/** * Checks a file to be sure it is valid * * @param string $path File path * @param string $name File name * @param string $ext File extension * @return bool */ function cot_file_check($path, $name, $ext) { global $L, $cfg; if ($cfg['pfs']['pfsfilecheck']) { require './datas/mimetype.php'; $fcheck = FALSE; if (in_array($ext, array('jpg', 'jpeg', 'png', 'gif'))) { $img_size = @getimagesize($path); switch ($ext) { case 'gif': $fcheck = isset($img_size['mime']) && $img_size['mime'] == 'image/gif'; break; case 'png': $fcheck = isset($img_size['mime']) && $img_size['mime'] == 'image/png'; break; default: $fcheck = isset($img_size['mime']) && $img_size['mime'] == 'image/jpeg'; break; } $fcheck = $fcheck !== FALSE; } else { if (!empty($mime_type[$ext])) { foreach ($mime_type[$ext] as $mime) { $content = file_get_contents($path, 0, NULL, $mime[3], $mime[4]); $content = $mime[2] ? bin2hex($content) : $content; $mime[1] = $mime[2] ? strtolower($mime[1]) : $mime[1]; $i++; if ($content == $mime[1]) { $fcheck = TRUE; break; } } } else { $fcheck = $cfg['pfs']['pfsnomimepass'] ? 1 : 2; cot_log(sprintf($L['pfs_filechecknomime'], $ext, $name), 'sec'); } } if (!$fcheck) { cot_log(sprintf($L['pfs_filecheckfail'], $ext, $name), 'sec'); } } else { $fcheck = true; } return $fcheck; }
/** * Anti-hammer protection * * @param int $hammer Hammer rate * @param string $action Action type * @param int $lastseen User last seen timestamp * @return int */ function cot_shield_hammer($hammer, $action, $lastseen) { global $cfg, $sys; if ($action == 'Hammering') { cot_shield_protect(); cot_shield_clearaction(); cot_plugin_active('hits') && cot_stat_inc('totalantihammer'); } if ($sys['now'] - $lastseen < 4) { $hammer++; if ($hammer > $cfg['shieldzhammer']) { cot_shield_update(180, 'Hammering'); cot_log('IP banned 3 mins, was hammering', 'sec'); $hammer = 0; } } else { if ($hammer > 0) { $hammer--; } } return $hammer; }
$notfoundet = ''; foreach ($s as $i => $k) { if ($s[$i] == '1' || $s[$i] == 'on') { /* === Hook === */ foreach (cot_getextplugins('page.admin.checked_delete') as $pl) { include $pl; } /* ===== */ $sql_page = $db->query("SELECT * FROM {$db_pages} WHERE page_id=" . (int) $i . " LIMIT 1"); if ($row = $sql_page->fetch()) { $id = $row['page_id']; if ($row['page_state'] == 0) { $sql_page = $db->query("UPDATE {$db_structure} SET structure_count=structure_count-1 WHERE structure_code=" . $db->quote($row['page_cat'])); } $sql_page = $db->delete($db_pages, "page_id={$id}"); cot_log($L['Page'] . ' #' . $id . ' - ' . $L['Deleted'], 'adm'); if ($cache && $cfg['cache_page']) { $cache->page->clear('page/' . str_replace('.', '/', $structure['page'][$row['page_cat']]['path'])); } /* === Hook === */ foreach (cot_getextplugins('page.admin.delete.done') as $pl) { include $pl; } /* ===== */ $perelik .= '#' . $id . ', '; } else { $notfoundet .= '#' . $id . ' - ' . $L['Error'] . '<br />'; } } } $cache && $cache->db->remove('structure', 'system');
cot_redirect(cot_url($url_area, $url_params, '#comments', true)); } elseif ($a == 'delete' && $usr['isadmin']) { cot_check_xg(); $sql = $db->query("SELECT * FROM {$db_com} WHERE com_id={$id} AND com_area='{$area}' LIMIT 1"); if ($row = $sql->fetch()) { $sql->closeCursor(); $sql = $db->delete($db_com, "com_id={$id}"); foreach ($cot_extrafields[$db_com] as $exfld) { cot_extrafield_unlinkfiles($row['com_' . $exfld['field_name']], $exfld); } if ($cache && $row['com_area'] == 'page') { if ($cfg['cache_page']) { $cache->page->clear('page/' . str_replace('.', '/', $structure['page'][$url_params['c']]['path'])); } if ($cfg['cache_index']) { $cache->page->clear('index'); } } /* == Hook == */ foreach (cot_getextplugins('comments.delete') as $pl) { include $pl; } /* ===== */ cot_log('Deleted comment #' . $id . ' in "' . $item . '"', 'adm'); } cot_redirect(cot_url($url_area, $url_params, '#comments', true)); } elseif ($a == 'enable' && $usr['isadmin']) { $area = cot_import('area', 'P', 'ALP'); $state = cot_import('state', 'P', 'INT'); } cot_display_messages($t);
