function search_blog()
{
global $database, $url, $results_per_page, $p, $search_text, $t, $search_objects, $results, $total_results;
// CONSTRUCT QUERY
$sql = "\r\n SELECT\r\n se_blogentries.blogentry_id,\r\n se_blogentries.blogentry_title,\r\n se_blogentries.blogentry_body,\r\n se_users.user_id,\r\n se_users.user_username,\r\n se_users.user_photo,\r\n se_users.user_fname,\r\n se_users.user_lname\r\n FROM\r\n se_blogentries,\r\n se_users,\r\n se_levels\r\n WHERE\r\n se_blogentries.blogentry_user_id=se_users.user_id &&\r\n se_users.user_level_id=se_levels.level_id &&\r\n (\r\n se_blogentries.blogentry_search='1' ||\r\n se_levels.level_blog_search='0'\r\n ) \r\n ";
$sql .= " && MATCH (`blogentry_title`, `blogentry_body`) AGAINST ('{$search_text}' IN BOOLEAN MODE)";
/*
$sql .= " && (
blogentry_title LIKE '%$search_text%' ||
blogentry_body LIKE '%$search_text%'
)
";
*/
// GET TOTAL ENTRIES
$sql2 = $sql . " LIMIT 201";
$resource = $database->database_query($sql2);
$total_entries = $database->database_num_rows($resource);
// IF NOT TOTAL ONLY
if ($t == "blog") {
// MAKE BLOG PAGES
$start = ($p - 1) * $results_per_page;
$limit = $results_per_page + 1;
// SEARCH BLOGS
$sql3 = $sql . " ORDER BY blogentry_id DESC LIMIT {$start}, {$limit}";
$resource = $database->database_query($sql3);
while ($blogentry_info = $database->database_fetch_assoc($resource)) {
// CREATE AN OBJECT FOR AUTHOR
$profile = new se_user();
$profile->user_info['user_id'] = $blogentry_info['user_id'];
$profile->user_info['user_username'] = $blogentry_info['user_username'];
$profile->user_info['user_photo'] = $blogentry_info['user_photo'];
$profile->user_info['user_fname'] = $blogentry_info['user_fname'];
$profile->user_info['user_lname'] = $blogentry_info['user_lname'];
$profile->user_displayname();
// IF EMPTY TITLE
if (!trim($blogentry_info['blogentry_title'])) {
$blogentry_info['blogentry_title'] = SE_Language::get(589);
}
$blogentry_info['blogentry_body'] = cleanHTML($blogentry_info['blogentry_body'], '');
// IF BODY IS LONG
if (strlen($blogentry_info['blogentry_body']) > 150) {
$blogentry_info['blogentry_body'] = substr($blogentry_info['blogentry_body'], 0, 147) . "...";
}
$result_url = $url->url_create('blog_entry', $blogentry_info['user_username'], $blogentry_info['blogentry_id']);
$result_name = 1500118;
$result_desc = 1500119;
$results[] = array('result_url' => $result_url, 'result_icon' => './images/icons/blog_blog48.gif', 'result_name' => $result_name, 'result_name_1' => $blogentry_info['blogentry_title'], 'result_desc' => $result_desc, 'result_desc_1' => $url->url_create('profile', $blogentry_info['user_username']), 'result_desc_2' => $profile->user_displayname, 'result_desc_3' => $blogentry_info['blogentry_body']);
}
// SET TOTAL RESULTS
$total_results = $total_entries;
}
// SET ARRAY VALUES
SE_Language::_preload_multi(1500118, 1500119, 1500120);
if ($total_albums > 200) {
$total_albums = "200+";
}
$search_objects[] = array('search_type' => 'blog', 'search_lang' => 1500120, 'search_total' => $total_entries);
}
function cleanString($data, $ishtml = false, $allowadv = false, $dbo = false)
{
if (!$ishtml) {
$data = str_replace("<", "<", str_replace(">", ">", $data));
} else {
$data = cleanHTML($data, $allowadv);
}
$data = addslashes_EX($data, $ishtml, $dbo);
return $data;
}
function convertString($str)
{
// convert to utf8, if necessary
if (!is_utf8($str)) {
$str = utf8_encode($str);
}
// clean up the html
$str = cleanHTML($str);
// return the url encoded string
return urlencode($str);
}
function getPosts($topicUrl)
{
$posts = array();
$pageCount = 0;
while ($topicUrl != "" && $pageCount < 5) {
$topicPage = getCURLOutput($topicUrl);
$topicPage = cleanHTML($topicPage);
$topicXpath = getDOMXPath($topicPage);
$textNodes = $topicXpath->query('//*[contains(@class, "txt-msg") and contains(@class ,"text-enrichi-forum")]');
$userNodes = $topicXpath->query('//*[contains(@class, "bloc-pseudo-msg") and contains(@class, "text-user")]/text()');
for ($i = 0; $i < $textNodes->length; $i++) {
$post = (object) array('user' => $userNodes->item($i)->nodeValue, 'text' => $textNodes->item($i)->nodeValue);
$posts[] = $post;
}
if (strstr($topicPage, $pageCount + 1 . "-0-1-0") != false && strstr($topicPage, "Page suivante") != false) {
$topicUrl = str_replace($pageCount . "-0-1-0", $pageCount + 1 . "-0-1-0", $topicUrl);
$pageCount++;
} else {
$topicUrl = "";
}
}
return $posts;
}
if (4 & ~(int) $user->level_info['level_poll_allow']) {
header("Location: user_home.php");
exit;
}
// CREATE POLL OBJECT
$poll = new se_poll($user->user_info['user_id']);
// ADD A NEW POLL
if ($task == "doadd") {
// HTML SUPPORT
$poll_title = censor(cleanHTML(htmlspecialchars_decode($poll_title), $setting['setting_poll_html']));
$poll_desc = censor(cleanHTML(htmlspecialchars_decode($poll_desc), $setting['setting_poll_html']));
// REMOVE EMPTY OPTIONS
$poll_options = array_filter($poll_options);
// GET POLL OPTIONS AND POST POLL
foreach ($poll_options as $poll_option_index => $poll_option_label) {
$poll_options[$poll_option_index] = censor(cleanHTML(htmlspecialchars_decode($poll_option_label), $setting['setting_poll_html']));
}
// MAKE SURE TITLE IS PROVIDED
if (!trim($poll_title)) {
$is_error = 2500123;
}
// MAKE SURE AT LEAST TWO OPTIONS ARE PROVIDED
if (!$is_error && count($poll_options) < 2) {
$is_error = 2500124;
}
// MAKE SURE NUMBER OF OPTIONS DOESNT EXCEED 20
if (!$is_error && count($poll_options) > 20) {
$is_error = 2500125;
$is_error_sprintf_1 = 20;
}
// POST POLL
function filter($text, $filter = false)
{
if (is_null($text)) {
return false;
}
if ($text === true) {
return true;
} elseif ($filter === true) {
$text = cleanHTML($text);
} elseif ($filter === "remove") {
$text = str_replace("\\'", "", $text);
$text = str_replace('\\"', "", $text);
$text = str_replace("'", "", $text);
$text = str_replace('"', "", $text);
}
$text = str_replace("<", "", $text);
$text = str_replace(">", "", $text);
$text = str_replace("%27", "", $text);
$text = str_replace("%22", "", $text);
$text = str_replace("%20", "", $text);
$text = str_replace("indexphp", "index.php", $text);
return $text;
}
if ($is_subscribed) {
$database->database_query("\r\n DELETE FROM\r\n se_notifys\r\n USING\r\n se_notifys\r\n LEFT JOIN\r\n se_notifytypes\r\n ON se_notifys.notify_notifytype_id=se_notifytypes.notifytype_id\r\n WHERE\r\n se_notifys.notify_user_id='{$user->user_info['user_id']}' AND\r\n se_notifytypes.notifytype_name='newblogsubscriptionentry' AND\r\n notify_object_id='{$blogentry_id}'\r\n ");
}
if ($user->user_info['user_id'] == $owner->user_info['user_id']) {
$database->database_query("\r\n DELETE FROM\r\n se_notifys\r\n USING\r\n se_notifys\r\n LEFT JOIN\r\n se_notifytypes\r\n ON se_notifys.notify_notifytype_id=se_notifytypes.notifytype_id\r\n WHERE\r\n se_notifys.notify_user_id='{$owner->user_info['user_id']}' AND\r\n se_notifytypes.notifytype_name='blogcomment' AND\r\n notify_object_id='{$blogentry_id}'\r\n ");
}
// SET SEO STUFF
$global_page_content = $blogentry_info['blogentry_title'];
$global_page_content = cleanHTML(str_replace('>', '> ', $global_page_content), NULL);
if (strlen($global_page_content) > 255) {
$global_page_content = substr($global_page_content, 0, 251) . '...';
}
$global_page_content = addslashes(trim(preg_replace('/\\s+/', ' ', $global_page_content)));
$global_page_title = array(1500125, $owner->user_displayname, $global_page_content);
$global_page_content = $blogentry_info['blogentry_body'];
$global_page_content = cleanHTML(str_replace('>', '> ', $global_page_content), NULL);
if (strlen($global_page_content) > 255) {
$global_page_content = substr($global_page_content, 0, 251) . '...';
}
$global_page_content = addslashes(trim(preg_replace('/\\s+/', ' ', $global_page_content)));
$global_page_description = array(1500125, $owner->user_displayname, $global_page_content);
// ASSIGN
$smarty->assign('total_comments', $total_comments);
$smarty->assign('allowed_to_comment', $allowed_to_comment);
$smarty->assign('trackback_rdf', $trackback_rdf);
$smarty->assign('trackback_total', $trackback_total);
$smarty->assign_by_ref('trackback_list', $trackback_list);
$smarty->assign_by_ref('blogentry_info', $blogentry_info);
} else {
// SET SEO STUFF
$global_page_title = array(1500124, $owner->user_displayname);
public function frameResponse(\FrameResponseObject $frameResponseObject)
{
if (isset($this->id)) {
$object = \steam_factory::get_object($GLOBALS["STEAM"]->get_id(), $this->id);
if ($object instanceof \steam_document) {
$mimetype = $object->get_attribute(DOC_MIME_TYPE);
$objName = $object->get_name();
$objDesc = trim($object->get_attribute(OBJ_DESC));
if ($objDesc === 0 || $objDesc === "") {
$name = $objName;
} else {
$name = $objDesc . " (" . $objName . ")";
}
$actionBar = new \Widgets\ActionBar();
if ($mimetype == "text/html") {
$actionBar->setActions(array(array("name" => "Anzeigen", "link" => PATH_URL . "Explorer/ViewDocument/" . $this->id . "/"), array("name" => "Quelltext", "link" => PATH_URL . "Explorer/CodeEditDocument/" . $this->id . "/"), array("name" => "Eigenschaften", "ajax" => array("onclick" => array("command" => "properties", "params" => array("id" => $this->id), "requestType" => "popup"))), array("name" => "Rechte", "ajax" => array("onclick" => array("command" => "Sanctions", "params" => array("id" => $this->id), "requestType" => "popup")))));
} else {
$actionBar->setActions(array(array("name" => "Anzeigen", "link" => PATH_URL . "Explorer/ViewDocument/" . $this->id . "/"), array("name" => "Eigenschaften", "ajax" => array("onclick" => array("command" => "properties", "params" => array("id" => $this->id), "requestType" => "popup"))), array("name" => "Rechte", "ajax" => array("onclick" => array("command" => "Sanctions", "params" => array("id" => $this->id), "requestType" => "popup")))));
}
$contentText = new \Widgets\Textarea();
$contentText->setWidth(945);
$contentText->setheight(400);
$contentText->setData($object);
$contentText->setTextareaClass("mce-full");
if ($mimetype !== "text/html") {
$contentText->setTextareaClass("plain");
}
$html = cleanHTML($object->get_content());
$dirname = dirname($object->get_path()) . "/";
preg_match_all('/src="([%a-z0-9.\\-_\\/]*)"/iU', $html, $matches);
$orig_matches = $matches[0];
$path_matches = $matches[1];
foreach ($path_matches as $key => $path) {
$path = urldecode($path);
if (parse_url($path, PHP_URL_SCHEME) != null) {
continue;
}
$ref_object = \steam_factory::get_object_by_name($GLOBALS["STEAM"]->get_id(), $dirname . $path);
if ($ref_object instanceof \steam_object) {
$new_path = PATH_URL . "Download/Document/" . $ref_object->get_id();
} else {
$new_path = PATH_URL . "styles/standard/images/404.jpg";
}
$html = str_replace($orig_matches[$key], "src=\"{$new_path}\" data-mce-src=\"{$path}\"", $html);
}
$contentText->setContentProvider(\Widgets\DataProvider::contentProvider($html));
$clearer = new \Widgets\Clearer();
// $html = "";
// if ($mimetype == "image/png" || $mimetype == "image/jpeg" || $mimetype == "image/gif") { // Image
// $html = "<div style=\"text-align:center\"><img style=\"max-width:100%\" title=\"{$name}\" alt=\"Bild: {$name}\" src=\"" . PATH_URL . "Download/Document/" . $this->id . "/\"></div>";
// } else if ($mimetype == "text/html") {
// $html = strip_tags($object->get_content(),"<h1><h2><h3><h4><h5><p><a><div><style><b><i><strong><img>");
// } else if (strstr($mimetype, "text")) {
// $html = "<pre>{$object->get_content()}</pre>";
// } else {
// header("location: " . PATH_URL . "Download/Document/" . $this->id . "/");
// }
// $rawHtml = new \Widgets\RawHtml();
// $rawHtml->setHtml($html);
//$rawHtml->addWidget($breadcrumb);
//$rawHtml->addWidget($environment);
//$rawHtml->addWidget($loader);
$frameResponseObject->setTitle($name);
$frameResponseObject->addWidget($actionBar);
//$frameResponseObject->addWidget($rawHtml);
$frameResponseObject->addWidget($contentText);
$frameResponseObject->addWidget($clearer);
return $frameResponseObject;
}
} else {
ExtensionMaster::getInstance()->send404Error();
}
}
/**
* Returns truncated html formatted content
*
* @param string $articlecontent the source string
* @param int $shorten new size
* @param string $shortenindicator
* @param bool $forceindicator set to true to include the indicator no matter what
* @return string
*/
function shortenContent($articlecontent, $shorten, $shortenindicator, $forceindicator = false)
{
global $_user_tags;
if ($shorten && ($forceindicator || mb_strlen($articlecontent) > $shorten)) {
$allowed_tags = getAllowedTags('allowed_tags');
//remove script to be replaced later
$articlecontent = preg_replace('~<script.*?/script>~is', '', $articlecontent);
//remove HTML comments
$articlecontent = preg_replace('~<!--.*?-->~is', '', $articlecontent);
$short = mb_substr($articlecontent, 0, $shorten);
$short2 = kses($short . '</p>', $allowed_tags);
if (($l2 = mb_strlen($short2)) < $shorten) {
$c = 0;
$l1 = $shorten;
$delta = $shorten - $l2;
while ($l2 < $shorten && $c++ < 5) {
$open = mb_strrpos($short, '<');
if ($open > mb_strrpos($short, '>')) {
$l1 = mb_strpos($articlecontent, '>', $l1 + 1) + $delta;
} else {
$l1 = $l1 + $delta;
}
$short = mb_substr($articlecontent, 0, $l1);
preg_match_all('/(<p>)/', $short, $open);
preg_match_all('/(<\\/p>)/', $short, $close);
if (count($open) > count($close)) {
$short .= '</p>';
}
$short2 = kses($short, $allowed_tags);
$l2 = mb_strlen($short2);
