function loadTextFromArgs($arg, $postmode = '')
{
if (!empty($postmode)) {
$this->setPostmode($postmode);
}
if ($this->_postmode == 'html' || $this->_postmode == 'wikitext') {
$this->_text = COM_checkHTML(COM_checkWords($arg), 'story.edit');
} else {
$this->_text = COM_makeClickableLinks(htmlspecialchars(COM_checkWords($arg)));
}
return $this->_text;
}
function phpblock_whos_new()
{
global $_CONF, $_TABLES, $_IMAGE_TYPE;
// Set the number of new members to show
$numToShow = 5;
$result = DB_query("SELECT uid,username,photo FROM {$_TABLES['users']} WHERE status = " . USER_ACCOUNT_ACTIVE . " ORDER BY regdate DESC LIMIT {$numToShow}");
$nrows = DB_numRows($result);
for ($i = 0; $i < $nrows; $i++) {
$A = DB_fetchArray($result);
$retval .= '<a href="' . $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $A['uid'] . '" rel="nofollow">' . COM_checkWords($A['username']) . '</a>';
if (!empty($A['photo']) and $_CONF['allow_user_photo'] == 1) {
$retval .= ' <a href="' . $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $A['uid'] . '" rel="nofollow"><img src="' . $_CONF['layout_url'] . '/images/smallcamera.' . $_IMAGE_TYPE . '" border="0" alt=""></a>';
}
$retval .= '<br>';
}
return $retval;
}
function _mg_user_create($uid, $force = 0)
{
global $_TABLES, $_MG_CONF, $LANG_MG01;
$sql = "INSERT INTO {$_TABLES['mg_userprefs']} (uid, active, display_rows, display_columns, mp3_player, playback_mode, tn_size, quota, member_gallery) VALUES (" . (int) $uid . ",1,0,0,-1,-1,-1," . $_MG_CONF['member_quota'] . ",0)";
DB_query($sql, 1);
$retval = -1;
if ($force == 1 || $_MG_CONF['member_albums'] == 1 && $_MG_CONF['member_auto_create'] == 1) {
$username = DB_getItem($_TABLES['users'], 'username', 'uid=' . (int) $uid);
$fullname = DB_getItem($_TABLES['users'], 'fullname', 'uid=' . (int) $uid);
$grp_id = DB_getItem($_TABLES['groups'], 'grp_id', 'grp_name="mediagallery Admin"');
if ($grp_id == NULL || $grp_id == '' || $grp_id < 2) {
$grp_id = 2;
}
$album = new mgAlbum();
//$_MG_CONF['member_use_fullname'] does not seem to be set..
$title = $username . $LANG_MG01['member_album_postfix'];
if (!empty($fullname) && (isset($_MG_CONF['member_use_fullname']) && $_MG_CONF['member_use_fullname'] == 1)) {
$title = $fullname . $LANG_MG01['member_album_postfix'];
}
$album->title = htmlspecialchars(strip_tags(COM_checkWords($title)));
$album->parent = $_MG_CONF['member_album_root'];
$album->group_id = $grp_id;
$album->mod_group_id = $grp_id;
$album->owner_id = $uid;
$album->moderate = $_MG_CONF['member_moderate'];
$album->email_mod = $_MG_CONF['member_email_mod'];
$album->perm_owner = $_MG_CONF['member_perm_owner'];
$album->perm_group = $_MG_CONF['member_perm_group'];
$album->perm_members = $_MG_CONF['member_perm_members'];
$album->perm_anon = $_MG_CONF['member_perm_anon'];
$album->id = $album->createAlbumID();
$retval = $album->id;
$album->saveAlbum();
$result = DB_query("UPDATE {$_TABLES['mg_userprefs']} SET member_gallery=1 WHERE uid=" . (int) $uid, 1);
}
return $retval;
}
echo COM_siteHeader();
echo FF_alertMessage($LANG_GF02['msg02'], $LANG_GF02['msg171']);
echo COM_siteFooter();
exit;
}
if (!_ff_canUserViewRating($forum)) {
echo COM_siteHeader();
echo FF_alertMessage($LANG_GF02['msg02'], $LANG_GF02['msg171']);
echo COM_siteFooter();
exit;
}
$result = DB_query("SELECT * FROM {$_TABLES['ff_topic']} WHERE (id=" . (int) $id . ")");
$A = DB_fetchArray($result);
if ($_FF_CONF['allow_smilies']) {
$search = array(":D", ":)", ":(", "8O", ":?", "B)", ":lol:", ":x", ":P", ":oops:", ":o", ":cry:", ":evil:", ":twisted:", ":roll:", ";)", ":!:", ":question:", ":idea:", ":arrow:", ":|", ":mrgreen:", ":mrt:", ":love:", ":cat:");
$replace = array("<img style=\"vertical-align:middle;\" src='images/smilies/biggrin.gif' alt='Big Grin'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/smile.gif' alt='Smile'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/frown.gif' alt='Frown'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/eek.gif' alt='Eek!'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/confused.gif' alt='Confused'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/cool.gif' alt='Cool'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/lol.gif' alt='Laughing Out Loud'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/mad.gif' alt='Angry'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/razz.gif' alt='Razz'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/redface.gif' alt='Oops!'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/surprised.gif' alt='Surprised!'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/cry.gif' alt='Cry'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/evil.gif' alt='Evil'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/twisted.gif' alt='Twisted Evil'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/rolleyes.gif' alt='Rolling Eyes'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/wink.gif' alt='Wink'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/exclaim.gif' alt='Exclaimation'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/question.gif' alt='Question'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/idea.gif' alt='Idea'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/arrow.gif' alt='Arrow'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/neutral.gif' alt='Neutral'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/mrgreen.gif' alt='Mr. Green'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/mrt.gif' alt='Mr. T'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/heart.gif' alt='Love'/>", "<img style=\"vertical-align:middle;\" src='images/smilies/cat.gif' alt='Kitten'/>");
}
$A["name"] = COM_checkWords($A["name"]);
$A["name"] = @htmlspecialchars($A["name"], ENT_QUOTES, COM_getEncodingt());
$A["subject"] = COM_checkWords($A["subject"]);
$A["subject"] = stripslashes(@htmlspecialchars($A["subject"], ENT_QUOTES, COM_getEncodingt()));
$A['comment'] = ff_FormatForPrint($A['comment'], $A['postmode'], '', $A['status']);
list($cacheFile, $style_cache_url) = COM_getStyleCacheLocation();
$date = strftime('%B %d %Y @ %I:%M %p', $A['date']);
echo "\n <html>\n <head>\n <title>{$_CONF['site_name']} - " . $LANG_GF02['msg147'] . " {$A['id']}]</title>\n <link rel=\"stylesheet\" type=\"text/css\" href=\"{$style_cache_url}\">\n </head>\n <body onload=\"window.print();\">\n <div style=\"box-sizing: border-box;max-width:980px;padding:0px 25px;\">\n <font face=\"verdana\" size=\"2\">\n <h3>{$LANG_GF01['SUBJECT']}: {$A['subject']}</h3>\n <b>{$LANG_GF01['POSTEDON']}:</b> {$date}\n <br>\n <b>{$LANG_GF01['BY']}</b> {$A['name']}\n <br>\n <br>\n <b>{$LANG_GF01['CONTENT']}:</b>\n <p>{$A['comment']}</p>\n <hr width=\"25%\" align=\"left\">\n\n <br>\n <b>{$LANG_GF01['REPLIES']}:</b>\n <hr width=\"50%\" align=\"left\">\n <br>\n";
$result2 = DB_query("SELECT * FROM {$_TABLES['ff_topic']} WHERE (pid=" . (int) $id . ")");
while ($B = DB_fetchArray($result2)) {
$date = strftime('%B %d %Y @ %I:%M %p', $B['date']);
echo "\n\n <h4>{$B['subject']}</h4>\n <b>{$LANG_GF01['POSTEDON']}:</b> {$date}\n <br>\n <b>{$LANG_GF01['BY']}</b> {$B['name']}\n <br>\n <br>\n <b>{$LANG_GF01['CONTENT']}:</b>\n <p>" . ff_FormatForPrint($B['comment'], $B['postmode']) . "</p>\n <hr width=\"25%\" align=\"left\">\n\n";
}
echo "\n\n <p>{$_CONF['site_name']} - {$LANG_GF01['FORUM']}<br/>\n <a href=\"{$_CONF['site_url']}/forum/viewtopic.php?showtopic={$A['id']}\">{$_CONF['site_url']}/forum/viewtopic.php?showtopic={$A['id']}</a>\n </p>\n\n </font>\n </div>\n </body>\n </html>\n";
/**
* Create "What's Related" links for a story
* Creates an HTML-formatted list of links to be used for the What's Related
* block next to a story (in article view).
*
* @param string $related contents of gl_stories 'related' field
* @param int $uid user id of the author
* @param int $sid story id
* @return string HTML-formatted list of links
*/
function STORY_whatsRelated($related, $uid, $sid)
{
global $_CONF, $_TABLES, $LANG24;
// Is it enabled?
// Disabled' => 0, 'Enabled' => 1, 'Enabled (No Links)' => 2, 'Enabled (No Outbound Links)' => 3
if ($_CONF['whats_related']) {
// get the links from the story text
if ($_CONF['whats_related'] != 2) {
if (!empty($related)) {
$rel = explode("\n", $related);
} else {
$rel = array();
}
// Used to hunt out duplicates. Stores urls that have already passed filters
$urls = array();
foreach ($rel as $key => &$value) {
if (preg_match("/<a[^>]*href=[\"']([^\"']*)[\"'][^>]*>(.*?)<\\/a>/i", $value, $matches) === 1) {
// Go through array and remove links with no link text except link. Since a max of only 23 characters of link text showen then compare only this
if (substr($matches[1], 0, 23) != substr($matches[2], 0, 23)) {
// Check if outbound links (if needed)
$passd_check = false;
if ($_CONF['whats_related'] == 3) {
// no outbound links
if ($_CONF['site_url'] == substr($matches[1], 0, strlen($_CONF['site_url']))) {
$passd_check = true;
}
} else {
$passd_check = true;
}
if ($passd_check) {
// Go through array and remove any duplicates of this link
if (in_array($matches[1], $urls)) {
// remove it from the array
unset($rel[$key]);
} else {
$urls[] = $matches[1];
// Now Check Words
$value = '<a href="' . $matches[1] . '">' . COM_checkWords($matches[2], 'story') . '</a>';
}
} else {
// remove it from the array
unset($rel[$key]);
}
} else {
// remove it from the array
unset($rel[$key]);
}
} else {
$value = COM_checkWords($value, 'story');
}
}
}
$topics = array();
if (!COM_isAnonUser() || $_CONF['loginrequired'] == 0 && $_CONF['searchloginrequired'] == 0) {
// add a link to "search by author"
if ($_CONF['contributedbyline'] == 1) {
$author = $LANG24[37] . ' ' . COM_getDisplayName($uid);
if ($_CONF['whats_related_trim'] > 0 && MBYTE_strlen($author) > $_CONF['whats_related_trim']) {
$author = substr($author, 0, $_CONF['whats_related_trim'] - 3) . '...';
}
$topics[] = "<a href=\"{$_CONF['site_url']}/search.php?mode=search&type=stories&author={$uid}\">{$author}</a>";
}
// Retrieve topics
$tids = TOPIC_getTopicIdsForObject('article', $sid, 0);
foreach ($tids as $tid) {
// add a link to "search by topic"
$topic = $LANG24[38] . ' ' . stripslashes(DB_getItem($_TABLES['topics'], 'topic', "tid = '{$tid}'"));
// trim topics if needed
if ($_CONF['whats_related_trim'] > 0 && MBYTE_strlen($topic) > $_CONF['whats_related_trim']) {
$topic = substr($topic, 0, $_CONF['whats_related_trim'] - 3) . '...';
}
$topics[] = '<a href="' . $_CONF['site_url'] . '/search.php?mode=search&type=stories&topic=' . $tid . '">' . $topic . '</a>';
}
}
// If line limit then split between related links and topics
if ($_CONF['whats_related_max'] > 0) {
if ($_CONF['whats_related_max'] < 3) {
$rel = array();
// Reset related links so at least user search and default topic search is displayed
$topics = array_slice($topics, 0, 2);
} else {
$rel_max_num_items = intval($_CONF['whats_related_max'] / 2);
$topic_max_num_items = $rel_max_num_items;
if ($rel_max_num_items + $topic_max_num_items != $_CONF['whats_related_max']) {
$topic_max_num_items = $topic_max_num_items + 1;
}
// Now check if we have enough topics to display else give it to links
$topic_num_items = count($topics);
$rel_num_items = count($rel);
$added_flag = false;
if ($topic_num_items < $topic_max_num_items) {
$rel_max_num_items = $rel_max_num_items + ($topic_max_num_items - $topic_num_items);
$added_flag = true;
}
if (!$added_flag && $rel_num_items < $rel_max_num_items) {
$topic_max_num_items = $topic_max_num_items + ($rel_max_num_items - $rel_num_items);
}
$rel = array_slice($rel, 0, $rel_max_num_items);
$topics = array_slice($topics, 0, $topic_max_num_items);
}
}
$result = array_merge($rel, $topics);
$related = '';
if (count($result) > 0) {
$related = COM_makeList($result, 'list-whats-related');
}
} else {
$related = '';
}
return $related;
}
function FF_lastx()
{
global $_CONF, $_TABLES, $_USER, $_FF_CONF, $LANG_GF01, $LANG_GF02, $LANG_GF92;
$retval = '';
$pageTitle = $LANG_GF01['LASTX'];
USES_lib_admin();
USES_lib_html2text();
$T = new Template($_CONF['path'] . 'plugins/forum/templates/');
$T->set_file('list', 'lists.thtml');
$dt = new Date('now', $_USER['tzid']);
$header_arr = array(array('text' => $LANG_GF01['FORUM'], 'field' => 'forum'), array('text' => $LANG_GF01['TOPIC'], 'field' => 'subject'), array('text' => $LANG_GF92['sb_latestposts'], 'field' => 'date', 'nowrap' => true));
$data_arr = array();
$text_arr = array();
if ($_FF_CONF['usermenu'] == 'navbar') {
$T->set_var('navbar', FF_NavbarMenu($LANG_GF01['LASTX']));
}
$T->set_var('block_start', COM_startBlock($LANG_GF01['LASTX'], '', COM_getBlockTemplate('_admin_block', 'header')));
$groups = array();
$usergroups = SEC_getUserGroups();
foreach ($usergroups as $group) {
$groups[] = $group;
}
$grouplist = implode(',', $groups);
if (!COM_isAnonUser() && $_FF_CONF['enable_user_rating_system']) {
$grade = (int) _ff_getUserRating((int) $_USER['uid']);
$ratingSQL = ' AND b.rating_view <= ' . $grade . ' ';
} else {
$ratingSQL = '';
}
$sql = "SELECT * ";
$sql .= "FROM {$_TABLES['ff_topic']} a ";
$sql .= "LEFT JOIN {$_TABLES['ff_forums']} b ON a.forum=b.forum_id ";
$sql .= "WHERE pid=0 AND b.grp_id IN ({$grouplist}) AND b.no_newposts = 0 " . $ratingSQL;
$sql .= "ORDER BY lastupdated DESC LIMIT {$_FF_CONF['show_last_post_count']}";
$result = DB_query($sql);
$nrows = DB_numRows($result);
$displayrecs = 0;
for ($i = 1; $i <= $nrows; $i++) {
$P = DB_fetchArray($result);
if ($_FF_CONF['use_censor']) {
$P['subject'] = COM_checkWords($P['subject']);
$P['comment'] = COM_checkWords($P['comment']);
}
$topic_id = $P['id'];
$displayrecs++;
$dt->setTimestamp($P['date']);
$firstdate = $dt->format($_FF_CONF['default_Datetime_format'], true);
$dt->setTimestamp($P['lastupdated']);
$lastdate = $dt->format($_FF_CONF['default_Datetime_format'], true);
if ($P['uid'] > 1) {
$topicinfo = "{$LANG_GF01['STARTEDBY']} " . COM_getDisplayName($P['uid']) . ', ';
} else {
$topicinfo = "{$LANG_GF01['STARTEDBY']} {$P['name']},";
}
$topicinfo .= "{$firstdate}<br/>{$LANG_GF01['VIEWS']}:{$P['views']}, {$LANG_GF01['REPLIES']}:{$P['replies']}<br/>";
if (empty($P['last_reply_rec']) || $P['last_reply_rec'] < 1) {
$lastid = $P['id'];
$testText = FF_formatTextBlock($P['comment'], 'text', 'text', $P['status']);
$testText = strip_tags($testText);
$html2txt = new html2text($testText, false);
$testText = trim($html2txt->get_text());
$lastpostinfogll = @htmlspecialchars(preg_replace('#\\r?\\n#', '<br>', strip_tags(substr($testText, 0, $_FF_CONF['contentinfo_numchars']) . '...')), ENT_QUOTES, COM_getEncodingt());
} else {
$qlreply = DB_query("SELECT id,uid,name,comment,date,status FROM {$_TABLES['ff_topic']} WHERE id={$P['last_reply_rec']}");
$B = DB_fetchArray($qlreply);
$lastid = $B['id'];
$lastcomment = $B['comment'];
$P['date'] = $B['date'];
if ($B['uid'] > 1) {
$topicinfo .= sprintf($LANG_GF01['LASTREPLYBY'], COM_getDisplayName($B['uid']));
} else {
$topicinfo .= sprintf($LANG_GF01['LASTREPLYBY'], $B['name']);
}
$testText = FF_formatTextBlock($B['comment'], 'text', 'text', $B['status']);
$testText = strip_tags($testText);
$html2txt = new html2text($testText, false);
$testText = trim($html2txt->get_text());
$lastpostinfogll = @htmlspecialchars(preg_replace('#\\r?\\n#', '<br>', strip_tags(substr($testText, 0, $_FF_CONF['contentinfo_numchars']) . '...')), ENT_QUOTES, COM_getEncodingt());
}
$link = '<a class="' . COM_getTooltipStyle() . '" style="text-decoration:none; white-space:nowrap;" href="' . $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . $topic_id . '&lastpost=true#' . $lastid . '" title="' . @htmlspecialchars($P['subject'], ENT_QUOTES, COM_getEncodingt()) . '::' . $lastpostinfogll . '" rel="nofollow">';
$topiclink = '<a class="' . COM_getTooltipStyle() . '" style="text-decoration:none;" href="' . $_CONF['site_url'] . '/forum/viewtopic.php?showtopic=' . $topic_id . '" title="' . @htmlspecialchars($P['subject'], ENT_QUOTES, COM_getEncodingt()) . '::' . $topicinfo . '">' . $P['subject'] . '</a>';
$dt->setTimestamp($P['date']);
$tdate = $dt->format($_FF_CONF['default_Datetime_format'], true);
$data_arr[] = array('forum' => $P['forum_name'], 'subject' => $topiclink, 'date' => $link . $tdate . '</a>');
if ($displayrecs >= $_FF_CONF['show_last_post_count']) {
break;
}
}
$T->set_var('list_data', ADMIN_simpleList("", $header_arr, $text_arr, $data_arr));
$T->set_var('block_end', COM_endBlock(COM_getBlockTemplate('_admin_block', 'footer')));
$T->parse('output', 'list');
$retval = $T->finish($T->get_var('output'));
return array($pageTitle, $retval);
}
/**
* Returns text ready for display.
