, content_pref", "content_id='" . intval($qs[1]) . "' ")) { //js_location(e_SELF."?manager"); $url = e_SELF . "?manager"; e107::getRedirect()->go($url); } else { $row = $sql->db_Fetch(); $caption = CONTENT_ADMIN_CAT_LAN_30 . " : " . $row['content_heading']; } //$content_pref = e107::unserialize($row['content_pref']); $content_pref = e107::unserialize($row['content_pref']); $qs[1] = intval($qs[1]); $text = "\n\t\t\t<div class='text-left'>\n\t\t\t" . $rs->form_open("post", e_SELF . "?" . e_QUERY, "managerform", "", "enctype='multipart/form-data'") . "\n\t\t\t<table class='table adminform' id='manager_category_01'>\n\t\t\t<tr>\n\t\t\t\t<td class='forumheader3' style='text-align:left'>\n\t\t\t\t\t" . CONTENT_ADMIN_MANAGER_LAN_0 . "<br />" . CONTENT_ADMIN_MANAGER_LAN_1 . "<br />\n\t\t\t\t</td>\n\t\t\t\t<td class='forumheader3' style='text-align:left'>\n\t\t\t\t\t" . r_userclass("content_manager_approve", $content_pref["content_manager_approve"], 'off', "nobody,member,admin,classes") . "\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class='forumheader3' style='text-align:left'>\n\t\t\t\t\t" . CONTENT_ADMIN_MANAGER_LAN_2 . "<br />" . CONTENT_ADMIN_MANAGER_LAN_3 . "<br />\n\t\t\t\t</td>\n\t\t\t\t<td class='forumheader3' style='text-align:left'>\n\t\t\t\t\t" . r_userclass("content_manager_personal", $content_pref["content_manager_personal"], 'off', "nobody,member,admin,classes") . "\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class='forumheader3' style='text-align:left'>\n\t\t\t\t\t" . CONTENT_ADMIN_MANAGER_LAN_4 . "<br />" . CONTENT_ADMIN_MANAGER_LAN_5 . "<br />\n\t\t\t\t</td>\n\t\t\t\t<td class='forumheader3' style='text-align:left'>\n\t\t\t\t\t" . r_userclass("content_manager_category", $content_pref["content_manager_category"], 'off', "nobody,member,admin,classes") . "\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td colspan='2' class='fcaption' style='text-align:center'>\n\t\t\t\t\t" . $rs->form_button("submit", "update_manager", LAN_SAVE) . "\n\t\t\t\t\t" . $rs->form_hidden("options_type", $qs[1]) . "\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t</table>\n\t\t\t" . $rs->form_close() . "\n\t\t\t</div>"; $ns->tablerender($caption, $text); }
/** * Display list of links within a particular category */ function show_links() { global $qs, $rs, $tp, $from; $db = e107::getDb(); $number = "20"; $LINK_CAT_NAME = ''; // May be appropriate to add a shortcode later if ($qs[2] == "all") { // Show all categories $caption = LCLAN_ITEM_38; $qry = " link_id != '' ORDER BY link_category ASC, link_order ASC"; } else { // Show single category if ($db->select("links_page_cat", "link_category_name", "link_category_id='" . intval($qs[2]) . "' ")) { $row = $db->fetch(); $caption = LCLAN_ITEM_2 . " " . $row['link_category_name']; } $qry = " link_category=" . intval($qs[2]) . " ORDER BY link_order, link_id ASC"; } $link_total = $db->select("links_page", "*", " " . $qry . " "); if (!$db->select("links_page", "*", " " . $qry . " LIMIT " . intval($from) . "," . intval($number) . " ")) { //jsx_location(e107::url('links_page', 'index')); $url = e107::url('links_page', 'index'); e107::getRedirect()->go($url); } else { // Display the individual links $text = $rs->form_open("post", e_SELF . (e_QUERY ? "?" . e_QUERY : ""), "myform_{$row['link_id']}", "", ""); $text .= "<div style='text-align:center'>\n <table class='fborder' style='" . ADMIN_WIDTH . "'>\n <tr>\n <td class='fcaption' style='width:5%'>" . LCLAN_ITEM_25 . "</td>\n <td class='fcaption' style='width:65%'>" . LCLAN_ITEM_26 . "</td>\n <td class='fcaption' style='width:10%'>" . LCLAN_ITEM_27 . "</td>\n <td class='fcaption' style='width:10%'>" . LCLAN_ITEM_28 . "</td>\n <td class='fcaption' style='width:10%'>" . LCLAN_ITEM_29 . "</td>\n </tr>"; while ($row = $db->fetch()) { $linkid = $row['link_id']; $img = ""; if ($row['link_button']) { if (strpos($row['link_button'], "http://") !== FALSE) { $img = "<img style='border:0;' src='" . $row['link_button'] . "' alt='" . $LINK_CAT_NAME . "' />"; } else { if (strstr($row['link_button'], "/")) { $img = "<img style='border:0;' src='" . e_BASE . $row['link_button'] . "' alt='" . $LINK_CAT_NAME . "' />"; } else { $img = "<img style='border:0' src='" . e_PLUGIN_ABS . "links_page/link_images/" . $row['link_button'] . "' alt='" . $LINK_CAT_NAME . "' />"; } } } $name_suffix = URL_SEPARATOR . $linkid . URL_SEPARATOR . $row['link_order'] . URL_SEPARATOR . $row['link_category']; if ($row['link_order'] == "1") { $up = " "; } else { //$up = "<input type='image' src='".LINK_ICON_ORDER_UP_BASE."' value='".$linkid.".".$row['link_order'].".".$row['link_category']."' name='inc' />"; $up = "<input type='image' src='" . LINK_ICON_ORDER_UP_BASE . "' name='inc" . $name_suffix . "' />"; } if ($row['link_order'] == $link_total) { $down = " "; } else { //$down = "<input type='image' src='".LINK_ICON_ORDER_DOWN_BASE."' value='".$linkid.".".$row['link_order'].".".