}
$shorten = $l1;
}
$short = truncate_string($articlecontent, $shorten, '');
if ($short != $articlecontent) {
// we actually did remove some stuff
// drop open tag strings
$open = mb_strrpos($short, '<');
if ($open > mb_strrpos($short, '>')) {
$short = mb_substr($short, 0, $open);
}
if (class_exists('tidy')) {
$tidy = new tidy();
$tidy->parseString($short . $shortenindicator, array('show-body-only' => true), 'utf8');
$tidy->cleanRepair();
$short = trim($tidy);
} else {
$short = trim(cleanHTML($short . $shortenindicator));
}
}
$articlecontent = $short;
}
if (isset($matches)) {
//replace the script text
foreach ($matches[0] as $script) {
$articlecontent = $script . $articlecontent;
}
}
return $articlecontent;
}
private function filterHTML($value, $pattern)
{
if (!isset($pattern)) {
return $value;
}
if (gettype($value) != "string") {
throw new Exception("Only strings can be filtered" . " with " . $pattern);
}
#
return cleanHTML($value, $pattern);
}
function cleanMeta($s)
{
return cleanHTML(str_replace(array('\\n', '\\r'), '', $s));
}
function forum_bbcode_parse_clean($string)
{
// FIX LINE BREAKS
$string = htmlspecialchars_decode($string, ENT_QUOTES);
$string = censor($string);
if (!preg_match('/<[^>]+>/', $string)) {
$string = preg_replace(array("/\\r\\n/", "/\\r/", "/\\n/"), array("[br]", "[br]", "[br]"), $string);
}
// CLEAN HTML
$allowed_html = "ol,ul,li,strong,em,u,strike,p,br,a,embed,img";
$string = cleanHTML($string, $allowed_html, array("style"));
// FIX LINE BREAKS
$string = str_replace("[br]", "<br>", $string);
$string = preg_replace('/\\s+<br>\\s+/i', '<br>', $string);
$string = preg_replace('/(<br>){3,}/is', '<br><br>', $string);
// RE-ENCODE
$string = htmlspecialchars($string, ENT_QUOTES);
return $string;
}
function event_edit(&$event_title, &$event_desc, &$event_eventcat_id, $event_date_start, $event_date_end, &$event_host, &$event_location, $event_field_query)
{
global $database, $user, $actions;
// VALIDATE OWNER
if ($this->event_exists && $this->user_rank < 2) {
$this->is_error = 3000248;
return FALSE;
}
// INIT VARS
$event_id = !empty($this->event_info['event_id']) ? $this->event_info['event_id'] : NULL;
$event_title = censor($event_title);
$event_desc = censor(str_replace("\r\n", "<br />", html_entity_decode($event_desc, ENT_QUOTES)));
$event_desc = security(cleanHTML($event_desc, $user->level_info['level_event_html']));
$event_host = censor($event_host);
$event_location = censor(str_replace("\r\n", "<br />", $event_location));
$time = time();
// CHECK TO MAKE SURE TITLE HAS BEEN ENTERED
if (!trim($event_title)) {
$this->is_error = 3000246;
return FALSE;
}
// CHECK TO MAKE SURE CATEGORY HAS BEEN SELECTED
if (!$event_eventcat_id) {
$this->is_error = 3000247;
return FALSE;
}
// CHECK TO MAKE SURE END DATE IS AFTER START DATE (IF END DATE IS SET)
if ($event_date_end && $event_date_end < $event_date_start) {
$this->is_error = 3000249;
return FALSE;
}
// CHECK TO MAKE SURE THAT START DATE IS IN THE FUTURE IF BACKDATING NOT ALLOWED
if (!$user->level_info['level_event_backdate'] && $event_date_start < time()) {
// IF CREATING, ERROR
if (!$this->event_exists) {
$this->is_error = 3000250;
return FALSE;
} elseif ($event_date_start != $this->event_info['event_date_start'] || $event_date_end != $this->event_info['event_date_end']) {
$this->is_error = 3000250;
return FALSE;
}
}
// CREATE
if (!$event_id) {
// ADD ROW TO EVENTS TABLE
$sql = "\r\n INSERT INTO se_events (\r\n event_user_id,\r\n event_eventcat_id,\r\n event_title,\r\n event_desc,\r\n event_date_start,\r\n event_date_end,\r\n event_host,\r\n event_location,\r\n event_datecreated\r\n ) VALUES (\r\n '{$this->user_id}',\r\n '{$event_eventcat_id}',\r\n '{$event_title}',\r\n '{$event_desc}',\r\n '{$event_date_start}',\r\n '{$event_date_end}',\r\n '{$event_host}',\r\n '{$event_location}',\r\n '{$time}'\r\n )\r\n ";
$resource = $database->database_query($sql);
$event_id = $database->database_insert_id();
// MAKE EVENT EXIST
if ($event_id) {
$this->event_exists = TRUE;
$this->is_member = TRUE;
$this->user_rank = 3;
$this->event_info['event_id'] = $event_id;
$this->event_info['event_user_id'] = $this->user_id;
$this->eventowner_level_info =& $user->level_info;
}
// MAKE CREATOR A MEMBER
$sql = "INSERT INTO se_eventmembers (eventmember_user_id, eventmember_event_id, eventmember_status, eventmember_approved, eventmember_rank) VALUES ('{$this->user_id}', '{$event_id}', '1', '1', '3')";
$resource = $database->database_query($sql);
// ADD EVENT STYLES ROW
$sql = "INSERT INTO se_eventstyles (eventstyle_event_id) VALUES ('{$event_id}')";
$resource = $database->database_query($sql);
// ADD EVENT VALUES ROW
$sql = "INSERT INTO se_eventvalues (eventvalue_event_id) VALUES ('{$event_id}')";
$resource = $database->database_query($sql);
// ADD EVENT ALBUM
$sql = "\r\n INSERT INTO se_eventalbums\r\n (eventalbum_event_id, eventalbum_datecreated, eventalbum_dateupdated, eventalbum_title, eventalbum_desc, eventalbum_search, eventalbum_privacy, eventalbum_comments)\r\n VALUES\r\n ('{$event_id}', '{$time}', '{$time}', '', '', '{$this->event_info['event_search']}', '{$this->event_info['event_privacy']}', '{$this->event_info['event_comments']}')\r\n ";
$resource = $database->database_query($sql);
// INSERT ACTION
$event_title = $this->event_info['event_title'];
if (strlen($event_title) > 100) {
$event_title = substr($event_title, 0, 97) . "...";
}
$actions->actions_add($user, "newevent", array($user->user_info['user_username'], $user->user_displayname, $this->event_info['event_id'], $event_title), NULL, NULL, FALSE, "event", $event_id, $this->event_info['event_privacy']);
} else {
// IF NEW INVITE ONLY SETTING IS CHANGED TO 0, APPROVE ALL REQUESTS FOR INVITATION
if (!$event_inviteonly) {
$sql = "UPDATE se_eventmembers SET eventmember_status='1' WHERE eventmember_event_id='{$this->event_info['event_id']}' AND eventmember_status='0'";
$resource = $database->database_query($sql);
}
// UPDATE EVENT
$sql = "\r\n UPDATE\r\n se_events\r\n SET\r\n event_title='{$event_title}',\r\n event_eventcat_id='{$event_eventcat_id}',\r\n event_desc='{$event_desc}',\r\n event_date_start='{$event_date_start}',\r\n event_date_end='{$event_date_end}',\r\n event_host='{$event_host}',\r\n event_location='{$event_location}',\r\n event_dateupdated={$time}\r\n WHERE\r\n event_id='{$event_id}'\r\n LIMIT\r\n 1\r\n ";
$resource = $database->database_query($sql);
}
// TODO: UPDATE EVENT VALUES $event_field_query
if (!empty($event_field_query)) {
$sql = " UPDATE se_eventvalues SET {$event_field_query} WHERE eventvalue_event_id='{$event_id}' LIMIT 1";
$resource = $database->database_query($sql);
}
// ADD EVENT DIRECTORY
$event_directory = $this->event_dir($event_id);
$event_path_array = explode("/", $event_directory);
array_pop($event_path_array);
array_pop($event_path_array);
$subdir = implode("/", $event_path_array) . "/";
if (!is_dir($subdir)) {
mkdir($subdir, 0777);
chmod($subdir, 0777);
if ($handle = fopen($subdir . "index.php", 'x+')) {
fclose($handle);
}
}
if (!is_dir($event_directory)) {
mkdir($event_directory, 0777);
chmod($event_directory, 0777);
if ($handle = fopen($event_directory . "/index.php", 'x+')) {
fclose($event_directory);
}
}
return $event_id;
}
public function ajaxResponse(\AjaxResponseObject $ajaxResponseObject)
{
$data = array();
if (isset($this->params["attribute"]) && isset($this->params["value"])) {
$oldValue = self::getAttributeValue($this->object, $this->params["attribute"]);
try {
self::setAttributeValue($this->object, $this->params["attribute"], $this->params["value"]);
} catch (steam_exception $e) {
$data["oldValue"] = $oldValue;
$data["error"] = $e->get_message();
$data["undo"] = false;
$ajaxResponseObject->setStatus("ok");
$ajaxResponseObject->setData($data);
return $ajaxResponseObject;
}
$ajaxResponseObject->setStatus("ok");
$newValue = self::getAttributeValue($this->object, $this->params["attribute"]);
if ($newValue === $this->params["value"]) {
$data["oldValue"] = $oldValue;
$data["newValue"] = $newValue;
$data["error"] = "none";
$data["undo"] = true;
} else {
$data["oldValue"] = $oldValue;
$data["error"] = "Data could not be saved.";
$data["undo"] = false;
}
$ajaxResponseObject->setData($data);
} else {
if (isset($this->params["value"]) && !isset($this->params["attribute"]) && $this->object instanceof steam_document) {
$oldValue = $this->object->get_content();
try {
$this->object->set_content(cleanHTML($this->params["value"]));
} catch (steam_exception $e) {
$data["oldValue"] = $oldValue;
$data["error"] = $e->get_message();
$data["undo"] = false;
$ajaxResponseObject->setStatus("ok");
$ajaxResponseObject->setData($data);
return $ajaxResponseObject;
}
$ajaxResponseObject->setStatus("ok");
$newValue = $this->object->get_content();
//if ($newValue === $this->params["value"]) {
$data["oldValue"] = $oldValue;
$data["newValue"] = $newValue;
$data["error"] = "none";
$data["undo"] = true;
// } else {
// $data["oldValue"] = $oldValue;
// $data["error"] = "Data could not be saved.";
// $data["undo"] = false;
// }
$ajaxResponseObject->setData($data);
} else {
if (isset($this->params["annotate"])) {
$newValue = $this->params["annotate"];
$oldValue = "";
try {
$annotation = \steam_factory::create_document($GLOBALS["STEAM"]->get_id(), "Annotation", $newValue, "text/plain");
$this->object->add_annotation($annotation);
$data["oldValue"] = "";
$data["newValue"] = "";
$data["error"] = "none";
$data["undo"] = false;
} catch (steam_exception $e) {
$data["oldValue"] = "";
$data["error"] = $e->get_message();
$data["undo"] = false;
}
$ajaxResponseObject->setStatus("ok");
$ajaxResponseObject->setData($data);
return $ajaxResponseObject;
} else {
$ajaxResponseObject->setStatus("error");
}
}
}
return $ajaxResponseObject;
}
header("Location: user_poll.php");
exit;
}
// GET CURRENT POLL DATA
$poll_title = $poll->poll_info['poll_title'];
$poll_desc = $poll->poll_info['poll_desc'];
// EDIT THIS POLL
if ($task == "doedit") {
$poll_title = $_POST['poll_title'];
$poll_desc = $_POST['poll_desc'];
$poll_search = $_POST['poll_search'];
$poll_privacy = $_POST['poll_privacy'];
$poll_comments = $_POST['poll_comments'];
// HTML SUPPORT
$poll_title = censor(cleanHTML(htmlspecialchars_decode($poll_title), $setting['setting_poll_html']));
$poll_desc = censor(cleanHTML(htmlspecialchars_decode($poll_desc), $setting['setting_poll_html']));
// MAKE SURE TITLE IS PROVIDED
if (!trim($poll_title)) {
$is_error = 2500123;
}
// EDIT POLL
if (!$is_error) {
$poll->poll_edit($poll_title, $poll_desc, $poll_search, $poll_privacy, $poll_comments);
header("Location: user_poll.php");
exit;
}
}
// GET PREVIOUS PRIVACY SETTINGS
$level_poll_privacy = unserialize($user->level_info['level_poll_privacy']);
rsort($level_poll_privacy);
for ($c = 0; $c < count($level_poll_privacy); $c++) {
function _TooltipPlanet($Row, $Galaxy, $System, $Planet, $PlanetType)
{
global $lang, $dpath, $user, $HavePhalanx, $CurrentSystem, $CurrentGalaxy;
if ($Row && $Row["destruyed"] == 0 && $Row["id_planet"] != 0) {
if ($HavePhalanx != 0) {
if ($Row['id'] != $user['id']) {
if ($Row["galaxy"] == $CurrentGalaxy) {
$Range = GetPhalanxRange($HavePhalanx);
if ($SystemLimitMin < 1) {
$SystemLimitMin = 1;
}
$SystemLimitMax = $CurrentSystem + $Range;
if ($System <= $SystemLimitMax) {
if ($System >= $SystemLimitMin) {
$PhalanxTypeLink = "<a href=# onclick=fenster('phalanx.php?galaxy=" . $Galaxy . "&system=" . $System . "&planet=" . $Planet . "&planettype=" . $PlanetType . "') >" . $lang['gl_phalanx'] . "</a><br />";
} else {
$PhalanxTypeLink = "";
}
} else {
$PhalanxTypeLink = "";
}
} else {
$PhalanxTypeLink = "";
}
} else {
$PhalanxTypeLink = "";
}
} else {
$PhalanxTypeLink = "";
}
if ($Row['id'] != $user['id']) {
$MissionType6Link = "<a href=# onclick='javascript:pada_galaxy(6, " . $Galaxy . ", " . $System . ", " . $Planet . ", " . $PlanetType . ", " . $user["spio_anz"] . ");' >" . $lang['type_mission'][6] . "</a><br /><br />";
} elseif ($Row['id'] == $user['id']) {
$MissionType6Link = "";
}
if ($Row['id'] != $user['id']) {
$MissionType1Link = "<a href=fleet.php?galaxy=" . $Galaxy . "&system=" . $System . "&planet=" . $Planet . "&planettype=" . $PlanetType . "&target_mission=1>" . $lang['type_mission'][1] . "</a><br />";
} elseif ($Row['id'] == $user['id']) {
$MissionType1Link = "";
}
if ($Row['id'] != $user['id']) {
$MissionType5Link = "<a href=fleet.php?galaxy=" . $Galaxy . "&system=" . $System . "&planet=" . $Planet . "&planettype=" . $PlanetType . "&target_mission=5>" . $lang['type_mission'][5] . "</a><br />";
} elseif ($Row['id'] == $user['id']) {
$MissionType5Link = "";
}
if ($Row['id'] == $user['id']) {
$MissionType4Link = "<a href=fleet.php?galaxy=" . $Galaxy . "&system=" . $System . "&planet=" . $Planet . "&planettype=" . $PlanetType . "&target_mission=4>" . $lang['type_mission'][4] . "</a><br />";
} elseif ($Row['id'] != $user['id']) {
$MissionType4Link = "";
}
$MissionType3Link = "<a href=fleet.php?galaxy=" . $Galaxy . "&system=" . $System . "&planet=" . $Planet . "&planettype=" . $PlanetType . "&target_mission=3>" . $lang['type_mission'][3] . "</a>";
$Result .= "<a style=\"cursor: pointer;\"";
$Result .= " onmouseover='return overlib(\"";
$Result .= "<table width=240>";
$Result .= "<tr>";
$Result .= "<td class=c colspan=2>";
$Result .= $lang['gl_planet'] . " " . cleanHTML($Row['planet_name']) . " [" . $Galaxy . ":" . $System . ":" . $Planet . "]";