*
* @param string $text Text to prepare for display
* @param string $postmode Indicates if text is html, adveditor, wikitext or plaintext
* @param int $version version of GLText engine
* @return string Escaped String
* @access public
*
*/
public static function getDisplayText($text, $postmode, $version)
{
if ($version == GLTEXT_FIRST_VERSION) {
// first version
if ($postmode == 'plaintext') {
$text = COM_nl2br($text);
}
if ($postmode == 'wikitext') {
$text = self::_editUnescape($text, $postmode);
$text = self::renderWikiText($text);
}
} else {
// latest version
if ($postmode == 'html' || $postmode == 'adveditor') {
// Get rid of any newline characters
$text = str_replace("\n", '', $text);
$text = self::_handleSpecialTag_callback($text, array('[code]', '[/code]', '<pre><code>', '</code></pre>'), '_escapeSPChars');
$text = self::_handleSpecialTag_callback($text, array('[raw]', '[/raw]', '<!--raw--><span class="raw">', '</span><!--/raw-->'), '_escapeSPChars');
}
if ($postmode == 'plaintext') {
$text = htmlspecialchars($text, ENT_QUOTES, COM_getEncodingt());
$text = COM_makeClickableLinks($text);
$text = COM_nl2br($text);
}
if ($postmode == 'wikitext') {
$text = self::_editUnescape($text, $postmode);
$text = self::renderWikiText($text);
// $text = self::_htmLawed($text, 'story.edit');
}
$text = COM_checkWords($text);
}
$text = PLG_replaceTags(self::_displayEscape($text));
return $text;
}
function MG_sendPostCard()
{
global $MG_albums, $_MG_CONF, $_CONF, $_TABLES, $_USER, $LANG_MG00, $LANG_MG02, $LANG_MG03, $LANG_ACCESS, $_POST;
global $LANG_DIRECTION, $LANG_CHARSET;
$mid = COM_sanitizeID(COM_applyFilter($_POST['mid'], true));
$toname = COM_applyFilter($_POST['toname']);
$toemail = COM_applyFilter($_POST['toemail']);
$fromname = COM_applyFilter($_POST['fromname']);
$fromemail = COM_applyFilter($_POST['fromemail']);
$subject = strip_tags(COM_checkWords($_POST['subject']));
$message = htmlspecialchars(strip_tags(COM_checkWords($_POST['message'])));
$ccself = isset($_POST['ccself']) ? 1 : 0;
$errCount = 0;
$msg = '';
if (!COM_isEmail($toemail)) {
$errCount++;
}
if (!COM_isEmail($fromemail)) {
$errCount++;
}
if (empty($subject)) {
$errCount++;
}
if (empty($message)) {
$errCount++;
}
$captchaString = isset($_POST['captcha']) ? $_POST['captcha'] : '';
$msg = PLG_itemPreSave('mediagallery', $captchaString);
if ($msg != '') {
$errCount++;
}
if ($errCount > 0) {
return MG_editPostCard('edit', $mid, $msg);
}
$retval = '';
$aid = DB_getItem($_TABLES['mg_media_albums'], 'album_id', 'media_id="' . DB_escapeString($mid) . '"');
if ($MG_albums[$aid]->access == 0 || $MG_albums[$aid]->enable_postcard == 0 || COM_isAnonUser() && $MG_albums[$aid]->enable_postcard != 2) {
$retval = MG_siteHeader();
$retval .= COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true);
$retval .= MG_siteFooter();
echo $retval;
exit;
}
$sql = "SELECT * FROM {$_TABLES['mg_media_albums']} as ma LEFT JOIN " . $_TABLES['mg_media'] . " as m " . " ON ma.media_id=m.media_id WHERE m.media_id='" . DB_escapeString($mid) . "'";
$result = DB_query($sql);
$nRows = DB_numRows($result);
if ($nRows < 1) {
$retval = MG_siteHeader();
$retval .= COM_showMessageText($LANG_MG00['access_denied_msg'], $LANG_ACCESS['accessdenied'], true);
$retval .= MG_siteFooter();
echo $retval;
exit;
}
$M = DB_fetchArray($result);
// trim the database
$purgeDate = time() - $_MG_CONF['postcard_retention'] * 86400;
DB_query("DELETE FROM {$_TABLES['mg_postcard']} WHERE pc_time < " . $purgeDate);
// save this one in the database
$newsubject = DB_escapeString($subject);
$newmessage = DB_escapeString($message);
$pcId = COM_makesid();
$pc_time = time();
if (COM_isAnonUser()) {
$uid = 1;
} else {
$uid = (int) $_USER['uid'];
}
$sql = "INSERT INTO {$_TABLES['mg_postcard']} (pc_id,mid,to_name,to_email,from_name,from_email,subject,message,pc_time,uid) VALUES ('{$pcId}','" . DB_escapeString($mid) . "','" . DB_escapeString($toname) . "','" . DB_escapeString($toemail) . "','" . DB_escapeString($fromname) . "','" . DB_escapeString($fromemail) . "','{$newsubject}','{$newmessage}',{$pc_time},{$uid})";
$result = DB_query($sql);
if (DB_error()) {
COM_errorLog("Media Gallery: Error saving postcard");
}
COM_clearSpeedlimit($_CONF['commentspeedlimit'], 'mgpostcard');
$last = COM_checkSpeedlimit('mgpostcard');
if ($last > 0) {
$msg = sprintf($LANG_MG02['postcard_speedlimit'], $last);
return MG_errorHandler($msg);
}
$alternate_link = $_MG_CONF['site_url'] . '/getcard.php?id=' . $pcId;
// build the template...
$T = new Template(MG_getTemplatePath($aid));
$T->set_file('postcard', 'postcard.thtml');
$media_size = @getimagesize($_MG_CONF['path_mediaobjects'] . 'tn/' . $M['media_filename'][0] . '/' . $M['media_filename'] . '.jpg');
if (empty($LANG_DIRECTION)) {
// default to left-to-right
$direction = 'ltr';
} else {
$direction = $LANG_DIRECTION;
}
if (empty($LANG_CHARSET)) {
$charset = $_CONF['default_charset'];
if (empty($charset)) {
$charset = 'iso-8859-1';
}
} else {
$charset = $LANG_CHARSET;
}
$T->set_var(array('s_form_action' => $_MG_CONF['site_url'] . '/postcard.php', 'direction' => $direction, 'charset' => $charset, 'mid' => $mid, 'media_title' => $M['media_title'], 'alt_media_title' => htmlspecialchars(strip_tags($M['media_title'])), 'media_description' => isset($M['media_description']) ? $M['media_description'] : '', 'media_url' => $_MG_CONF['site_url'] . '/media.php?s=' . $mid, 'media_image' => $_MG_CONF['mediaobjects_url'] . '/disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . '.jpg', 'site_url' => $_MG_CONF['site_url'] . '/', 'postcard_subject' => $subject, 'postcard_message' => nl2br($message), 'from_email' => $fromemail, 'site_name' => $_CONF['site_name'], 'site_slogan' => $_CONF['site_slogan'], 'to_name' => $toname, 'from_name' => $fromname, 'pc_id' => $pcId, 'lang_to_name' => $LANG_MG03['to_name'], 'lang_to_email' => $LANG_MG03['to_email'], 'lang_from_name' => $LANG_MG03['from_name'], 'lang_from_email' => $LANG_MG03['from_email'], 'lang_subject' => $LANG_MG03['subject'], 'lang_send' => $LANG_MG03['send'], 'lang_cancel' => $LANG_MG03['cancel'], 'lang_preview' => $LANG_MG03['preview'], 'lang_unable_view' => $LANG_MG03['unable_to_view_postcard'], 'lang_postcard_from' => $LANG_MG03['postcard_from'], 'lang_to' => $LANG_MG03['to'], 'lang_from' => $LANG_MG03['from'], 'lang_visit' => $LANG_MG03['visit']));
$T->parse('output', 'postcard');
$retval .= $T->finish($T->get_var('output'));
$msgData['subject'] = htmlspecialchars($subject);
$msgData['htmlmessage'] = $retval;
$msgData['textmessage'] = sprintf($LANG_MG03['text_body_email'], $fromname, $alternate_link);
$msgData['from']['email'] = $fromemail;
$msgData['from']['name'] = $fromname;
$msgData['to'][] = array('email' => $toemail, 'name' => $toname);
if ($ccself) {
$msgData['to'][] = array('email' => $fromemail, 'name' => $fromname);
}
foreach ($_MG_CONF['validExtensions'] as $tnext) {
if (file_exists($_MG_CONF['path_mediaobjects'] . 'disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . $tnext)) {
$msgData['embeddedImage'][] = array('file' => $_MG_CONF['path_mediaobjects'] . 'disp/' . $M['media_filename'][0] . '/' . $M['media_filename'] . $tnext, 'name' => "pc-image", 'filename' => $M['media_original_filename'], 'encoding' => 'base64', 'mime' => $M['mime_type']);
}
}
$msgData['embeddedImage'][] = array('file' => MG_getImageFilePath('stamp.gif'), 'name' => "stamp", 'filename' => 'stamp.gif', 'encoding' => 'base64', 'mime' => 'image/gif');
COM_emailNotification($msgData);
$msgNo = 8;
// update the sent post card database...Or maybe just log it in an error log?
$logentry = $fromname . " sent a postcard to " . $toname . " (" . $toemail . ") using media id " . $mid;
MG_postcardLog($logentry);
COM_updateSpeedlimit('mgpostcard');
header("Location: " . $_MG_CONF['site_url'] . '/media.php?msg=' . $msgNo . '&s=' . $mid);
exit;
}
/**
* Submit static page. The page is updated if it exists, or a new one is created
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_submit_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $_GROUPS, $_SP_CONF;
if (!$_CONF['disable_webservices']) {
require_once $_CONF['path_system'] . 'lib-webservices.php';
}
$output = '';
if (!SEC_hasRights('staticpages.edit')) {
$output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
$output .= COM_startBlock($LANG_STATIC['access_denied'], '', COM_getBlockTemplate('_msg_block', 'header'));
$output .= $LANG_STATIC['access_denied_msg'];
$output .= COM_endBlock(COM_getBlockTemplate('_msg_block', 'footer'));
$output .= COM_siteFooter();
return PLG_RET_AUTH_FAILED;
}
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit) {
// This is EDIT mode, so there should be an sp_old_id
if (empty($args['sp_old_id'])) {
if (!empty($args['id'])) {
$args['sp_old_id'] = $args['id'];
} else {
return PLG_RET_ERROR;
}
if (empty($args['sp_id'])) {
$args['sp_id'] = $args['sp_old_id'];
}
}
} else {
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
}
if (empty($args['sp_title']) && !empty($args['title'])) {
$args['sp_title'] = $args['title'];
}
if (empty($args['sp_content']) && !empty($args['content'])) {
$args['sp_content'] = $args['content'];
}
if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) {
$args['sp_tid'] = $args['category'][0];
}
if (!isset($args['owner_id'])) {
$args['owner_id'] = $_USER['uid'];
}
if (empty($args['group_id'])) {
$args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
}
$args['sp_id'] = COM_sanitizeID($args['sp_id']);
if (!$gl_edit) {
if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
$slug = '';
if (isset($args['slug'])) {
$slug = $args['slug'];
}
if (function_exists('WS_makeId')) {
$args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
} else {
$args['sp_id'] = COM_makeSid();
}
}
}
// Apply filters to the parameters passed by the webservice
if ($args['gl_svc']) {
$par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode');
$par_num = array('sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode');
foreach ($par_str as $str) {
if (isset($args[$str])) {
$args[$str] = COM_applyBasicFilter($args[$str]);
} else {
$args[$str] = '';
}
}
foreach ($par_num as $num) {
if (isset($args[$num])) {
$args[$num] = COM_applyBasicFilter($args[$num], true);
} else {
$args[$num] = 0;
}
}
}
// START: Staticpages defaults
if (empty($args['sp_format'])) {
$args['sp_format'] = 'allblocks';
}
if (empty($args['sp_tid'])) {
$args['sp_tid'] = 'all';
}
if ($args['sp_where'] < 0 || $args['sp_where'] > 3) {
$args['sp_where'] = 0;
}
if ($args['sp_php'] < 0 || $args['sp_php'] > 2) {
$args['sp_php'] = 0;
}
if ($args['commentcode'] < -1 || $args['commentcode'] > 1) {
$args['commentcode'] = $_CONF['comment_code'];
}
if ($args['gl_svc']) {
// Permissions
if (!isset($args['perm_owner'])) {
$args['perm_owner'] = $_SP_CONF['default_permissions'][0];
} else {
$args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
}
if (!isset($args['perm_group'])) {
$args['perm_group'] = $_SP_CONF['default_permissions'][1];
} else {
$args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
}
if (!isset($args['perm_members'])) {
$args['perm_members'] = $_SP_CONF['default_permissions'][2];
} else {
$args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
}
if (!isset($args['perm_anon'])) {
$args['perm_anon'] = $_SP_CONF['default_permissions'][3];
} else {
$args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
}
if (!isset($args['sp_onmenu'])) {
$args['sp_onmenu'] = '';
} elseif ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) {
$svc_msg['error_desc'] = 'Menu label missing';
return PLG_RET_ERROR;
}
if (empty($args['sp_content'])) {
$svc_msg['error_desc'] = 'No content';
return PLG_RET_ERROR;
}
if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') {
$args['sp_inblock'] = 'on';
}
if (empty($args['sp_centerblock'])) {
$args['sp_centerblock'] = '';
}
if (empty($args['draft_flag']) && $_SP_CONF['draft_flag'] == '1') {
$args['draft_flag'] = 'on';
}
if (empty($args['template_flag'])) {
$args['template_flag'] = '';
}
if (empty($args['template_id'])) {
$args['template_id'] = '';
}
}
// END: Staticpages defaults
$sp_id = $args['sp_id'];
$sp_title = $args['sp_title'];
$sp_page_title = $args['sp_page_title'];
$sp_content = $args['sp_content'];
$sp_hits = $args['sp_hits'];
$sp_format = $args['sp_format'];
$sp_onmenu = $args['sp_onmenu'];
$sp_label = '';
if (!empty($args['sp_label'])) {
$sp_label = $args['sp_label'];
}
$meta_description = $args['meta_description'];
$meta_keywords = $args['meta_keywords'];
$commentcode = $args['commentcode'];
$owner_id = $args['owner_id'];
$group_id = $args['group_id'];
$perm_owner = $args['perm_owner'];
$perm_group = $args['perm_group'];
$perm_members = $args['perm_members'];
$perm_anon = $args['perm_anon'];
$sp_php = $args['sp_php'];
$sp_nf = '';
if (!empty($args['sp_nf'])) {
$sp_nf = $args['sp_nf'];
}
$sp_old_id = $args['sp_old_id'];
$sp_centerblock = $args['sp_centerblock'];
$draft_flag = $args['draft_flag'];
$template_flag = $args['template_flag'];
$template_id = $args['template_id'];
$sp_help = '';
if (!empty($args['sp_help'])) {
$sp_help = $args['sp_help'];
}
$sp_tid = $args['sp_tid'];
$sp_where = $args['sp_where'];
$sp_inblock = $args['sp_inblock'];
$postmode = $args['postmode'];
if ($gl_edit && !empty($args['gl_etag'])) {
// First load the original staticpage to check if it has been modified
$o = array();
$s = array();
$r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s);
if ($r == PLG_RET_OK) {
if ($args['gl_etag'] != $o['updated']) {
$svc_msg['error_desc'] = 'A more recent version of the staticpage is available';
return PLG_RET_PRECONDITION_FAILED;
}
} else {
$svc_msg['error_desc'] = 'The requested staticpage no longer exists';
return PLG_RET_ERROR;
}
}
// Check for unique page ID
$duplicate_id = false;
$delete_old_page = false;
if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) {
if ($sp_id != $sp_old_id) {
$duplicate_id = true;
}
} elseif (!empty($sp_old_id)) {
if ($sp_id != $sp_old_id) {
$delete_old_page = true;
}
}
if ($duplicate_id) {
$output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2);
if (!$args['gl_svc']) {
$output .= staticpageeditor($sp_id);
}
$output .= COM_siteFooter();
$svc_msg['error_desc'] = 'Duplicate ID';
return PLG_RET_ERROR;
} elseif (!empty($sp_title) && !empty($sp_content)) {
if (empty($sp_hits)) {
$sp_hits = 0;
}
if ($sp_onmenu == 'on') {
$sp_onmenu = 1;
} else {
$sp_onmenu = 0;
}
if ($sp_nf == 'on') {
$sp_nf = 1;
} else {
$sp_nf = 0;
}
if ($sp_centerblock == 'on') {
$sp_centerblock = 1;
} else {
$sp_centerblock = 0;
}
if ($sp_inblock == 'on') {
$sp_inblock = 1;
} else {
$sp_inblock = 0;
}
if ($draft_flag == 'on') {
$draft_flag = 1;
} else {
$draft_flag = 0;
}
if ($template_flag == 'on') {
$template_flag = 1;
} else {
$template_flag = 0;
}
// Remove any autotags the user doesn't have permission to use
$sp_content = PLG_replaceTags($sp_content, '', true);
// Clean up the text
if ($_SP_CONF['censor'] == 1) {
$sp_content = COM_checkWords($sp_content);
$sp_title = COM_checkWords($sp_title);
}
if ($_SP_CONF['filter_html'] == 1) {
$sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
}
$sp_title = strip_tags($sp_title);
$sp_page_title = strip_tags($sp_page_title);
$sp_label = strip_tags($sp_label);
$meta_description = strip_tags($meta_description);
$meta_keywords = strip_tags($meta_keywords);
$sp_content = addslashes($sp_content);
$sp_title = addslashes($sp_title);
$sp_page_title = addslashes($sp_page_title);
$sp_label = addslashes($sp_label);
$meta_description = addslashes($meta_description);
$meta_keywords = addslashes($meta_keywords);
// If user does not have php edit perms, then set php flag to 0.
if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) {
$sp_php = 0;
}
// If marked as a template then set id to nothing and other default settings
if ($template_flag == 1) {
$template_id = '';
$sp_onmenu = 0;
$sp_label = "";
$sp_centerblock = 0;
$sp_php = 0;
$sp_inblock = 0;
$sp_nf = 0;
$sp_hits = 0;
$meta_description = "";
$meta_keywords = "";
} else {
// See if it was a template before, if so and option changed, remove use from other pages
if (DB_getItem($_TABLES['staticpage'], 'template_flag', "sp_id = '{$sp_old_id}'") == 1) {
$sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '' WHERE template_id = '{$sp_old_id}'";
$result = DB_query($sql);
}
if ($template_id != '') {
// If using a template, make sure php disabled
$sp_php = 0;
// Double check template id exists and is still a template
$perms = SP_getPerms();
if (!empty($perms)) {
$perms = ' AND ' . $perms;
}
if (DB_getItem($_TABLES['staticpage'], 'COUNT(sp_id)', "sp_id = '{$template_id}' AND template_flag = 1 AND (draft_flag = 0)" . $perms) == 0) {
$template_id = '';
}
}
}
// make sure there's only one "entire page" static page per topic
if ($sp_centerblock == 1 && $sp_where == 0) {
$sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE (sp_centerblock = 1) AND (sp_where = 0) AND (sp_tid = '{$sp_tid}') AND (draft_flag = 0)";
// if we're in a multi-language setup, we need to allow one "entire
// page" centerblock for 'all' or 'none' per language
if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) {
$ids = explode('_', $sp_id);
if (count($ids) > 1) {
$lang_id = array_pop($ids);
$sql .= " AND sp_id LIKE '%\\_{$lang_id}'";
}
}
DB_query($sql);
}
$formats = array('allblocks', 'blankpage', 'leftblocks', 'noblocks');
if (!in_array($sp_format, $formats)) {
$sp_format = 'allblocks';
}
if (!$args['gl_svc']) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
// Retrieve created date
$datecreated = DB_getItem($_TABLES['staticpage'], 'created', "sp_id = '{$sp_id}'");
if ($datecreated == '') {
$datecreated = date('Y-m-d H:i:s');
}
DB_save($_TABLES['staticpage'], 'sp_id,sp_title,sp_page_title, sp_content,created,modified,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,meta_description,meta_keywords,template_flag,template_id,draft_flag,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode', "'{$sp_id}','{$sp_title}','{$sp_page_title}','{$sp_content}','{$datecreated}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}','{$meta_description}','{$meta_keywords}',{$template_flag},'{$template_id}',{$draft_flag},{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}'");
if ($delete_old_page && !empty($sp_old_id)) {
// If a template and the id changed, update any staticpages that use it
if ($template_flag == 1) {
$sql = "UPDATE {$_TABLES['staticpage']} SET template_id = '{$sp_id}' WHERE template_id = '{$sp_old_id}'";
$result = DB_query($sql);
}
DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id);
}
if (empty($sp_old_id) || $sp_id == $sp_old_id) {
if (!$template_flag) {
PLG_itemSaved($sp_id, 'staticpages');
} else {
// If template then have to notify of all pages that use this template that a change to the page happened
$sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'";
$result = DB_query($sql);
while ($A = DB_fetchArray($result)) {
PLG_itemSaved($A['sp_id'], 'staticpages');
}
}
} else {
DB_change($_TABLES['comments'], 'sid', addslashes($sp_id), array('sid', 'type'), array(addslashes($sp_old_id), 'staticpages'));
if (!$template_flag) {
PLG_itemSaved($sp_id, 'staticpages', $sp_old_id);
} else {
// If template then have to notify of all pages that use this template that a change to the page happened
$sql = "SELECT sp_id FROM {$_TABLES['staticpage']} WHERE template_id = '{$sp_id}'";
$result = DB_query($sql);
while ($A = DB_fetchArray($result)) {
PLG_itemSaved($A['sp_id'], 'staticpages');
}
}
}
$url = COM_buildURL($_CONF['site_url'] . '/staticpages/index.php?page=' . $sp_id);
$output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages', 19);
$svc_msg['id'] = $sp_id;
return PLG_RET_OK;
} else {
$output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2);
if (!$args['gl_svc']) {
$output .= staticpageeditor($sp_id);
}
$output .= COM_siteFooter();
return PLG_RET_ERROR;
}
}
function MG_getFile($filename, $file, $album_id, $opt = array())
{
global $_CONF, $_MG_CONF, $_USER, $_TABLES, $LANG_MG00, $LANG_MG01, $LANG_MG02, $_SPECIAL_IMAGES_MIMETYPE, $new_media_id;
$caption = isset($opt['caption']) ? $opt['caption'] : '';
$description = isset($opt['description']) ? $opt['description'] : '';
$upload = isset($opt['upload']) ? $opt['upload'] : 1;
$purgefiles = isset($opt['purgefiles']) ? $opt['purgefiles'] : 0;
$filetype = isset($opt['filetype']) ? $opt['filetype'] : '';
$atttn = isset($opt['atttn']) ? $opt['atttn'] : 0;
$thumbnail = isset($opt['thumbnail']) ? $opt['thumbnail'] : '';
$keywords = isset($opt['keywords']) ? $opt['keywords'] : '';
$category = isset($opt['category']) ? $opt['category'] : 0;
$dnc = isset($opt['dnc']) ? $opt['dnc'] : 0;
$replace = isset($opt['replace']) ? $opt['replace'] : 0;
$artist = '';
$musicAlbum = '';
$genre = '';
$video_attached_thumbnail = 0;
$successfulWatermark = 0;
$dnc = 1;
// What is this?