$timeago = $sys['now'] - $cfg['plugin']['cleaner']['refprune'] * 86400; $db->delete($db_referers, "ref_date < {$timeago}"); if ($db->affectedRows > 0) { cot_log('Cleaner plugin deleted ' . $db->affectedRows . ' referers entries older than ' . $cfg['plugin']['cleaner']['refprune'] . ' days', 'adm'); } } if (cot_module_active('pm')) { require_once cot_incfile('pm', 'module'); if ($cfg['plugin']['cleaner']['pmnotread'] > 0) { $timeago = $sys['now'] - $cfg['plugin']['cleaner']['pmnotread'] * 86400; $sqltmp = $db->delete($db_pm, "pm_date < {$timeago} AND pm_tostate=0"); if ($db->affectedRows > 0) { cot_log("Cleaner plugin deleted " . $db->affectedRows . " PM not read since " . $cfg['plugin']['cleaner']['pmnotread'] . " days", 'adm'); } } if ($cfg['plugin']['cleaner']['pmnotarchived'] > 0) { $timeago = $sys['now'] - $cfg['plugin']['cleaner']['pmnotarchived'] * 86400; $sqltmp = $db->delete($db_pm, "pm_date < {$timeago} AND pm_tostate=1"); if ($db->affectedRows > 0) { cot_log("Cleaner plugin deleted " . $db->affectedRows . " PM not archived since " . $cfg['plugin']['cleaner']['pmnotarchived'] . " days", 'adm'); } } if ($cfg['plugin']['cleaner']['pmold'] > 0) { $timeago = $sys['now'] - $cfg['plugin']['cleaner']['pmold'] * 86400; $sqltmp = $db->delete($db_pm, "pm_date < {$timeago}"); $deleted = $db->affectedRows; if ($deleted > 0) { cot_log("Cleaner plugin deleted " . $deleted . " PM older than " . $cfg['plugin']['cleaner']['pmold'] . " days", 'adm'); } } }
foreach (cot_getextplugins('folio.first') as $pl) { include $pl; } /* ===== */ if ($id > 0 || !empty($al)) { $where = !empty($al) ? "item_alias='" . $al . "'" : 'item_id=' . $id; $sql = $db->query("SELECT f.*, u.* FROM {$db_folio} AS f \n\t\tLEFT JOIN {$db_users} AS u ON u.user_id=f.item_userid WHERE {$where} LIMIT 1"); } if (!$id && empty($al) || !$sql || $sql->rowCount() == 0) { cot_die_message(404, TRUE); } $item = $sql->fetch(); list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('folio', $item['item_cat'], 'RWA'); cot_block($usr['auth_read']); if ($item['item_state'] != 0 && !$usr['isadmin'] && $usr['id'] != $item['item_userid']) { cot_log("Attempt to directly access an un-validated", 'sec'); cot_redirect(cot_url('message', "msg=930", '', true)); exit; } if ($usr['id'] != $item['item_userid'] && (!$usr['isadmin'] || $cfg['folio']['count_admin'])) { $item['item_count']++; $db->update($db_folio, array('item_count' => $item['item_count']), "item_id=" . (int) $item['item_id']); } $title_params = array('TITLE' => empty($item['item_metatitle']) ? $item['item_title'] : $item['item_metatitle'], 'CATEGORY' => $structure['folio'][$item['item_cat']]['title']); $out['subtitle'] = cot_title($cfg['folio']['title_folio'], $title_params); $out['desc'] = !empty($item['item_metadesc']) ? $item['item_metadesc'] : cot_cutstring(strip_tags(cot_parse($item['item_text'], $cfg['folio']['markup'], $item['item_parser'])), 160); $out['meta_keywords'] = !empty($item['item_keywords']) ? $item['item_keywords'] : $structure['folio'][$item['item_cat']]['keywords']; // Building the canonical URL $pageurl_params = array('c' => $item['item_cat']); empty($al) ? $pageurl_params['id'] = $id : ($pageurl_params['al'] = $al); $out['canonical_uri'] = cot_url('folio', $pageurl_params);
/** * Removes a product from the CMS. * @param int $id Product ID * @param array $rpage Product data * @return boolean TRUE on success, FALSE on error */ function cot_market_delete($id, $ritem = array()) { global $db, $db_market, $db_structure, $cache, $cfg, $cot_extrafields, $structure, $L; if (!is_numeric($id) || $id <= 0) { return false; } $id = (int) $id; if (count($ritem) == 0) { $ritem = $db->query("SELECT * FROM {$db_market} WHERE item_id = ?", $id)->fetch(); if (!$ritem) { return false; } } foreach ($cot_extrafields[$db_market] as $exfld) { cot_extrafield_unlinkfiles($ritem['item_' . $exfld['field_name']], $exfld); } $db->delete($db_market, "item_id = ?", $id); cot_log("Deleted product #" . $id, 'adm'); cot_market_sync($ritem['item_cat']); /* === Hook === */ foreach (cot_getextplugins('market.edit.delete.done') as $pl) { include $pl; } /* ===== */ return true; }