$Result .= "</td>";
$Result .= "</tr>";
$Result .= "<tr>";
$Result .= "<th width=80>";
$Result .= "<img src=" . $dpath . "planeten/small/s_" . $Row["image"] . ".jpg height=75 width=75 />";
$Result .= "</th>";
$Result .= "<th align=left>";
$Result .= $MissionType6Link;
$Result .= $PhalanxTypeLink;
$Result .= $MissionType1Link;
$Result .= $MissionType5Link;
$Result .= $MissionType4Link;
$Result .= $MissionType3Link;
$Result .= "</th>";
$Result .= "</tr>";
$Result .= "</table>\"";
$Result .= ", STICKY, MOUSEOFF, DELAY, 750, CENTER, OFFSETX, -40, OFFSETY, -40 );'";
$Result .= " onmouseout='return nd();'>";
$Result .= "<img src=" . $dpath . "planeten/small/s_" . $Row["image"] . ".jpg height=30 width=30>";
$Result .= "</a>";
}
return $Result;
}
function show_edit_form($posttype, $set, $postid, $edit_id)
{
$objSrcUser =& $GLOBALS["objSrcUser"];
$userid = $objSrcUser->get_userid();
$sql = "SELECT poster_id,poster_kd,post,title,parent_id FROM forum ";
$sql .= "WHERE post_id = {$edit_id}";
$edit = mysql_fetch_array(mysql_query($sql));
if ($userid != $edit['poster_id']) {
echo '<div class="center">' . "Sorry, you can't edit this post." . '</div>';
include_game_down();
exit;
}
$post = cleanHTML($edit['post']);
$post = str_replace("<br />", "", $post);
$post = strip_tags($post);
// remove <code></code>
$post = rtrim($post);
// to remove odd break-rows at end of a post
$title = cleanHTML($edit['title']);
if ($edit_id != $postid) {
$strTitleInput = '<input type="hidden" name="title" value="' . $title . '" />';
} else {
$strTitleInput = '<label for="i1">Topic:</label>' . '<br /><input type="text" name="title" size="40" ' . 'maxlength="30" value="' . $title . '" id="i1" /><br /><br />';
}
$strEditPostForm = '<div id="textMedium">' . '<h2>Edit post</h2>' . '<form action="main.php?cat=game&page=forums&set=' . $set . '&action=edit" method="post">' . $strTitleInput . '<label for="i2">Your Message</label>: ' . '<br /><textarea name="text" rows="8" cols="44" id="i2">' . $post . '</textarea>' . '<br /><br />' . '<input type="submit" value="Save changes" />' . '<br /><br />' . '<input type="checkbox" name="formatted" value="yes" id="i3" /> ' . '<label for="i3">With Tabs</label> (Sometimes this can make a copied table look great.)' . '<input type="hidden" name="edit_id" value="' . $edit_id . '" />' . '<input type="hidden" name="postid" value="' . $postid . '" />' . '</form>' . '</div>';
echo $strEditPostForm;
}
public function saveComments()
{
$this->ID_Application = POST("ID_Application");
$this->ID_Record = POST("ID_Record");
$this->comment = POST("comment", "clean", FALSE);
$this->email = POST("email");
$this->website = POST("website");
$this->name = SESSION("ZanUser") ? NULL : POST("name");
$this->username = SESSION("ZanUser") ? SESSION("ZanUser") : NULL;
$this->ID_User = SESSION("ZanUserID") ? (int) SESSION("ZanUserID") : 0;
$this->state = "Active";
$this->date1 = now(4);
$this->date2 = now(2);
$this->year = date("Y");
$this->month = date("m");
$this->day = date("d");
$this->URL = POST("URL");
if ($this->ID_Application === "3") {
if ($this->comment === NULL) {
return getAlert("Empty Comment");
}
if (isSPAM($this->comment) === TRUE) {
return getAlert("STOP, SPAM");
}
if (isVulgar($this->comment) === TRUE) {
return getAlert("STOP, The Comment is Vulgar");
}
if (isInjection($this->comment) === TRUE) {
return getAlert("STOP, Injection");
} else {
cleanHTML($this->comment);
}
if ($this->ID_User > 0) {
$this->Db->table($this->table);
$repost = $this->Db->findBySQL("Comment = '{$this->comment}' AND Year = '{$this->year}' AND Month = '{$this->month}' AND Day = '{$this->day}' AND Name = '{$this->name}'");
if (is_array($repost)) {
return getAlert("This Comment has been posted yet");
}
$fields = "ID_User, Username, Comment, Start_Date, Text_Date, Year, Month, Day, State";
$values = "'{$this->ID_User}', '{$this->username}', '{$this->comment}', '{$this->date1}', '{$this->date2}', '{$this->year}', '{$this->month}', '{$this->day}', '{$this->state}'";
$this->Db->table($this->table, $fields);
$this->Db->values($values);
$this->insertID1 = $this->Db->save();
$fields = "ID_Application, ID_Comment";
$values = "'3', '{$this->insertID1}'";
$this->Db->table("comments2applications", $fields);
$this->Db->values($values);
$this->insertID2 = $this->Db->save();
$fields = "ID_Comment2Application, ID_Record";
$values = "'{$this->insertID2}', '{$this->ID_Record}'";
$this->Db->table("comments2records", $fields);
$this->Db->values($values);
$this->insertID3 = $this->Db->save();
} else {
$this->Db->table($this->table);
$repost = $this->Db->findBySQL("ID_User = '******' AND Comment = '{$this->comment}' AND Year = '{$this->year}' AND Month = '{$this->month}' AND Day = '{$this->day}'");
if (is_array($repost)) {
return getAlert("This Comment has been posted yet");
}
if ($this->name === NULL) {
return getAlert("Empty Name");
}
if (isVulgar($this->name) === TRUE) {
return getAlert("STOP, Vulgar Name");
}
if (isInjection($this->name) === TRUE) {
return getAlert("STOP, Injection");
} else {
cleanHTML($this->comment);
}
if ($this->email === NULL) {
return getAlert("Empty Email");
}
if (isEmail($this->email) === FALSE) {
return getAlert("Invalid Email");
}
if (isset($this->website) and ping($this->website) === FALSE) {
if (isInjection($this->website) === TRUE) {
return getAlert("STOP, Injection");
} else {
cleanHTML($this->website);
}
return getAlert("Invalid Website");
}
$fields = "ID_User, Comment, Start_Date, Text_Date, Year, Month, Day, Name, Email, Website, State";
$values = "'{$this->ID_User}', '{$this->comment}', '{$this->date1}', '{$this->date2}', '{$this->year}', '{$this->month}', '{$this->day}', '{$this->name}', '{$this->email}', '{$this->website}', '{$this->state}'";
$this->Db->table($this->table, $fields);
$this->Db->values($values);
$this->insertID1 = $this->Db->save();
$fields = "ID_Application, ID_Comment";
$values = "'3', '{$this->insertID1}'";
$this->Db->table("comments2applications", $fields);
$this->Db->values($values);
$this->insertID2 = $this->Db->save();
$fields = "ID_Comment2Application, ID_Record";
$values = "'{$this->insertID2}', '{$this->ID_Record}'";
$this->Db->table("comments2records", $fields);
$this->Db->values($values);
$this->insertID3 = $this->Db->save();
}
if ($this->insertID1 === "rollback" or $this->insertID2 === "rollback" or $this->insertID3 === "rollback") {
$this->Db->rollBack();
return getAlert("Insert error");
} else {
$this->Db->commit();
return getAlert("The comment has been saved correctly", "success");
}
}
}
function field_list($validate = 0, $format = 0, $search = 0, $field_where = "")
{
global $database, $datetime, $setting;
// GET NON DEPENDENT FIELDS IN CAT IF NECESSARY
$field_count = 0;
$this->fields = array();
$field_query = "SELECT " . $this->type . "field_id AS field_id, " . $this->type . "field_order AS field_order, " . $this->type . "field_title AS field_title, " . $this->type . "field_desc AS field_desc, " . $this->type . "field_signup AS field_signup, " . $this->type . "field_error AS field_error, " . $this->type . "field_type AS field_type, " . $this->type . "field_style AS field_style, " . $this->type . "field_maxlength AS field_maxlength, " . $this->type . "field_link AS field_link, " . $this->type . "field_options AS field_options, " . $this->type . "field_required AS field_required, " . $this->type . "field_regex AS field_regex, " . $this->type . "field_special AS field_special, " . $this->type . "field_html AS field_html, " . $this->type . "field_search AS field_search, " . $this->type . "field_display AS field_display FROM se_" . $this->type . "fields WHERE " . $this->type . "field_dependency='0'";
if ($field_where != "") {
$field_query .= " AND ({$field_where})";
}
$field_query .= " ORDER BY " . $this->type . "field_order";
$fields = $database->database_query($field_query);
while ($field_info = $database->database_fetch_assoc($fields)) {
// SET FIELD VARS
$is_field_error = 0;
$field_value = "";
$field_value_formatted = "";
$field_value_min = "";
$field_value_max = "";
$field_options = array();
// FIELD TYPE SWITCH
switch ($field_info[field_type]) {
case 1:
// TEXT FIELD
// TEXT FIELD
case 2:
// TEXTAREA
// VALIDATE POSTED FIELD VALUE
if ($validate == 1) {
// RETRIEVE POSTED FIELD VALUE AND FILTER FOR ADMIN-SPECIFIED HTML TAGS
$var = "field_" . $field_info[field_id];
$field_value = security(cleanHTML(censor($_POST[$var]), $field_info[field_html]));
if ($field_info[field_type] == 2) {
$field_value = str_replace("\r\n", "<br>", $field_value);
}
// CHECK FOR REQUIRED
if ($field_info[field_required] != 0 && trim($field_value) == "") {
$this->is_error = 96;
$is_field_error = 1;
}
// RUN PREG MATCH (ONLY FOR TEXT FIELDS)
if ($field_info[field_regex] != "" && trim($field_value) != "") {
if (!preg_match($field_info[field_regex], $field_value)) {
$this->is_error = 97;
$is_field_error = 1;
}
}
// UPDATE SAVE VALUE QUERY
if ($this->field_query != "") {
$this->field_query .= ", ";
}
if ($field_info[field_special] == 2 || $field_info[field_special] == 3) {
$field_value = ucwords($field_value);
}
$this->field_query .= $this->type . "value_{$field_info['field_id']}='{$field_value}'";
// CREATE A SEARCH QUERY FROM POSTED FIELD VALUE
} elseif ($search == 1) {
if ($field_info[field_search] == 2) {
$var1 = "field_" . $field_info[field_id] . "_min";
if (isset($_POST[$var1])) {
$field_value_min = $_POST[$var1];
} elseif (isset($_GET[$var1])) {
$field_value_min = $_GET[$var1];
} else {
$field_value_min = "";
}
$var2 = "field_" . $field_info[field_id] . "_max";
if (isset($_POST[$var2])) {
$field_value_max = $_POST[$var2];
} elseif (isset($_GET[$var2])) {
$field_value_max = $_GET[$var2];
} else {
$field_value_max = "";
}
if ($field_value_min != "") {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= $this->type . "value_{$field_info['field_id']} >= {$field_value_min}";
$this->url_string .= $var1 . "=" . urlencode($field_value_min) . "&";
}
if ($field_value_max != "") {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= $this->type . "value_{$field_info['field_id']} <= {$field_value_max}";
$this->url_string .= $var2 . "=" . urlencode($field_value_max) . "&";
}
} elseif ($field_info[field_search] == 1) {
$var = "field_" . $field_info[field_id];
if (isset($_POST[$var])) {
$field_value = $_POST[$var];
} elseif (isset($_GET[$var])) {
$field_value = $_GET[$var];
} else {
$field_value = "";
}
if ($field_value != "") {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= $this->type . "value_{$field_info['field_id']} LIKE '%{$field_value}%'";
$this->url_string .= $var . "=" . urlencode($field_value) . "&";
}
} else {
$field_value = "";
}
// DO NOT VALIDATE FIELD VALUE AND DON'T CREATE SEARCH VALUE
} else {
// RETRIEVE DATABASE FIELD VALUE
if ($this->value_info != "") {
$value_column = $this->type . "value_" . $field_info[field_id];
$field_value = $this->value_info[$value_column];
}
}
// FORMAT VALUE FOR DISPLAY
if ($format == 1 && $field_info[field_display] != 0) {
// LINK BROWSABLE FIELD VALUES IF NECESSARY
if ($field_info[field_display] == 2) {
$br_exploded_field_values = explode("<br>", trim($field_value));
$exploded_field_values = array();
foreach ($br_exploded_field_values as $key => $value) {
$comma_exploded_field_values = explode(",", trim($value));
array_walk($comma_exploded_field_values, 'link_field_values', array($field_info[field_id], "", $field_info[field_link], $field_info[field_display]));
$exploded_field_values[$key] = implode(", ", $comma_exploded_field_values);
}
$field_value_formatted = implode("<br>", $exploded_field_values);
// MAKE SURE TO LINK FIELDS WITH A LINK TAG
} else {
$exploded_field_values = array(trim($field_value));
array_walk($exploded_field_values, 'link_field_values', array($field_info[field_id], "", $field_info[field_link], $field_info[field_display]));
$field_value_formatted = implode("", $exploded_field_values);
}
// DECODE TO MAKE HTML TAGS FOR FIELDS VALID
$field_value_formatted = htmlspecialchars_decode($field_value_formatted, ENT_QUOTES);
// FORMAT VALUE FOR FORM
} else {
if ($field_info[field_type] == 1) {
$options = unserialize($field_info[field_options]);
for ($i = 0, $max = count($options); $i < $max; $i++) {
SE_Language::_preload_multi($options[$i][label]);
SE_Language::load();
$field_options[] = array('label' => SE_Language::_get($options[$i][label]));
}
}
if ($field_info[field_type] == 2) {
$field_value = str_replace("<br>", "\r\n", $field_value);
}
}
break;
case 3:
// SELECT BOX
// SELECT BOX
case 4:
// RADIO BUTTON
// VALIDATE POSTED FIELD
if ($validate == 1) {
// RETRIEVE POSTED FIELD VALUE
$var = "field_" . $field_info[field_id];
$field_value = censor($_POST[$var]);
// CHECK FOR REQUIRED
if ($field_info[field_required] != 0 && ($field_value == "-1" || $field_value == "")) {
$this->is_error = 96;
$is_field_error = 1;
}
// UPDATE SAVE VALUE QUERY
if ($this->field_query != "") {
$this->field_query .= ", ";
}
$this->field_query .= $this->type . "value_{$field_info['field_id']}='{$field_value}'";
// CREATE A SEARCH QUERY FROM POSTED FIELD VALUE
} elseif ($search == 1) {
if ($field_info[field_search] == 2) {
$var1 = "field_" . $field_info[field_id] . "_min";
if (isset($_POST[$var1])) {
$field_value_min = $_POST[$var1];
} elseif (isset($_GET[$var1])) {
$field_value_min = $_GET[$var1];
} else {
$field_value_min = "";
}
$var2 = "field_" . $field_info[field_id] . "_max";
if (isset($_POST[$var2])) {