$errors = 0;
$errMsg = '';
require_once $_CONF['path'] . 'plugins/mediagallery/include/classAlbum.php';
$album = new mgAlbum($album_id);
$root_album = new mgAlbum(0);
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: *********** Beginning media upload process...");
COM_errorLog("Filename to process: " . $filename);
COM_errorLog("UID=" . $_USER['uid']);
COM_errorLog("album access=" . $album->access);
COM_errorLog("album owner_id=" . $album->owner_id);
COM_errorLog("member_uploads=" . $album->member_uploads);
}
clearstatcache();
if (!file_exists($filename)) {
$errMsg = $LANG_MG02['upload_not_found'];
return array(false, $errMsg);
}
if (!is_readable($filename)) {
$errMsg = $LANG_MG02['upload_not_readable'];
return array(false, $errMsg);
}
// make sure we have the proper permissions to upload to this album....
if (!isset($album->id)) {
$errMsg = $LANG_MG02['album_nonexist'];
// "Album does not exist, unable to process uploads";
return array(false, $errMsg);
}
if ($album->access != 3 && !$root_album->owner_id && $album->member_uploads == 0) {
COM_errorLog("Someone has tried to illegally upload to an album in Media Gallery. " . "User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: " . $_SERVER['REMOTE_ADDR'], 1);
return array(false, $LANG_MG00['access_denied_msg']);
}
sleep(0.1);
// We do this to make sure we don't get dupe sid's
/*
* The following section of code will generate a unique name for a temporary
* file and copy the uploaded file to the Media Gallery temp directory.
* We do this to prevent any SAFE MODE issues when we later open the
* file to determine the mime type.
*/
if (empty($_USER['username'])) {
$_USER['username'] = '******';
}
$tmpPath = $_MG_CONF['tmp_path'] . $_USER['username'] . COM_makesid() . '.tmp';
if ($upload) {
$rc = @move_uploaded_file($filename, $tmpPath);
} else {
$rc = @copy($filename, $tmpPath);
$importSource = $filename;
}
if ($rc != 1) {
COM_errorLog("Media Upload - Error moving uploaded file in generic processing....");
COM_errorLog("Media Upload - Unable to copy file to: " . $tmpPath);
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
@unlink($tmpPath);
COM_errorLog("MG Upload: Problem uploading a media object");
return array(false, $errMsg);
}
$filename = $tmpPath;
$new_media_id = $replace > 0 ? $replace : COM_makesid();
$media_time = time();
$media_upload_time = $media_time;
if (!isset($_USER['uid']) || $_USER['uid'] < 1) {
$media_user_id = 1;
} else {
$media_user_id = $_USER['uid'];
}
$mimeInfo = MG_getMediaMetaData($filename);
$mimeExt = strtolower(substr(strrchr($file, '.'), 1));
$mimeInfo['type'] = $mimeExt;
// override the determination for some filetypes
$filetype = MG_getFileTypeFromExt($mimeExt, $filetype);
if (empty($mimeInfo['mime_type'])) {
COM_errorLog("MG Upload: getID3 was unable to detect mime type - using PHP detection");
$mimeInfo['mime_type'] = $filetype;
}
$gotTN = 0;
if ($mimeInfo['id3v2']['APIC'][0]['mime'] == 'image/jpeg') {
$mp3AttachdedThumbnail = $mimeInfo['id3v2']['APIC'][0]['data'];
$gotTN = 1;
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: found mime type of " . $mimeInfo['type']);
}
if ($mimeExt == '' || $mimeInfo['mime_type'] == 'application/octet-stream' || $mimeInfo['mime_type'] == '') {
// assume format based on file upload info...
switch ($filetype) {
case 'audio/mpeg':
$mimeInfo['type'] = 'mp3';
$mimeInfo['mime_type'] = 'audio/mpeg';
$mimeExt = 'mp3';
break;
case 'image/tga':
$mimeInfo['type'] = 'tga';
$mimeInfo['mime_type'] = 'image/tga';
$mimeExt = 'tga';
break;
case 'image/psd':
$mimeInfo['type'] = 'psd';
$mimeInfo['mime_type'] = 'image/psd';
$mimeExt = 'psd';
break;
case 'image/gif':
$mimeInfo['type'] = 'gif';
$mimeInfo['mime_type'] = 'image/gif';
$mimeExt = 'gif';
break;
case 'image/jpeg':
case 'image/jpg':
$mimeInfo['type'] = 'jpg';
$mimeInfo['mime_type'] = 'image/jpeg';
$mimeExt = 'jpg';
break;
case 'image/png':
$mimeInfo['type'] = 'png';
$mimeInfo['mime_type'] = 'image/png';
$mimeExt = 'png';
break;
case 'image/bmp':
$mimeInfo['type'] = 'bmp';
$mimeInfo['mime_type'] = 'image/bmp';
$mimeExt = 'bmp';
break;
case 'application/x-shockwave-flash':
$mimeInfo['type'] = 'swf';
$mimeInfo['mime_type'] = 'application/x-shockwave-flash';
$mimeExt = 'swf';
break;
case 'application/zip':
$mimeInfo['type'] = 'zip';
$mimeInfo['mime_type'] = 'application/zip';
$mimeExt = 'zip';
break;
case 'audio/mpeg':
$mimeInfo['type'] = 'mp3';
$mimeInfo['mime_type'] = 'audio/mpeg';
$mimeExt = 'mp3';
break;
case 'video/quicktime':
$mimeInfo['type'] = 'mov';
$mimeInfo['mime_type'] = 'video/quicktime';
$mimeExt = 'mov';
break;
case 'video/x-m4v':
$mimeInfo['type'] = 'mov';
$mimeInfo['mime_type'] = 'video/x-m4v';
$mimeExt = 'mov';
break;
case 'video/x-flv':
$mimeInfo['type'] = 'flv';
$mimeInfo['mime_type'] = 'video/x-flv';
$mimeExt = 'flv';
break;
case 'audio/x-ms-wma':
$mimeInfo['type'] = 'wma';
$mimeInfo['mime_type'] = 'audio/x-ms-wma';
$mimeExt = 'wma';
break;
default:
switch ($mimeExt) {
case 'flv':
$mimeInfo['type'] = 'flv';
$mimeInfo['mime_type'] = 'video/x-flv';
break;
case 'wma':
$mimeInfo['type'] = 'wma';
$mimeInfo['mime_type'] = 'audio/x-ms-wma';
break;
default:
$mimeInfo['type'] = 'file';
$mimeInfo['mime_type'] = 'application/octet-stream';
if ($filetype != '') {
$mimeInfo['mime_type'] = $filetype;
}
break;
}
break;
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: override mime type to: " . $mimeInfo['type'] . ' based upon file extension of: ' . $filetype);
}
}
switch ($mimeInfo['mime_type']) {
case 'audio/mpeg':
$format_type = MG_MP3;
break;
case 'image/gif':
$format_type = MG_GIF;
break;
case 'image/jpeg':
case 'image/jpg':
$format_type = MG_JPG;
break;
case 'image/png':
$format_type = MG_PNG;
break;
case 'image/bmp':
$format_type = MG_BMP;
break;
case 'application/x-shockwave-flash':
$format_type = MG_SWF;
break;
case 'application/zip':
$format_type = MG_ZIP;
break;
case 'video/mpeg':
case 'video/x-motion-jpeg':
case 'video/quicktime':
case 'video/mpeg':
case 'video/x-mpeg':
case 'video/x-mpeq2a':
case 'video/x-qtc':
case 'video/x-m4v':
$format_type = MG_MOV;
break;
case 'video/x-flv':
$format_type = MG_FLV;
break;
case 'image/tiff':
$format_type = MG_TIF;
break;
case 'image/x-targa':
case 'image/tga':
$format_type = MG_TGA;
break;
case 'image/psd':
$format_type = MG_PSD;
break;
case 'application/ogg':
$format_type = MG_OGG;
break;
case 'audio/x-ms-wma':
case 'audio/x-ms-wax':
case 'audio/x-ms-wmv':
case 'video/x-ms-asf':
case 'video/x-ms-asf-plugin':
case 'video/avi':
case 'video/msvideo':
case 'video/x-msvideo':
case 'video/avs-video':
case 'video/x-ms-wmv':
case 'video/x-ms-wvx':
case 'video/x-ms-wm':
case 'application/x-troff-msvideo':
case 'application/x-ms-wmz':
case 'application/x-ms-wmd':
$format_type = MG_ASF;
break;
case 'application/pdf':
$format_type = MG_OTHER;
break;
default:
$format_type = MG_OTHER;
break;
}
if (!($album->valid_formats & $format_type)) {
return array(false, $LANG_MG02['format_not_allowed']);
}
$mimeType = $mimeInfo['mime_type'];
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: PHP detected mime type is : " . $filetype);
}
if ($filetype == 'video/x-m4v') {
$mimeType = 'video/x-m4v';
$mimeInfo['mime_type'] = 'video/x-m4v';
}
if ($replace > 0) {
$sql = "SELECT * FROM {$_TABLES['mg_media']} WHERE media_id='" . addslashes($replace) . "'";
$result = DB_query($sql);
$row = DB_fetchArray($result);
$media_filename = $row['media_filename'];
} else {
if ($_MG_CONF['preserve_filename'] == 1) {
$loopCounter = 0;
$digitCounter = 1;
$file_name = stripslashes($file);
$file_name = MG_replace_accents($file_name);
$file_name = preg_replace("#[ ]#", "_", $file_name);
// change spaces to underscore
$file_name = preg_replace('#[^\\.\\-,\\w]#', '_', $file_name);
//only parenthesis, underscore, letters, numbers, comma, hyphen, period - others to underscore
$file_name = preg_replace('#(_)+#', '_', $file_name);
//eliminate duplicate underscore
$pos = strrpos($file_name, '.');
if ($pos === false) {
$basefilename = $file_name;
} else {
$basefilename = strtolower(substr($file_name, 0, $pos));
}
do {
clearstatcache();
$media_filename = substr(md5(uniqid(rand())), 0, $digitCounter) . '_' . $basefilename;
$loopCounter++;
if ($loopCounter > 16) {
$digitCounter++;
$loopCounter = 0;
}
} while (MG_file_exists($media_filename));
} else {
do {
clearstatcache();
$media_filename = md5(uniqid(rand()));
} while (MG_file_exists($media_filename));
}
}
// replace a few mime extentions here...
//
if ($mimeExt == 'php') {
$mimeExt = 'phps';
}
if (in_array($mimeExt, array('pl', 'cgi', 'py', 'sh', 'rb'))) {
$mimeExt = 'txt';
}
$disp_media_filename = $media_filename . '.' . $mimeExt;
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Stored filename is : " . $disp_media_filename);
COM_errorLog("MG Upload: Mime Type: " . $mimeType);
}
switch ($mimeType) {
case 'image/psd':
case 'image/x-targa':
case 'image/tga':
case 'image/photoshop':
case 'image/x-photoshop':
case 'image/psd':
case 'application/photoshop':
case 'application/psd':
case 'image/tiff':
case 'image/gif':
case 'image/jpeg':
case 'image/jpg':
case 'image/png':
case 'image/bmp':
$dispExt = $mimeExt;
if (in_array($mimeType, $_SPECIAL_IMAGES_MIMETYPE)) {
$dispExt = 'jpg';
}
$media_orig = MG_getFilePath('orig', $media_filename, $mimeExt);
$media_disp = MG_getFilePath('disp', $media_filename, $dispExt);
$media_tn = MG_getFilePath('tn', $media_filename, $dispExt);
$mimeType = $mimeInfo['mime_type'];
// process image file
$media_time = getOriginationTimestamp($filename);
if ($media_time == null || $media_time < 0) {
$media_time = time();
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: About to move/copy file");
}
$rc = @copy($filename, $media_orig);
if ($rc != 1) {
COM_errorLog("Media Upload - Error moving uploaded file....");
COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig);
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
@chmod($media_orig, 0644);
list($rc, $msg) = MG_convertImage($media_orig, $media_tn, $media_disp, $mimeExt, $mimeType, $album_id, $media_filename, $dnc);
if ($rc == false) {
$errors++;
$errMsg .= $msg;
// sprintf($LANG_MG02['convert_error'],$filename);
} else {
$mediaType = 0;
if ($_MG_CONF['discard_original'] == 1 && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg' || $mimeType == 'image/png' || $mimeType == 'image/bmp' || $mimeType == 'image/gif')) {
if ($_MG_CONF['jhead_enabled'] && ($mimeType == 'image/jpeg' || $mimeType == 'image/jpg')) {
$rc = MG_execWrapper('"' . $_MG_CONF['jhead_path'] . "/jhead" . '"' . " -te " . $media_orig . " " . $media_disp);
}
@unlink($media_orig);
}
if ($album->wm_auto) {
if ($_MG_CONF['discard_original'] == 1) {
$rc = MG_watermark($media_disp, $album_id, 1);
if ($rc == true) {
$successfulWatermark = 1;
}
} else {
$rc1 = MG_watermark($media_orig, $album_id, 1);
$rc2 = MG_watermark($media_disp, $album_id, 0);
if ($rc1 == ture && $rc2 == true) {
$successfulWatermark = 1;
}
}
}
if ($dnc != 1) {
if (!in_array($mimeType, $_SPECIAL_IMAGES_MIMETYPE)) {
$mimeExt = 'jpg';
$mimeType = 'image/jpeg';
}
}
}
}
break;
case 'video/quicktime':
case 'video/mpeg':
case 'video/x-flv':
case 'video/x-ms-asf':
case 'video/x-ms-asf-plugin':
case 'video/avi':
case 'video/msvideo':
case 'video/x-msvideo':
case 'video/avs-video':
case 'video/x-ms-wmv':
case 'video/x-ms-wvx':
case 'video/x-ms-wm':
case 'application/x-troff-msvideo':
case 'application/x-shockwave-flash':
case 'video/mp4':
case 'video/x-m4v':
$mimeType = $mimeInfo['mime_type'];
if ($filetype == 'video/mp4') {
$mimeExt = 'mp4';
}
// process video format
$media_orig = MG_getFilePath('orig', $media_filename, $mimeExt);
$rc = @copy($filename, $media_orig);
if ($rc != 1) {
COM_errorLog("MG Upload: Error moving uploaded file in video processing....");
COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig);
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
@chmod($media_orig, 0644);
$mediaType = 1;
}
$video_attached_thumbnail = MG_videoThumbnail($album_id, $media_orig, $media_filename);
break;
case 'application/ogg':
case 'audio/mpeg':
case 'audio/x-ms-wma':
case 'audio/x-ms-wax':
case 'audio/x-ms-wmv':
$mimeType = $mimeInfo['mime_type'];
// process audio format
$media_orig = MG_getFilePath('orig', $media_filename, $mimeExt);
$rc = @copy($filename, $media_orig);
COM_errorLog("MG Upload: Extracting audio meta data");
if (isset($mimeInfo['tags']['id3v1']['title'][0])) {
if ($caption == '') {
$caption = $mimeInfo['tags']['id3v1']['title'][0];
}
}
if (isset($mimeInfo['tags']['id3v1']['artist'][0])) {
$artist = addslashes($mimeInfo['tags']['id3v1']['artist'][0]);
}
if (isset($mimeInfo['tags']['id3v2']['genre'][0])) {
$genre = addslashes($mimeInfo['tags']['id3v2']['genre'][0]);
}
if (isset($mimeInfo['tags']['id3v1']['album'][0])) {
$musicAlbum = addslashes($mimeInfo['tags']['id3v1']['album'][0]);
}
if ($rc != 1) {
COM_errorLog("Media Upload - Error moving uploaded file in audio processing....");
COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig);
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
$mediaType = 2;
}
break;
case 'zip':
case 'application/zip':
if ($_MG_CONF['zip_enabled']) {
$errMsg .= MG_processZip($filename, $album_id, $purgefiles, $media_filename);
break;
}
// NO BREAK HERE, fall through if enable zip isn't allowed
// NO BREAK HERE, fall through if enable zip isn't allowed
default:
$media_orig = MG_getFilePath('orig', $media_filename, $mimeExt);
$mimeType = $mimeInfo['mime_type'];
$rc = @copy($filename, $media_orig);
if ($rc != 1) {
COM_errorLog("Media Upload - Error moving uploaded file in generic processing....");
COM_errorLog("Media Upload - Unable to copy file to: " . $media_orig);
$errors++;
$errMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
if ($purgefiles) {
@unlink($importSource);
}
$mediaType = 4;
}
$mediaType = 4;
break;
}
// update quota
$quota = $album->album_disk_usage;
$quota += @filesize(MG_getFilePath('orig', $media_filename, $mimeExt));
if ($_MG_CONF['discard_original'] == 1) {
$quota += @filesize(MG_getFilePath('disp', $media_filename, 'jpg'));
}
DB_change($_TABLES['mg_albums'], 'album_disk_usage', $quota, 'album_id', intval($album_id));
if ($errors) {
@unlink($tmpPath);
COM_errorLog("MG Upload: Problem uploading a media object");
return array(false, $errMsg);
}
if (($mimeType != 'application/zip' || $_MG_CONF['zip_enabled'] == 0) && $errors == 0) {
// Now we need to process an uploaded thumbnail
if ($gotTN == 1) {
$mp3TNFilename = $_MG_CONF['tmp_path'] . 'mp3tn' . time() . '.jpg';
$fn = fopen($mp3TNFilename, "w");
fwrite($fn, $mp3AttachdedThumbnail);
fclose($fn);
$saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
MG_attachThumbnail($album_id, $mp3TNFilename, $saveThumbnailName);
@unlink($mp3TNFilename);
$atttn = 1;
} else {
if ($atttn == 1) {
$saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
MG_attachThumbnail($album_id, $thumbnail, $saveThumbnailName);
}
}
if ($video_attached_thumbnail) {
$atttn = 1;
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Building SQL and preparing to enter database");
}
if ($_MG_CONF['htmlallowed'] != 1) {
$media_desc = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description)))));
$media_caption = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption)))));
$media_keywords = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords)))));
} else {
$media_desc = addslashes(COM_checkHTML(COM_killJS($description)));
$media_caption = addslashes(COM_checkHTML(COM_killJS($caption)));
$media_keywords = addslashes(COM_checkHTML(COM_killJS($keywords)));
}
// Check and see if moderation is on. If yes, place in mediasubmission
if ($album->moderate == 1 && !$root_album->owner_id) {
$tableMedia = $_TABLES['mg_mediaqueue'];
$tableMediaAlbum = $_TABLES['mg_media_album_queue'];
$queue = 1;
} else {
$tableMedia = $_TABLES['mg_media'];
$tableMediaAlbum = $_TABLES['mg_media_albums'];
$queue = 0;
}
$original_filename = addslashes($file);
if ($album->filename_title) {
if ($media_caption == '') {
$pos = strrpos($original_filename, '.');
if ($pos === false) {
$media_caption = $original_filename;
} else {
$media_caption = substr($original_filename, 0, $pos);
}
}
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Inserting media record into mg_media");
}
$resolution_x = 0;
$resolution_y = 0;
// try to find a resolution if video...