$row['link_category']."' name='dec' />"; $down = "<input type='image' src='" . LINK_ICON_ORDER_DOWN_BASE . "' name='dec" . $name_suffix . "' />"; } $text .= "\n <tr>\n <td class='forumheader3' style='width:5%; text-align: center; vertical-align: middle'>" . $img . "</td>\n <td style='width:65%' class='forumheader3'>\n <a href='" . e_PLUGIN_ABS . "links_page/links.php?" . $row['link_id'] . "' rel='external'>" . LINK_ICON_LINK . "</a> " . $row['link_name'] . "\n </td>\n <td style='width:10%; text-align:center; white-space: nowrap' class='forumheader3'>\n <a href='" . e_SELF . "?link.edit." . $linkid . "' title='" . LCLAN_ITEM_31 . "'>" . LINK_ICON_EDIT . "</a>\n <input type='image' title='delete' name='delete[main_{$linkid}]' alt='" . LCLAN_ITEM_32 . "' src='" . LINK_ICON_DELETE_BASE . "' onclick=\"return jsconfirm('" . $tp->toJS(LCLAN_ITEM_33 . " [ " . $row['link_name'] . " ]") . "')\" />\n </td>\n <td style='width:10%; text-align:center; white-space: nowrap' class='forumheader3'>\n " . $up . "\n " . $down . "\n </td>\n <td style='width:10%; text-align:center' class='forumheader3'>\n <select name='link_order[]' class='tbox'>"; //".$rs -> form_select_open("link_order[]"); for ($a = 1; $a <= $link_total; $a++) { $text .= $rs->form_option($a, $row['link_order'] == $a ? "1" : "0", $linkid . "." . $a, ""); } $text .= $rs->form_select_close() . "\n </td>\n </tr>"; } $text .= "\n <tr>\n <td class='forumheader' colspan='4'> </td>\n <td class='forumheader' style='width:5%; text-align:center'>\n " . $rs->form_button("submit", "update_order", LCLAN_ITEM_30) . "\n </td>\n </tr>\n </table></div>\n " . $rs->form_close(); } e107::getRender()->tablerender($caption, $text); $this->ShowNextPrev($from, $number, $link_total); }
+ ----------------------------------------------------------------------------+ | e107 website system | | Copyright (C) 2008-2013 e107 Inc | http://e107.org | | Released under the terms and conditions of the | GNU General Public License (http://gnu.org). | | Generic File Request Script. | +----------------------------------------------------------------------------+ */ require_once "class2.php"; if (!e_QUERY || isset($_POST['userlogin'])) { header("location: " . SITEURL); // $e107->base_path exit; } // Media-Manager direct file download. if (vartrue($_GET['file']) && is_numeric($_GET['file'])) { $sql = e107::getDb(); if ($sql->select('core_media', 'media_url', "media_id= " . intval($_GET['file']) . " AND media_userclass IN (" . USERCLASS_LIST . ") LIMIT 1 ")) { $row = $sql->fetch(); // $file = $tp->replaceConstants($row['media_url'],'rel'); e107::getFile()->send($row['media_url']); } } else { e107::getRedirect()->redirect(e_PLUGIN . "download/request.php?" . e_QUERY); } exit;
/** * The whole could happen inside e_user class * @return void */ function init_session() { /* # Validate user # # - parameters none # - return boolean # - scope public */ // ---------------------------------------- global $user_pref, $currentUser; $e107 = e107::getInstance(); // New user model $user = e107::getUser(); define('USERIP', e107::getIPHandler()->getIP(FALSE)); define('POST_REFERER', md5($user->getToken())); // Check for intruders - outside the model for now // TODO replace __referer with e-token, remove the above if (isset($_POST['__referer']) && !$user->checkToken($_POST['__referer']) || isset($_GET['__referer']) && !$user->checkToken($_GET['__referer'])) { // Die, die, die! DIE!!! die('Unauthorized access!'); } if (e107::isCli()) { define('USER', true); define('USERID', 1); define('USERNAME', 'e107-cli'); define('USERTHEME', false); define('ADMIN', true); define('GUEST', false); define('USERCLASS', ''); define('USEREMAIL', ''); define('USERCLASS_LIST', ''); define('USERCLASS', ''); define('USERJOINED', ''); return; } if ($user->hasBan()) { $msg = e107::findPref('ban_messages/6'); if ($msg) { echo e107::getParser()->toHTML($msg); } exit; } if (!$user->isUser()) { define('USER', false); define('USERID', 0); define('USERTHEME', false); define('ADMIN', false); define('GUEST', true); define('USERCLASS', ''); define('USEREMAIL', ''); define('USERSIGNATURE', ''); if ($user->hasSessionError()) { define('LOGINMESSAGE', CORE_LAN10); define('CORRUPT_COOKIE', true); } } else { // we shouldn't use getValue() here, it's there for e.g. shortcodes, profile page render etc. define('USERID', $user->getId()); define('USERNAME', $user->get('user_name')); define('USERURL', $user->get('user_homepage', false)); //required for BC define('USEREMAIL', $user->get('user_email')); define('USER', true); define('USERCLASS', $user->get('user_class')); define('USERIMAGE', $user->get('user_image')); define('USERPHOTO', $user->get('user_sess')); define('USERJOINED', $user->get('user_join')); define('USERVISITS', $user->get('user_visits')); define('USERSIGNATURE', $user->get('user_signature')); define('ADMIN', $user->isAdmin()); define('ADMINID', $user->getAdminId()); define('ADMINNAME', $user->getAdminName()); define('ADMINPERMS', $user->getAdminPerms()); define('ADMINEMAIL', $user->getAdminEmail()); define('ADMINPWCHANGE', $user->getAdminPwchange()); if (ADMIN) { e107::getRedirect()->setPreviousUrl(); } define('USERLV', $user->get('user_lastvisit')); // BC - FIXME - get rid of them! $currentUser = $user->getData(); $currentUser['user_realname'] = $user->get('user_login'); // Used by force_userupdate $e107->currentUser =& $currentUser; // if(defined('SETTHEME')) //override - within e_module for example. // { // $_POST['sitetheme'] = SETTHEME; // $_POST['settheme'] = 1; // } // XXX could go to e_user class as well if ($user->checkClass(e107::getPref('allow_theme_select', false), false)) { // User can set own theme if (isset($_POST['settheme'])) { $uconfig = $user->getConfig(); if (e107::getPref('sitetheme') != $_POST['sitetheme']) { require_once e_HANDLER . "theme_handler.php"; $utheme = new themeHandler(); $ut = $utheme->themeArray[$_POST['sitetheme']]; $uconfig->setPosted('sitetheme', $_POST['sitetheme'])->setPosted('sitetheme_custompages', $ut['custompages'])->setPosted('sitetheme_deflayout', $utheme->findDefault($_POST['sitetheme'])); } else { $uconfig->remove('sitetheme')->remove('sitetheme_custompages')->remove('sitetheme_deflayout'); } $uconfig->save(true); unset($ut); } } elseif ($user->getPref('sitetheme')) { $user->getConfig()->remove('sitetheme')->remove('sitetheme_custompages')->remove('sitetheme_deflayout')->save(false); } // XXX could go to e_user class as well END if (!defined("USERTHEME")) { define('USERTHEME', $user->getPref('sitetheme') && file_exists(e_THEME . $user->getPref('sitetheme') . "/theme.php") ? $user->getPref('sitetheme') : false); } $user_pref = $user->getPref(); } define('USERCLASS_LIST', $user->getClassList(true)); define('e_CLASS_REGEXP', $user->getClassRegex()); define('e_NOBODY_REGEXP', '(^|,)' . e_UC_NOBODY . '(,|$)'); }
function dbCategory($mode) { global $pref, $sql, $ns, $qs, $rs, $aa, $tp, $plugintable, $e107cache, $content_cat_icon_path_large, $content_cat_icon_path_small; $_POST['cat_heading'] = $tp->toDB($_POST['cat_heading']); $_POST['cat_subheading'] = $tp->toDB($_POST['cat_subheading']); if (e_WYSIWYG) { $_POST['cat_text'] = $tp->createConstants($_POST['cat_text']); // convert e107_images/ to {e_IMAGE} etc. } $_POST['cat_text'] = $tp->toDB($_POST['cat_text']); $_POST['cat_class'] = $_POST['cat_class'] ? intval($_POST['cat_class']) : "0"; //category create if (isset($qs[0]) && $qs[0] == 'cat' && isset($qs[1]) && $qs[1] == 'create') { if (isset($qs[2]) && is_numeric($qs[2])) { $parent = "0." . intval($qs[2]); } else { $parent = 0; } //category edit } elseif (isset($qs[0]) && $qs[0] == 'cat' && isset($qs[1]) && $qs[1] == 'edit') { if (isset($qs[2]) && is_numeric($qs[2])) { if (isset($qs[3]) && is_numeric($qs[3])) { if (intval($qs[3]) == 0) { $parent = 0; } elseif ($qs[2] == $qs[3]) { $parent = 0; } else { $parent = "0." . intval($qs[3]); } } else { if ($qs[2] == $_POST['cat_id']) { $parent = intval($_POST['parent_id']); $parent = $parent != 0 ? "0." . $parent : 0; } else { } } } else { $parent = 0; } } $_POST['parent'] = $parent; if (isset($_POST['cat_startdate']) && $_POST['cat_startdate'] != "0" && $_POST['cat_startdate'] != "") { $newstarttime = e107::getDate()->toTime($_POST['cat_startdate'], 'inputdatetime'); } else { $newstarttime = time(); } if (isset($_POST['content_datestamp']) && $_POST['content_datestamp'] != "" && $_POST['content_datestamp'] != "0") { if ($newstarttime != $starttime) { $starttime = $newstarttime; } else { $starttime = intval($_POST['content_datestamp']); } } else { $starttime = time(); } if (isset($_POST['cat_enddate']) && $_POST['cat_enddate'] != "0" && $_POST['cat_enddate'] != "") { $endtime = e107::getDate()->toTime($_POST['cat_enddate'], 'inputdatetime'); } else { $endtime = "0"; } if ($mode == "create") { $sql->db_Insert($plugintable, "'0', '" . $_POST['cat_heading'] . "', '" . $_POST['cat_subheading'] . "', '', '" . $_POST['cat_text'] . "', '" . ADMINID . "', '" . $tp->toDB($_POST["cat_icon"]) . "', '', '', '" . $_POST['parent'] . "', '" . intval($_POST['cat_comment']) . "', '" . intval($_POST['cat_rate']) . "', '" . intval($_POST['cat_pe']) . "', '', '" . $starttime . "', '" . $endtime . "', '" . $_POST['cat_class'] . "', '', '0', '0', '', '' "); // check and insert default pref values if new main parent + create menu file if ($_POST['parent'] == "0") { $iid = mysql_insert_id(); $content_pref = $aa->getContentPref($iid); $aa->CreateParentMenu($iid); } $e107cache->clear("{$plugintable}"); //jsx_location(e_SELF."