$field_value_max = $_POST[$var2];
} elseif (isset($_GET[$var2])) {
$field_value_max = $_GET[$var2];
} else {
$field_value_max = "";
}
if ($field_value_min != "" && $field_value_min != "-1") {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= $this->type . "value_{$field_info['field_id']} >= {$field_value_min}";
$this->url_string .= $var1 . "=" . urlencode($field_value_min) . "&";
}
if ($field_value_max != "" && $field_value_max != "-1") {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= $this->type . "value_{$field_info['field_id']} <= {$field_value_max}";
$this->url_string .= $var2 . "=" . urlencode($field_value_max) . "&";
}
} elseif ($field_info[field_search] == 1) {
$var = "field_" . $field_info[field_id];
if (isset($_POST[$var])) {
$field_value = $_POST[$var];
} elseif (isset($_GET[$var])) {
$field_value = $_GET[$var];
} else {
$field_value = "";
}
if ($field_value != "-1" && $field_value != "") {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= $this->type . "value_{$field_info['field_id']}='{$field_value}'";
$this->url_string .= $var . "=" . urlencode($field_value) . "&";
}
} else {
$field_value = "";
}
// DO NOT VALIDATE FIELD VALUE AND DON'T CREATE SEARCH VALUE
} else {
// RETRIEVE DATABASE FIELD VALUE
if ($this->value_info != "") {
$value_column = $this->type . "value_" . $field_info[field_id];
$field_value = $this->value_info[$value_column];
}
}
// LOOP OVER FIELD OPTIONS
$options = unserialize($field_info[field_options]);
for ($i = 0, $max = count($options); $i < $max; $i++) {
$dep_field_info = "";
$dep_field_value = "";
$dep_field_options = "";
// OPTION HAS DEPENDENCY
if ($options[$i][dependency] == "1") {
$dep_field_query = "SELECT " . $this->type . "field_id AS field_id, " . $this->type . "field_type AS field_type, " . $this->type . "field_title AS field_title, " . $this->type . "field_style AS field_style, " . $this->type . "field_options AS field_options, " . $this->type . "field_maxlength AS field_maxlength, " . $this->type . "field_link AS field_link, " . $this->type . "field_required AS field_required, " . $this->type . "field_regex AS field_regex, " . $this->type . "field_display AS field_display FROM se_" . $this->type . "fields WHERE " . $this->type . "field_id='" . $options[$i][dependent_id] . "' AND " . $this->type . "field_dependency='{$field_info['field_id']}'";
$dep_field = $database->database_query($dep_field_query);
if ($database->database_num_rows($dep_field) != "1") {
$options[$i][dependency] = 0;
} else {
$dep_field_info = $database->database_fetch_assoc($dep_field);
// VALIDATE POSTED FIELD VALUE
if ($validate == 1) {
// OPTION SELECTED
if ($field_value == $options[$i][value]) {
$dep_var = "field_" . $dep_field_info[field_id];
$dep_field_value = censor($_POST[$dep_var]);
// DEP FIELD TYPE
switch ($dep_field_info[field_type]) {
// TEXT FIELD
case "1":
// CHECK FOR REQUIRED
if ($dep_field_info[field_required] != 0 && trim($dep_field_value) == "") {
$this->is_error = 96;
$is_field_error = 1;
}
// RUN PREG MATCH
if ($dep_field_info[field_regex] != "" && trim($dep_field_value) != "") {
if (!preg_match($dep_field_info[field_regex], $dep_field_value)) {
$this->is_error = 97;
$is_field_error = 1;
}
}
break;
// SELECT BOX
// SELECT BOX
case "3":
// CHECK FOR REQUIRED
if ($dep_field_info['field_required'] != 0 && ($dep_field_value == "-1" || $dep_field_value == "")) {
$this->is_error = 96;
$is_field_error = 1;
}
break;
}
// OPTION NOT SELECTED
} else {
$dep_field_value = "";
}
// UPDATE SAVE VALUE QUERY
if ($this->field_query != "") {
$this->field_query .= ", ";
}
$this->field_query .= $this->type . "value_{$dep_field_info['field_id']}='{$dep_field_value}'";
// DO NOT VALIDATE POSTED FIELD VALUE
} else {
// RETRIEVE DATABASE FIELD VALUE
if ($this->value_info != "") {
$value_column = $this->type . "value_" . $dep_field_info[field_id];
$dep_field_value = $this->value_info[$value_column];
}
}
// RETRIEVE DEP FIELD OPTIONS
$dep_options = unserialize($dep_field_info[field_options]);
for ($i2 = 0, $max2 = count($dep_options); $i2 < $max2; $i2++) {
SE_Language::_preload($dep_options[$i2][label]);
$dep_field_options[] = array('value' => $dep_options[$i2][value], 'label' => $dep_options[$i2][label]);
if ($dep_options[$i2][value] == $dep_field_value) {
$dep_field_value_formatted = $dep_options[$i2][label];
}
}
}
}
// FORMAT VALUE FOR DISPLAY IF OPTION IS SELECTED
if ($format == 1 && $field_value == $options[$i][value] && $field_info[field_display] != 0) {
SE_Language::_preload_multi($dep_field_info[field_title], $options[$i][label]);
SE_Language::load();
$field_value_formatted = SE_Language::_get($options[$i][label]);
// LINK FIELD VALUES IF NECESSARY
if ($field_info[field_display] == 2) {
link_field_values($field_value_formatted, "", array($field_info[field_id], $options[$i][value], "", $field_info[field_display]));
}
// ADD DEPENDENT VALUE TO FIELD VALUE
if ($dep_field_value != "" && $dep_field_info[field_display] != 0) {
if ($dep_field_info[field_type] == 3) {
$dep_field_value_formatted = SE_Language::_get($dep_field_value_formatted);
} else {
$dep_field_value_formatted = $dep_field_value;
}
link_field_values($dep_field_value_formatted, "", array($dep_field_info[field_id], $dep_field_value, $dep_field_info[field_link], $dep_field_info[field_display]));
$field_value_formatted .= " " . SE_Language::_get($dep_field_info[field_title]) . " " . $dep_field_value_formatted;
}
}
// SET OPTIONS ARRAY
SE_Language::_preload_multi($dep_field_info[field_title], $options[$i][label]);
$field_options[] = array('value' => $options[$i][value], 'label' => $options[$i][label], 'dependency' => $options[$i][dependency], 'dep_field_id' => $dep_field_info[field_id], 'dep_field_title' => $dep_field_info[field_title], 'dep_field_type' => $dep_field_info[field_type], 'dep_field_required' => $dep_field_info[field_required], 'dep_field_maxlength' => $dep_field_info[field_maxlength], 'dep_field_options' => $dep_field_options, 'dep_field_style' => $dep_field_info[field_style], 'dep_field_value' => $dep_field_value, 'dep_field_error' => $dep_field_error);
}
break;
case 5:
// DATE FIELD
// SET MONTH, DAY, AND YEAR FORMAT FROM SETTINGS
switch ($setting[setting_dateformat]) {
case "n/j/Y":
case "n.j.Y":
case "n-j-Y":
$month_format = "n";
$day_format = "j";
$year_format = "Y";
$date_order = "mdy";
break;
case "Y/n/j":
case "Ynj":
$month_format = "n";
$day_format = "j";
$year_format = "Y";
$date_order = "ymd";
break;
case "Y-n-d":
$month_format = "n";
$day_format = "d";
$year_format = "Y";
$date_order = "ymd";
break;
case "Y-m-d":
$month_format = "m";
$day_format = "d";
$year_format = "Y";
$date_order = "ymd";
break;
case "j/n/Y":
case "j.n.Y":
$month_format = "n";
$day_format = "j";
$year_format = "Y";
$date_order = "dmy";
break;
case "M. j, Y":
$month_format = "M";
$day_format = "j";
$year_format = "Y";
$date_order = "mdy";
break;
case "F j, Y":
case "l, F j, Y":
$month_format = "F";
$day_format = "j";
$year_format = "Y";
$date_order = "mdy";
break;
case "j F Y":
case "D j F Y":
case "l j F Y":
$month_format = "F";
$day_format = "j";
$year_format = "Y";
$date_order = "dmy";
break;
case "D-j-M-Y":
case "D j M Y":
case "j-M-Y":
$month_format = "M";
$day_format = "j";
$year_format = "Y";
$date_order = "dmy";
break;
case "Y-M-j":
$month_format = "M";
$day_format = "j";
$year_format = "Y";
$date_order = "ymd";
break;
}
// VALIDATE POSTED VALUE
if ($validate == 1) {
// RETRIEVE POSTED FIELD VALUE
$var1 = "field_" . $field_info[field_id] . "_1";
$var2 = "field_" . $field_info[field_id] . "_2";
$var3 = "field_" . $field_info[field_id] . "_3";
$field_1 = $_POST[$var1];
$field_2 = $_POST[$var2];
$field_3 = $_POST[$var3];
// ORDER DATE VALUES PROPERLY
switch ($date_order) {
case "mdy":
$month = $field_1;
$day = $field_2;
$year = $field_3;
break;
case "ymd":
$year = $field_1;
$month = $field_2;
$day = $field_3;
break;
case "dmy":
$day = $field_1;
$month = $field_2;
$year = $field_3;
break;
}
// CONSTRUCT FIELD VALUE
$field_value = str_pad($year, 4, '0', STR_PAD_LEFT) . "-" . str_pad($month, 2, '0', STR_PAD_LEFT) . '-' . str_pad($day, 2, '0', STR_PAD_LEFT);
// CHECK FOR REQUIRED
if ($field_info['field_required'] && ($month == "00" || $day == "00" || $year == "00")) {
$this->is_error = 96;
$is_field_error = 1;
}
// UPDATE SAVE VALUE QUERY
if ($this->field_query != "") {
$this->field_query .= ", ";
}
$this->field_query .= $this->type . "value_{$field_info['field_id']}='{$field_value}'";
// CREATE A SEARCH QUERY FROM POSTED FIELD VALUE
} elseif ($search == 1) {
// DATE IS A BIRTHDAY
if ($field_info[field_special] == 1) {
// RESET DATE ORDER SO MONTH IS LAST
$date_order = "mdy";
// RETRIEVE MIN/MAX YEARS
$var3_min = "field_" . $field_info[field_id] . "_3_min";
$var3_max = "field_" . $field_info[field_id] . "_3_max";
if (isset($_POST[$var3_min])) {
$field_3_min = $_POST[$var3_min];
} elseif (isset($_GET[$var3_min])) {
$field_3_min = $_GET[$var3_min];
} else {
$field_3_min = "";
}
if (isset($_POST[$var3_max])) {
$field_3_max = $_POST[$var3_max];
} elseif (isset($_GET[$var3_max])) {
$field_3_max = $_GET[$var3_max];
} else {
$field_3_max = "";
}
$this->url_string .= $var3_min . "=" . urlencode($field_3_min) . "&";
$this->url_string .= $var3_max . "=" . urlencode($field_3_max) . "&";
// CONSTRUCT SEARCH VALUES (MIN YEAR)
// IMPORTANT NOTE - BECAUSE IT DISPLAYS THE AGE (NOT THE YEAR) TO THE SEARCHER, THIS ACTUALLY CORRESPONDS TO THE MINIMUM AGE (MAXIMUM YEAR)
$field_value_min = str_pad($field_3_min, 4, '0', STR_PAD_LEFT);
if ($field_value_min != "0000") {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= $this->type . "value_{$field_info['field_id']}<='{$field_value_min}-" . date('m', time()) . "-" . date('d', time()) . "'";
}
// CONSTRUCT SEARCH VALUES (MAX YEAR)
// IMPORTANT NOTE - BECAUSE IT DISPLAYS THE AGE (NOT THE YEAR) TO THE SEARCHER, THIS ACTUALLY CORRESPONDS TO THE MAXIMUM AGE (MINIMUM YEAR)
$field_value_max = str_pad($field_3_max, 4, '0', STR_PAD_LEFT);
if ($field_value_max != "0000") {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= $this->type . "value_{$field_info['field_id']}>=DATE_ADD('" . ($field_value_max - 1) . "-" . date('m', time()) . "-" . date('d', time()) . "', INTERVAL 1 DAY)";
}
// EXCLUDE USERS WHO HAVE NOT ENTERED A BIRTH YEAR
if ($field_value_min != "0000" || $field_value_max != "0000") {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= "YEAR(" . $this->type . "value_{$field_info['field_id']})<>'0000'";
}
// DATE IS NOT A BIRTHDAY
} else {
// RETRIEVE VALUES
$var1 = "field_" . $field_info[field_id] . "_1";
$var2 = "field_" . $field_info[field_id] . "_2";
$var3 = "field_" . $field_info[field_id] . "_3";
if (isset($_POST[$var1])) {
$field_1 = $_POST[$var1];
} elseif (isset($_GET[$var1])) {
$field_1 = $_GET[$var1];
} else {
$field_1 = "";
}
if (isset($_POST[$var2])) {
$field_2 = $_POST[$var2];
} elseif (isset($_GET[$var2])) {
$field_2 = $_GET[$var2];
} else {
$field_2 = "";
}
if (isset($_POST[$var3])) {
$field_3 = $_POST[$var3];
} elseif (isset($_GET[$var3])) {
$field_3 = $_GET[$var3];
} else {
$field_3 = "";
}
$this->url_string .= $var1 . "=" . urlencode($field_1) . "&";
$this->url_string .= $var2 . "=" . urlencode($field_2) . "&";
$this->url_string .= $var3 . "=" . urlencode($field_3) . "&";
// ORDER DATE VALUES PROPERLY
switch ($date_order) {
case "mdy":
$month = str_pad($field_1, 2, '0', STR_PAD_LEFT);
$day = str_pad($field_2, 2, '0', STR_PAD_LEFT);
$year = str_pad($field_3, 4, '0', STR_PAD_LEFT);
break;
case "ymd":
$year = str_pad($field_1, 4, '0', STR_PAD_LEFT);
$month = str_pad($field_2, 2, '0', STR_PAD_LEFT);
$day = str_pad($field_3, 2, '0', STR_PAD_LEFT);
break;
case "dmy":
$day = str_pad($field_1, 2, '0', STR_PAD_LEFT);
$month = str_pad($field_2, 2, '0', STR_PAD_LEFT);
$year = str_pad($field_3, 4, '0', STR_PAD_LEFT);
break;
}
// CONSTRUCT FIELD VALUE
$field_value = $year . "-" . $month . '-' . $day;
if ($month != "00") {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= "MONTH(" . $this->type . "value_{$field_info['field_id']})='{$month}'";
}
if ($day != "00") {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= "DAY(" . $this->type . "value_{$field_info['field_id']})='{$day}'";
}
if ($year != "0000") {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= "YEAR(" . $this->type . "value_{$field_info['field_id']})='{$year}'";
}
}
// DO NOT VALIDATE FIELD VALUE AND DON'T CREATE SEARCH VALUE
} else {
// RETRIEVE DATABASE FIELD VALUE
if ($this->value_info != "") {
$value_column = $this->type . "value_" . $field_info[field_id];
$field_value = $this->value_info[$value_column];
} else {
$field_value = "0000-00-00";
}
}
$year = substr($field_value, 0, 4);
$month = substr($field_value, 5, 2);
$day = substr($field_value, 8, 2);
// FORMAT VALUE FOR DISPLAY
if ($format == 1 && $field_info[field_display] != 0) {
if ($field_value != "0000-00-00") {
if ($year == "0000") {
$year = "";
}
if ($month == "00") {
$month = "";
} else {
$month = $datetime->cdate("F", mktime(0, 0, 0, $month, 1, 1990));
}
if ($day == "00") {
$day = "";
} else {
$day = $datetime->cdate("{$day_format}", mktime(0, 0, 0, 1, $day, 1990));
}
switch ($date_order) {
case "mdy":
$field_value_formatted = "{$month} {$day} {$year}";
break;
case "ymd":
$field_value_formatted = "{$year} {$month} {$day}";
break;
case "dmy":
$field_value_formatted = "{$day} {$month} {$year}";
break;
}
if ($field_info[field_display] == 2) {