if ($mediaType == 1) {
switch ($mimeType) {
case 'application/x-shockwave-flash':
case 'video/quicktime':
case 'video/mpeg':
case 'video/x-m4v':
$resolution_x = -1;
$resolution_y = -1;
if (isset($mimeInfo['video']['resolution_x']) && isset($mimeInfo['video']['resolution_x'])) {
$resolution_x = $mimeInfo['video']['resolution_x'];
$resolution_y = $mimeInfo['video']['resolution_y'];
}
break;
case 'video/x-flv':
if ($mimeInfo['video']['resolution_x'] < 1 || $mimeInfo['video']['resolution_y'] < 1) {
$resolution_x = -1;
$resolution_y = -1;
if (isset($mimeInfo['meta']['onMetaData']['width']) && isset($mimeInfo['meta']['onMetaData']['height'])) {
$resolution_x = $mimeInfo['meta']['onMetaData']['width'];
$resolution_y = $mimeInfo['meta']['onMetaData']['height'];
}
} else {
$resolution_x = $mimeInfo['video']['resolution_x'];
$resolution_y = $mimeInfo['video']['resolution_y'];
}
break;
case 'video/x-ms-asf':
case 'video/x-ms-asf-plugin':
case 'video/avi':
case 'video/msvideo':
case 'video/x-msvideo':
case 'video/avs-video':
case 'video/x-ms-wmv':
case 'video/x-ms-wvx':
case 'video/x-ms-wm':
case 'application/x-troff-msvideo':
$resolution_x = -1;
$resolution_y = -1;
if (isset($mimeInfo['video']['streams']['2']['resolution_x']) && isset($mimeInfo['video']['streams']['2']['resolution_y'])) {
$resolution_x = $mimeInfo['video']['streams']['2']['resolution_x'];
$resolution_y = $mimeInfo['video']['streams']['2']['resolution_y'];
}
break;
}
}
if ($replace > 0) {
$sql = "UPDATE " . $tableMedia . " SET " . "media_filename='" . addslashes($media_filename) . "'," . "media_original_filename='" . $original_filename . "'," . "media_mime_ext='" . addslashes($mimeExt) . "'," . "mime_type='" . addslashes($mimeType) . "'," . "media_time='" . addslashes($media_time) . "'," . "media_user_id='" . addslashes($media_user_id) . "'," . "media_type='" . addslashes($mediaType) . "'," . "media_upload_time='" . addslashes($media_upload_time) . "'," . "media_watermarked='" . addslashes($successfulWatermark) . "'," . "media_resolution_x='" . intval($resolution_x) . "'," . "media_resolution_y='" . intval($resolution_y) . "' " . "WHERE media_id='" . addslashes($replace) . "'";
DB_query($sql);
} else {
$sql = "INSERT INTO " . $tableMedia . " (media_id,media_filename,media_original_filename,media_mime_ext," . "media_exif,mime_type,media_title,media_desc,media_keywords,media_time," . "media_views,media_comments,media_votes,media_rating,media_tn_attached," . "media_tn_image,include_ss,media_user_id,media_user_ip,media_approval," . "media_type,media_upload_time,media_category,media_watermarked,v100," . "maint,media_resolution_x,media_resolution_y,remote_media,remote_url," . "artist,album,genre) " . "VALUES ('" . addslashes($new_media_id) . "','" . addslashes($media_filename) . "','" . $original_filename . "','" . addslashes($mimeExt) . "','1','" . addslashes($mimeType) . "','" . addslashes($media_caption) . "','" . addslashes($media_desc) . "','" . addslashes($media_keywords) . "','" . addslashes($media_time) . "','0','0','0','0.00','" . addslashes($atttn) . "','','1','" . addslashes($media_user_id) . "','','0','" . addslashes($mediaType) . "','" . addslashes($media_upload_time) . "','" . addslashes($category) . "','" . addslashes($successfulWatermark) . "','0','0'," . intval($resolution_x) . "," . intval($resolution_y) . ",0,'','" . addslashes($artist) . "','" . addslashes($musicAlbum) . "','" . addslashes($genre) . "');";
DB_query($sql);
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Updating Album information");
}
$x = 0;
$sql = "SELECT MAX(media_order) + 10 AS media_seq FROM {$_TABLES['mg_media_albums']} WHERE album_id = " . intval($album_id);
$result = DB_query($sql);
$row = DB_fetchArray($result);
$media_seq = $row['media_seq'];
if ($media_seq < 10) {
$media_seq = 10;
}
$sql = "INSERT INTO " . $tableMediaAlbum . " (media_id, album_id, media_order) " . "VALUES ('" . addslashes($new_media_id) . "', " . intval($album_id) . ", " . intval($media_seq) . ")";
DB_query($sql);
if ($mediaType == 1 && $resolution_x > 0 && $resolution_y > 0 && $_MG_CONF['use_default_resolution'] == 0) {
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','width', '{$resolution_x}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','height','{$resolution_y}'");
}
PLG_itemSaved($new_media_id, 'mediagallery');
// update the media count for the album, only if no moderation...
if ($queue == 0) {
$album->media_count++;
DB_change($_TABLES['mg_albums'], 'media_count', $album->media_count, 'album_id', $album->id);
MG_updateAlbumLastUpdate($album->id);
if ($album->cover == -1 && ($mediaType == 0 || $atttn == 1)) {
if ($atttn == 1) {
$covername = 'tn_' . $media_filename;
} else {
$covername = $media_filename;
}
DB_change($_TABLES['mg_albums'], 'album_cover_filename', $covername, 'album_id', $album->id);
}
// MG_resetAlbumCover($album->id);
}
$x++;
}
}
if ($queue) {
$errMsg .= $LANG_MG01['successful_upload_queue'];
// ' successfully placed in Moderation queue';
} else {
$errMsg .= $LANG_MG01['successful_upload'];
// ' successfully uploaded to album';
}
if ($queue == 0) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
MG_buildFullRSS();
MG_buildAlbumRSS($album_id);
}
COM_errorLog("MG Upload: Successfully uploaded a media object");
@unlink($tmpPath);
return array(true, $errMsg);
}
public function testCheckWordsWithReplaceWordFragment()
{
// Line 2823
$message = COM_checkWords('Peacocks');
$this->assertEquals('Pea*censored*s', $message);
}
/**
* Filters comment text and appends necessary tags (sig and/or edit)
*
* @copyright Jared Wenerd 2008
* @author Jared Wenerd, wenerd87 AT gmail DOT com
* @param string $comment comment text
* @param string $postmode ('html', 'plaintext', ...)
* @param string $type Type of item (article, poll, etc.)
* @param bool $edit if true append edit tag
* @param int $cid commentid if editing comment (for proper sig)
* @return string of comment text
*/
function CMT_prepareText($comment, $postmode, $type, $edit = false, $cid = null)
{
global $_USER, $_TABLES, $LANG03, $_CONF;
if ($postmode == 'html') {
$html_perm = $type == 'article' ? 'story.edit' : "{$type}.edit";
$comment = COM_checkWords(COM_checkHTML(COM_stripslashes($comment), $html_perm));
} else {
// plaintext
$comment = htmlspecialchars(COM_checkWords(COM_stripslashes($comment)));
$newcomment = COM_makeClickableLinks($comment);
if (strcmp($comment, $newcomment) != 0) {
$comment = nl2br($newcomment);
}
}
if ($edit) {
$comment .= '<div class="comment-edit">' . $LANG03[30] . ' ' . strftime($_CONF['date'], time()) . ' ' . $LANG03[31] . ' ' . $_USER['username'] . '</div><!-- /COMMENTEDIT -->';
$text = $comment;
}
if (empty($_USER['uid'])) {
$uid = 1;
} elseif ($edit && is_numeric($cid)) {
//if comment moderator
$uid = DB_getItem($_TABLES['comments'], 'uid', "cid = '{$cid}'");
} else {
$uid = $_USER['uid'];
}
$sig = '';
if ($uid > 1) {
$sig = DB_getItem($_TABLES['users'], 'sig', "uid = '{$uid}'");
if (!empty($sig)) {
$comment .= '<!-- COMMENTSIG --><div class="comment-sig">';
if ($postmode == 'html') {
$comment .= '---<br' . XHTML . '>' . nl2br($sig);
} else {
$comment .= '---' . LB . $sig;
}
$comment .= '</div><!-- /COMMENTSIG -->';
}
}
return $comment;
}
/**
* Create "What's Related" links for a story
*
* Creates an HTML-formatted list of links to be used for the What's Related
* block next to a story (in article view).
*
* @param string $related contents of gl_stories 'related' field
* @param int $uid user id of the author
* @param int $tid topic id
* @return string HTML-formatted list of links
*/
function STORY_whatsRelated($related, $uid, $tid)
{
global $_CONF, $_TABLES, $_USER, $LANG24;
// get the links from the story text
if (!empty($related)) {
$rel = explode("\n", $related);
} else {
$rel = array();
}
if (!empty($_USER['username']) || $_CONF['loginrequired'] == 0 && $_CONF['searchloginrequired'] == 0) {
// add a link to "search by author"
if ($_CONF['contributedbyline'] == 1) {
$author = COM_getDisplayName($uid);
$rel[] = "<a href=\"{$_CONF['site_url']}/search.php?mode=search&type=stories&author={$uid}\">{$LANG24[37]} {$author}</a>";
}
// add a link to "search by topic"
$topic = DB_getItem($_TABLES['topics'], 'topic', "tid = '{$tid}'");
$rel[] = '<a href="' . $_CONF['site_url'] . '/search.php?mode=search&type=stories&topic=' . $tid . '">' . $LANG24[38] . ' ' . stripslashes($topic) . '</a>';
}
$related = '';
if (count($rel) > 0) {
$related = COM_checkWords(COM_makeList($rel, 'list-whats-related'));
}
return $related;
}
/**
* Saves link to the database
*
* @param string $lid ID for link
* @param string $old_lid old ID for link
* @param string $cid cid of category link belongs to
* @param string $categorydd Category links belong to
* @param string $url URL of link to save
* @param string $description Description of link
* @param string $title Title of link
* @param int $hits Number of hits for link
* @param int $owner_id ID of owner
* @param int $group_id ID of group link belongs to
* @param int $perm_owner Permissions the owner has
* @param int $perm_group Permissions the group has
* @param int $perm_members Permissions members have
* @param int $perm_anon Permissions anonymous users have
* @return string HTML redirect or error message
* @global array core config vars
* @global array core group data
* @global array core table data
* @global array core user data
* @global array core msg data
* @global array links plugin lang admin vars
*
*/
function savelink($lid, $old_lid, $cid, $categorydd, $url, $description, $title, $hits, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
global $_CONF, $_GROUPS, $_TABLES, $_USER, $MESSAGE, $LANG_LINKS_ADMIN, $_LI_CONF;
$retval = '';
// Convert array values to numeric permission values
if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
// Remove any autotags the user doesn't have permission to use
$description = PLG_replaceTags($description, '', true);
// clean 'em up
$description = DB_escapeString(COM_checkHTML(COM_checkWords($description), 'links.edit'));
$title = DB_escapeString(strip_tags(COM_checkWords($title)));
$cid = DB_escapeString($cid);
if (empty($owner_id)) {
// this is new link from admin, set default values
$owner_id = $_USER['uid'];
if (isset($_GROUPS['Links Admin'])) {
$group_id = $_GROUPS['Links Admin'];
} else {
$group_id = SEC_getFeatureGroup('links.edit');
}
$perm_owner = 3;
$perm_group = 2;
$perm_members = 2;
$perm_anon = 2;
}
$lid = COM_sanitizeID($lid);
$old_lid = COM_sanitizeID($old_lid);
if (empty($lid)) {
if (empty($old_lid)) {
$lid = COM_makeSid();
} else {
$lid = $old_lid;
}
}
// check for link id change
if (!empty($old_lid) && $lid != $old_lid) {
// check if new lid is already in use
if (DB_count($_TABLES['links'], 'lid', $lid) > 0) {
// TBD: abort, display editor with all content intact again
$lid = $old_lid;
// for now ...
}
}
$access = 0;
$old_lid = DB_escapeString($old_lid);
if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['links']} WHERE lid = '{$old_lid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
} else {
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
}
if ($access < 3 || !SEC_inGroup($group_id)) {
$display .= COM_showMessageText($MESSAGE[29], $MESSAGE[30]);
$display = COM_createHTMLDocument($display, array('pagetitle' => $MESSAGE[30]));
COM_accessLog("User {$_USER['username']} tried to illegally submit or edit link {$lid}.");
COM_output($display);
exit;
} elseif (!empty($title) && !empty($description) && !empty($url)) {
if ($categorydd != $LANG_LINKS_ADMIN[7] && !empty($categorydd)) {
$cid = DB_escapeString($categorydd);
} else {
if ($categorydd != $LANG_LINKS_ADMIN[7]) {
echo COM_refresh($_CONF['site_admin_url'] . '/plugins/links/index.php');
}
}
DB_delete($_TABLES['linksubmission'], 'lid', $old_lid);
DB_delete($_TABLES['links'], 'lid', $old_lid);
DB_save($_TABLES['links'], 'lid,cid,url,description,title,date,hits,owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon', "'{$lid}','{$cid}','{$url}','{$description}','{$title}',NOW(),'{$hits}',{$owner_id},{$group_id},{$perm_owner},{$perm_group},{$perm_members},{$perm_anon}");
if (empty($old_lid) || $old_lid == $lid) {
PLG_itemSaved($lid, 'links');
} else {
PLG_itemSaved($lid, 'links', $old_lid);
}
// Get category for rdf check
$category = DB_getItem($_TABLES['linkcategories'], "category", "cid='{$cid}'");
COM_rdfUpToDateCheck('links', $category, $lid);
return PLG_afterSaveSwitch($_LI_CONF['aftersave'], COM_buildURL("{$_CONF['site_url']}/links/portal.php?what=link&item={$lid}"), 'links', 2);
} else {
// missing fields
$retval .= COM_errorLog($LANG_LINKS_ADMIN[10], 2);
if (DB_count($_TABLES['links'], 'lid', $old_lid) > 0) {
$retval .= editlink('edit', $old_lid);
} else {
$retval .= editlink('edit', '');
}
$retval = COM_createHTMLDocument($retval, array('pagetitle' => $LANG_LINKS_ADMIN[1]));
return $retval;
}
}
function fncSave($edt_flg, $navbarMenu, $menuno)
{
$pi_name = "userbox";
global $_CONF;
global $_TABLES;
global $_USER;
global $_USERBOX_CONF;
global $LANG_USERBOX_ADMIN;
global $_FILES;
$addition_def = DATABOX_getadditiondef($pi_name);
$retval = '';
// clean 'em up
$id = COM_applyFilter($_POST['id'], true);
$fieldset_id = COM_applyFilter($_POST['fieldset'], true);
//@@@@@ username fullname
$username = COM_applyFilter($_POST['username']);
$username = addslashes(COM_checkHTML(COM_checkWords($username)));
$fullname = COM_applyFilter($_POST['fullname']);
$fullname = addslashes(COM_checkHTML(COM_checkWords($fullname)));
$page_title = COM_applyFilter($_POST['page_title']);
$page_title = addslashes(COM_checkHTML(COM_checkWords($page_title)));
$description = $_POST['description'];
//COM_applyFilter($_POST['description']);
$description = addslashes(COM_checkHTML(COM_checkWords($description)));
$defaulttemplatesdirectory = COM_applyFilter($_POST['defaulttemplatesdirectory']);
$defaulttemplatesdirectory = addslashes(COM_checkHTML(COM_checkWords($defaulttemplatesdirectory)));
$draft_flag = COM_applyFilter($_POST['draft_flag'], true);
// $hits =0;
// $comments=0;
$comment_expire_flag = COM_applyFilter($_POST['comment_expire_flag'], true);
if ($comment_expire_flag) {
$comment_expire_month = COM_applyFilter($_POST['comment_expire_month'], true);
$comment_expire_day = COM_applyFilter($_POST['comment_expire_day'], true);
$comment_expire_year = COM_applyFilter($_POST['comment_expire_year'], true);
$comment_expire_hour = COM_applyFilter($_POST['comment_expire_hour'], true);
$comment_expire_minute = COM_applyFilter($_POST['comment_expire_minute'], true);
if ($comment_expire_ampm == 'pm') {
if ($comment_expire_hour < 12) {
$comment_expire_hour = $comment_expire_hour + 12;
}
}
if ($comment_expire_ampm == 'am' and $comment_expire_hour == 12) {
$comment_expire_hour = '00';
}
} else {
$comment_expire_month = 0;
$comment_expire_day = 0;
$comment_expire_year = 0;
$comment_expire_hour = 0;
$comment_expire_minute = 0;
}
$commentcode = COM_applyFilter($_POST['commentcode'], true);
$trackbackcode = COM_applyFilter($_POST['trackbackcode'], true);
$cache_time = COM_applyFilter($_POST['cache_time'], true);
$meta_description = $_POST['meta_description'];
$meta_description = addslashes(COM_checkHTML(COM_checkWords($meta_description)));
$meta_keywords = $_POST['meta_keywords'];
$meta_keywords = addslashes(COM_checkHTML(COM_checkWords($meta_keywords)));
$language_id = COM_applyFilter($_POST['language_id']);
$language_id = addslashes(COM_checkHTML(COM_checkWords($language_id)));
$category = $_POST['category'];
//@@@@@
$additionfields = $_POST['afield'];
$additionfields_old = $_POST['afield'];
$additionfields_fnm = $_POST['afield_fnm'];
$additionfields_del = $_POST['afield_del'];
$additionfields_alt = $_POST['afield_alt'];
$additionfields_date = array();
$dummy = DATABOX_cleanaddtiondatas($additionfields, $addition_def, $additionfields_fnm, $additionfields_del, $additionfields_date, $additionfields_alt);
//
$owner_id = COM_applyFilter($_POST['owner_id'], true);
$group_id = COM_applyFilter($_POST['group_id'], true);
//
$array['perm_owner'] = $_POST['perm_owner'];
$array['perm_group'] = $_POST['perm_group'];
$array['perm_members'] = $_POST['perm_members'];
$array['perm_anon'] = $_POST['perm_anon'];
if (is_array($array['perm_owner']) || is_array($array['perm_group']) || is_array($array['perm_members']) || is_array($array['perm_anon'])) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($array['perm_owner'], $array['perm_group'], $array['perm_members'], $array['perm_anon']);
} else {
$perm_owner = COM_applyBasicFilter($array['perm_owner'], true);
$perm_group = COM_applyBasicFilter($array['perm_group'], true);
$perm_members = COM_applyBasicFilter($array['perm_members'], true);
$perm_anon = COM_applyBasicFilter($array['perm_anon'], true);
}
//編集日付
$modified_autoupdate = COM_applyFilter($_POST['modified_autoupdate'], true);
if ($modified_autoupdate == 1) {
//$udate = date('Ymd');
$modified_month = date('m');
$modified_day = date('d');
$modified_year = date('Y');
$modified_hour = date('H');
$modified_minute = date('i');
} else {
$modified_month = COM_applyFilter($_POST['modified_month'], true);
$modified_day = COM_applyFilter($_POST['modified_day'], true);
$modified_year = COM_applyFilter($_POST['modified_year'], true);
$modified_hour = COM_applyFilter($_POST['modified_hour'], true);
$modified_minute = COM_applyFilter($_POST['modified_minute'], true);
$modified_ampm = COM_applyFilter($_POST['modified_ampm']);
if ($modified_ampm == 'pm') {
if ($modified_hour < 12) {
$modified_hour = $modified_hour + 12;
}
}
if ($modified_ampm == 'am' and $modified_hour == 12) {
$modified_hour = '00';
}
}
//公開日
$released_month = COM_applyFilter($_POST['released_month'], true);
$released_day = COM_applyFilter($_POST['released_day'], true);