?".e_QUERY.".pc"); $url = e_SELF . "?" . e_QUERY . ".pc"; e107::getRedirect()->go($url); } elseif ($mode == "update") { $sql->db_Update($plugintable, "content_heading = '" . $_POST['cat_heading'] . "', content_subheading = '" . $_POST['cat_subheading'] . "', content_summary = '', content_text = '" . $_POST['cat_text'] . "', content_author = '" . ADMINID . "', content_icon = '" . $tp->toDB($_POST["cat_icon"]) . "', content_image = '', content_parent = '" . $_POST['parent'] . "', content_comment = '" . intval($_POST['cat_comment']) . "', content_rate = '" . intval($_POST['cat_rate']) . "', content_pe = '" . intval($_POST['cat_pe']) . "', content_refer = '0', content_datestamp = '" . $starttime . "', content_enddate = '" . $endtime . "', content_class = '" . intval($_POST['cat_class']) . "' WHERE content_id = '" . intval($_POST['cat_id']) . "' "); // check and insert default pref values if new main parent + create menu file if ($_POST['parent'] == "0") { @unlink(e_PLUGIN . "content/menus/content_" . $_POST['menuheading'] . "_menu.php"); $content_pref = $aa->getContentPref($_POST['cat_id']); $aa->CreateParentMenu($_POST['cat_id']); } $e107cache->clear("{$plugintable}"); //jsx_location(e_SELF."?".e_QUERY.".pu"); $url = e_SELF . "?" . e_QUERY . ".pu"; e107::getRedirect()->go($url); } }
<p>Loading…</p> </div> <div class="modal-footer"> <a href="#" data-dismiss="modal" class="btn btn-primary">Close</a> </div> </div>'; */ } if ($mode == 'download' && !empty($_GET['src'])) { define('e_IFRAME', true); $frm = e107::getForm(); $mes = e107::getMessage(); $string = base64_decode($_GET['src']); parse_str($string, $data); if (!empty($data['price'])) { e107::getRedirect()->go($data['url']); return true; } $mp = $themec->getMarketplace(); $mes->addSuccess("Connecting..."); if ($mp->download($data['id'], $data['mode'], 'theme')) { // Auto install? // $text = e107::getPlugin()->install($data['plugin_folder']); // $mes->addInfo($text); echo $mes->render('default', 'success'); } else { echo $mes->addError('Unable to continue')->render('default', 'error'); } echo $mes->render('default', 'debug'); } elseif (vartrue($_POST['selectadmin'])) { $mode = "admin";
$query = "`user_email`='{$clean_email}' "; // Allow admins to remove 'username' from fpw_template.php if they wish. $query .= isset($_POST['username']) ? " AND `user_loginname`='{$clean_username}'" : ""; if ($sql->select('user', '*', $query)) { // Found user in DB $row = $sql->fetch(); // Main admin expected to be competent enough to never forget password! (And its a security check - so warn them) // Sending email to admin alerting them of attempted admin password reset, and redirect user to homepage. if ($row['user_admin'] == 1 && ($row['user_perms'] == '0' or $row['user_perms'] == '0.')) { sendemail($pref['siteadminemail'], LAN_06, LAN_07 . ' [' . e107::getIPHandler()->getIP(FALSE) . '] ' . e107::getIPHandler()->getIP(TRUE) . ' ' . LAN_08); e107::getRedirect()->redirect(SITEURL); } // Banned user, or not validated switch ($row['user_ban']) { case USER_BANNED: e107::getRedirect()->redirect(SITEURL); break; case USER_VALIDATED: break; default: fpw_error(LAN_02 . ':' . $row['user_ban']); // Intentionally rather a vague message exit; } // Check if password reset was already requested if ($result = $sql->select('tmp', '*', "`tmp_ip` = 'pwreset' AND `tmp_info` LIKE '" . $row['user_loginname'] . FPW_SEPARATOR . "%'")) { fpw_error(LAN_FPW4); exit; } // Set unique reset code mt_srand((double) microtime() * 1000000);
public function redirect403() { e107::getRedirect()->redirect(SITEURL . $this->e403); }
| $Author$ +----------------------------------------------------------------------------+ */ require_once "class2.php"; // security image may be disabled by removing the appropriate shortcodes from the template. require_once e_HANDLER . "secure_img_handler.php"; $sec_img = new secure_image(); include_lan(e_LANGUAGEDIR . e_LANGUAGE . '/lan_' . e_PAGE); require_once HEADERF; if (!$CONTACT_FORM) { if (file_exists(THEME . "contact_template.php")) { require_once THEME . "contact_template.php"; } else { // Redirect Page if no contact-form or contact-info is available. if ($pref['sitecontacts'] == e_UC_NOBODY && trim(SITECONTACTINFO) == "") { e107::getRedirect()->redirect(e_BASE . "index.php"); exit; } require_once e_THEME . "templates/contact_template.php"; } } if (isset($_POST['send-contactus'])) { $error = ""; $sender_name = $tp->toEmail($_POST['author_name'], TRUE, 'RAWTEXT'); $sender = check_email($_POST['email_send']); $subject = $tp->toEmail($_POST['subject'], TRUE, 'RAWTEXT'); $body = $tp->toEmail($_POST['body'], TRUE, 'RAWTEXT'); // Check Image-Code if (isset($_POST['rand_num']) && !$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) { $error .= LANCONTACT_15 . "\\n"; }