link_field_values($field_value_formatted, "", array($field_info[field_id], $field_value, "", $field_info[field_display]));
}
}
// FORMAT VALUE FOR FORM
} else {
// GET LANGUAGE VARS
SE_Language::_preload_multi(579, 580, 581);
// CONSTRUCT MONTH ARRAY
$month_array = array();
$month_array[0] = array('name' => "579", 'value' => "0", 'selected' => "");
for ($m = 1; $m <= 12; $m++) {
if ($month == $m) {
$selected = " SELECTED";
} else {
$selected = "";
}
$month_array[$m] = array('name' => $datetime->cdate("{$month_format}", mktime(0, 0, 0, $m, 1, 1990)), 'value' => $m, 'selected' => $selected);
}
// CONSTRUCT DAY ARRAY
$day_array = array();
$day_array[0] = array('name' => "580", 'value' => "0", 'selected' => "");
for ($d = 1; $d <= 31; $d++) {
if ($day == $d) {
$selected = " SELECTED";
} else {
$selected = "";
}
$day_array[$d] = array('name' => $datetime->cdate("{$day_format}", mktime(0, 0, 0, 1, $d, 1990)), 'value' => $d, 'selected' => $selected);
}
// CONSTRUCT YEAR ARRAY
$year_array = array();
$year_count = 1;
$current_year = $datetime->cdate("Y", time());
$year_array[0] = array('name' => "581", 'value' => "0", 'selected' => "");
for ($y = $current_year; $y >= 1920; $y--) {
if ($year == $y) {
$selected = " SELECTED";
} else {
$selected = "";
}
$year_array[$year_count] = array('name' => $y, 'value' => $y, 'selected' => $selected);
$year_count++;
}
// ORDER DATE ARRAYS PROPERLY
switch ($date_order) {
case "mdy":
$date_array1 = $month_array;
$date_array2 = $day_array;
$date_array3 = $year_array;
break;
case "ymd":
$date_array1 = $year_array;
$date_array2 = $month_array;
$date_array3 = $day_array;
break;
case "dmy":
$date_array1 = $day_array;
$date_array2 = $month_array;
$date_array3 = $year_array;
break;
}
}
break;
case 6:
// CHECKBOXES
// VALIDATE POSTED FIELD
if ($validate == 1) {
// RETRIEVE POSTED FIELD VALUE
$var = "field_" . $field_info[field_id];
$field_value = $_POST[$var];
// CHECK FOR REQUIRED
if ($field_info[field_required] != 0 && count($field_value) == 0) {
$this->is_error = 96;
$is_field_error = 1;
}
// UPDATE SAVE VALUE QUERY
if ($this->field_query != "") {
$this->field_query .= ", ";
}
$this->field_query .= $this->type . "value_{$field_info['field_id']}='" . implode(",", $field_value) . "'";
// CREATE A SEARCH QUERY FROM POSTED FIELD VALUE
} elseif ($search == 1) {
$var = "field_" . $field_info[field_id];
if (isset($_POST[$var])) {
$field_value = $_POST[$var];
} elseif (isset($_GET[$var])) {
$field_value = $_GET[$var];
} else {
$field_value = "";
}
if (count($field_value) != 0 && $field_value != "") {
for ($o = 0; $o < count($field_value); $o++) {
if ($this->field_query != "") {
$this->field_query .= " AND ";
}
$this->field_query .= "FIND_IN_SET('" . $field_value[$o] . "', " . $this->type . "value_{$field_info['field_id']})";
$this->url_string .= $var . "[]=" . urlencode($field_value[$o]) . "&";
}
}
// DO NOT VALIDATE FIELD VALUE AND DON'T CREATE SEARCH VALUE
} else {
// RETRIEVE DATABASE FIELD VALUE
if ($this->value_info != "") {
$value_column = $this->type . "value_" . $field_info[field_id];
$field_value = explode(",", $this->value_info[$value_column]);
}
}
// LOOP OVER FIELD OPTIONS
$options = unserialize($field_info[field_options]);
for ($i = 0, $max = count($options); $i < $max; $i++) {
$dep_field_info = "";
$dep_field_value = "";
$dep_field_options = "";
// OPTION HAS DEPENDENCY
if ($options[$i][dependency] == "1") {
$dep_field_query = "SELECT " . $this->type . "field_id AS field_id, " . $this->type . "field_type AS field_type, " . $this->type . "field_title AS field_title, " . $this->type . "field_style AS field_style, " . $this->type . "field_options AS field_options, " . $this->type . "field_maxlength AS field_maxlength, " . $this->type . "field_link AS field_link, " . $this->type . "field_required AS field_required, " . $this->type . "field_regex AS field_regex, " . $this->type . "field_display AS field_display FROM se_" . $this->type . "fields WHERE " . $this->type . "field_id='" . $options[$i][dependent_id] . "' AND " . $this->type . "field_dependency='{$field_info['field_id']}'";
$dep_field = $database->database_query($dep_field_query);
if ($database->database_num_rows($dep_field) != "1") {
$options[$i][dependency] = 0;
} else {
$dep_field_info = $database->database_fetch_assoc($dep_field);
// VALIDATE POSTED FIELD VALUE
if ($validate == 1) {
// OPTION SELECTED
if (in_array($options[$i][value], $field_value)) {
$dep_var = "field_" . $dep_field_info[field_id];
$dep_field_value = censor($_POST[$dep_var]);
// DEP FIELD TYPE
switch ($dep_field_info[field_type]) {
// TEXT FIELD
case "1":
// CHECK FOR REQUIRED
if ($dep_field_info[field_required] != 0 && trim($dep_field_value) == "") {
$this->is_error = 96;
$is_field_error = 1;
}
// RUN PREG MATCH
if ($dep_field_info[field_regex] != "" && trim($dep_field_value) != "") {
if (!preg_match($dep_field_info[field_regex], $dep_field_value)) {
$this->is_error = 97;
$is_field_error = 1;
}
}
break;
// SELECT BOX
// SELECT BOX
case "3":
// CHECK FOR REQUIRED
if ($dep_field_info['field_required'] != 0 && ($dep_field_value == "-1" || $dep_field_value == "")) {
$this->is_error = 96;
$is_field_error = 1;
}
break;
}
// OPTION NOT SELECTED
} else {
$dep_field_value = "";
}
// UPDATE SAVE VALUE QUERY
if ($this->field_query != "") {
$this->field_query .= ", ";
}
$this->field_query .= $this->type . "value_{$dep_field_info['field_id']}='{$dep_field_value}'";
// DO NOT VALIDATE POSTED FIELD VALUE
} else {
// RETRIEVE DATABASE FIELD VALUE
if ($this->value_info != "") {
$value_column = $this->type . "value_" . $dep_field_info[field_id];
$dep_field_value = $this->value_info[$value_column];
}
}
// RETRIEVE DEP FIELD OPTIONS
$dep_options = unserialize($dep_field_info[field_options]);
for ($i2 = 0, $max2 = count($dep_options); $i2 < $max2; $i2++) {
SE_Language::_preload($dep_options[$i2][label]);
$dep_field_options[] = array('value' => $dep_options[$i2][value], 'label' => $dep_options[$i2][label]);
if ($dep_options[$i2][value] == $dep_field_value) {
$dep_field_value_formatted = $dep_options[$i2][label];
}
}
}
}
// FORMAT VALUE FOR DISPLAY IF OPTION IS SELECTED
if ($format == 1 && in_array($options[$i][value], $field_value) && $field_info[field_display] != 0) {
SE_Language::_preload_multi($dep_field_info[field_title], $options[$i][label]);
SE_Language::load();
$formatted_prelim = SE_Language::_get($options[$i][label]);
// LINK FIELD VALUES IF NECESSARY
if ($field_info[field_display] == 2) {
link_field_values($formatted_prelim, "", array($field_info[field_id], $options[$i][value], "", $field_info[field_display]));
}
// ADD DEPENDENT VALUE TO FIELD VALUE
if ($dep_field_value != "" && $dep_field_info[field_display] != 0) {
if ($dep_field_info[field_type] == 3) {
$dep_field_value_formatted = SE_Language::_get($dep_field_value_formatted);
} else {
$dep_field_value_formatted = $dep_field_value;
}
link_field_values($dep_field_value_formatted, "", array($dep_field_info[field_id], $dep_field_value, $dep_field_info[field_link], $dep_field_info[field_display]));
$field_value_formatted .= " " . SE_Language::_get($dep_field_info[field_title]) . " " . $dep_field_value_formatted;
}
if (trim($field_value_formatted) != "") {
$field_value_formatted .= ", ";
}
$field_value_formatted .= $formatted_prelim;
}
// SET OPTIONS ARRAY
SE_Language::_preload_multi($dep_field_info[field_title], $options[$i][label]);
$field_options[] = array('value' => $options[$i][value], 'label' => $options[$i][label], 'dependency' => $options[$i][dependency], 'dep_field_id' => $dep_field_info[field_id], 'dep_field_title' => $dep_field_info[field_title], 'dep_field_type' => $dep_field_info[field_type], 'dep_field_required' => $dep_field_info[field_required], 'dep_field_maxlength' => $dep_field_info[field_maxlength], 'dep_field_options' => $dep_field_options, 'dep_field_style' => $dep_field_info[field_style], 'dep_field_value' => $dep_field_value, 'dep_field_error' => $dep_field_error);
}
break;
}
// SET FIELD ERROR IF ERROR OCCURRED
if ($is_field_error == 1) {
$field_error = $field_info[field_error];
} else {
$field_error = 0;
}
// SET FIELD VALUE ARRAY FOR LATER USE
// FIX THIS FOR CHECKBOXES (USED FOR SUBNETS?)
$this->fields_new[$this->type . "value_" . $field_info[field_id]] = $field_value;
// SET SPECIAL FIELDS, IF NECESSARY
if ($field_info[field_special] != 0) {
$this->field_special[$field_info[field_special]] = $field_value;
}
// SAVE FORMATTED FIELD VALUE IN ARRAY
if ($field_value_formatted != "") {
$this->field_values[] = $field_value_formatted;
}
// SET FIELD ARRAY AND INCREMENT FIELD COUNT
if ($format == 0 && $search == 0 || $format == 1 && $field_value_formatted != "" || $search == 1 && $field_info[field_search] != 0) {
SE_Language::_preload_multi($field_info[field_title], $field_info[field_desc], $field_info[field_error]);
$this->fields[] = $this->fields_all[] = array('field_id' => $field_info[field_id], 'field_title' => $field_info[field_title], 'field_desc' => $field_info[field_desc], 'field_type' => $field_info[field_type], 'field_required' => $field_info[field_required], 'field_style' => $field_info[field_style], 'field_maxlength' => $field_info[field_maxlength], 'field_special' => $field_info[field_special], 'field_signup' => $field_info[field_signup], 'field_search' => $field_info[field_search], 'field_options' => $field_options, 'field_value' => $field_value, 'field_value_formatted' => $field_value_formatted, 'field_value_min' => $field_value_min, 'field_value_max' => $field_value_max, 'field_error' => $field_error, 'date_array1' => $date_array1, 'date_array2' => $date_array2, 'date_array3' => $date_array3);
$field_count++;
}
}
}
print '<div class="news-wrapper">';
}
$URL = _webBase . _sh . _webLang . _sh . _blog . _sh;
if (isset($post["categories"][0]["Title"])) {
$category = '<span class="new-category">' . a($post["categories"][0]["Title"], $URL . _category . _sh . $post["categories"][0]["Slug"]) . '</span> ';
} else {
$category = NULL;
}
$URL = _webBase . _sh . _webLang . _sh . _blog . _sh . $post["post"]["Year"] . _sh . $post["post"]["Month"] . _sh . $post["post"]["Day"] . _sh;
print '<div class="new">';
print $category;
if ($post["post"]["Image_Medium"] !== "") {
print a(img(_webURL . _sh . $post["post"]["Image_Medium"], $post["categories"][0]["Title"], "new-image"), $URL . $post["post"]["Slug"]) . "<br />";
} else {
print '<br />';
}
print '<span class="new-title">' . a(cut($post["post"]["Title"], 10), $URL . $post["post"]["Slug"]) . '</span><br />';
print cut(cleanHTML($post["post"]["Content"]), 16) . " <br /> " . a(__("Read more"), $URL . $post["post"]["Slug"]);
print '</div>';
if ($i === 2 or $j === $total) {
print '<div class="clear"></div>';
print '</div>';
$i = 0;
} else {
$i++;
}
$j++;
}
}
}
print '</div>';
/**
* filter
*
* Cleans a string
*
* @param string $text
* @param string $cleanHTML = FALSE
* @return string $text
*/
function filter($text, $filter = FALSE)
{
if (is_null($text)) {
return FALSE;
}
if ($text === TRUE) {
return TRUE;
} elseif ($filter === TRUE) {
$text = cleanHTML($text);
} else {
$text = addslashes($text);
}
$text = str_replace("<", "", $text);
$text = str_replace(">", "", $text);
$text = str_replace("%27", "", $text);
$text = str_replace("%22", "", $text);
$text = str_replace("%20", "+", $text);
$text = str_replace("indexphp", "index.php", $text);
return $text;
}
/**
* filter
*
* Cleans a string
*
* @param string $text
* @param string $cleanHTML = FALSE
* @return string $text
*/
function filter($text, $filter = FALSE)
{
if (is_null($text) or !is_string($text)) {
return FALSE;
}
if ($filter === TRUE) {
$text = cleanHTML($text);
} elseif ($filter === "escape") {
$text = addslashes($text);
} else {
$text = str_replace("'", "", $text);
$text = str_replace('"', "", $text);
$text = str_replace("\\", "", $text);
}
$text = str_replace("<", "", $text);
$text = str_replace(">", "", $text);
$text = str_replace("%27", "", $text);
$text = str_replace("%22", "", $text);
$text = str_replace("%20", "", $text);
$text = str_replace("indexphp", "index.php", $text);
return $text;
}
public function frameResponse(\FrameResponseObject $frameResponseObject)
{
/* if (isset($this->params[1])) {
$object = \steam_factory::get_object($GLOBALS["STEAM"]->get_id(), $this->id);
$parent = $object->get_environment();
if ($parent instanceof \steam_container) {
$doc = $parent->get_object_by_name($this->params[1]);
if ($doc instanceof \steam_document) {
header("location: " . PATH_URL . "Download/Document/" . $doc->get_id());
exit;
}
}
\ExtensionMaster::getInstance()->send404Error();
exit;
}*/
if (isset($this->id)) {
$object = \steam_factory::get_object($GLOBALS["STEAM"]->get_id(), $this->id);
$objName = $object->get_name();
if ($object instanceof \steam_docextern) {
$actionBar = new \Widgets\ActionBar();
$actionBar->setActions(array(array("name" => "URL in neuem Fenster öffnen", "link" => "javascript:window.open('{$object->get_attribute("DOC_EXTERN_URL")}');")));
$rawHtml = new \Widgets\RawHtml();
$rawHtml->setHtml("<iframe height=\"800px\" width=\"100%\" src=\"{$object->get_attribute("DOC_EXTERN_URL")}\" scrolling=\"yes\"></iframe>");
$frameResponseObject->setTitle($objName);
$frameResponseObject->addWidget($actionBar);
$frameResponseObject->addWidget($rawHtml);
return $frameResponseObject;
} else {
if ($object instanceof \steam_document) {
$mimetype = $object->get_attribute(DOC_MIME_TYPE);