$released_year = COM_applyFilter($_POST['released_year'], true);
$released_hour = COM_applyFilter($_POST['released_hour'], true);
$released_minute = COM_applyFilter($_POST['released_minute'], true);
if ($released_ampm == 'pm') {
if ($released_hour < 12) {
$released_hour = $released_hour + 12;
}
}
if ($released_ampm == 'am' and $released_hour == 12) {
$released_hour = '00';
}
//公開終了日
$expired_flag = COM_applyFilter($_POST['expired_flag'], true);
if ($expired_flag) {
$expired_month = COM_applyFilter($_POST['expired_month'], true);
$expired_day = COM_applyFilter($_POST['expired_day'], true);
$expired_year = COM_applyFilter($_POST['expired_year'], true);
$expired_hour = COM_applyFilter($_POST['expired_hour'], true);
$expired_minute = COM_applyFilter($_POST['expired_minute'], true);
if ($expired_ampm == 'pm') {
if ($expired_hour < 12) {
$expired_hour = $expired_hour + 12;
}
}
if ($expired_ampm == 'am' and $expired_hour == 12) {
$expired_hour = '00';
}
} else {
$expired_month = 0;
$expired_day = 0;
$expired_year = 0;
$expired_hour = 0;
$expired_minute = 0;
}
$created = COM_applyFilter($_POST['created_un']);
$orderno = mb_convert_kana($_POST['orderno'], "a");
//全角英数字を半角英数字に変換する
$orderno = COM_applyFilter($orderno, true);
//$name = mb_convert_kana($name,"AKV");
//A:半角英数字を全角英数字に変換する
//K:半角カタカナを全角カタカナに変換する
//V:濁点つきの文字を1文字に変換する (K、H と共に利用する)
//$name = str_replace ("'", "’",$name);
//$code = mb_convert_kana($code,"a");//全角英数字を半角英数字に変換する
//-----
$type = 1;
$uuid = $_USER['uid'];
// CHECK はじめ
$err = "";
//id
if ($id == 0) {
//$err.=$LANG_USERBOX_ADMIN['err_uid']."<br {XHTML}>".LB;
} else {
if (!is_numeric($id)) {
$err .= $LANG_USERBOX_ADMIN['err_id'] . "<br {XHTML}>" . LB;
}
}
//文字数制限チェック
if (mb_strlen($description, 'UTF-8') > $_USERBOX_CONF['maxlength_description']) {
$err .= $LANG_USERBOX_ADMIN['description'] . $_USERBOX_CONF['maxlength_description'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB;
}
if (mb_strlen($meta_description, 'UTF-8') > $_USERBOX_CONF['maxlength_meta_description']) {
$err .= $LANG_USERBOX_ADMIN['meta_description'] . $_USERBOX_CONF['maxlength_meta_description'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB;
}
if (mb_strlen($meta_keywords, 'UTF-8') > $_USERBOX_CONF['maxlength_meta_keywords']) {
$err .= $LANG_USERBOX_ADMIN['meta_keywords'] . $_USERBOX_CONF['maxlength_meta_keywords'] . $LANG_USERBOX_ADMIN['err_maxlength'] . "<br/>" . LB;
}
//----追加項目チェック
$err .= DATABOX_checkaddtiondatas($additionfields, $addition_def, $pi_name, $additionfields_fnm, $additionfields_del, $additionfields_alt);
//編集日付
$modified = $modified_year . "-" . $modified_month . "-" . $modified_day;
if (checkdate($modified_month, $modified_day, $modified_year) == false) {
$err .= $LANG_USERBOX_ADMIN['err_modified'] . "<br {XHTML}>" . LB;
}
$modified = COM_convertDate2Timestamp($modified_year . "-" . $modified_month . "-" . $modified_day, $modified_hour . ":" . $modified_minute . "::00");
//公開日
$released = $released_year . "-" . $released_month . "-" . $released_day;
if (checkdate($released_month, $released_day, $released_year) == false) {
$err .= $LANG_USERBOX_ADMIN['err_released'] . "<br {XHTML}>" . LB;
}
$released = COM_convertDate2Timestamp($released_year . "-" . $released_month . "-" . $released_day, $released_hour . ":" . $released_minute . "::00");
//コメント受付終了日時
if ($comment_expire_flag) {
if (checkdate($comment_expire_month, $comment_expire_day, $comment_expire_year) == false) {
$err .= $LANG_USERBOX_ADMIN['err_comment_expire'] . "<br {XHTML}>" . LB;
}
$comment_expire = COM_convertDate2Timestamp($comment_expire_year . "-" . $comment_expire_month . "-" . $comment_expire_day, $comment_expire_hour . ":" . $comment_expire_minute . "::00");
} else {
$comment_expire = '0000-00-00 00:00:00';
//$comment_expire="";
}
//公開終了日
if ($expired_flag) {
if (checkdate($expired_month, $expired_day, $expired_year) == false) {
$err .= $LANG_USERBOX_ADMIN['err_expired'] . "<br {XHTML}>" . LB;
}
$expired = COM_convertDate2Timestamp($expired_year . "-" . $expired_month . "-" . $expired_day, $expired_hour . ":" . $expired_minute . "::00");
if ($expired < $released) {
$err .= $LANG_USERBOX_ADMIN['err_expired'] . "<br {XHTML}>" . LB;
}
} else {
$expired = '0000-00-00 00:00:00';
//$expired="";
}
//errorのあるとき
if ($err != "") {
$retval['title'] = $LANG_USERBOX_ADMIN['piname'] . $LANG_USERBOX_ADMIN['edit'];
$retval['display'] = fncEdit($id, $edt_flg, 3, $err);
return $retval;
}
// CHECK おわり
if ($id == 0) {
$w = DB_getItem($_TABLES['USERBOX_base'], "max(id)", "1=1");
if ($w == "") {
$w = 0;
}
$id = $w + 1;
$created_month = date('m');
$created_day = date('d');
$created_year = date('Y');
$created_hour = date('H');
$created_minute = date('i');
$created = COM_convertDate2Timestamp($created_year . "-" . $created_month . "-" . $created_day, $created_hour . ":" . $created_minute . "::00");
}
$hits = 0;
$comments = 0;
$fields = "id";
$values = "{$id}";
$fields .= ",page_title";
//
$values .= ",'{$page_title}'";
$fields .= ",description";
//
$values .= ",'{$description}'";
$fields .= ",defaulttemplatesdirectory";
//
$values .= ",'{$defaulttemplatesdirectory}'";
//$fields.=",hits";//
//$values.=",$hits";
$fields .= ",comments";
//
$values .= ",{$comments}";
$fields .= ",meta_description";
//
$values .= ",'{$meta_description}'";
$fields .= ",meta_keywords";
//
$values .= ",'{$meta_keywords}'";
$fields .= ",commentcode";
//
$values .= ",{$commentcode}";
$fields .= ",trackbackcode";
//
$values .= ",{$trackbackcode}";
$fields .= ",cache_time";
//
$values .= ",{$cache_time}";
$fields .= ",comment_expire";
//
if ($comment_expire == '0000-00-00 00:00:00') {
$values .= ",'{$comment_expire}'";
} else {
$values .= ",FROM_UNIXTIME('{$comment_expire}')";
}
$fields .= ",language_id";
//
$values .= ",'{$language_id}'";
$fields .= ",owner_id";
$values .= ",{$owner_id}";
$fields .= ",group_id";
$values .= ",{$group_id}";
$fields .= ",perm_owner";
$values .= ",{$perm_owner}";
$fields .= ",perm_group";
$values .= ",{$perm_group}";
$fields .= ",perm_members";
$values .= ",{$perm_members}";
$fields .= ",perm_anon";
$values .= ",{$perm_anon}";
$fields .= ",modified";
$values .= ",FROM_UNIXTIME('{$modified}')";
if ($created != "") {
$fields .= ",created";
$values .= ",FROM_UNIXTIME('{$created}')";
}
$fields .= ",expired";
if ($expired == '0000-00-00 00:00:00') {
$values .= ",'{$expired}'";
} else {
$values .= ",FROM_UNIXTIME('{$expired}')";
}
$fields .= ",released";
$values .= ",FROM_UNIXTIME('{$released}')";
$fields .= ",orderno";
//
$values .= ",{$orderno}";
$fields .= ",fieldset_id";
//
$values .= ",{$fieldset_id}";
$fields .= ",uuid";
$values .= ",{$uuid}";
$fields .= ",draft_flag";
$values .= ",{$draft_flag}";
DB_save($_TABLES['USERBOX_base'], $fields, $values);
//カテゴリ
$rt = DATABOX_savecategorydatas($id, $category, $pi_name);
//追加項目
DATABOX_uploadaddtiondatas($additionfields, $addition_def, $pi_name, $id, $additionfields_fnm, $additionfields_del, $additionfields_old, $additionfields_alt);
$rt = DATABOX_saveaddtiondatas($id, $additionfields, $addition_def, $pi_name);
//user (コアのテーブル)
//kokoka
$sql = "UPDATE " . $_TABLES['users'] . " SET ";
$sql .= " fullname ='" . $fullname . "'";
$sql .= " WHERE uid=" . $id;
DB_query($sql);
$rt = fncsendmail('data', $id);
$cacheInstance = 'userbox__' . $id . '__';
CACHE_remove_instance($cacheInstance);
//exit;// debug 用
// if ($edt_flg){
// $return_page=$_CONF['site_url'] . "/".THIS_SCRIPT;
// $return_page.="?id=".$id;
// }else{
// $return_page=$_CONF['site_admin_url'] . '/plugins/'.THIS_SCRIPT.'?msg=1';
// }
// return COM_refresh ($return_page);
if ($_USERBOX_CONF['aftersave_admin'] === 'no') {
$retval['title'] = $LANG_USERBOX_ADMIN['piname'] . $LANG_USERBOX_ADMIN['edit'];
$retval['display'] .= fncEdit($id, $edt_flg, 1, "");
return $retval;
} else {
if ($_USERBOX_CONF['aftersave_admin'] === 'list') {
$url = $_CONF['site_admin_url'] . "/plugins/{$pi_name}/profile.php";
$item_url = COM_buildURL($url);
$target = 'item';
} else {
$url = $_CONF['site_url'] . "/userbox/profile.php";
$url .= "?";
//コード使用の時
if ($_USERBOX_CONF['datacode']) {
$url .= "code=" . $username;
$url .= "&m=code";
} else {
$url .= "id=" . $id;
$url .= "&m=id";
}
$item_url = COM_buildUrl($url);
$target = $_USERBOX_CONF['aftersave_admin'];
}
}
$return_page = PLG_afterSaveSwitch($target, $item_url, 'userbox', 1);
echo $return_page;
exit;
}
function prepareStringForDB($message, $postmode = "html", $censor = TRUE, $htmlfilter = TRUE)
{
global $CONF_FORUM;
if ($censor) {
$message = COM_checkWords($message);
}
if ($postmode == 'html') {
if ($htmlfilter) {
// Need to call addslahes again as COM_checkHTML stips it out
$message = addslashes(COM_checkHTML($message));
} elseif (!get_magic_quotes_gpc()) {
$message = addslashes($message);
}
} else {
if (get_magic_quotes_gpc()) {
$message = @htmlspecialchars($message, ENT_QUOTES, $CONF_FORUM['charset']);
} else {
$message = addslashes(@htmlspecialchars($message, ENT_QUOTES, $CONF_FORUM['charset']));
}
}
return $message;
}
function MG_watermarkUploadSave()
{
global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG02, $LANG_MG03;
// ok, we just check the type, we will accept png,jpg for now...
$retval = '<h2>' . $LANG_MG03['upload_results'] . '</h2>';
$T = COM_newTemplate(MG_getTemplatePath(0));
$T->set_file('mupload', 'useruploadstatus.thtml');
$statusMsg = '';
$errors = 0;
$file = array();
$file = $_FILES['newmedia'];
$public = isset($_POST['wm_public']) ? COM_applyFilter($_POST['wm_public'], true) : 0;
foreach ($file['name'] as $key => $name) {
$filename = $file['name'][$key];
$filetype = $file['type'][$key];
$filesize = $file['size'][$key];
$filetmp = $file['tmp_name'][$key];
$error = $file['error'][$key];
$description = $_POST['description'][$key];
if ($filesize > 65536) {
// right now we hard coded 64kb
COM_errorLog("MG Upload: File " . $filename . " exceeds maximum allowed filesize for this album");
$tmpmsg = sprintf($LANG_MG02['upload_exceeds_max_filesize'], $filename);
$statusMsg .= $tmpmsg . '<br' . XHTML . '>';
continue;
}
if ($error != UPLOAD_ERR_OK) {
switch ($error) {
case 1:
$tmpmsg = sprintf($LANG_MG02['upload_too_big'], $filename);
$statusMsg .= $tmpmsg . '<br' . XHTML . '>';
COM_errorLog('Media Gallery Error - ' . $tmpmsg);
break;
case 2:
$tmpmsg = sprintf($LANG_MG02['upload_too_big_html'], $filename);
$statusMsg .= $tmpmsg . '<br' . XHTML . '>';
COM_errorLog('Media Gallery Error - ' . $tmpmsg);
break;
case 3:
$tmpmsg = sprintf($LANG_MG02['partial_upload'], $filename);
$statusMsg .= $tmpmsg . '<br' . XHTML . '>';
COM_errorLog('Media Gallery Error - ' . $tmpmsg);
break;
case 4:
$tmpmsg = $LANG_MG02['no_file_uploaded'];
$statusMsg .= $tmpmsg . '<br' . XHTML . '>';
COM_errorLog('Media Gallery Error - ' . $tmpmsg);
break;
case 6:
$statusMsg .= $LANG_MG02['missing_tmp'] . '<br' . XHTML . '>';
break;
case 7:
$statusMsg .= $LANG_MG02['disk_fail'] . '<br' . XHTML . '>';
break;
default:
$statusMsg .= $LANG_MG02['unknown_err'] . '<br' . XHTML . '>';
break;
}
continue;
}
$uid = $_USER['uid'];
if ($public == 1) {
$uid = 0;
}
//This will set the Content-Type to the appropriate setting for the file
$file_extension = strtolower(substr(strrchr($filename, "."), 1));
switch ($file_extension) {
case "png":
$filetype = "image/png";
break;
case "jpg":
$filetype = "image/jpeg";
break;
case "gif":
$filetype = "image/gif";
break;
default:
$statusMsg .= $filename . $LANG_MG02['unsupported_wm_type'];
continue;
break;
}
$sql = "SELECT MAX(wm_id) + 1 AS nextwm_id FROM " . $_TABLES['mg_watermarks'];
$result = DB_query($sql);
$row = DB_fetchArray($result);
$wm_id = $row['nextwm_id'];
if ($wm_id < 1) {
$wm_id = 1;
}
if ($wm_id == 0) {
COM_errorLog("Media Gallery Error - Returned 0 as wm_id");
$wm_id = 1;
}
$wm_filename = $_MG_CONF['path_html'] . 'watermarks/' . $uid . '_' . $filename;
if (file_exists($wm_filename)) {
$statusMsg .= sprintf($LANG_MG02['wm_already_exists'], $filename);
} else {
$rc = move_uploaded_file($filetmp, $wm_filename);
if ($rc != 1) {
COM_errorLog("Media Upload - Error moving uploaded file....rc = " . $rc);
$statusMsg .= sprintf($LANG_MG02['move_error'], $filename);
} else {
chmod($wm_filename, 0644);
$media_title_safe = substr($description, 0, 254);
if ($_MG_CONF['htmlallowed'] != 1) {
$media_title = addslashes(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($media_title_safe)))));
} else {
$media_title = addslashes(htmlspecialchars(COM_checkHTML(COM_checkWords(COM_killJS($media_title_safe)))));
}
$saveFileName = addslashes($uid . '_' . $filename);
$sql = "INSERT INTO {$_TABLES['mg_watermarks']} (wm_id,owner_id,filename,description)\n VALUES ({$wm_id},'{$uid}','{$saveFileName}','{$media_title}')";
DB_query($sql);
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Updating Album information");
}
if (DB_error()) {
COM_errorLog("MediaGallery: Error inserting watermark data into database");
@unlink($wm_filename);
$statusMsg .= $filename . " - " . DB_error();
} else {
$statusMsg .= $filename . $LANG_MG02['wm_success'];
}
}
}
}
$T->set_var('status_message', $statusMsg);
$tmp = $_MG_CONF['site_url'] . '/admin.php?album_id=0&mode=wmmanage';
$redirect = sprintf($LANG_MG01['watermark_redirect'], $tmp);
$T->set_var('redirect', $redirect);
$retval .= $T->finish($T->parse('output', 'mupload'));
return $retval;
}
/**
* Displays the Static Page Editor
*
* @param string $sp_id ID of static page to edit
* @param string $mode Mode
* @param string $editor Editor mode? (unused?)
* @return string HTML for static pages editor
*
*/
function staticpageeditor($sp_id, $mode = '', $editor = '')
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG_STATIC, $_SP_CONF;
$retval = '';
if (!empty($sp_id) && $mode == 'edit') {
$result = DB_query("SELECT *,UNIX_TIMESTAMP(modified) AS unixdate FROM {$_TABLES['staticpage']} WHERE sp_id = '{$sp_id}'" . COM_getPermSQL('AND', 0, 3));
if (DB_numRows($result) == 1) {
$A = DB_fetchArray($result);
$A['sp_old_id'] = $A['sp_id'];
}
} elseif ($mode == 'edit') {
// check if a new sp_id has been suggested
$sp_new_id = '';
if (isset($_GET['sp_new_id'])) {
$sp_new_id = COM_applyFilter($_GET['sp_new_id']);
}
if (empty($sp_new_id)) {
$A['sp_id'] = COM_makesid();
} else {
$A['sp_id'] = $sp_new_id;
}
$A['owner_id'] = $_USER['uid'];
$A['unixdate'] = time();
$A['sp_help'] = '';
$A['sp_old_id'] = '';
$A['commentcode'] = $_SP_CONF['comment_code'];
$A['sp_where'] = 1;
// default new pages to "top of page"
$A['draft_flag'] = $_SP_CONF['draft_flag'];
$A['cache_time'] = $_SP_CONF['default_cache_time'];
$A['template_flag'] = '';
// Defaults to not a template
$A['template_id'] = '';
// Defaults to None
if ($_USER['advanced_editor'] == 1) {
$A['postmode'] = 'adveditor';
}
} elseif (!empty($sp_id) && $mode == 'clone') {
$result = DB_query("SELECT *,UNIX_TIMESTAMP(modified) AS unixdate FROM {$_TABLES['staticpage']} WHERE sp_id = '{$sp_id}'" . COM_getPermSQL('AND', 0, 3));
if (DB_numRows($result) == 1) {
$A = DB_fetchArray($result);
$A['sp_id'] = COM_makesid();
$A['clone_sp_id'] = $sp_id;
// need this so we can load the correct topics
$A['owner_id'] = $_USER['uid'];
$A['unixdate'] = time();
$A['sp_hits'] = 0;
$A['sp_old_id'] = '';
$A['commentcode'] = $_SP_CONF['comment_code'];
}
} else {
$A = $_POST;
if (empty($A['unixdate'])) {
$A['unixdate'] = time();
}
$A['sp_content'] = COM_checkHTML(COM_checkWords($A['sp_content']), 'staticpages.edit');
}
if (isset($A)) {
if (isset($A['sp_title'])) {
$A['sp_title'] = strip_tags($A['sp_title']);
}
if (isset($A['sp_page_title'])) {
$A['sp_page_title'] = strip_tags($A['sp_page_title']);
}
if (isset($A['meta_description'])) {
$A['meta_description'] = strip_tags($A['meta_description']);
}
if (isset($A['meta_keywords'])) {
$A['meta_keywords'] = strip_tags($A['meta_keywords']);
}
$A['editor'] = $editor;
$retval = staticpageeditor_form($A);
} else {
$retval = COM_showMessageText($LANG_STATIC['deny_msg'], $LANG_ACCESS['accessdenied']);
}
return $retval;
}
function _loadFromArgs(&$array)
{
$corder = trim($array['corder']);
$this->_owner_id = COM_applyFilter($array['owner_id'], true);
$this->_group_id = COM_applyFilter($array['group_id'], true);
$this->_cid = COM_applyFilter(trim($array['cid']));
$this->_old_cid = COM_applyFilter(trim($array['old_cid']));
$this->_pid = COM_applyFilter(trim($array['pid']));
$this->_corder = empty($corder) ? 0 : COM_applyFilter($corder, true);
$this->_imgurl = COM_applyFilter($array['imgurl']);
$this->_imgurlold = COM_applyFilter($array['imgurlold']);
$this->_title = COM_checkHTML(COM_checkWords(trim($array['title'])));
$this->_is_enabled = $array['is_enabled'] == 'on' ? 1 : 0;
$this->_deleteimg = $array['deleteimg'] == 'on' ? 1 : 0;
// Convert array values to numeric permission values
list($this->_perm_owner, $this->_perm_group, $this->_perm_members, $this->_perm_anon) = SEC_getPermissionValues($array['perm_owner'], $array['perm_group'], $array['perm_members'], $array['perm_anon']);
$this->_editor_mode = COM_applyFilter($array['editor_mode']);
}
function MG_saveMediaEdit($album_id, $media_id, $actionURL)
{
global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03;
$back = COM_applyFilter($_POST['rpath']);
if ($back != '') {
$actionURL = $back;
}
$queue = COM_applyFilter($_POST['queue'], true);
$replacefile = 0;
if (isset($_POST['replacefile'])) {
$replacefile = COM_applyFilter($_POST['replacefile']);
}
if ($replacefile == 1) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php';
$repfilename = $_FILES['repfilename'];
$filename = $repfilename['name'];
$file = $repfilename['tmp_name'];
$opt = array('replace' => $media_id);
list($rc, $msg) = MG_getFile($file, $filename, $album_id, $opt);
COM_errorLog($msg);
}
// see if we had an attached thumbnail before...