/** # Class called when user attempts to log in # # @param string $username, $_POSTED user name # @param string $userpass, $_POSTED user password # @param $autologin - 'signup' - uses a specially encoded password - logs in if matches # - zero for 'normal' login # - non-zero sets the 'remember me' flag in the cookie ' @param string $response - response string returned by CHAP login (instead of password) # @return boolean - FALSE on login fail, TRUE on login successful */ public function login($username, $userpass, $autologin, $response = '', $noredirect = false) { $pref = e107::getPref(); $tp = e107::getParser(); $sql = e107::getDb(); $e_event = e107::getEvent(); $_E107 = e107::getE107(); $username = trim($username); $userpass = trim($userpass); if ($_E107['cli'] && $username == '') { return FALSE; } $forceLogin = $autologin === 'signup'; if (!$forceLogin && $autologin === 'provider') { $forceLogin = '******'; } if ($username == "" || $userpass == "" && $response == '' && $forceLogin !== 'provider') { // Required fields blank return $this->invalidLogin($username, LOGIN_BLANK_FIELD); } // $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'IP: '.$fip,FALSE,LOG_TO_ROLLING); // $this->e107->check_ban("banlist_ip='{$this->userIP}' ",FALSE); // This will exit if a ban is in force e107::getIPHandler()->checkBan("banlist_ip='{$this->userIP}' ", FALSE); // This will exit if a ban is in force $autologin = intval($autologin); // Will decode to zero if forced login $authorized = false; if (!$forceLogin && $this->e107->isInstalled('alt_auth')) { $authMethod[0] = varset($pref['auth_method'], 'e107'); // Primary authentication method $authMethod[1] = varset($pref['auth_method2'], 'none'); // Secondary authentication method (if defined) $result = false; foreach ($authMethod as $method) { if ($method == 'e107') { if ($this->lookupUser($username, $forceLogin)) { if ($this->checkUserPassword($username, $userpass, $response, $forceLogin) === TRUE) { $authorized = true; $result = LOGIN_CONTINUE; // Valid User exists in local DB } elseif (varset($pref['auth_badpassword'], TRUE)) { $result = LOGIN_TRY_OTHER; continue; // Should use alternate method for password auth } else { return $this->invalidLogin($username, LOGIN_ABORT); } } } else { if ($method != 'none') { $auth_file = e_PLUGIN . 'alt_auth/' . $method . '_auth.php'; if (file_exists($auth_file)) { require_once e_PLUGIN . 'alt_auth/alt_auth_login_class.php'; $al = new alt_login($method, $username, $userpass); $result = $al->loginResult; switch ($result) { case LOGIN_ABORT: return $this->invalidLogin($username, LOGIN_ABORT); break; case LOGIN_DB_ERROR: return $this->invalidLogin($username, LOGIN_DB_ERROR); break; case AUTH_SUCCESS: $authorized = true; break; case LOGIN_TRY_OTHER: continue; break; } } } } if ($result === LOGIN_CONTINUE) { break; } } } $username = preg_replace("/\\sOR\\s|\\=|\\#/", "", $username); // Check secure image if (!$forceLogin && $pref['logcode'] && extension_loaded('gd')) { require_once e_HANDLER . "secure_img_handler.php"; $sec_img = new secure_image(); if (!$sec_img->verify_code($_POST['rand_num'], $_POST['code_verify'])) { // Invalid code return $this->invalidLogin($username, LOGIN_BAD_CODE); } } if (empty($this->userData)) { if (!$this->lookupUser($username, $forceLogin)) { return $this->invalidLogin($username, LOGIN_BAD_USERNAME); // User doesn't exist } } if ($authorized !== true && $this->checkUserPassword($username, $userpass, $response, $forceLogin) !== true) { return $this->invalidLogin($username, LOGIN_BAD_PW); } // Check user status switch ($this->userData['user_ban']) { case USER_REGISTERED_NOT_VALIDATED: // User not fully signed up - hasn't activated account. return $this->invalidLogin($username, LOGIN_NOT_ACTIVATED); case USER_BANNED: // User banned return $this->invalidLogin($username, LOGIN_BANNED, $this->userData['user_id']); case USER_VALIDATED: // Valid user break; // Nothing to do ATM // Nothing to do ATM case USER_EMAIL_BOUNCED: $bounceLAN = "Emails to [x] are bouncing back. Please [verify your email address is correct]."; //TODO LAN $bounceMessage = $tp->lanVars($bounceLAN, $this->userData['user_email'], true); $bounceMessage = str_replace(array('[', ']'), array("<a href='" . e_HTTP . "usersettings.php'>", "</a>"), $bounceMessage); e107::getMessage()->addWarning($bounceMessage, 'default', true); break; default: // May want to pick this up } // User is OK as far as core is concerned // $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","User login",'User passed basics',FALSE,LOG_TO_ROLLING); if ($this->passResult !== FALSE && $this->passResult !== PASSWORD_VALID) { // May want to rewrite password using salted hash (or whatever the preferred method is) - $pass_result has the value to write // If login by email address also allowed, will have to write that value too // $sql->update('user',"`user_password` = '{$pass_result}' WHERE `user_id`=".intval($this->userData['user_id'])); } $userpass = ''; // Finished with any plaintext password - can get rid of it $ret = $e_event->trigger("preuserlogin", $username); if ($ret != '') { return $this->invalidLogin($username, LOGIN_BAD_TRIGGER, $ret); } // Trigger events happy as well $user_id = $this->userData['user_id']; $user_name = $this->userData['user_name']; $user_admin = $this->userData['user_admin']; $user_email = $this->userData['user_email']; /* restrict more than one person logging in using same us/pw */ if ($pref['disallowMultiLogin']) { if ($sql->db_Select("online", "online_ip", "online_user_id='" . $user_id . "." . $user_name . "'")) { return $this->invalidLogin($username, LOGIN_MULTIPLE, $user_id); } } // User login definitely accepted here $cookieval = $this->userMethods->makeUserCookie($this->userData, $autologin); // Calculate class membership - needed for a couple of things // Problem is that USERCLASS_LIST just contains 'guest' and 'everyone' at this point $class_list = $this->userMethods->addCommonClasses($this->userData, TRUE); $user_logging_opts = e107::getConfig()->get('user_audit_opts'); if (isset($user_logging_opts[USER_AUDIT_LOGIN]) && in_array(varset($pref['user_audit_class'], ''), $class_list)) { // Need to note in user audit trail $this->e107->admin_log->user_audit(USER_AUDIT_LOGIN, '', $user_id, $user_name); } $edata_li = array('user_id' => $user_id, 'user_name' => $user_name, 'class_list' => implode(',', $class_list), 'remember_me' => $autologin, 'user_admin' => $user_admin, 'user_email' => $user_email); e107::getEvent()->trigger("login", $edata_li); if ($_E107['cli']) { return $cookieval; } if (in_array(e_UC_NEWUSER, $class_list)) { if (time() > $this->userData['user_join'] + varset($pref['user_new_period'], 0) * 86400) { // 'New user' probationary period expired - we can take them out of the class $this->userData['user_class'] = $this->e107->user_class->ucRemove(e_UC_NEWUSER, $this->userData['user_class']); // $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login new user complete",$this->userData['user_class'],FALSE,FALSE); $sql->update('user', "`user_class` = '" . $this->userData['user_class'] . "'", 'WHERE `user_id`=' . $this->userData['user_id']); unset($class_list[e_UC_NEWUSER]); $edata_li = array('user_id' => $user_id, 'user_name' => $username, 'class_list' => implode(',', $class_list), 'user_email' => $user_email); $e_event->trigger('userNotNew', $edata_li); } } if ($noredirect) { return true; } $redir = e_REQUEST_URL; //$redir = e_SELF; //if (e_QUERY) $redir .= '?'.str_replace('&','&',e_QUERY); if (isset($pref['frontpage_force']) && is_array($pref['frontpage_force'])) { // See if we're to force a page immediately following login - assumes $pref['frontpage_force'] is an ordered list of rules // $log_info = "New user: "******" Class: ".$this->userData['user_class']." Admin: ".$this->userData['user_admin']." Perms: ".$this->userData['user_perms']; // $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Login Start",$log_info,FALSE,FALSE); // FIXME - front page now supports SEF URLs - make a check here foreach ($pref['frontpage_force'] as $fk => $fp) { if (in_array($fk, $class_list)) { // We've found the entry of interest if (strlen($fp)) { if (strpos($fp, 'http') === FALSE) { $fp = str_replace(e_HTTP, '', $fp); // This handles sites in a subdirectory properly (normally, will replace nothing) $fp = SITEURL . $fp; } //$redir = ((strpos($fp, 'http') === FALSE) ? SITEURL : '').$tp->replaceConstants($fp, TRUE, FALSE); $redir = e107::getParser()->replaceConstants($fp, TRUE, FALSE); // $this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Redirect active",$redir,FALSE,FALSE); } break; } } } $redirPrev = e107::getRedirect()->getPreviousUrl(); if ($redirPrev) { e107::getRedirect()->redirect($redirPrev); } e107::getRedirect()->redirect($redir); exit; }
public function login($redirectUrl = true) { if (!e107::getPref('social_login_active', false)) { throw new Exception("Signup failed! This feature is disabled.", 100); // TODO lan } if (!$this->getProvider()) { throw new Exception("Login failed! Wrong provider.", 22); // TODO lan } if ($redirectUrl) { if (true === $redirectUrl) { $redirectUrl = SITEURL; } elseif (strpos($redirectUrl, 'http://') !== 0 && strpos($redirectUrl, 'https://') !== 0) { $redirectUrl = e107::getUrl()->create($redirectUrl); } } if (e107::getUser()->isUser()) { if ($redirectUrl) { e107::getRedirect()->redirect($redirectUrl); } return true; } $this->adapter = $this->hybridauth->authenticate($this->getProvider()); $check = e107::getUser()->setProvider($this)->loginProvider($this->userId(), false); if ($redirectUrl) { e107::getRedirect()->redirect($redirectUrl); } return $check; }
/** * @param $url */ private function redirect($url) { if (E107_DEBUG_LEVEL > 0) { require_once HEADERF; e107::getRender()->tablerender('Debug', "Redirecting to: <a href='" . $url . "'>" . $url . "</a>"); require_once FOOTERF; exit; } e107::getRedirect()->go($url); }
function displayLinkComment() { global $qs, $cobj, $linkbutton_count, $lc, $rowl, $link_shortcodes, $linkspage_pref, $LINK_APPEND; $db = e107::getDb(); $template = e107::getTemplate('links_page', 'links_page'); $tp = e107::getParser(); if (!(isset($linkspage_pref["link_comment"]) && $linkspage_pref["link_comment"])) { //jsx_location(e107::url('links_page', 'index')); $url = e107::url('links_page', 'index'); e107::getRedirect()->go($url); } else { $qry = "\n\t\tSELECT l.*, lc.*, COUNT(c.comment_id) AS link_comment\n\t\tFROM #links_page AS l\n\t\tLEFT JOIN #links_page_cat AS lc ON lc.link_category_id = l.link_category\n\t\tLEFT JOIN #comments as c ON c.comment_item_id=l.link_id AND comment_type='links_page'\n\t\tWHERE l.link_active = 1 AND l.link_id = '" . intval($qs[1]) . "' AND lc.link_category_class REGEXP '" . e_CLASS_REGEXP . "' AND l.link_class REGEXP '" . e_CLASS_REGEXP . "'\n\t\tGROUP BY l.link_id"; $link_comment_table_string = ""; if (!