$objDesc = trim($object->get_attribute(OBJ_DESC));
$actionBar = new \Widgets\ActionBar();
$actionBar->setActions(array(array("name" => "Herunterladen", "link" => PATH_URL . "Download/Document/" . $this->id . "/" . $objName), array("name" => "Eigenschaften", "ajax" => array("onclick" => array("command" => "properties", "params" => array("id" => $this->id), "requestType" => "popup"))), array("name" => "Rechte", "ajax" => array("onclick" => array("command" => "Sanctions", "params" => array("id" => $this->id), "requestType" => "popup")))));
if ($objDesc === 0 || $objDesc === "") {
$name = $objName;
} else {
$name = $objDesc . " (" . $objName . ")";
}
$html = "";
if ($mimetype == "image/png" || $mimetype == "image/jpeg" || $mimetype == "image/jpg" || $mimetype == "image/gif") {
// Image
$html = "<div style=\"text-align:center\"><img style=\"max-width:100%\" title=\"{$name}\" alt=\"Bild: {$name}\" src=\"" . PATH_URL . "Download/Document/" . $this->id . "/\"></div>";
} else {
if ($mimetype == "text/html") {
$actionBar->setActions(array(array("name" => "Bearbeiten", "link" => PATH_URL . "Explorer/EditDocument/" . $this->id . "/"), array("name" => "Quelltext", "link" => PATH_URL . "Explorer/CodeEditDocument/" . $this->id . "/"), array("name" => "Eigenschaften", "ajax" => array("onclick" => array("command" => "properties", "params" => array("id" => $this->id), "requestType" => "popup"))), array("name" => "Rechte", "ajax" => array("onclick" => array("command" => "Sanctions", "params" => array("id" => $this->id), "requestType" => "popup")))));
//$html = "<B>Hello</I> How are <U> you?</B>";
$html = cleanHTML($object->get_content());
$dirname = dirname($object->get_path()) . "/";
preg_match_all('/href="([%a-z0-9.-_\\/]*)"/iU', $html, $matches);
$orig_matches = $matches[0];
$path_matches = $matches[1];
foreach ($path_matches as $key => $path) {
$path = urldecode($path);
if (parse_url($path, PHP_URL_SCHEME) != null) {
continue;
}
$ref_object = \steam_factory::get_object_by_name($GLOBALS["STEAM"]->get_id(), $dirname . $path);
if ($ref_object instanceof \steam_object) {
$new_path = PATH_URL . "explorer/index/" . $ref_object->get_id();
} else {
$new_path = PATH_URL . "404/";
}
$html = str_replace($orig_matches[$key], "href=\"" . $new_path . "\"", $html);
}
preg_match_all('/src="([%a-z0-9.\\-_\\/]*)"/iU', $html, $matches);
$orig_matches = $matches[0];
$path_matches = $matches[1];
foreach ($path_matches as $key => $path) {
$path = urldecode($path);
if (parse_url($path, PHP_URL_SCHEME) != null) {
continue;
}
$ref_object = \steam_factory::get_object_by_name($GLOBALS["STEAM"]->get_id(), $dirname . $path);
if ($ref_object instanceof \steam_object) {
$new_path = PATH_URL . "Download/Document/" . $ref_object->get_id();
} else {
$new_path = PATH_URL . "styles/standard/images/404.jpg";
}
$html = str_replace($orig_matches[$key], "src=\"" . $new_path . "\"", $html);
}
// die;
// $html = preg_replace('/href="([a-z0-9.-_\/]*)"/iU', 'href="' . $config_webserver_ip . '/tools/get.php?object=' . $current_path . '$1"', $html);
// $html = preg_replace('/src="([a-z0-9.\-_\/]*)"/iU', 'src="' . $config_webserver_ip . '/tools/get.php?object=' . $current_path . '$1"', $html);
} else {
if (strstr($mimetype, "text")) {
$bidDokument = new \BidDocument($object);
$actionBar->setActions(array(array("name" => "Bearbeiten", "link" => PATH_URL . "Explorer/EditDocument/" . $this->id . "/"), array("name" => "Herunterladen", "link" => PATH_URL . "Download/Document/" . $this->id . "/"), array("name" => "Eigenschaften", "ajax" => array("onclick" => array("command" => "properties", "params" => array("id" => $this->id), "requestType" => "popup"))), array("name" => "Rechte", "ajax" => array("onclick" => array("command" => "Sanctions", "params" => array("id" => $this->id), "requestType" => "popup")))));
//$html = "<pre>{$object->get_content()}</pre>";
$html = $bidDokument->get_content();
} else {
header("location: " . PATH_URL . "Download/Document/" . $this->id . "/");
}
}
}
$rawHtml = new \Widgets\RawHtml();
$rawHtml->setHtml($html);
//$rawHtml->addWidget($breadcrumb);
//$rawHtml->addWidget($environment);
//$rawHtml->addWidget($loader);
$frameResponseObject->setTitle($name);
$frameResponseObject->addWidget($actionBar);
$frameResponseObject->addWidget($rawHtml);
return $frameResponseObject;
}
}
} else {
header("location: " . PATH_URL . "404/");
}
}
function user_message_send($to, $subject, $message, $convo_id = NULL)
{
global $database, $notify, $url;
$recipients = array();
$recipients_full = array();
// VALIDATE CONVERSATION ID
if (!$convo_id || !is_numeric($convo_id)) {
$convo_id = 0;
}
// CHECK TO SEE IF MESSAGE IS EMPTY
if (!trim($message)) {
$this->is_error = 796;
}
// NEW MESSAGE
if (!$convo_id) {
// ORGANIZE RECIPIENTS
$tos = array_filter(preg_split('/[\\s,;]+?/', $to));
array_splice($tos, $this->level_info['level_message_recipients']);
// LOOP OVER RECIPIENTS
foreach ($tos as $to_username) {
// CANT SEND TO SELF
if (strtolower($to_username) == strtolower($this->user_info['user_username'])) {
continue;
}
// GET TO USER OBJECT
$to_user = new SEUser(array(NULL, $to_username));
// CANT SEND TO NON EXISTENT USER. BLOCKED USER, OR USERS NOT ALLOWED TO USE MESSAGES
if (!$to_user->user_exists) {
continue;
}
if ($to_user->user_blocked($this->user_info['user_id'])) {
continue;
}
if (!$this->level_info['level_message_allow']) {
continue;
}
// CHECK MESSAGE TYPES AND ADD RECIPIENT
if ($this->level_info['level_message_allow'] == 2 || $this->level_info['level_message_allow'] == 1 && $this->user_friended($to_user->user_info['user_id'])) {
$recipients_full[$to_user->user_info['user_id']] =& $to_user;
$recipients[] = $to_user->user_info['user_id'];
}
}
// ENSURE THERE ARE RECIPIENTS
if (empty($recipients)) {
$this->is_error = 795;
}
// IF NO ERROR, CREATE CONVERSATION
if (!$this->is_error) {
// CREATE CONVO
$sql = "INSERT INTO se_pmconvos (pmconvo_subject, pmconvo_recipients) VALUES ('" . addslashes($subject) . "', '" . (count($recipients) + 1) . "')";
$resource = $database->database_query($sql);
$convo_id = $database->database_insert_id();
// CREATE CONVOOPS
$sql = "\r\n INSERT INTO se_pmconvoops\r\n (pmconvoop_pmconvo_id, pmconvoop_user_id, pmconvoop_deleted_outbox, pmconvoop_deleted_inbox)\r\n VALUES\r\n ('{$convo_id}', '{$this->user_info['user_id']}', 0, 1)";
//$is_first = TRUE;
foreach ($recipients as $to_user_id) {
$sql .= ", ('{$convo_id}', '{$to_user_id}', 1, 0)";
}
// EXECUTE QUERY
$resource = $database->database_query($sql);
}
} else {
$sql = "SELECT pmconvoop_user_id FROM se_pmconvoops WHERE pmconvoop_pmconvo_id='{$convo_id}'";
$resource = $database->database_query($sql);
$unauthorized = TRUE;
while ($pmconvoop_info = $database->database_fetch_assoc($resource)) {
if ($pmconvoop_info['pmconvoop_user_id'] != $this->user_info['user_id']) {
$recipients[] = $pmconvoop_info['pmconvoop_user_id'];
} else {
$unauthorized = FALSE;
}
}
// USER WAS NOT IN CONVERSATION
if ($unauthorized) {
$this->is_error = 39;
}
// FIX THIS CODE RANDOM NUMBER TEMP
}
// IF NO ERROR, ADD MESSAGE TO CONVERSATION
if (!$this->is_error) {
// LINK ALL LINKS
$message = ereg_replace("http://([.]?[a-zA-Z0-9_/-])*", "<a href=\"\\0\" target=\"_blank\">\\0</a>", $message);
$message = ereg_replace("(^| |\n)(www([.]?[a-zA-Z0-9_/-])*)", "\\1<a href=\"http://\\2\" target=\"_blank\">\\2</a>", $message);
// RUN SECURITY ON THE MESSAGE TO ENSURE NO XSS ATTACKS WITH LINKS
$message = cleanHTML($message, "a");
// REPLACE NEWLINES IN BODY WITH BREAKS
$message = str_replace("\n", "<br>", $message);
$message = str_replace("'", "\\'", $message);
// INSERT MESSAGE
$pm_date = time();
$sql = "\r\n INSERT INTO se_pms\r\n (pm_authoruser_id, pm_pmconvo_id, pm_date, pm_body)\r\n VALUES\r\n ('{$this->user_info['user_id']}', '{$convo_id}', '{$pm_date}', '{$message}')\r\n ";
$resource = $database->database_query($sql);
// UPDATE PMCONVOOPS
$sql = "UPDATE se_pmconvoops SET pmconvoop_deleted_outbox=0, pmconvoop_pmdate='{$pm_date}' WHERE pmconvoop_pmconvo_id='{$convo_id}' && pmconvoop_user_id='{$this->user_info['user_id']}'";
$resource = $database->database_query($sql);
$sql = "UPDATE se_pmconvoops SET pmconvoop_deleted_inbox=0, pmconvoop_read=0, pmconvoop_pmdate='{$pm_date}' WHERE pmconvoop_pmconvo_id='{$convo_id}' && pmconvoop_user_id!='{$this->user_info['user_id']}'";
$resource = $database->database_query($sql);
// INSERT/SEND NOTIFICATIONS FOR RECIPIENTS
// GET RECIPIENTS IF NOT INITIAL MESSAGE
foreach ($recipients as $recipient_user_id) {
//if( empty($recipients_full[$recipient_user_id]) )
//{
$recipients_full[$recipient_user_id] = new SEUser(array($recipient_user_id));
//}
$current_recipient =& $recipients_full[$recipient_user_id];
// NOT A USER
if (!is_object($current_recipient) || !$current_recipient->user_exists) {
continue;
}
// ADD NOTIFICATION
$notify->notify_add($current_recipient->user_info['user_id'], 'message', $convo_id, array(), array(), TRUE);
// SEND EMAIL
$current_recipient->user_settings('usersetting_notify_message');
if ($current_recipient->usersetting_info['usersetting_notify_message']) {
send_systememail('message', $current_recipient->user_info[user_email], array($current_recipient->user_displayname, $this->user_displayname, "<a href=\"{$url->url_base}login.php\">{$url->url_base}login.php</a>"));
}
// CLEAN OUT THEM OLD MESSAGES
$num_inbox = $current_recipient->user_message_total(0, 0);
$num_outbox = $current_recipient->user_message_total(1, 0);
$num_inbox_delete = $num_inbox - $current_recipient->level_info['level_message_inbox'];
$num_outbox_delete = $num_outbox - $current_recipient->level_info['level_message_outbox'];
// CLEAN OUT INBOX
if ($num_inbox_delete > 0) {
$sql = "\r\n SELECT\r\n se_pmconvoops.pmconvoop_pmconvo_id AS pmconvo_id\r\n FROM\r\n se_pmconvoops\r\n LEFT JOIN\r\n se_pmconvos\r\n ON se_pmconvos.pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id\r\n LEFT JOIN\r\n se_pms\r\n ON se_pms.pm_pmconvo_id=se_pmconvos.pmconvo_id\r\n WHERE\r\n se_pmconvoops.pmconvoop_user_id='{$current_recipient->user_info['user_id']}' &&\r\n se_pmconvoops.pmconvoop_deleted_inbox=0 &&\r\n se_pms.pm_id=(SELECT MAX(pm_id) FROM se_pms WHERE pm_pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id)\r\n ORDER BY\r\n se_pms.pm_date ASC\r\n LIMIT\r\n {$num_inbox_delete}\r\n ";
$resource = $database->database_query($sql);
while ($result = $database->database_fetch_assoc($resource)) {
$delete_array[] = $result['pmconvo_id'];
}
// DELETE
$current_recipient->user_message_delete_selected($delete_array, 0);
}
// CLEAN OUT OUTBOX
if ($num_outbox_delete > 0) {
$sql = "\r\n SELECT\r\n se_pmconvoops.pmconvoop_pmconvo_id AS pmconvo_id\r\n FROM\r\n se_pmconvoops\r\n LEFT JOIN\r\n se_pmconvos\r\n ON se_pmconvos.pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id\r\n LEFT JOIN\r\n se_pms\r\n ON se_pms.pm_pmconvo_id=se_pmconvos.pmconvo_id\r\n WHERE\r\n se_pmconvoops.pmconvoop_user_id='{$current_recipient->user_info['user_id']}' &&\r\n se_pmconvoops.pmconvoop_deleted_outbox=0 &&\r\n se_pms.pm_id=(SELECT MAX(pm_id) FROM se_pms WHERE pm_pmconvo_id=se_pmconvoops.pmconvoop_pmconvo_id)\r\n ORDER BY\r\n se_pms.pm_date ASC\r\n LIMIT\r\n {$num_outbox_delete}\r\n ";
$resource = $database->database_query($sql);
while ($result = $database->database_fetch_assoc($resource)) {
$delete_array[] = $result['pmconvo_id'];
}
// DELETE
$current_recipient->user_message_delete_selected($delete_array, 1);
}
// CLEAR INACTIVE CONVERSATIONS
$this->user_message_cleanup();
}
}
return $convo_id;
}
*/
foreach ($node_list as $node => $visits) {
if (key_exists($node, $events)) {
$name = $events[$node]->description;
$url = '';
$label = "<<TABLE BORDER=\"0\">" . "<TR><TD>{$name}</TD></TR>" . "</TABLE>>";
} else {
$loId = new LOId($node);
$lo = $adaptor->createLO($loId);
$loType = Intuitel::getIDFactory()->getType($lo->loId);
if ($supress_course && $loType == 'course') {
continue;
}
$name = str_replace('"', '', $lo->loName);
$node = loId_escape($lo->loId);
list($imgurl, $url) = cleanHTML(block_intuitel_generateHtmlModuleLink(Intuitel::getIDFactory()->getIdfromLoId($loId)));
//$img = "<IMG SRC=\"$imgurl\"/>";
$use_data = $adaptor->getUseData($lo, $userid);
$label_grade_row = '';
if (isset($use_data['grade'])) {
$label_grade_row = '<FONT POINT-SIZE="10">Final grade:' . number_format($use_data['grade']) . '/' . number_format($use_data['grademax']) . '</FONT>';
}
if ($label_grade_row) {
$label = "<<TABLE BORDER=\"0\">" . "<TR><TD ROWSPAN=\"2\">{$name}</TD><TD ALIGN=\"LEFT\"><FONT POINT-SIZE=\"10\">{$visits} visits</FONT></TD></TR><TR><TD>{$label_grade_row}</TD></TR>" . "</TABLE>>";
} else {
$label = "<<TABLE BORDER=\"0\">" . "<TR><TD>{$name}</TD></TR><TR><TD><FONT POINT-SIZE=\"10\">{$visits} visits</FONT></TD></TR>" . "</TABLE>>";
}
}
//$label = "\"$name\"";
$line = "\t{$node} [ label={$label} , URL=\"{$url}\" {$node_style} ];\n";
$node_lines = $node_lines . $line;
function sendMail($mailto, $subject, &$mail, $mailfrom = "", $header = "", $isHTML = true, $attach = "")
{
# mailto = destination mail, accepts extended version (name <mail>) and comma delimited list
# subject = subject line
# mail = template with the fill mail >>>OBJECT<<<
# mailfrom = "from" mail
# header (optional) = headers, you might or might not fill a Content-Type
# isHTML = if true, adds proper Content-Type
# attach = filename for attachment
$subject = str_replace("\n", "", $subject);
// bye exploit