$thumb = $_FILES['attthumb'];
$thumbnail = $thumb['tmp_name'];
$att = isset($_POST['attachtn']) ? COM_applyFilter($_POST['attachtn'], true) : 0;
$attachtn = $att == 1 ? 1 : 0;
$table = $queue ? $_TABLES['mg_mediaqueue'] : $_TABLES['mg_media'];
$old_attached_tn = DB_getItem($table, 'media_tn_attached', 'media_id="' . addslashes($media_id) . '"');
if ($old_attached_tn == 0 && $att == 1 && $thumbnail == '') {
$attachtn = 0;
}
$remove_old_tn = 0;
if ($old_attached_tn == 1 && $attachtn == 0) {
$remove_old_tn = 1;
}
$remote_media = DB_getItem($table, 'remote_media', 'media_id="' . addslashes($media_id) . '"');
$remote_url = addslashes(COM_stripslashes($_POST['remoteurl']));
if ($_MG_CONF['htmlallowed']) {
$media_title = COM_checkWords(COM_stripslashes($_POST['media_title']));
$media_desc = COM_checkWords(COM_stripslashes($_POST['media_desc']));
} else {
$media_title = htmlspecialchars(strip_tags(COM_checkWords(COM_stripslashes($_POST['media_title']))));
$media_desc = htmlspecialchars(strip_tags(COM_checkWords(COM_stripslashes($_POST['media_desc']))));
}
$media_time_month = COM_applyFilter($_POST['media_month']);
$media_time_day = COM_applyFilter($_POST['media_day']);
$media_time_year = COM_applyFilter($_POST['media_year']);
$media_time_hour = COM_applyFilter($_POST['media_hour']);
$media_time_minute = COM_applyFilter($_POST['media_minute']);
$original_filename = COM_applyFilter(COM_stripslashes($_POST['original_filename']));
if ($replacefile == 1) {
$original_filename = $filename;
}
$cat_id = COM_applyFilter($_POST['cat_id'], true);
$media_keywords = COM_stripslashes($_POST['media_keywords']);
$media_keywords_safe = substr($media_keywords, 0, 254);
$media_keywords = addslashes(htmlspecialchars(strip_tags(COM_checkWords($media_keywords_safe))));
$artist = addslashes(COM_applyFilter(COM_stripslashes($_POST['artist'])));
$musicalbum = addslashes(COM_applyFilter(COM_stripslashes($_POST['musicalbum'])));
$genre = addslashes(COM_applyFilter(COM_stripslashes($_POST['genre'])));
$media_time = mktime($media_time_hour, $media_time_minute, 0, $media_time_month, $media_time_day, $media_time_year, 1);
$owner_sql = '';
if (isset($_POST['owner_name'])) {
$owner_id = COM_applyFilter($_POST['owner_name'], true);
$owner_sql = ',media_user_id=' . $owner_id . ' ';
}
$sql = "UPDATE " . $table . "\n SET media_title='" . addslashes($media_title) . "',\n media_desc='" . addslashes($media_desc) . "',\n media_original_filename='" . addslashes($original_filename) . "',\n media_time=" . $media_time . ",\n media_tn_attached=" . $attachtn . ",\n media_category=" . intval($cat_id) . ",\n media_keywords='" . $media_keywords . "',\n artist='" . $artist . "',\n album='" . $musicalbum . "',\n genre='" . $genre . "',\n remote_url='" . $remote_url . "' " . $owner_sql . "WHERE media_id='" . addslashes($media_id) . "'";
DB_query($sql);
if (DB_error() != 0) {
echo COM_errorLog("Media Gallery: ERROR Updating image in media database");
}
PLG_itemSaved($media_id, 'mediagallery');
// process playback options if any...
if (isset($_POST['autostart'])) {
// asf
$opt['autostart'] = COM_applyFilter($_POST['autostart'], true);
$opt['enablecontextmenu'] = COM_applyFilter($_POST['enablecontextmenu'], true);
$opt['stretchtofit'] = isset($_POST['stretchtofit']) ? COM_applyFilter($_POST['stretchtofit'], true) : 0;
$opt['showstatusbar'] = COM_applyFilter($_POST['showstatusbar'], true);
$opt['uimode'] = COM_applyFilter($_POST['uimode']);
$opt['height'] = isset($_POST['height']) ? COM_applyFilter($_POST['height'], true) : 0;
$opt['width'] = isset($_POST['width']) ? COM_applyFilter($_POST['width'], true) : 0;
$opt['bgcolor'] = isset($_POST['bgcolor']) ? COM_applyFilter($_POST['bgcolor']) : 0;
$opt['playcount'] = isset($_POST['playcount']) ? COM_applyFilter($_POST['playcount'], true) : 0;
$opt['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0;
if ($opt['playcount'] < 1) {
$opt['playcount'] = 1;
}
MG_savePBOption($media_id, 'autostart', $opt['autostart'], true);
MG_savePBOption($media_id, 'enablecontextmenu', $opt['enablecontextmenu'], true);
if ($opt['stretchtofit'] != '') {
MG_savePBOption($media_id, 'stretchtofit', $opt['stretchtofit'], true);
}
MG_savePBOption($media_id, 'showstatusbar', $opt['showstatusbar'], true);
MG_savePBOption($media_id, 'uimode', $opt['uimode']);
MG_savePBOption($media_id, 'height', $opt['height'], true);
MG_savePBOption($media_id, 'width', $opt['width'], true);
MG_savePBOption($media_id, 'bgcolor', $opt['bgcolor']);
MG_savePBOption($media_id, 'playcount', $opt['playcount'], true);
MG_savePBOption($media_id, 'loop', $opt['loop'], true);
}
if (isset($_POST['play'])) {
// swf
$opt['play'] = COM_applyFilter($_POST['play'], true);
$opt['menu'] = isset($_POST['menu']) ? COM_applyFilter($_POST['menu'], true) : 0;
$opt['quality'] = isset($_POST['quality']) ? COM_applyFilter($_POST['quality']) : '';
$opt['flashvars'] = isset($_POST['flashvars']) ? COM_applyFilter($_POST['flashvars']) : '';
$opt['height'] = COM_applyFilter($_POST['height'], true);
$opt['width'] = COM_applyFilter($_POST['width'], true);
$opt['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0;
$opt['scale'] = isset($_POST['scale']) ? COM_applyFilter($_POST['scale']) : '';
$opt['wmode'] = isset($_POST['wmode']) ? COM_applyFilter($_POST['wmode']) : '';
$opt['allowscriptaccess'] = isset($_POST['allowscriptaccess']) ? COM_applyFilter($_POST['allowscriptaccess']) : '';
$opt['bgcolor'] = isset($_POST['bgcolor']) ? COM_applyFilter($_POST['bgcolor']) : '';
$opt['swf_version'] = isset($_POST['swf_version']) ? COM_applyFilter($_POST['swf_version'], true) : 9;
MG_savePBOption($media_id, 'play', $opt['play'], true);
if ($opt['menu'] != '') {
MG_savePBOption($media_id, 'menu', $opt['menu'], true);
}
MG_savePBOption($media_id, 'quality', $opt['quality']);
MG_savePBOption($media_id, 'flashvars', $opt['flashvars']);
MG_savePBOption($media_id, 'height', $opt['height'], true);
MG_savePBOption($media_id, 'width', $opt['width'], true);
MG_savePBOption($media_id, 'loop', $opt['loop'], true);
MG_savePBOption($media_id, 'scale', $opt['scale']);
MG_savePBOption($media_id, 'wmode', $opt['wmode']);
MG_savePBOption($media_id, 'allowscriptaccess', $opt['allowscriptaccess']);
MG_savePBOption($media_id, 'bgcolor', $opt['bgcolor']);
MG_savePBOption($media_id, 'swf_version', $opt['swf_version'], true);
}
if (isset($_POST['autoplay'])) {
// quicktime
$opt['autoplay'] = COM_applyFilter($_POST['autoplay'], true);
$opt['autoref'] = COM_applyFilter($_POST['autoref'], true);
$opt['controller'] = COM_applyFilter($_POST['controller'], true);
$opt['kioskmode'] = COM_applyFilter($_POST['kioskmode'], true);
$opt['scale'] = COM_applyFilter($_POST['scale']);
$opt['height'] = COM_applyFilter($_POST['height'], true);
$opt['width'] = COM_applyFilter($_POST['width'], true);
$opt['bgcolor'] = COM_applyFilter($_POST['bgcolor']);
$opt['loop'] = COM_applyFilter($_POST['loop'], true);
MG_savePBOption($media_id, 'autoref', $opt['autoref'], true);
MG_savePBOption($media_id, 'autoplay', $opt['autoplay'], true);
MG_savePBOption($media_id, 'controller', $opt['controller'], true);
MG_savePBOption($media_id, 'kioskmode', $opt['kioskmode'], true);
MG_savePBOption($media_id, 'scale', $opt['scale']);
MG_savePBOption($media_id, 'height', $opt['height'], true);
MG_savePBOption($media_id, 'width', $opt['width'], true);
MG_savePBOption($media_id, 'bgcolor', $opt['bgcolor'], true);
MG_savePBOption($media_id, 'loop', $opt['loop'], true);
}
if ($attachtn == 1 && $thumbnail != '') {
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php';
$media_filename = DB_getItem($_TABLES['mg_media'], 'media_filename', 'media_id="' . addslashes($media_id) . '"');
$thumbFilename = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
MG_attachThumbnail($album_id, $thumbnail, $thumbFilename);
}
if ($remove_old_tn == 1) {
$media_filename = DB_getItem($_TABLES['mg_media'], 'media_filename', 'media_id="' . addslashes($media_id) . '"');
$tmpstr = 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
$ext = Media::getMediaExt($_MG_CONF['path_mediaobjects'] . $tmpstr);
if (!empty($ext)) {
@unlink($_MG_CONF['path_mediaobjects'] . $tmpstr . $ext);
}
}
if ($queue) {
echo COM_refresh($actionURL);
} else {
require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
MG_buildAlbumRSS($album_id);
echo COM_refresh($actionURL);
}
exit;
}
function links_save_category($cid, $old_cid, $pid, $category, $description, $tid, $owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon)
{
global $_CONF, $_TABLES, $_USER, $LANG_LINKS, $LANG_LINKS_ADMIN, $_LI_CONF, $PLG_links_MESSAGE17;
// Convert array values to numeric permission values
if (is_array($perm_owner) or is_array($perm_group) or is_array($perm_members) or is_array($perm_anon)) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
// clean 'em up
$description = addslashes(COM_checkHTML(COM_checkWords($description), 'links.edit'));
$category = addslashes(COM_checkHTML(COM_checkWords($category), 'links.edit'));
$pid = addslashes(strip_tags($pid));
$cid = addslashes(strip_tags($cid));
$old_cid = addslashes(strip_tags($old_cid));
if (empty($category) || empty($description)) {
return 7;
}
// Check cid to make sure not illegal
if ($cid == addslashes($_LI_CONF['root']) || $cid == 'user') {
return 11;
}
if (!empty($cid) && $cid != $old_cid) {
// this is either a new category or an attempt to change the cid
// - check that cid doesn't exist yet
$ctrl = DB_getItem($_TABLES['linkcategories'], 'cid', "cid = '{$cid}'");
if (!empty($ctrl)) {
if (isset($PLG_links_MESSAGE17)) {
return 17;
} else {
return 11;
}
}
}
// Check that they didn't delete the cid. If so, get the hidden one
if (empty($cid) && !empty($old_cid)) {
$cid = $old_cid;
}
// Make sure they aren't making a parent category child of one of it's own
// children. This would create orphans
if ($cid == DB_getItem($_TABLES['linkcategories'], 'pid', "cid='{$pid}'")) {
return 12;
}
$access = 0;
if (DB_count($_TABLES['linkcategories'], 'cid', $old_cid) > 0) {
// update existing item, but new cid so get access from database with old cid
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group,perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$old_cid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
// set flag
$update = "existing";
} else {
if (DB_count($_TABLES['linkcategories'], 'cid', $cid) > 0) {
// update existing item, same cid, so get access from database with existing cid
$result = DB_query("SELECT owner_id,group_id,perm_owner,perm_group, perm_members,perm_anon FROM {$_TABLES['linkcategories']} WHERE cid='{$cid}'");
$A = DB_fetchArray($result);
$access = SEC_hasAccess($A['owner_id'], $A['group_id'], $A['perm_owner'], $A['perm_group'], $A['perm_members'], $A['perm_anon']);
// set flag
$update = "same";
} else {
// new item, so use passed values
$access = SEC_hasAccess($owner_id, $group_id, $perm_owner, $perm_group, $perm_members, $perm_anon);
// set flag
$update = 'new';
}
}
if ($access < 3) {
// no access rights: user should not be here
COM_accessLog(sprintf($LANG_LINKS_ADMIN[60], $_USER['username'], $cid));
return 6;
} else {
// save item
if ($update == 'existing') {
// update an existing item but new cid
$sql = "UPDATE {$_TABLES['linkcategories']}\n SET cid='{$cid}',\n pid='{$pid}',\n tid='{$tid}',category='{$category}',\n description='{$description}',\n modified=NOW(),\n owner_id='{$owner_id}',group_id='{$group_id}',\n perm_owner='{$perm_owner}',perm_group='{$perm_group}',\n perm_members='{$perm_members}',perm_anon='{$perm_anon}'\n WHERE cid = '{$old_cid}'";
$result = DB_query($sql);
// Also need to update links for this category
$sql = "UPDATE {$_TABLES['links']} SET cid='{$cid}' WHERE cid='{$old_cid}'";
$result = DB_query($sql);
} else {
if ($update == 'same') {
// update an existing item
$sql = "UPDATE {$_TABLES['linkcategories']}\n SET pid='{$pid}',\n tid='{$tid}',category='{$category}',\n description='{$description}',\n modified=NOW(),\n owner_id='{$owner_id}',group_id='{$group_id}',\n perm_owner='{$perm_owner}',perm_group='{$perm_group}',\n perm_members='{$perm_members}',perm_anon='{$perm_anon}'\n WHERE cid = '{$cid}'";
$result = DB_query($sql);
} else {
// insert a new item
if (empty($cid)) {
$cid = COM_makeSid();
}
$sql = "INSERT INTO {$_TABLES['linkcategories']}\n (cid, pid, category, description, tid,\n created,modified,\n owner_id, group_id, perm_owner, perm_group,\n perm_members, perm_anon)\n VALUES\n ('{$cid}','{$pid}','{$category}',\n '{$description}','{$tid}',\n NOW(),NOW(),\n '{$owner_id}','{$group_id}','{$perm_owner}',\n '{$perm_group}','{$perm_members}','{$perm_anon}')";
$result = DB_query($sql);
}
}
if ($update == 'existing' && $cid != $old_cid) {
PLG_itemSaved($cid, 'links.category', $old_cid);
} else {
PLG_itemSaved($cid, 'links.category');
}
}
return 10;
// success message
}
$folder_icon = _ff_getImage('locked');
$folder_msg = $LANG_GF02['msg114'];
} else {
$folderimg = '<img src="' . _ff_getImage('noposts') . '" style="vertical-align:middle;" alt="' . $LANG_GF02['msg59'] . '" title="' . $LANG_GF02['msg59'] . '"/>';
$folder_icon = _ff_getImage('noposts');
$folder_msg = $LANG_GF02['msg59'];
}
$lastposter = $lastreply['name'];
$moved = '';
if ($record['moved'] == 1) {
$moved = "{$LANG_GF01['MOVED']}: ";
}
$subject = COM_truncate($record['subject'], $_FF_CONF['show_subject_length'], '...');
if ($_FF_CONF['use_censor']) {
$subject = COM_checkWords($subject);
$record['subject'] = COM_checkWords($record['subject']);
}
if ($record['attachments'] > 0) {
$subject = $subject . ' <img src="' . $_CONF['site_url'] . '/forum/images/document_sm.gif" alt=""/>';
}
$firstposterName = $record['name'];
$topicinfo = htmlspecialchars($record['subject']) . '::' . htmlspecialchars(preg_replace('#\\r?\\n#', '<br/>', substr(strip_tags($record['comment']), 0, $_FF_CONF['contentinfo_numchars']) . '...'));
$topiclisting->set_var(array('folderimg' => $folderimg, 'folder_icon' => $folder_icon, 'folder_msg' => $folder_msg, 'topicinfo' => $topicinfo, 'topic_id' => $record['id'], 'subject' => $subject, 'author' => $record['uid'] > 1 ? '<a href="' . $_CONF['site_url'] . '/users.php?mode=profile&uid=' . $record['uid'] . '">' . $record['name'] . '</a>' : $record['name'], 'fullsubject' => $record['subject'], 'gotomsg' => $gotomsg, 'displaypageslink' => $displaypageslink, 'showuserlink' => $showuserlink, 'lastposter' => $lastposter, 'LANG_lastpost' => $LANG_GF02['msg188'], 'moved' => $moved, 'views' => $record['views'], 'replies' => $record['replies'], 'lastdate' => $lastdate, 'lastpostid' => $record['lpid'], 'LANG_BY' => $LANG_GF01['BY'], 'startdate' => $firstdate));
$topiclisting->parse('trow', 'topicrows', true);
$displayCount++;
}
$topiclisting->set_var('pagenavigation', forum_pagination($base_url, $page, $numpages));
$topiclisting->set_var('page', $page);
$topiclisting->set_var('num_pages', $numpages);
if ($displayCount > 0) {
$topiclisting->set_var('records_displayed', true);
function MG_saveMediaEdit($album_id, $media_id, $actionURL)
{
global $_USER, $_CONF, $_TABLES, $_MG_CONF, $LANG_MG00, $LANG_MG01, $LANG_MG03, $_POST, $_FILES;
$back = COM_applyFilter($_POST['rpath']);
if ($back != '') {
$sLength = strlen($_CONF['site_url']);
if (substr($back, 0, $sLength) != $_CONF['site_url']) {
$back = $_CONF['site_url'];
}
$actionURL = $back;
}
$queue = COM_applyFilter($_POST['queue'], true);
if (isset($_POST['replacefile'])) {
$replacefile = COM_applyFilter($_POST['replacefile']);
} else {
$replacefile = 0;
}
if ($replacefile == 1) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php';
$repfilename = $_FILES['repfilename'];
$filename = $repfilename['name'];
$file = $repfilename['tmp_name'];
list($rc, $msg) = MG_getFile($file, $filename, $album_id, '', '', 1, 0, '', 0, '', '', 0, 0, $media_id);
COM_errorLog($msg);
}
// see if we had an attached thumbnail before...
$thumb = $_FILES['attthumb'];
$thumbnail = $thumb['tmp_name'];
$att = isset($_POST['attachtn']) ? COM_applyFilter($_POST['attachtn'], true) : 0;
if ($att == 1) {
$attachtn = 1;
} else {
$attachtn = 0;
}
if ($queue) {
$old_attached_tn = DB_getItem($_TABLES['mg_mediaqueue'], 'media_tn_attached', 'media_id="' . DB_escapeString($media_id) . '"');
} else {
$old_attached_tn = DB_getItem($_TABLES['mg_media'], 'media_tn_attached', 'media_id="' . DB_escapeString($media_id) . '"');
}
if ($old_attached_tn == 0 && $att == 1 && $thumbnail == '') {
$attachtn = 0;
}
if ($old_attached_tn == 1 && $attachtn == 0) {
$remove_old_tn = 1;
} else {
$remove_old_tn = 0;
}
if ($queue) {
$remote_media = DB_getItem($_TABLES['mg_mediaqueue'], 'remote_media', 'media_id="' . DB_escapeString($media_id) . '"');
} else {
$remote_media = DB_getItem($_TABLES['mg_media'], 'remote_media', 'media_id="' . DB_escapeString($media_id) . '"');
}
if ($remote_media) {
$remote_url = isset($_POST['remoteurl']) ? DB_escapeString($_POST['remoteurl']) : '';
} else {
$remote_url = '';
}
if ($_MG_CONF['htmlallowed']) {
$media_title = COM_checkWords($_POST['media_title']);
$media_desc = COM_checkWords($_POST['media_desc']);
} else {
$media_title = htmlspecialchars(strip_tags(COM_checkWords($_POST['media_title'])));
$media_desc = htmlspecialchars(strip_tags(COM_checkWords($_POST['media_desc'])));
}
$media_time_month = COM_applyFilter($_POST['media_month']);
$media_time_day = COM_applyFilter($_POST['media_day']);
$media_time_year = COM_applyFilter($_POST['media_year']);
$media_time_hour = COM_applyFilter($_POST['media_hour']);
$media_time_minute = COM_applyFilter($_POST['media_minute']);
$original_filename = COM_applyFilter($_POST['original_filename']);
if ($replacefile == 1) {
$original_filename = $filename;
}
$cat_id = COM_applyFilter($_POST['cat_id'], true);
$media_keywords = $_POST['media_keywords'];
$media_keywords_safe = substr($media_keywords, 0, 254);
$media_keywords = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords($media_keywords_safe))));
$artist = isset($_POST['artist']) ? DB_escapeString(COM_applyFilter($_POST['artist'])) : '';
$musicalbum = isset($_POST['musicalbum']) ? DB_escapeString(COM_applyFilter($_POST['musicalbum'])) : '';
$genre = isset($_POST['genre']) ? DB_escapeString(COM_applyFilter($_POST['genre'])) : '';
$dtObject = new Date('now', $_USER['tzid']);
$dtObject->setDateTimestamp($media_time_year, $media_time_month, $media_time_day, $media_time_hour, $media_time_minute, 0);
$media_time = $dtObject->toUnix();
if (isset($_POST['owner_name'])) {
$owner_id = COM_applyFilter($_POST['owner_name'], true);
$owner_sql = ',media_user_id=' . $owner_id . ' ';
} else {
$owner_sql = '';
}
$sql = "UPDATE " . ($queue ? $_TABLES['mg_mediaqueue'] : $_TABLES['mg_media']) . "\n SET media_title='" . DB_escapeString($media_title) . "',\n media_desc='" . DB_escapeString($media_desc) . "',\n media_original_filename='" . DB_escapeString($original_filename) . "',\n media_time=" . $media_time . ",\n media_tn_attached=" . $attachtn . ",\n media_category=" . intval($cat_id) . ",\n media_keywords='" . $media_keywords . "',\n artist='" . $artist . "',\n album='" . $musicalbum . "',\n genre='" . $genre . "',\n remote_url='" . $remote_url . "' " . $owner_sql . "WHERE media_id='" . DB_escapeString($media_id) . "'";
DB_query($sql);
if (DB_error() != 0) {
echo COM_errorLog("Media Gallery: ERROR Updating image in media database");
}
PLG_itemSaved($media_id, 'mediagallery');
$media_id_db = DB_escapeString($media_id);
// process playback options if any...