($linkcomment = $db->gen($qry))) { //jsx_location(e107::url('links_page', 'index')); $url = e107::url('links_page', 'index'); e107::getRedirect()->go($url); } else { $rowl = $db->fetch(); $linkbutton_count = $rowl['link_button'] ? $linkbutton_count + 1 : $linkbutton_count; $LINK_APPEND = $lc->parse_link_append($rowl); $subject = $rowl['link_name']; $text = $tp->parseTemplate($template['LINK_TABLE_START'], FALSE, $link_shortcodes); $text .= $tp->parseTemplate($template['LINK_TABLE'], FALSE, $link_shortcodes); $text .= $tp->parseTemplate($template['LINK_TABLE_END'], FALSE, $link_shortcodes); $navigator = displayNavigator(); $text = $navigator . $text; e107::getRender()->tablerender(LAN_LINKS_36, $text); $cobj->compose_comment("links_page", "comment", $qs[1], $width, $subject, $showrate = FALSE); } } return; }
list($id, $from) = explode(".", e_QUERY); $forumId = intval($id); $threadFrom = intval($from); unset($id, $from); } if (!$forum->checkPerm($forumId, 'view')) { // header('Location:'.e107::getUrl()->create('forum/forum/main')); $url = e107::url('forum', 'index', 'full'); if (E107_DEBUG_LEVEL > 0) { print_a($_REQUEST); print_a($_GET); echo __FILE__ . ' Line: ' . __LINE__; echo " forumId: " . $forumId; exit; } e107::getRedirect()->go($url); exit; } $forumInfo = $forum->forumGet($forumId); $threadsViewed = $forum->threadGetUserViewed(); if (!vartrue($FORUM_VIEW_START)) { if (file_exists(THEME . 'forum_viewforum_template.php')) { require_once THEME . 'forum_viewforum_template.php'; } elseif (file_exists(THEME . 'forum_template.php')) { require_once THEME . 'forum_template.php'; } else { require_once e_PLUGIN . 'forum/templates/forum_viewforum_template.php'; } } if (is_array($FORUM_VIEWFORUM_TEMPLATE) && deftrue('BOOTSTRAP', false)) { $FORUM_VIEW_START_CONTAINER = $FORUM_VIEWFORUM_TEMPLATE['start'];
function submitPage($mode = FALSE, $type = FALSE) { global $e107cache, $admin_log, $e_event; $frm = e107::getForm(); $sql = e107::getDb(); $tp = e107::getParser(); $ns = e107::getRender(); $mes = e107::getMessage(); $page_title = $tp->toDB($_POST['page_title']); // print_a($_POST); // if(is_array($_POST['data']) && is_array($_POST['subtitle'])) $newData = array(); foreach ($_POST as $k => $v) { if (substr($k, 0, 4) == 'data' && trim($v) != '') { list($tm, $key) = explode("_", $k); if ($mode == FALSE) { $newData[] = "[newpage=" . $_POST['page_subtitle'][$key] . "]\n"; } $newData[] = $v; } // return; } // return; $newData = implode("\n\n", $newData); // echo nl2br($newData); $page_text = $tp->toDB($newData); $pauthor = $_POST['page_display_authordate_flag'] ? USERID : 0; // Ideally, this check should be done in the front-end. $update = 0; // Make sure some updates happen $page_sef = ''; $page_metad = ''; $page_metak = ''; if (!$type) { if (!empty($_POST['page_sef'])) { $page_sef = eHelper::secureSef($_POST['page_sef']); } if (empty($page_sef)) { $page_sef = eHelper::title2sef($_POST['page_title']); } if (!empty($_POST['page_metadscr'])) { $page_metad = $tp->toDB(eHelper::formatMetaDescription($_POST['page_metadscr'])); } if (!empty($_POST['page_metakeys'])) { $page_metak = eHelper::formatMetaKeys($_POST['page_metakeys']); } } if (!$type && (!$page_title || !$page_sef)) { e107::getMessage()->addError(CUSLAN_34, 'default', true); e107::getRedirect()->redirect(e_ADMIN_ABS . 'cpage.php'); } // FIXME Causes false positives on Update.. - what is trying to be achieved with this check? /* if(!$type && $sql->db_Count('page', '(page_id)', ($mode ? "page_id != {$mode} AND " : '')."page_sef != '{$page_sef}'")) { e107::getMessage()->addError(CUSLAN_34, 'default', true); e107::getMessage()->addDebug("type=".$type, 'default', true); e107::getMessage()->addDebug("page_title=".$page_title, 'default', true); e107::getMessage()->addDebug("page_sef=".$page_sef, 'default', true); e107::getMessage()->addDebug("Mode=".$mode, 'default', true); e107::getRedirect()->redirect(e_ADMIN_ABS.'cpage.php'); } */ if ($type && empty($_POST['menu_name'])) { e107::getMessage()->addError(CUSLAN_36, 'default', true); e107::getRedirect()->redirect(e_ADMIN_ABS . 