$subject = str_replace("\r", "", $subject);
// bye exploit
if (preg_match('!\\S!u', $subject) !== 0) {
$subject = '=?UTF-8?B?' . base64_encode($subject) . '?=';
}
if ($mailfrom == "" && strpos($mailto, ",") === false) {
$mailfrom = $mailto;
}
// no mailfrom, use mailti
if ($header != "" && $header[strlen($header) - 1] != "\n") {
$header .= "\n";
}
// add \n at the end of the last line of pre-defined header
$mailfrom = str_replace("\n", "", $mailfrom);
// bye exploit
if (strpos(strtoupper($header), "RETURN-PATH:") === false && isMail($mailfrom, true)) {
// no R-P, add if possible
$header .= "Return-path: {$mailfrom}\n";
}
if (strpos(strtoupper($header), "REPLY-TO:") === false && isMail($mailfrom, true)) {
// no R-T, add if possible
$header .= "Reply-To: {$mailfrom}\n";
}
if (strpos(strtoupper($header), "FROM:") === false && isMail($mailfrom, true)) {
// no FROM, add if possible
$header .= "From: {$mailfrom}\n";
}
if ($isHTML || $attach != "") {
// HTML mode with attachment
$isHTML = true;
$bound = "--=XYZ_" . md5(date("dmYis")) . "_ZYX";
$bnext = "--=NextPart_XYZ_" . md5(date("dm")) . ".E0_PART";
$header .= "Content-Type:multipart/" . ($attach != "" ? "mixed" : "alternative") . "; boundary=\"{$bound}\"\n";
} else {
// not HTML nor with attachment
$header .= "Content-Type:text/plain; charset=utf-8\n";
}
$header .= "MIME-Version: 1.0\n";
$header .= "x-mailer: PresciaMailer\n";
$mail->assign("IP", CONS_IP);
$mail->assign("HOUR", date("H:i"));
$mail->assign("DATA", date("d/m/Y"));
$mail->assign("DATE", date("m/d/Y"));
$corpo = $mail->techo();
if ($attach != "" && is_file($attach)) {
// deal with attachment
//Open file and convert to base64
$fOpen = fopen($attach, "rb");
$fAtach = fread($fOpen, filesize($attach));
$ext = explode(".", $attach);
$ext = array_pop($ext);
$fAtach = base64_encode($fAtach);
fclose($fOpen);
$fAtach = chunk_split($fAtach);
$corpoplain = preg_replace("/( ){2,}/", " ", cleanHTML($corpo));
// Add multipart message
$sBody = "This is a multipart MIME message.\n\n";
$sBody .= "--{$bound}\n";
$sBody .= "Content-Type: multipart/alternative; boundary=\"{$bnext}\"\n\n\n";
$sBody .= "--{$bnext}\n" . "Content-Type: text/plain; charset=utf-8\n\n" . $corpoplain . "\n\n" . "--{$bnext}\n";
$sBody .= "Content-Type:text/html; charset=utf-8\n\n";
$sBody .= "{$corpo} \n\n";
$sBody .= "--{$bnext}--\n\n";
$sBody .= "--{$bound}\n";
$fname = explode("/", str_replace("\\", "/", $attach));
$sBody .= "Content-Disposition: attachment; filename=" . array_pop($fname) . "\n";
if (!function_exists("getMime")) {
include_once CONS_PATH_INCLUDE . "getMime.php";
}
$sBody .= "Content-Type: " . getMime($ext) . "\n";
$sBody .= "Content-Transfer-Encoding: base64\n\n{$fAtach}\n";
$sBody .= "--{$bound}--\n\n";
} else {
if ($isHTML) {
$corpoplain = preg_replace("/( ){2,}/", " ", stripHTML($corpo));
$sBody = "This is a multipart MIME message.\n\n";
$sBody .= "--{$bound}\n" . "Content-Type: text/plain; charset=utf-8\n\n" . $corpoplain . "\n\n" . "--{$bound}\n" . "Content-Type: text/html; charset=utf-8\n\n" . $corpo . "\n\n" . "--{$bound}--\n";
} else {
$sBody = $corpo;
}
}
if (substr($subject, 0, 3) == "NS:") {
$sBody .= chr(0);
}
// Newsletter character flag
if (preg_match('@^([^<]*)<([^>]*)>(.?)$@i', $mailfrom, $matches) == 1) {
$mailfrom = $matches[2];
}
// removes expanded mail mode
$ok = false;
// will return false ONLY if ALL submissions fail
$mailto = explode(",", $mailto);
foreach ($mailto as $mt) {
$mt = trim($mt);
// Subject: =?UTF-8?B?".base64_encode($subject)."?=
if (!@mail($mt, $subject, $sBody, $header, '-f' . $mailfrom)) {
$ok = @mail($mt, $subject, $sBody, $header, '-r' . $mailfrom) || $ok;
} else {
$ok = true;
}
}
return $ok;
}
function include_mail_text()
{
global $Host, $d_stats, $tribe, $mid, $subject, $set, $type, $action, $userid, $submit, $kingdom, $userid, $message, $inputBody, $orkTime, $local_stats, $connection, $posts, $replyid;
include_once 'inc/functions/forums.php';
require_once 'inc/functions/mail.php';
$objSrcUser =& $GLOBALS['objSrcUser'];
$local_stats = $objSrcUser->get_stats();
if (!$set) {
$set = "view";
}
if (!$kingdom) {
$kingdom = $local_stats['kingdom'];
}
$count = '0';
$topLinks = '<div class="center">' . "| " . "<a href=\"main.php?cat=game&page=mail&set=compose\">" . "Compose Mail" . "</a>" . " | " . "<a href=\"main.php?cat=game&page=mail&set=view\">" . "View Inbox" . "</a>" . " | " . "<a href=\"main.php?cat=game&page=mail&set=outbox\">" . "View Outbox" . "</a>" . " | " . "<a href=\"main.php?cat=game&page=message&tribe=1&alliance=1\">" . "Send a Report" . "</a>" . " | " . "<a href=\"main.php?cat=game&page=mail&set=block\">" . "Block Mail" . "</a>";
if ($local_stats['type'] == 'elder') {
$topLinks .= " | " . "<a href=\"main.php?cat=game&page=mail&set=eldermail\">" . "Alliance Mail" . "</a>";
}
$topLinks .= " |</div>";
echo $topLinks;
if ($set == "sendmail") {
send_mail($userid, $tribe, $subject, $message);
//changed to use send_mail function - AI 10/12/2006
}
if ($set == "eldermailsend") {
$message = safeHTML($message);
$subject = safeHTML($subject);
$message = "{$message}<br /><br />Your elder: " . $local_stats['name'];
if (!$subject) {
$subject = "No Subject";
}
$query = mysql_query("SELECT id FROM stats WHERE kingdom = {$local_stats['kingdom']}");
while ($datas = mysql_fetch_array($query)) {
if ($datas["id"] != $userid) {
$create['message'] = mysql_query("INSERT INTO messages (id, for_user, from_user, date, subject, text, new, action) VALUES ('', '" . $datas['id'] . "', '" . $userid . "', '" . $orkTime . "', '" . $subject . "', '" . $message . "', 'new', 'received')");
$update['timestamp'] = mysql_query("UPDATE preferences SET last_m ='{$orkTime}' WHERE id= {$tribe}");
}
}
$create['message'] = mysql_query("INSERT INTO messages (id, for_user, from_user, date, subject, text, new, action) VALUES ('', '0', '" . $userid . "', '" . $orkTime . "', '" . $subject . "', '" . $message . "', 'old', 'sent')");
$set = "eldermail";
echo '<div class="center">' . "<h3>Message sent to all your alliance members.</h3></div>";
}
if ($set == "eldermail") {
$eldermail = '<div id="textBig">' . "<h2>Mail your alliance</h2>" . "<form action=\"main.php?cat=game&page=mail&set=eldermailsend\" method=\"post\">" . "<br />" . "Subject: <input type=\"text\" name=\"subject\" size=\"30\" />" . "<br />" . "<textarea name=\"message\" rows=\"10\" cols=\"70\" wrap=\"on\"></textarea>" . "<br />" . "<input type=\"submit\" value=\"Send Message\" />" . "</form>" . "</div>";
echo $eldermail;
}
if ($set == "compose") {
$sendMailTargets = "<option value=\"spacer\">";
if (isset($_GET['aid']) && !empty($_GET['aid'])) {
$kingdom = intval($_GET['aid']);
}
if (isset($_GET['tribe']) && !empty($_GET['tribe'])) {
$replyid = intval($_GET['tribe']);
}
$result = mysql_query("SELECT * FROM stats WHERE kingdom = {$kingdom} ORDER BY tribe");
while ($kdstats = mysql_fetch_array($result, MYSQL_ASSOC)) {
$kdstats["tribe"] = stripslashes($kdstats["tribe"]);
if ($kdstats["id"] == $replyid) {
$sendMailTargets .= "<option value=\"" . $kdstats['id'] . "\" selected>" . $kdstats['tribe'];
} else {
$sendMailTargets .= "<option value=\"" . $kdstats['id'] . "\">" . $kdstats['tribe'];
}
}
$compose = "<br />" . "<table cellspacing=\"0\" cellpadding=\"0\" class=\"small\">" . "<tr class=\"header\">" . "<th colspan=\"2\">" . "Compose Mail" . "</th>" . "</tr>" . "<tr class=\"subheader\">" . "<th colspan=\"2\" class=\"center\">" . "Select Target" . "</th>" . "</tr>" . "<tr class=\"data\">" . "<form action=\"main.php?cat=game&page=mail&set=compose\" method=\"post\">" . "<th>" . "Alliance:" . "</th>" . "<td>" . "<input maxlength=\"4\" size=\"3\" name=\"kingdom\" value=\"{$kingdom}\" />" . "<input type=\"submit\" value=\"Change\" />" . "</td>" . "</form>" . "</tr>" . "<form id=\"center\" action=\"main.php?cat=game&page=mail&set=sendmail\" method=\"post\">" . "<tr class=\"data\">" . "<th>" . "Tribe:" . "</th>" . "<td>" . "<select name=\"tribe\">" . $sendMailTargets . "</select>" . "</td>" . "</tr>" . "</table>" . "<br />" . '<div class="center">' . "Subject: <input type=\"text\" name=\"subject\" size=\"30\" />" . "<br />" . "<textarea name=\"message\" rows=\"10\" cols=\"70\" wrap=\"on\"></textarea>" . "<br />" . "<input type=\"submit\" value=\"Send Message\" />" . "</form>" . "</div>";
echo $compose;
}
if ($set == "view") {
$result = mysql_query("SELECT * from messages WHERE for_user ='******' AND action = 'received' AND new != 'deleted' ORDER BY date DESC") or die(mysql_error());
$num_mail = mysql_num_rows($result);
if ($num_mail <= "0") {
echo "You have no mail in your inbox.<br />";
include_game_down();
exit;
}
$update['timestamp'] = mysql_query("UPDATE preferences SET last_m_check ='{$orkTime}' WHERE id= {$userid}");
$updated['timestamp'] = mysql_query($update['timestamp'], $connection);
$inbox = "<form id=\"center\" name=\"mail\" method=\"post\" action=\"main.php?cat=game&page=mail&set=delete2\">" . "<table cellpadding=\"0\" cellspacing=\"0\" class=\"big\">" . "<tr class=\"header\">" . "<th colspan=\"5\">" . "Inbox" . "</th>" . "</tr>" . "<tr class=\"subheader\">" . "<th>" . "Subject" . "</th>" . "<td class=\"left\">" . "From" . "</td>" . "<td class=\"left\">" . "Date" . "</td>" . "<td class=\"left\">" . "Status" . "</td>" . "<td class=\"center\">" . "Delete" . "</td>" . "</tr>";
while ($mail = mysql_fetch_array($result)) {
$count++;
if ($count == '1') {
$class = "";
} else {
$class = "bsup";
}
mysql_grab($mail['from_user'], 'd', 'stats');
if (empty($mail['subject'])) {
$mail['subject'] = 'No Subject';
}
$inbox .= "<tr class=\"data\">" . "<th class=\"" . $class . "\">" . "<a href=\"main.php?cat=game&page=mail&set=read&mid=" . $mail['id'] . "\">" . cleanHTML($mail['subject']) . "</a>" . "</th>" . "<td class=\"" . $class . " left\">" . cleanHTML($d_stats['tribe']) . "(#" . $d_stats['kingdom'] . ")</td>" . "<td class=\"" . $class . " left\">" . $mail['date'] . "</td>" . "<td class=\"" . $class . " left\">" . $mail['new'] . "</td>" . "<td class=\"" . $class . " center\">" . "<input name=\"posts[]\" type=\"checkbox\" value=\"" . $mail['id'] . "\" />" . "</td>" . "</tr>";
}
$inbox .= "</table>" . '<br /><div class="center">' . "| <a href='#' onclick=\"var posts=document.getElementsByName('mail')[0]['posts[]']; for(var i=0,len=posts.length;i<len;i++) posts[i].checked=true;\">Check All</a>" . " | <a href='#' onclick=\"var posts=document.getElementsByName('mail')[0]['posts[]']; for(var i=0,len=posts.length;i<len;i++) posts[i].checked=false;\">Uncheck All</a> |" . "</div><br />" . "<input type=\"submit\" name=\"submit\" value=\"Delete\" />" . "</form>";
echo $inbox;
}
if ($set == "outbox") {
$result = mysql_query("SELECT * from messages WHERE from_user ='******' AND action = 'sent' AND new != 'deleted' ORDER BY date DESC") or die(mysql_error());
$num_mail = mysql_num_rows($result);
if ($num_mail <= "0") {
echo "<div class=\"center\">You have no mail in your outbox.</div>";
include_game_down();
exit;
}
$outbox = "<form id=\"center\" name=\"mail\" method=\"post\" action=\"main.php?cat=game&page=mail&set=deleteout2\">" . "<table cellpadding=\"0\" cellspacing=\"0\" class=\"big\">" . "<tr class=\"header\">" . "<th colspan=\"5\">" . "Outbox" . "</th>" . "</tr>" . "<tr class=\"subheader\">" . "<th>" . "Subject" . "</th>" . "<td class=\"left\">" . "To" . "</td>" . "<td class=\"left\">" . "Date" . "</td>" . "<td class=\"left\">" . "Status" . "</td>" . "<td class=\"center\">" . "Delete" . "</td>" . "</tr>";
while ($mail = mysql_fetch_array($result)) {
$count++;
if ($count == '1') {
$class = "";
} else {
$class = "bsup";
}
if ($mail['for_user'] == "0") {
$receiver = "Your Alliance";
} else {
$foruser = mysql_query("SELECT tribe, kingdom FROM stats WHERE id = {$mail['for_user']}");
$foruser = mysql_fetch_array($foruser);
$receiver = cleanHTML($foruser['tribe']) . "(#{$foruser['kingdom']})";
}
if (empty($mail['subject'])) {
$mail['subject'] = 'No Subject';
}
$outbox .= "<tr class=\"data\">" . "<th class=\"" . $class . "\">" . "<a href=\"main.php?cat=game&page=mail&set=readout&mid=" . $mail['id'] . "\">" . cleanHTML($mail['subject']) . "</a>" . "</th>" . "<td class=\"" . $class . " left\">" . $receiver . "</td>" . "<td class=\"" . $class . " left\">" . $mail['date'] . "</td>" . "<td class=\"" . $class . " left\">" . $mail['new'] . "</td>" . "<td class=\"" . $class . " center\">" . "<input name=\"posts[]\" type=\"checkbox\" value=\"" . $mail['id'] . "\" />" . "</td>" . "</tr>";
}
$outbox .= "</table>" . "<br /><br />" . "| <a href='#' onclick=\"var posts=document.getElementsByName('mail')[0]['posts[]']; for(var i=0,len=posts.length;i<len;i++) posts[i].checked=true;\">Check All</a>" . " | <a href='#' onclick=\"var posts=document.getElementsByName('mail')[0]['posts[]']; for(var i=0,len=posts.length;i<len;i++) posts[i].checked=false;\">Uncheck All</a> |" . "<br /><br />" . "<input type=\"submit\" name=\"submit\" value=\"Delete\" />" . "</form>";
echo $outbox;
}
if ($set == "readout") {
$result = mysql_query("SELECT * from messages WHERE from_user ='******' AND id = '{$mid}' AND action = 'sent' AND new != 'deleted'");
$read = mysql_fetch_array($result);
$read['subject'] = stripslashes(stripslashes($read['subject']));
$read['text'] = stripslashes(stripslashes($read['text']));
if ($read['for_user'] == "0") {
$receiver = "Your Alliance";
} else {
$foruser = mysql_query("SELECT tribe, kingdom FROM stats WHERE id = {$read['for_user']}");