if (isset($_POST['autostart'])) {
// asf
$playback_option['autostart'] = intval(COM_applyFilter($_POST['autostart'], true));
$playback_option['enablecontextmenu'] = intval(COM_applyFilter($_POST['enablecontextmenu'], true));
$playback_option['stretchtofit'] = isset($_POST['stretchtofit']) ? intval(COM_applyFilter($_POST['stretchtofit'], true)) : 0;
$playback_option['showstatusbar'] = COM_applyFilter($_POST['showstatusbar'], true);
$playback_option['uimode'] = COM_applyFilter($_POST['uimode']);
$playback_option['height'] = isset($_POST['height']) ? COM_applyFilter($_POST['height'], true) : 0;
$playback_option['width'] = isset($_POST['width']) ? COM_applyFilter($_POST['width'], true) : 0;
$playback_option['bgcolor'] = isset($_POST['bgcolor']) ? COM_applyFilter($_POST['bgcolor']) : 0;
$playback_option['playcount'] = isset($_POST['playcount']) ? COM_applyFilter($_POST['playcount'], true) : 0;
$playback_option['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0;
if ($playback_option['playcount'] < 1) {
$playback_option['playcount'] = 1;
}
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','autostart',{$playback_option['autostart']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','enablecontextmenu',{$playback_option['enablecontextmenu']}");
if ($playback_option['stretchtofit'] != '') {
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','stretchtofit',{$playback_option['stretchtofit']}");
}
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','showstatusbar',{$playback_option['showstatusbar']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','uimode', '{$playback_option['uimode']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','height',{$playback_option['height']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','width',{$playback_option['width']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','bgcolor','{$playback_option['bgcolor']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','playcount','{$playback_option['playcount']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','loop','{$playback_option['loop']}'");
}
if (isset($_POST['play'])) {
//swf
$playback_option['play'] = COM_applyFilter($_POST['play'], true);
$playback_option['menu'] = isset($_POST['menu']) ? COM_applyFilter($_POST['menu'], true) : '';
$playback_option['quality'] = isset($_POST['quality']) ? DB_escapeString(COM_applyFilter($_POST['quality'])) : '';
$playback_option['flashvars'] = isset($_POST['flashvars']) ? DB_escapeString(COM_applyFilter($_POST['flashvars'])) : '';
$playback_option['height'] = COM_applyFilter($_POST['height'], true);
$playback_option['width'] = COM_applyFilter($_POST['width'], true);
$playback_option['loop'] = isset($_POST['loop']) ? COM_applyFilter($_POST['loop'], true) : 0;
$playback_option['scale'] = isset($_POST['scale']) ? DB_escapeString(COM_applyFilter($_POST['scale'])) : '';
$playback_option['wmode'] = isset($_POST['wmode']) ? DB_escapeString(COM_applyFilter($_POST['wmode'])) : '';
$playback_option['allowscriptaccess'] = isset($_POST['allowscriptaccess']) ? DB_escapeString(COM_applyFilter($_POST['allowscriptaccess'])) : '';
$playback_option['bgcolor'] = isset($_POST['bgcolor']) ? DB_escapeString(COM_applyFilter($_POST['bgcolor'])) : '';
$playback_option['swf_version'] = isset($_POST['swf_version']) ? COM_applyFilter($_POST['swf_version'], true) : 9;
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','play', {$playback_option['play']}");
if ($playback_option['menu'] != '') {
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','menu', {$playback_option['menu']}");
}
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','quality', '{$playback_option['quality']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','height', {$playback_option['height']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','width', {$playback_option['width']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','flashvars', '{$playback_option['flashvars']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','scale', '{$playback_option['scale']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','wmode', '{$playback_option['wmode']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','loop', '{$playback_option['loop']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','allowscriptaccess','{$playback_option['allowscriptaccess']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','bgcolor', '{$playback_option['bgcolor']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id}','swf_version', '{$playback_option['swf_version']}'");
}
if (isset($_POST['autoplay'])) {
//quicktime
$playback_option['autoplay'] = COM_applyFilter($_POST['autoplay'], true);
$playback_option['autoref'] = COM_applyFilter($_POST['autoref'], true);
$playback_option['controller'] = COM_applyFilter($_POST['controller'], true);
$playback_option['kioskmode'] = COM_applyFilter($_POST['kioskmode'], true);
$playback_option['scale'] = DB_escapeString(COM_applyFilter($_POST['scale']));
$playback_option['height'] = COM_applyFilter($_POST['height'], true);
$playback_option['width'] = COM_applyFilter($_POST['width'], true);
$playback_option['bgcolor'] = COM_applyFilter($_POST['bgcolor']);
$playback_option['loop'] = COM_applyFilter($_POST['loop'], true);
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','autoref',{$playback_option['autoref']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','autoplay',{$playback_option['autoplay']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','controller',{$playback_option['controller']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','kioskmode',{$playback_option['kioskmode']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','scale','{$playback_option['scale']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','height',{$playback_option['height']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','width',{$playback_option['width']}");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','bgcolor','{$playback_option['bgcolor']}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$media_id_db}','loop','{$playback_option['loop']}'");
}
if ($attachtn == 1 && $thumbnail != '') {
require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php';
$media_filename = DB_getItem($_TABLES['mg_media'], 'media_filename', 'media_id="' . $media_id . '"');
$thumbFilename = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
MG_attachThumbnail($album_id, $thumbnail, $thumbFilename);
}
if ($remove_old_tn == 1) {
$media_filename = DB_getItem($_TABLES['mg_media'], 'media_filename', 'media_id="' . $media_id . '"');
foreach ($_MG_CONF['validExtensions'] as $ext) {
if (file_exists($_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename . $ext)) {
@unlink($_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename . $ext);
break;
}
}
}
if ($queue) {
echo COM_refresh($_MG_CONF['site_url'] . '/admin.php?album_id=' . $album_id . '&mode=moderate');
} else {
require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
MG_buildAlbumRSS($album_id);
CACHE_remove_instance('whatsnew');
echo COM_refresh($actionURL);
}
exit;
}
function MG_getRemote($URL, $mimeType, $albumId, $caption, $description, $keywords, $category, $attachedThumbnail, $thumbnail, $resolution_x, $resolution_y)
{
global $MG_albums, $_CONF, $_MG_CONF, $_USER, $_TABLES, $LANG_MG00, $LANG_MG01, $LANG_MG02, $new_media_id;
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Entering MG_getRemote()");
COM_errorLog("MG Upload: URL to process: " . htmlentities($URL));
}
$resolution_x = 0;
$resolution_y = 0;
$urlArray = array();
$urlArray = parse_url($URL);
// make sure we have the proper permissions to upload to this album....
$sql = "SELECT * FROM {$_TABLES['mg_albums']} WHERE album_id=" . intval($albumId);
$aResult = DB_query($sql);
$aRows = DB_numRows($aResult);
if ($aRows != 1) {
$errMsg = $LANG_MG02['album_nonexist'];
// "Album does not exist, unable to process uploads";
return array(false, $errMsg);
}
$albumInfo = DB_fetchArray($aResult);
$access = SEC_hasAccess($albumInfo['owner_id'], $albumInfo['group_id'], $albumInfo['perm_owner'], $albumInfo['perm_group'], $albumInfo['perm_members'], $albumInfo['perm_anon']);
if ($access != 3 && !$MG_albums[0]->owner_id && $albumInfo['member_uploads'] == 0) {
COM_errorLog("Someone has tried to illegally upload to an album in Media Gallery. User id: {$_USER['uid']}, Username: {$_USER['username']}, IP: {$_SERVER['REMOTE_ADDR']}", 1);
return array(false, $LANG_MG00['access_denied_msg']);
}
$errors = 0;
$errMsg = '';
sleep(1);
// We do this to make sure we don't get dupe sid's
$new_media_id = COM_makesid();
$media_time = time();
$media_upload_time = time();
$media_user_id = $_USER['uid'];
// we expect the mime type (player type) to be passed to this function
// - Image
// - Video - Windows Media
// - Video - QuickTime
// - Video - Flash Video
// - Audio - Windows Media
// - Audio - QuickTime
// - Audio - MP3
// - Embed - YouTube/Google/etc...
switch ($mimeType) {
case 'embed':
$format_type = MG_EMB;
$mimeExt = 'flv';
$mediaType = 5;
break;
case 'image/gif':
$format_type = MG_GIF;
$mimeExt = 'gif';
$mediaType = 0;
break;
case 'image/jpg':
$format_type = MG_JPG;
$mimeExt = 'jpg';
$mediaType = 0;
break;
case 'image/png':
$format_type = MG_PNG;
$mimeExt = 'png';
$mediaType = 0;
break;
case 'image/bmp':
$format_type = MG_BMP;
$mimeExt = 'bmp';
$mediaType = 0;
break;
case 'application/x-shockwave-flash':
$format_type = MG_SWF;
$mimeExt = 'swf';
$mediaType = 1;
break;
case 'video/quicktime':
$format_type = MG_MOV;
$mimeExt = 'mov';
$mediaType = 1;
break;
case 'video/x-flv':
$format_type = MG_RFLV;
$mimeExt = 'flv';
$mediaType = 1;
break;
case 'video/x-ms-asf':
$format_type = MG_ASF;
$mimeExt = 'asf';
$mediaType = 1;
break;
case 'audio/mpeg':
$format_type = MG_MP3;
$mimeExt = 'mp3';
$mediaType = 2;
break;
case 'audio/x-ms-wma':
$format_type = MG_ASF;
$mimeExt = 'wma';
$mediaType = 2;
break;
}
if (!($MG_albums[$albumId]->valid_formats & $format_type)) {
return array(false, $LANG_MG02['format_not_allowed']);
}
// create the unique filename to store this under
do {
clearstatcache();
$media_filename = md5(uniqid(rand()));
} while (MG_file_exists($media_filename));
$disp_media_filename = $media_filename . '.' . $mimeExt;
// for remote files this will be a 0 byte file
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Stored filename is : " . $disp_media_filename);
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Mime Type: " . $mimeType);
}
// now we pretent to process the file
$media_orig = $_MG_CONF['path_mediaobjects'] . 'orig/' . $media_filename[0] . '/' . $media_filename . "." . $mimeExt;
$media_time = time();
// create a 0 byte file in the orig directory...
touch($media_orig);
if ($errors) {
COM_errorLog("MG Upload: Problem uploading a media object");
return array(false, $errMsg);
}
// Now we need to process an uploaded thumbnail
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: attachedThumbnail: " . $attachedThumbnail);
COM_errorLog("MG Upload: thumbnail: " . $thumbnail);
}
if ($attachedThumbnail == 1 && $thumbnail != '') {
// see if it is remote, if yes go get it...
if (preg_match("/http/i", $thumbnail)) {
$tmp_thumbnail = $_MG_CONF['tmp_path'] . '/' . $media_filename . '.jpg';
$rc = MG_getRemoteThumbnail($thumbnail, $tmp_thumbnail);
$tmp_image_size = @getimagesize($tmp_thumbnail);
if ($tmp_image_size != false) {
$resolution_x = $tmp_image_size[0];
$resolution_y = $tmp_image_size[1];
}
$thumbnail = $tmp_thumbnail;
} else {
$rc = true;
}
if ($rc == true) {
$saveThumbnailName = $_MG_CONF['path_mediaobjects'] . 'tn/' . $media_filename[0] . '/tn_' . $media_filename;
MG_attachThumbnail($albumId, $thumbnail, $saveThumbnailName);
}
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Building SQL and preparing to enter database");
}
if ($_MG_CONF['htmlallowed'] != 1) {
$media_desc = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($description)))));
$media_caption = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($caption)))));
$media_keywords = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords(COM_killJS($keywords)))));
} else {
$media_desc = DB_escapeString(COM_checkHTML(COM_killJS($description)));
$media_caption = DB_escapeString(COM_checkHTML(COM_killJS($caption)));
$media_keywords = DB_escapeString(COM_checkHTML(COM_killJS($keywords)));
}
// Check and see if moderation is on. If yes, place in mediasubmission
if ($albumInfo['moderate'] == 1 && !$MG_albums[0]->owner_id) {
// && !SEC_hasRights('mediagallery.create')) {
$tableMedia = $_TABLES['mg_mediaqueue'];
$tableMediaAlbum = $_TABLES['mg_media_album_queue'];
$queue = 1;
} else {
$tableMedia = $_TABLES['mg_media'];
$tableMediaAlbum = $_TABLES['mg_media_albums'];
$queue = 0;
}
$pathParts = array();
$pathParts = explode('/', $urlArray['path']);
$ppCount = count($pathParts);
$pPath = '';
for ($i = 1; $i < $ppCount - 1; $i++) {
$pPath .= '/' . $pathParts[$i];
}
$videoFile = $pathParts[$ppCount - 1];
if ($mediaType != 5) {
$original_filename = $videoFile;
} else {
$original_filename = '';
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Inserting media record into mg_media");
}
if (($resolution_x == 0 || $resolution_y == 0) && $mediaType != 0) {
$resolution_x = 320;
$resolution_y = 240;
}
$remoteURL = DB_escapeString($URL);
$sql = "INSERT INTO " . $tableMedia . " (media_id,media_filename,media_original_filename,media_mime_ext,media_exif,mime_type,media_title,media_desc,media_keywords,media_time,media_views,media_comments,media_votes,media_rating,media_tn_attached,media_tn_image,include_ss,media_user_id,media_user_ip,media_approval,media_type,media_upload_time,media_category,media_watermarked,v100,maint,media_resolution_x,media_resolution_y,remote_media,remote_url)\n VALUES ('" . DB_escapeString($new_media_id) . "','" . DB_escapeString($media_filename) . "','" . DB_escapeString($original_filename) . "','" . DB_escapeString($mimeExt) . "','1','" . DB_escapeString($mimeType) . "','{$media_caption}','{$media_desc}','{$media_keywords}','" . DB_escapeString($media_time) . "','0','0','0','0.00','" . DB_escapeString($attachedThumbnail) . "','','1','" . intval($media_user_id) . "','','0','" . DB_escapeString($mediaType) . "','" . DB_escapeString($media_upload_time) . "','" . DB_escapeString($category) . "','0','0','0',{$resolution_x},{$resolution_y},1,'{$remoteURL}');";
DB_query($sql);
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Updating Album information");
}
$sql = "SELECT MAX(media_order) + 10 AS media_seq FROM " . $_TABLES['mg_media_albums'] . " WHERE album_id = " . intval($albumId);
$result = DB_query($sql);
$row = DB_fetchArray($result);
$media_seq = $row['media_seq'];
if ($media_seq < 10) {
$media_seq = 10;
}
$sql = "INSERT INTO " . $tableMediaAlbum . " (media_id, album_id, media_order) VALUES ('" . DB_escapeString($new_media_id) . "', " . intval($albumId) . ", {$media_seq} )";
DB_query($sql);
if ($mediaType == 1 && $resolution_x > 0 && $resolution_y > 0) {
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','width', '{$resolution_x}'");
DB_save($_TABLES['mg_playback_options'], 'media_id,option_name,option_value', "'{$new_media_id}','height', '{$resolution_y}'");
}
// update the media count for the album, only if no moderation...