'cpage.php'); } if ($mode) { // Saving existing page/menu after edit // Don't think $_POST['page_ip_restrict'] is ever set. $menuname = $type && vartrue($_POST['menu_name']) ? ", page_theme = '" . $tp->toDB($_POST['menu_name']) . "'" : ""; $status = $sql->db_Update("page", "page_title='{$page_title}', page_sef='{$page_sef}', page_chapter='" . intval($_POST['page_chapter']) . "', page_metakeys='{$page_metak}', page_metadscr='{$page_metad}', page_text='{$page_text}', page_datestamp='" . time() . "', page_author='{$pauthor}', page_rating_flag='" . intval($_POST['page_rating_flag']) . "', page_comment_flag='" . intval($_POST['page_comment_flag']) . "', page_password='******'page_password'] . "', page_class='" . $_POST['page_class'] . "', page_ip_restrict='" . varset($_POST['page_ip_restrict'], '') . "', page_template='" . $_POST['page_template'] . "' {$menuname} WHERE page_id='{$mode}'") ? E_MESSAGE_SUCCESS : E_MESSAGE_ERROR; if ($status == E_MESSAGE_SUCCESS) { $update++; } $mes->add($message, $status); $admin_log->log_event('CPAGE_02', $mode . '[!br!]' . $page_title . '[!br!]' . $pauthor, E_LOG_INFORMATIVE, ''); $e107cache->clear("page_{$mode}"); $e107cache->clear("page-t_{$mode}"); $data = array('method' => 'update', 'table' => 'page', 'id' => $mode, 'plugin' => 'page', 'function' => 'submitPage'); $this->message = $e_event->triggerHook($data); if ($type) { $menu_name = $tp->toDB($_POST['menu_name']); // not to be confused with menu-caption. // Need to check whether menu already in table, else we can't distinguish between a failed update and no update needed if ($sql->db_Select('menus', 'menu_name', "`menu_path` = '{$mode}'")) { // Updating existing entry if ($sql->db_Update('menus', "menu_name='{$menu_name}' WHERE menu_path='{$mode}' ") !== FALSE) { $update++; } } } //$url = e107::getUrl()->sc('page/view', array('name' => $tp->post_toForm($_POST['page_title']), 'id' => $mode)); /* // Prevent links being updated in another language unless the table is present. if((($pref['sitelanguage'] != $sql->mySQLlanguage) && ($sql->mySQLlanguage!='')) && ($sql->db_IsLang("links")=='links')) { //echo "DISABLED LINK CREATION"; //echo ' Sitelan='.$pref['sitelanguage']; //echo " Dblang=".$sql->mySQLlanguage; //echo " Links=".$sql->db_IsLang("links"); return; } if ($_POST['page_link']) { // FIXME extremely ugly, just join on created link ID by new field page_link if ($sql->db_Select("links", "link_id", "link_url='".$url."' && link_name!='".$tp->toDB($_POST['page_link'])."'")) { $sql->db_Update("links", "link_name='".$tp->toDB($_POST['page_link'])."' WHERE link_url='".$url."'"); $update++; $e107cache->clear("sitelinks"); } else if (!$sql->db_Select("links", "link_id", "link_url='".$url."'")) { $sql->db_Insert("links", "0, '".$tp->toDB($_POST['page_link'])."', '".$url."', '', '', 1, 0, 0, 0, ".$_POST['page_class']); $update++; $e107cache->clear("sitelinks"); } } else { if ($sql->db_Select("links", "link_id", "link_url='".$url."'")) { $sql->db_Delete("links", "link_url='".$url."'"); $update++; $e107cache->clear("sitelinks"); } }*/ $mes = e107::getMessage(); $mes->autoMessage($update, 'update', LAN_UPDATED, false, false); // Display result of update } else { // New page/menu $menuname = $type ? $tp->toDB($_POST['menu_name']) : ""; $addMsg = $type ? CUSLAN_51 : CUSLAN_27; $info = array('page_title' => $page_title, 'page_sef' => $page_sef, 'page_chapter' => varset($_POST['page_chapter'], 0), 'page_metakeys' => $page_metak, 'page_metadscr' => $page_metad, 'page_text' => $page_text, 'page_author' => $pauthor, 'page_datestamp' => time(), 'page_rating_flag' => varset($_POST['page_rating_flag'], 0), 'page_comment_flag' => varset($_POST['page_comment_flag'], ''), 'page_password' => varset($_POST['page_password'], ''), 'page_class' => varset($_POST['page_class'], e_UC_PUBLIC), 'page_ip_restrict' => '', 'page_theme' => $menuname, 'page_template' => varset($_POST['page_template'], '')); $pid = e107::getMessage()->autoMessage($sql->db_Insert('page', $info), 'insert', $addMsg, LAN_CREATED_FAILED, false); $admin_log->log_event('CPAGE_01', $menuname . '[!br!]' . $page_title . '[!br!]' . $pauthor, E_LOG_INFORMATIVE, ''); if ($type) { $info = array('menu_name' => $menuname, 'menu_location' => 0, 'menu_order' => 0, 'menu_class' => '0', 'menu_pages' => '', 'menu_path' => $pid); e107::getMessage()->autoMessage($sql->db_Insert('menus', $info), 'insert', CUSLAN_52, LAN_CREATED_FAILED, false); } /*if(vartrue($_POST['page_link'])) { //$link = 'page.php?'.$pid; $url = e107::getUrl()->sc('page/view', array('name' => $tp->post_toForm($_POST['page_title']), 'id' => $pid)); if (!$sql->db_Select("links", "link_id", "link_name='".$tp->toDB($_POST['page_link'])."'")) { $linkname = $tp->toDB($_POST['page_link']); $sql->db_Insert("links", "0, '{$linkname}', '{$url}', '', '', 1, 0, 0, 0, ".$_POST['page_class']); $e107cache->clear("sitelinks"); } }*/ $data = array('method' => 'create', 'table' => 'page', 'id' => $pid, 'plugin' => 'page', 'function' => 'submitPage'); $this->message = $e_event->triggerHook($data); } }
<?php /* + ----------------------------------------------------------------------------+ | e107 website system | | Copyright (C) 2008-2009 e107 Inc | http://e107.org | | | Released under the terms and conditions of the | GNU General Public License (http://gnu.org). | | $Source: /cvs_backup/e107_0.8/download.php,v $ | $Revision$ | $Date$ | $Author$ | +----------------------------------------------------------------------------+ */ require_once "class2.php"; $query = e_QUERY ? "?" . str_replace("&", "&", e_QUERY) : ""; e107::getRedirect()->go(e_PLUGIN . "download/download.php" . $query, true); //require_once(e_PLUGIN."download/download.php"); exit;