$foruser = mysql_fetch_array($foruser);
$receiver = "{$foruser['tribe']}(#{$foruser['kingdom']})";
}
$readout = "<table cellpadding=\"0\" cellspacing=\"0\" class=\"medium\">" . "<tr class=\"header\">" . "<th>" . "Message to: " . $receiver . "</th>" . "</tr>" . "<tr class=\"subheader\">" . "<th>" . "Subject: " . cleanHTML($read['subject']) . "</th>" . "</tr>" . "<tr class=\"message\">" . "<td>" . "<br />" . cleanHTML($read['text']) . "<br />" . "</td>" . "</tr>" . "</table>" . "<br />" . '<div class="center">' . "| <a href=main.php?cat=game&page=mail&set=deleteout&mid={$mid}>Delete</a> | " . "<a href=main.php?cat=game&page=mail&set=outbox>Return To Outbox</a> |</div>";
echo $readout;
}
if ($set == "read") {
$result = mysql_query("SELECT * from messages WHERE for_user ='******' AND id = '{$mid}' AND action = 'received' AND new != 'deleted'");
$read = mysql_fetch_array($result);
mysql_grab($read['from_user'], 'd', 'stats');
$read['subject'] = stripslashes(stripslashes($read['subject']));
$read['text'] = stripslashes(stripslashes($read['text']));
$readin = "<br /><table cellpadding=\"0\" cellspacing=\"0\" class=\"medium\">" . "<tr class=\"header\">" . "<th>" . "Message from: " . stripslashes($d_stats['name']) . "</th>" . "</tr>" . "<tr class=\"subheader\">" . "<th>" . "Subject: " . cleanHTML($read['subject']) . "</th>" . "</tr>" . "<tr class=\"message\">" . "<td>" . "<br />" . cleanHTML($read['text']) . "<br />" . "</td>" . "</tr>" . "</table>" . "<br />" . '<div class="center">' . "| <a href=main.php?cat=game&page=mail&set=reply&mid={$mid}>Reply</a> | " . "<a href=main.php?cat=game&page=mail&set=delete&mid={$mid}>Delete</a> | " . "<a href=main.php?cat=game&page=mail&set=view&mid={$d_stats['id']}>Return To Inbox</a> | " . '</div>';
echo $readin;
$old = mysql_query("UPDATE messages SET new ='old' WHERE id ='{$mid}'");
$mid2 = $mid + 1;
$select = mysql_query("SELECT action FROM messages WHERE id = '{$mid2}'");
$select = mysql_fetch_array($select);
if ($select['action'] == 'sent') {
$old = mysql_query("UPDATE messages SET new ='old' WHERE id ='{$mid2}'");
}
}
if ($set == "delete") {
$email_name = "UPDATE messages SET new = 'deleted' WHERE id ='{$mid}' AND for_user = '******' AND action = 'received'";
$delete = mysql_query($email_name, $connection);
echo '<div id="textMedium"><p>' . "The message has been deleted.<br /><br />";
echo "<a href=main.php?cat=game&page=mail&set=view>Return To Inbox</a></p>" . '</div';
}
if ($set == "delete2") {
$sql = "UPDATE messages SET new = 'deleted' WHERE for_user = '******' AND action = 'received' ";
$sql .= " AND id IN (";
$posts = $_POST["posts"];
$postcount = count($posts);
for ($i = 0; $i < $postcount; $i++) {
$sql .= "{$posts[$i]}";
if ($i != $postcount - 1) {
$sql .= ",";
}
}
$sql .= ")";
$delete = mysql_query($sql, $connection);
echo '<div id="textMedium"><p>' . "The selected messages are deleted.<br /><br />";
echo "<a href=main.php?cat=game&page=mail&set=view>Return To Inbox</a></p>" . '</div';
}
if ($set == "deleteout") {
$email_name = "UPDATE messages SET new = 'deleted' WHERE id ='{$mid}' AND from_user = '******' AND action = 'sent'";
$delete = mysql_query($email_name, $connection);
echo '<div id="textMedium"><p>' . "The message has been deleted.<br /><br />";
echo "<a href=main.php?cat=game&page=mail&set=outbox>Return To Outbox</a></p>" . '</div';
}
if ($set == "deleteout2") {
$sql = "UPDATE messages SET new = 'deleted' WHERE from_user = '******' AND action = 'sent' ";
$sql .= " AND id IN (";
$posts = $_POST["posts"];
$postcount = count($posts);
for ($i = 0; $i < $postcount; $i++) {
$sql .= "{$posts[$i]}";
if ($i != $postcount - 1) {
$sql .= ",";
}
}
$sql .= ")";
$delete = mysql_query($sql, $connection);
echo '<div id="textMedium"><p>' . "The selected messages are deleted.<br /><br />";
echo "<a href=main.php?cat=game&page=mail&set=outbox>Return To Outbox</a></p>" . '</div';
}
if ($set == "reply") {
if ($action != "post") {
$result = mysql_query("SELECT * from messages WHERE for_user ='******' AND id = '{$mid}' AND action = 'received'");
$reply = mysql_fetch_array($result);
$subject = "Re: " . cleanHTML($reply['subject']) . " ";
$replyText = "<form action=\"main.php?cat=game&page=mail&set=reply&mid={$mid}&action=post\" method=\"post\">" . "<br />" . "Subject: <input type=\"text\" name=\"subject\" size=\"30\" value=\"" . $subject . "\" />" . "<br />" . "<textarea name=\"message\" rows=\"10\" cols=\"70\" wrap=\"virtual\"></textarea>" . "<br />" . "<input type=\"submit\" name=\"submit\" value=\"Send Message\" />" . "</form>";
echo $replyText;
}
if ($action == "post") {
$result = mysql_query("SELECT * from messages WHERE for_user ='******' AND id = '{$mid}' AND action = 'received'");
$reply = mysql_fetch_array($result);
send_mail($userid, $reply['from_user'], $subject, $message);
echo "<a href=main.php?cat=game&page=mail>Return To Mailbox</a>";
}
}
if ($set == "block") {
if (isset($_POST['tribe']) && $_POST['tribe'] != 'spacer' && $action == "block") {
$blocker_id = $objSrcUser->get_userid();
$blocked_id = quote_smart($_POST['tribe']);
$objTrgUser = new clsUser($blocked_id);
$blocked_name = $objTrgUser->get_stat(TRIBE);
echo '<br /><div class="center">' . "You have blocked {$blocked_name} from sending you any more mail.</div>";
block_mail($blocker_id, $blocked_id);
}
if (isset($_GET['id']) && $_GET['id'] > 0 && $action == "unblock") {
$blocker_id = $objSrcUser->get_userid();
$blocked_id = quote_smart($_GET['id']);
$objTrgUser = new clsUser($blocked_id);
$blocked_name = $objTrgUser->get_stat(TRIBE);
echo '<br /><div class="center">' . "You have unblocked {$blocked_name}, they can send you mail again.</div>";
unblock_mail($blocker_id, $blocked_id);
}
$tribes = mysql_query("select tribe,id from stats where kingdom = {$kingdom} order by tribe");
$blockTargets = "<option value=\"spacer\"></option";
while ($allistats = mysql_fetch_assoc($tribes)) {
$tribe = stripslashes($allistats['tribe']);
$id = $allistats['id'];
$blockTargets .= "<option value=\"{$id}\">{$tribe}</option>";
}
echo "<br /><table cellspacing=\"0\" cellpadding=\"0\" class=\"small\">" . "<tr class=\"header\"><th colspan=\"2\">Block Mail</th></tr>" . "<tr class=\"subheader\"><th colspan=\"2\" class=\"center\">Select spammer</th></tr>" . "<tr class=\"data\"><form action=\"main.php?cat=game&page=mail&set=block\" method=\"post\">" . "<th>Alliance:</th><td><input maxlength=\"4\" size=\"3\" name=\"kingdom\" value=\"{$kingdom}\" />" . "<input type=\"submit\" value=\"Change\" /></td></form></tr>" . "<form action=\"main.php?cat=game&page=mail&set=block&action=block\" method=\"post\">" . "<tr class=\"data\"><th>Tribe:</th><td><select name=\"tribe\">{$blockTargets}</select>" . "<input type=\"submit\" value=\"Block\" name=\"Block\" /></td></tr></form>" . "</table><br /><br />";
$blocked_users = get_blocks_mail($objSrcUser->get_userid());
echo "<table cellspacing=\"0\" cellpadding=\"0\" class=\"small\">" . "<tr class=\"header\"><th colspan=\"2\">Blocked users</th></tr>" . "<tr class=\"subheader\"><th colspan=\"2\" class=\"center\">Remove?</th></tr>";
foreach ($blocked_users as $blocked_user) {
echo "<tr class=\"data\"><th>{$blocked_user['tribe']}</th>" . "<td><a href=\"main.php?cat=game&page=mail&set=block&" . "action=unblock&id={$blocked_user['blocked_id']}\">Remove?</td></tr>";
}
echo "</table>";
}
}
function blog_trackback_receive()
{
global $database, $user, $setting;
$is_error = FALSE;
// Create trackback class instance
$trackback = new Trackback(NULL, NULL, "UTF-8");
// Prepare data
$trackback_eid = $trackback->e_id;
$trackback_url = trim($trackback->url);
$trackback_title = trim($trackback->title);
$trackback_excerpt = trim($trackback->excerpt);
$trackback_bname = trim($trackback->bname);
$trackback_ip = $_SERVER['REMOTE_ADDR'];
$trackback_time = time();
$trackback_excerpthash = md5($trackback_excerpt);
// Clean body
$trackback_excerpt = str_replace("\r\n", "<br />", cleanHTML(censor(htmlspecialchars_decode($trackback_excerpt)), $setting['setting_comment_html']));
// Trackbacks not allowed
if (!$user->level_info['level_blog_trackbacks_allow']) {
$is_error = 1500013;
}
// No ID specified
if (!$trackback_eid) {
$is_error = 1500008;
}
// Trackback URL is empty
if (!$trackback_url) {
$is_error = 1500009;
}
// Get entry info. TODO: switch to SELECT NULL?
if (!$is_error) {
$sql = "\r\n SELECT\r\n NULL\r\n FROM\r\n se_blogentries\r\n WHERE\r\n se_blogentries.blogentry_id='{$trackback_eid}'\r\n LIMIT\r\n 1\r\n ";
$resource = $database->database_query($sql);
// Entry not found
if (!$database->database_num_rows($resource)) {
$is_error = 1500010;
}
}
// See if trackback has already been received
if (!$is_error) {
$sql = "\r\n SELECT\r\n NULL\r\n FROM\r\n se_blogtrackbacks\r\n WHERE\r\n blogtrackback_blogentry_id='{$trackback_eid}' &&\r\n blogtrackback_name='{$trackback_bname}' &&\r\n blogtrackback_excerpthash='{$trackback_excerpthash}'\r\n LIMIT\r\n 1\r\n ";
$resource = $database->database_query($sql);
// Already tracked
if ($database->database_num_rows($resource)) {
$is_error = 1500011;
}
}
// Only 1/15 seconds
if (!$is_error) {
$trackback_timeout = 15;
$sql = "\r\n SELECT\r\n NULL\r\n FROM\r\n se_blogtrackbacks\r\n WHERE\r\n blogtrackback_ip='{$trackback_ip}' &&\r\n blogtrackback_date>" . ($trackback_time - $trackback_timeout) . "\r\n LIMIT\r\n 1\r\n ";
$resource = $database->database_query($sql);
if ($database->database_num_rows($resource)) {
$is_error = 1500012;
}
}
// TODO: antispam
// INSERT
if (!$is_error) {
$sql = "\r\n INSERT INTO se_blogtrackbacks\r\n (\r\n blogtrackback_blogentry_id,\r\n blogtrackback_name,\r\n blogtrackback_title,\r\n blogtrackback_excerpt,\r\n blogtrackback_excerpthash,\r\n blogtrackback_url,\r\n blogtrackback_ip,\r\n blogtrackback_date\r\n ) VALUES (\r\n '{$trackback_eid}',\r\n '{$trackback_bname}',\r\n '{$trackback_title}',\r\n '{$trackback_excerpt}',\r\n '{$trackback_excerpthash}',\r\n '{$trackback_url}',\r\n '{$trackback_ip}',\r\n '{$trackback_time}'\r\n )\r\n ";
$resource = $database->database_query($sql);
if (!$database->database_affected_rows($resource)) {
$is_error = 1500013;
}
// UPDATE TRACKBACK COUNT
$sql = "UPDATE se_blogentries SET blogentry_totaltrackbacks=blogentry_totaltrackbacks+1 WHERE blogentry_id='{$trackback_eid}' LIMIT 1";
$database->database_query($sql);
}
// LOG
if (empty($blogentry_url) && !empty($_SERVER['HTTP_REFERER'])) {
$blogentry_url = $_SERVER['HTTP_REFERER'];
}
if (empty($blogentry_url) && !empty($_SERVER['REMOTE_ADDR'])) {
$blogentry_url = $_SERVER['REMOTE_ADDR'];
}
$sql = "\r\n INSERT INTO se_blogpings\r\n (\r\n blogping_blogentry_id,\r\n blogping_target_url,\r\n blogping_source_url,\r\n blogping_status,\r\n blogping_type,\r\n blogping_ip\r\n ) VALUES (\r\n '{$trackback_eid}',\r\n '" . $database->database_real_escape_string($_SERVER['REQUEST_URI']) . "',\r\n '" . $database->database_real_escape_string($blogentry_url) . "',\r\n '1',\r\n '2',\r\n '{$_SERVER['REMOTE_ADDR']}'\r\n )\r\n ";
$resource = $database->database_query($sql);
// GET ERROR MESSAGE
SE_Language::_preload($is_error ? $is_error : 1500014);
SE_Language::load();
$message = SE_Language::_get($is_error ? $is_error : 1500014);
return $trackback->recieve(!$is_error, $message);
}
function comment_edit($comment_id, $comment_body)
{
global $database, $user, $setting;
// MAKE SURE COMMENT BODY IS NOT EMPTY - ADD BREAKS AND CENSOR
$comment_body = str_replace("\r\n", "<br>", cleanHTML(censor($comment_body), $setting['setting_comment_html']));
$comment_body = preg_replace('/(<br>){3,}/is', '<br><br>', $comment_body);
$comment_body = str_replace("'", "\\'", $comment_body);
// EDIT COMMENT IF NO ERROR
if (trim($comment_body)) {
$database->database_query("\r\n UPDATE\r\n `se_{$this->comment_type}comments`\r\n SET\r\n `{$this->comment_type}comment_body`='{$comment_body}'\r\n WHERE\r\n `{$this->comment_type}comment_{$this->comment_identifier}`='{$this->comment_identifying_value}' &&\r\n `{$this->comment_type}comment_id`='{$comment_id}' &&\r\n `{$this->comment_type}comment_authoruser_id`='{$user->user_info['user_id']}'\r\n LIMIT\r\n 1\r\n ");
}
}
$core->action = "preview";
// send me to preview screen (same for both)
$_POST['fmessage'] = cleanHTML($_POST['fmessage'], false);
// not as complete as parseHTML, but lightweight, just a preview anyway
return;
break;
case 'preview':
// preview a post
if (!$core->queryOk(array("#id_forumthread", "#id_forum", "fmessage"))) {
$core->action = "index";
$core->log[] = "Error on preview";
break;
}
$core->action = "preview";
// send me to preview screen (same for both)
$_POST['fmessage'] = cleanHTML($_POST['fmessage'], false);
// not as complete as parseHTML, but lightweight, just a preview anyway
return;
break;
case 'tpost':
// post thread
if (!$core->queryOk(array("#id_forum", "ttitle", "fmessage"))) {
$core->action = "index";
$core->log[] = "Error on post";
break;
}
$postData = array('id_forum' => $_POST['id_forum'], 'title' => $_POST['ttitle'], 'video' => isset($_POST['video']) ? $_POST['video'] : '', 'tags' => isset($_POST['tags']) ? $_POST['tags'] : '', 'id_author' => $_SESSION[CONS_SESSION_ACCESS_USER]['id']);
$threadobj = $core->loaded('forumthread');
if (!isset($_REQUEST['operationmode'])) {
// UDM could have filled this for us
$_REQUEST['operationmode'] = $core->dbo->fetch("SELECT operationmode FROM " . $threadobj->dbname . " WHERE id=" . $_POST['id_forum']);