if ($queue == 0) {
$media_count = $albumInfo['media_count'] + 1;
DB_query("UPDATE " . $_TABLES['mg_albums'] . " SET media_count=" . $media_count . ",last_update=" . $media_upload_time . " WHERE album_id='" . $albumInfo['album_id'] . "'");
if ($albumInfo['album_cover'] == -1 && ($mediaType == 0 || $attachedThumbnail == 1)) {
if ($attachedThumbnail == 1) {
$covername = 'tn_' . $media_filename;
} else {
$covername = $media_filename;
}
if ($_MG_CONF['verbose']) {
COM_errorLog("MG Upload: Setting album cover filename to " . $covername);
}
DB_query("UPDATE {$_TABLES['mg_albums']} SET album_cover_filename='" . $covername . "'" . " WHERE album_id='" . $albumInfo['album_id'] . "'");
}
}
if ($queue) {
$errMsg .= $LANG_MG01['successful_upload_queue'];
// ' successfully placed in Moderation queue';
} else {
$errMsg .= $LANG_MG01['successful_upload'];
// ' successfully uploaded to album';
}
if ($queue == 0) {
require_once $_CONF['path'] . 'plugins/mediagallery/include/rssfeed.php';
MG_buildFullRSS();
MG_buildAlbumRSS($albumId);
}
COM_errorLog("MG Upload: Successfully uploaded a media object");
return array(true, $errMsg);
}
/**
* Submit static page. The page is updated if it exists, or a new one is created
*
* @param array args Contains all the data provided by the client
* @param string &output OUTPUT parameter containing the returned text
* @param string &svc_msg OUTPUT parameter containing any service messages
* @return int Response code as defined in lib-plugins.php
*/
function service_submit_staticpages($args, &$output, &$svc_msg)
{
global $_CONF, $_TABLES, $_USER, $LANG_ACCESS, $LANG12, $LANG_STATIC, $LANG_LOGIN, $_GROUPS, $_SP_CONF;
$output = '';
if (!SEC_hasRights('staticpages.edit')) {
$output = COM_siteHeader('menu', $LANG_STATIC['access_denied']);
$output .= COM_showMessageText($LANG_STATIC['access_denied_msg'], $LANG_STATIC['access_denied'], true);
$output .= COM_siteFooter();
return PLG_RET_AUTH_FAILED;
}
if (defined('DEMO_MODE')) {
$output = COM_siteHeader('menu');
$output .= COM_showMessageText('Option disabled in Demo Mode', 'Option disabled in Demo Mode', true);
$output .= COM_siteFooter();
return PLG_REG_AUTH_FAILED;
}
$gl_edit = false;
if (isset($args['gl_edit'])) {
$gl_edit = $args['gl_edit'];
}
if ($gl_edit) {
// This is EDIT mode, so there should be an sp_old_id
if (empty($args['sp_old_id'])) {
if (!empty($args['id'])) {
$args['sp_old_id'] = $args['id'];
} else {
return PLG_RET_ERROR;
}
if (empty($args['sp_id'])) {
$args['sp_id'] = $args['sp_old_id'];
}
}
} else {
if (empty($args['sp_id']) && !empty($args['id'])) {
$args['sp_id'] = $args['id'];
}
}
if (empty($args['sp_uid'])) {
$args['sp_uid'] = $_USER['uid'];
}
if (empty($args['sp_title']) && !empty($args['title'])) {
$args['sp_title'] = $args['title'];
}
if (empty($args['sp_content']) && !empty($args['content'])) {
$args['sp_content'] = $args['content'];
}
if (isset($args['category']) && is_array($args['category']) && !empty($args['category'][0])) {
$args['sp_tid'] = $args['category'][0];
}
if (!isset($args['owner_id'])) {
$args['owner_id'] = $_USER['uid'];
}
if (empty($args['group_id'])) {
$args['group_id'] = SEC_getFeatureGroup('staticpages.edit', $_USER['uid']);
}
$args['sp_id'] = COM_sanitizeID($args['sp_id']);
if (!$gl_edit) {
if (strlen($args['sp_id']) > STATICPAGE_MAX_ID_LENGTH) {
if (function_exists('WS_makeId')) {
$args['sp_id'] = WS_makeId($slug, STATICPAGE_MAX_ID_LENGTH);
} else {
$args['sp_id'] = COM_makeSid();
}
}
}
// Apply filters to the parameters passed by the webservice
if ($args['gl_svc']) {
$par_str = array('mode', 'sp_id', 'sp_old_id', 'sp_tid', 'sp_format', 'postmode');
$par_num = array('sp_uid', 'sp_hits', 'owner_id', 'group_id', 'sp_where', 'sp_php', 'commentcode', 'sp_search', 'sp_status');
foreach ($par_str as $str) {
if (isset($args[$str])) {
$args[$str] = COM_applyBasicFilter($args[$str]);
} else {
$args[$str] = '';
}
}
foreach ($par_num as $num) {
if (isset($args[$num])) {
$args[$num] = COM_applyBasicFilter($args[$num], true);
} else {
$args[$num] = 0;
}
}
}
// START: Staticpages defaults
if ($args['sp_status'] != 1) {
$args['sp_status'] = 0;
}
if (empty($args['sp_format'])) {
$args['sp_format'] = 'allblocks';
}
if (empty($args['sp_tid'])) {
$args['sp_tid'] = 'all';
}
if ($args['sp_where'] < 0 || $args['sp_where'] > 4) {
$args['sp_where'] = 0;
}
if ($args['sp_php'] < 0 || $args['sp_php'] > 2) {
$args['sp_php'] = 0;
}
if ($args['commentcode'] < -1 || $args['commentcode'] > 1) {
$args['commentcode'] = $_CONF['comment_code'];
}
if ($args['sp_search'] != 1) {
$args['sp_search'] = 0;
}
if ($args['gl_svc']) {
// Permissions
if (!isset($args['perm_owner'])) {
$args['perm_owner'] = $_SP_CONF['default_permissions'][0];
} else {
$args['perm_owner'] = COM_applyBasicFilter($args['perm_owner'], true);
}
if (!isset($args['perm_group'])) {
$args['perm_group'] = $_SP_CONF['default_permissions'][1];
} else {
$args['perm_group'] = COM_applyBasicFilter($args['perm_group'], true);
}
if (!isset($args['perm_members'])) {
$args['perm_members'] = $_SP_CONF['default_permissions'][2];
} else {
$args['perm_members'] = COM_applyBasicFilter($args['perm_members'], true);
}
if (!isset($args['perm_anon'])) {
$args['perm_anon'] = $_SP_CONF['default_permissions'][3];
} else {
$args['perm_anon'] = COM_applyBasicFilter($args['perm_anon'], true);
}
if (!isset($args['sp_onmenu'])) {
$args['sp_onmenu'] = '';
} else {
if ($args['sp_onmenu'] == 'on' && empty($args['sp_label'])) {
$svc_msg['error_desc'] = 'Menu label missing';
return PLG_RET_ERROR;
}
}
if (empty($args['sp_content'])) {
$svc_msg['error_desc'] = 'No content';
return PLG_RET_ERROR;
}
if (empty($args['sp_inblock']) && $_SP_CONF['in_block'] == '1') {
$args['sp_inblock'] = 'on';
}
if (empty($args['sp_centerblock'])) {
$args['sp_centerblock'] = '';
}
}
// END: Staticpages defaults
$sp_id = $args['sp_id'];
$sp_status = $args['sp_status'];
$sp_uid = $args['sp_uid'];
$sp_title = $args['sp_title'];
$sp_content = $args['sp_content'];
$sp_hits = $args['sp_hits'];
$sp_format = $args['sp_format'];
$sp_onmenu = $args['sp_onmenu'];
$sp_label = '';
if (!empty($args['sp_label'])) {
$sp_label = $args['sp_label'];
}
$commentcode = $args['commentcode'];
$owner_id = $args['owner_id'];
$group_id = $args['group_id'];
$perm_owner = $args['perm_owner'];
$perm_group = $args['perm_group'];
$perm_members = $args['perm_members'];
$perm_anon = $args['perm_anon'];
$sp_php = $args['sp_php'];
$sp_nf = '';
if (!empty($args['sp_nf'])) {
$sp_nf = $args['sp_nf'];
}
$sp_old_id = $args['sp_old_id'];
$sp_centerblock = $args['sp_centerblock'];
$sp_help = '';
if (!empty($args['sp_help'])) {
$sp_help = $args['sp_help'];
}
$sp_tid = $args['sp_tid'];
$sp_where = $args['sp_where'];
$sp_inblock = $args['sp_inblock'];
$postmode = $args['postmode'];
$sp_search = $args['sp_search'];
if ($gl_edit && !empty($args['gl_etag'])) {
// First load the original staticpage to check if it has been modified
$o = array();
$s = array();
$r = service_get_staticpages(array('sp_id' => $sp_old_id, 'gl_svc' => true), $o, $s);
if ($r == PLG_RET_OK) {
if ($args['gl_etag'] != $o['updated']) {
$svc_msg['error_desc'] = 'A more recent version of the staticpage is available';
return PLG_RET_PRECONDITION_FAILED;
}
} else {
$svc_msg['error_desc'] = 'The requested staticpage no longer exists';
return PLG_RET_ERROR;
}
}
// Check for unique page ID
$duplicate_id = false;
$delete_old_page = false;
if (DB_count($_TABLES['staticpage'], 'sp_id', $sp_id) > 0) {
if ($sp_id != $sp_old_id) {
$duplicate_id = true;
}
} elseif (!empty($sp_old_id)) {
if ($sp_id != $sp_old_id) {
$delete_old_page = true;
}
}
if ($duplicate_id) {
$output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$output .= COM_errorLog($LANG_STATIC['duplicate_id'], 2);
if (!$args['gl_svc']) {
$output .= PAGE_edit($sp_id);
}
$output .= COM_siteFooter();
$svc_msg['error_desc'] = 'Duplicate ID';
return PLG_RET_ERROR;
} elseif (!empty($sp_title) && !empty($sp_content)) {
if (empty($sp_hits)) {
$sp_hits = 0;
}
if ($sp_onmenu == 'on') {
$sp_onmenu = 1;
} else {
$sp_onmenu = 0;
}
if ($sp_nf == 'on') {
$sp_nf = 1;
} else {
$sp_nf = 0;
}
if ($sp_centerblock == 'on') {
$sp_centerblock = 1;
} else {
$sp_centerblock = 0;
}
if ($sp_inblock == 'on') {
$sp_inblock = 1;
} else {
$sp_inblock = 0;
}
// Clean up the text
if ($_SP_CONF['censor'] == 1) {
$sp_content = COM_checkWords($sp_content);
$sp_title = COM_checkWords($sp_title);
}
if ($_SP_CONF['filter_html'] == 1) {
$sp_content = COM_checkHTML($sp_content, 'staticpages.edit');
}
$sp_title = strip_tags($sp_title);
$sp_label = strip_tags($sp_label);
$sp_content = DB_escapeString($sp_content);
$sp_title = DB_escapeString($sp_title);
$sp_label = DB_escapeString($sp_label);
// If user does not have php edit perms, then set php flag to 0.
if ($_SP_CONF['allow_php'] != 1 || !SEC_hasRights('staticpages.PHP')) {
$sp_php = 0;
}
// make sure there's only one "entire page" static page per topic
if ($sp_centerblock == 1 && $sp_where == 0) {
$sql = "UPDATE {$_TABLES['staticpage']} SET sp_centerblock = 0 WHERE sp_centerblock = 1 AND sp_where = 0 AND sp_tid = '" . DB_escapeString($sp_tid) . "'";
// multi-language configuration - allow one entire page
// centerblock for all or none per language
if (!empty($_CONF['languages']) && !empty($_CONF['language_files']) && ($sp_tid == 'all' || $sp_tid == 'none')) {
$ids = explode('_', $sp_id);
if (count($ids) > 1) {
$lang_id = array_pop($ids);
$sql .= " AND sp_id LIKE '%\\_" . DB_escapeString($lang_id) . "'";
}
}
DB_query($sql);
}
$formats = array('allblocks', 'blankpage', 'leftblocks', 'rightblocks', 'noblocks');
if (!in_array($sp_format, $formats)) {
$sp_format = 'allblocks';
}
if (!$args['gl_svc']) {
list($perm_owner, $perm_group, $perm_members, $perm_anon) = SEC_getPermissionValues($perm_owner, $perm_group, $perm_members, $perm_anon);
}
DB_save($_TABLES['staticpage'], 'sp_id,sp_status,sp_uid,sp_title,sp_content,sp_date,sp_hits,sp_format,sp_onmenu,sp_label,commentcode,owner_id,group_id,' . 'perm_owner,perm_group,perm_members,perm_anon,sp_php,sp_nf,sp_centerblock,sp_help,sp_tid,sp_where,sp_inblock,postmode,sp_search', "'{$sp_id}',{$sp_status}, {$sp_uid},'{$sp_title}','{$sp_content}',NOW(),{$sp_hits},'{$sp_format}',{$sp_onmenu},'{$sp_label}','{$commentcode}',{$owner_id},{$group_id}," . "{$perm_owner},{$perm_group},{$perm_members},{$perm_anon},'{$sp_php}','{$sp_nf}',{$sp_centerblock},'{$sp_help}','{$sp_tid}',{$sp_where}," . "'{$sp_inblock}','{$postmode}',{$sp_search}");
if ($delete_old_page && !empty($sp_old_id)) {
DB_delete($_TABLES['staticpage'], 'sp_id', $sp_old_id);
DB_change($_TABLES['comments'], 'sid', DB_escapeString($sp_id), array('sid', 'type'), array(DB_escapeString($sp_old_id), 'staticpages'));
PLG_itemDeleted($sp_old_id, 'staticpages');
}
PLG_itemSaved($sp_id, 'staticpages');
$url = COM_buildURL($_CONF['site_url'] . '/page.php?page=' . $sp_id);
$output .= PLG_afterSaveSwitch($_SP_CONF['aftersave'], $url, 'staticpages');
$svc_msg['id'] = $sp_id;
return PLG_RET_OK;
} else {
$output .= COM_siteHeader('menu', $LANG_STATIC['staticpageeditor']);
$output .= COM_errorLog($LANG_STATIC['no_title_or_content'], 2);
if (!$args['gl_svc']) {
$output .= PAGE_edit($sp_id);
}
$output .= COM_siteFooter();
return PLG_RET_ERROR;
}
}
function MB_saveEditMenuElement()
{
global $_TABLES;
$id = COM_applyFilter($_POST['id'], true);
$menu_id = COM_applyFilter($_POST['menu']);
$pid = COM_applyFilter($_POST['pid'], true);
$label = DB_escapeString(htmlspecialchars(strip_tags(COM_checkWords($_POST['menulabel']))));
$type = COM_applyFilter($_POST['menutype'], true);
$target = COM_applyFilter($_POST['urltarget']);
$menu = menu::getInstance($menu_id);
if ($type == 0) {
$type = 1;
}
switch ($type) {
case 2:
$subtype = COM_applyFilter($_POST['glfunction']);
break;
case 3:
$subtype = COM_applyFilter($_POST['gltype'], true);
break;
case 4:
$subtype = COM_applyFilter($_POST['pluginname']);
break;
case 5:
$subtype = COM_applyFilter($_POST['spname']);
break;
case 6:
$subtype = COM_applyFilter($_POST['menuurl']);
if (strpos($subtype, "http") !== 0 && strpos($subtype, "%site") === false && $subtype[0] != '#' && rtrim($subtype) != '') {
$subtype = 'http://' . $subtype;
}
break;
case 7:
$subtype = COM_applyFilter($_POST['phpfunction']);
break;
case 9:
$subtype = COM_applyFIlter($_POST['topicname']);
break;
default:
$subtype = '';
break;
}
$active = COM_applyFilter($_POST['menuactive'], true);
$url = '';
if (isset($_POST['menuurl']) && $_POST['menuurl'] != '') {
$url = trim(DB_escapeString(COM_applyFilter($_POST['menuurl'])));
if (strpos($url, "http") !== 0 && strpos($url, "%site") === false && $url[0] != '#' && rtrim($url) != '') {
$url = 'http://' . $url;
}
}
$group_id = COM_applyFilter($_POST['group'], true);
$aid = COM_applyFilter($_POST['menuorder'], true);
$aorder = DB_getItem($_TABLES['menu_elements'], 'element_order', 'id=' . $aid);
$neworder = $aorder + 1;
$sql = "UPDATE {$_TABLES['menu_elements']} SET pid=" . (int) $pid . ", element_order=" . (int) $neworder . ", element_label='{$label}', element_type='{$type}', element_subtype='{$subtype}', element_active={$active}, element_url='{$url}', element_target='" . DB_escapeString($target) . "', group_id=" . (int) $group_id . " WHERE id=" . (int) $id;
DB_query($sql);
$menu->reorderMenu($pid);
}
function prepareStringForDB($message, $postmode = "html", $censor = TRUE, $htmlfilter = TRUE)
{
global $_FF_CONF;
if ($censor) {
$message = COM_checkWords($message);
}
if ($postmode == 'html') {
if ($htmlfilter) {
// Need to call addslahes again as COM_checkHTML stips it out
$message = DB_escapeString(COM_checkHTML($message));
} else {
$message = DB_escapeString($message);
}
} else {
$message = DB_escapeString(@htmlspecialchars($message, ENT_QUOTES, COM_getEncodingt()));
}
return $message;
}
/**
* Displays the Static Page Editor
*
* @sp_id string ID of static page to edit
* @action string action (edit, clone or null)
* @editor string editor to use
*
*/
function PAGE_edit($sp_id, $action = '', $editor = '')
{
global $_CONF, $_SP_CONF, $_TABLES, $_USER, $LANG_STATIC;
if (!empty($sp_id) && $action == 'edit') {
$result = DB_query("SELECT *,UNIX_TIMESTAMP(sp_date) AS unixdate FROM {$_TABLES['staticpage']} WHERE sp_id = '{$sp_id}'" . COM_getPermSQL('AND', 0, 3));
$A = DB_fetchArray($result);
$A['sp_old_id'] = $A['sp_id'];
// // sp_old_id is not null, this is an existing page
} elseif ($action == 'edit') {
// we're creating a new staticpage, set default values
$A['sp_id'] = COM_makesid();
// make a default new/unique staticpage ID based upon the datetime
$A['sp_status'] = $_SP_CONF['status_flag'];
$A['sp_uid'] = $_USER['uid'];
// created by current user
$A['unixdate'] = time();
// date/time created
$A['sp_help'] = '';
// no help URL
$A['sp_old_id'] = '';
// sp_old_id is null, this is a new page
$A['commentcode'] = $_SP_CONF['comment_code'];
$A['sp_where'] = 1;
// top of page
$A['sp_search'] = $_SP_CONF['include_search'];
} elseif (!empty($sp_id) && $action == 'clone') {
// we're creating a new staticpage based upon an old one. get the page to be cloned
$result = DB_query("SELECT *,UNIX_TIMESTAMP(sp_date) AS unixdate FROM {$_TABLES['staticpage']} WHERE sp_id = '{$sp_id}'" . COM_getPermSQL('AND', 0, 2));
$A = DB_fetchArray($result);
// override old page values with values unique to this page
$A['sp_id'] = COM_makesid();
// make a default new/unique staticpage ID based upon the datetime
$sp_id = $A['sp_id'];
// to ensure value displayed in field reflects updated value
$sp_title = $A['sp_title'] . ' (' . $LANG_STATIC['copy'] . ')';
$A['sp_title'] = $sp_title;
// indicate in title that this is a cloned page
$A['sp_uid'] = $_USER['uid'];
// created by current user
$A['unixdate'] = time();
// date/time created
$A['sp_hits'] = 0;
// reset page hits
$A['sp_old_id'] = '';
// sp_old_id is null, this is a new page
} else {
$A = $_POST;
if (empty($A['unixdate'])) {
$A['unixdate'] = time();
// update date and time
}
$A['sp_content'] = COM_checkHTML(COM_checkWords($A['sp_content']));
}
if (isset($A['sp_title'])) {
$A['sp_title'] = strip_tags($A['sp_title']);
}
$A['editor'] = $editor;
return PAGE_form($A);
}
function LIB_Save($pi_name, $edt_flg, $navbarMenu, $menuno)
{
global $_CONF;
global $_TABLES;
global $_USER;
$box_conf = "_" . strtoupper($pi_name) . "_CONF";
global ${$box_conf};
$box_conf = ${$box_conf};
$lang_box_admin = "LANG_" . strtoupper($pi_name) . "_ADMIN";
global ${$lang_box_admin};
$lang_box_admin = ${$lang_box_admin};
$lang_box_admin_menu = "LANG_" . strtoupper($pi_name) . "_admin_menu";
global ${$lang_box_admin_menu};
$lang_box_admin_menu = ${$lang_box_admin_menu};
$lang_box_inputtype = "LANG_" . strtoupper($pi_name) . "_INPUTTYPE";
global ${$lang_box_inputtype};
$lang_box_inputtype = ${$lang_box_inputtype};
$table = $_TABLES[strtoupper($pi_name) . '_def_group'];
$retval = '';
// clean 'em up
$id = COM_applyFilter($_POST['id'], true);
$code = COM_applyFilter($_POST['code']);
$code = addslashes(COM_checkHTML(COM_checkWords($code)));
$name = COM_applyFilter($_POST['name']);
$name = addslashes(COM_checkHTML(COM_checkWords($name)));
$description = $_POST['description'];
//COM_applyFilter($_POST['description']);
$description = addslashes(COM_checkHTML(COM_checkWords($description)));
$parent_flg = COM_applyFilter($_POST['parent_flg'], true);
$input_type = COM_applyFilter($_POST['input_type'], true);
$orderno = mb_convert_kana($_POST['orderno'], "a");
//全角英数字を半角英数字に変換する
$orderno = COM_applyFilter($orderno, true);
//$name = mb_convert_kana($name,"AKV");
//A:半角英数字を全角英数字に変換する
//K:半角カタカナを全角カタカナに変換する
//V:濁点つきの文字を1文字に変換する (K、H と共に利用する)
//$name = str_replace ("'", "’",$name);
//$code = mb_convert_kana($code,"a");//全角英数字を半角英数字に変換する
//-----
$type = 1;
$uuid = $_USER['uid'];
// CHECK はじめ
$err = "";
//ID コード
if ($id == 0) {
//$err.=$lang_box_admin['err_uid']."<br/>".LB;
} else {
if (!is_numeric($id)) {
$err .= $lang_box_admin['err_id'] . "<br/>" . LB;
}
}
//コード
if ($code != "") {
$cntsql = "SELECT code FROM {$table} ";
$cntsql .= " WHERE ";
$cntsql .= " code='{$code}' ";
$cntsql .= " AND group_id<>{$id}";
$result = DB_query($cntsql);
$numrows = DB_numRows($result);
if ($numrows != 0) {
$err .= $lang_box_admin['err_code_w'] . "<br/>" . LB;
}
}
//タイトル必須
if (empty($name)) {
$err .= $lang_box_admin['err_name'] . "<br/>" . LB;
}
//errorのあるとき
if ($err != "") {
$retval['title'] = $lang_box_admin['piname'] . $lang_box_admin['edit'];
$retval['display'] = LIB_Edit($pi_name, $id, $edt_flg, 3, $err);
return $retval;
}
// CHECK おわり
if ($id == 0) {
$w = DB_getItem($table, "max(group_id)", "1=1");
if ($w == "") {
$w = 0;
}
$id = $w + 1;
}
$fields = "group_id";
$values = "{$id}";
$fields .= ",code";
$values .= ",'{$code}'";
$fields .= ",name";
$values .= ",'{$name}'";
$fields .= ",description";
$values .= ",'{$description}'";
$fields .= ",orderno";
//
$values .= ",{$orderno}";
$fields .= ",parent_flg";
//
$values .= ",{$parent_flg}";
$fields .= ",input_type";
//
$values .= ",{$input_type}";
$fields .= ",uuid";
$values .= ",{$uuid}";
$fields .= ",udatetime";
$values .= ",NOW( )";
//
// if ($edt_flg){
// $return_page=$_CONF['site_url'] . "/".THIS_SCRIPT;
// $return_page.="?id=".$id;
// }else{
// $return_page=$_CONF['site_admin_url'] . '/plugins/'.THIS_SCRIPT.'?msg=1';
// }
DB_save($table, $fields, $values, $return_page);
// $rt=fncsendmail ($id);
$message = "";
if ($box_conf['aftersave_admin'] === 'no') {
$retval['title'] = $lang_box_admin['piname'] . $lang_box_admin['edit'];
$retval['display'] = LIB_Edit($pi_name, $id, $edt_flg, 1, "");
return $retval;
} else {
if ($box_conf['aftersave_admin'] === 'list' or $box_conf['aftersave_admin'] === 'item') {
$url = $_CONF['site_admin_url'] . "/plugins/{$pi_name}/group.php";
$item_url = COM_buildURL($url);
$target = 'item';
$message = 1;
} else {
if ($box_conf['aftersave_admin'] === 'admin') {
$target = $box_conf['aftersave_admin'];
$message = 1;
} else {
$item_url = $_CONF['site_url'] . $box_conf['top'];
$target = $box_conf['aftersave_admin'];
}
}
}
$return_page = PLG_afterSaveSwitch($target, $item_url, $pi_name, $message);
echo $return_page;
exit;
}
/**
* Filter the excerpt of a trackback comment we've received
*
* Note: Does not truncate the excerpt.
*
* @param string $excerpt excerpt of the trackback comment
* @return string filtered excerpt
*
*/
function TRB_filterExcerpt($excerpt)
{
return COM_checkWords(strip_tags(COM_stripslashes($excerpt)));
}