/** * Removes a page from the CMS. * @param int $id Page ID * @param array $rpage Page data * @return boolean TRUE on success, FALSE on error */ function cot_page_delete($id, $rpage = array()) { global $db, $db_pages, $db_structure, $cache, $cfg, $cot_extrafields, $structure, $L; if (!is_numeric($id) || $id <= 0) { return false; } $id = (int) $id; if (count($rpage) == 0) { $rpage = $db->query("SELECT * FROM {$db_pages} WHERE page_id = ?", $id)->fetch(); if (!$rpage) { return false; } } if ($rpage['page_state'] == 0) { $db->query("UPDATE {$db_structure} SET structure_count=structure_count-1 WHERE structure_area='page' AND structure_code = ?", $rpage['page_cat']); } foreach ($cot_extrafields[$db_pages] as $exfld) { cot_extrafield_unlinkfiles($rpage['page_' . $exfld['field_name']], $exfld); } $db->delete($db_pages, "page_id = ?", $id); cot_log("Deleted page #" . $id, 'adm'); /* === Hook === */ foreach (cot_getextplugins('page.edit.delete.done') as $pl) { include $pl; } /* ===== */ if ($cache) { if ($cfg['cache_page']) { $cache->page->clear('page/' . str_replace('.', '/', $structure['page'][$rpage['page_cat']]['path'])); } if ($cfg['cache_index']) { $cache->page->clear('index'); } } return true; }
$cfg['cache_index'] && $cache->page->clear('index'); } if ($db->query("SELECT COUNT(*) FROM {$db_forum_posts} WHERE fp_topicid= {$q}")->fetchColumn() == 0) { $sql_forums = $db->query("SELECT * FROM {$db_forum_topics} WHERE ft_id = {$q}"); if ($row = $sql_forums->fetch()) { $sql_forums = $db->delete($db_forum_topics, "ft_movedto = {$q}"); $sql_forums = $db->delete($db_forum_topics, "ft_id = {$q}"); foreach ($cot_extrafields[$db_forum_topics] as $exfld) { cot_extrafield_unlinkfiles($row['ft_' . $exfld['field_name']], $exfld); } /* === Hook === */ foreach (cot_getextplugins('forums.posts.emptytopicdel') as $pl) { include $pl; } /* ===== */ cot_log('Delete topic #' . $q . " (no post left)", 'for'); cot_forums_sectionsetlast($s, 'fs_postcount-1', 'fs_topiccount-1'); } cot_redirect(cot_url('forums', 'm=topics&s=' . $s, '', true)); } else { // There's at least 1 post left, let's resync $sql_forums = $db->query("SELECT fp_id, fp_posterid, fp_postername, fp_updated, fp_topicid FROM {$db_forum_posts}\n\t\t\tWHERE fp_topicid = ? AND fp_cat = ? ORDER BY fp_id DESC LIMIT 1", array($q, $s)); if ($row = $sql_forums->fetch()) { $sql_forums = $db->query("UPDATE {$db_forum_topics} SET\n\t\t\t\tft_postcount=ft_postcount-1, ft_lastposterid=" . (int) $row['fp_posterid'] . ",\n\t\t\t\tft_lastpostername=" . $db->quote($row['fp_postername']) . ", ft_updated=" . (int) $row['fp_updated'] . "\n\t\t\t\tWHERE ft_id = {$q}"); cot_forums_sectionsetlast($s, 'fs_postcount-1'); cot_redirect(cot_url('forums', 'm=posts&q=' . $row['fp_topicid'] . '&d=' . $durl, '#' . $row['fp_id'], true)); } } } $sql_forums = $db->query("SELECT * FROM {$db_forum_topics} WHERE ft_id= {$q}"); if ($rowt = $sql_forums->fetch()) {
/** * Просмотр одного объявления */ public function adView() { global $structure, $Ls; list(cot::$usr['auth_read'], cot::$usr['auth_write'], cot::$usr['isadmin']) = cot_auth('advboard', 'any'); cot_block(cot::$usr['auth_read']); $id = cot_import('id', 'G', 'INT'); $al = cot_import('al', 'G', 'TXT'); $c = cot_import('c', 'G', 'TXT'); /* === Hook === */ foreach (cot_getextplugins('advboard.first') as $pl) { include $pl; } /* ===== */ if (empty($id) && empty($al)) { cot_die_message(404, TRUE); } if (!empty($al)) { $advert = advboard_model_Advert::fetchOne(array(array('alias', $al))); } else { $advert = advboard_model_Advert::getById($id); } if (!$advert) { cot_die_message(404, TRUE); } list(cot::$usr['auth_read'], cot::$usr['auth_write'], cot::$usr['isadmin'], cot::$usr['auth_upload']) = cot_auth('advboard', $advert->rawValue('category'), 'RWA1'); cot_block(cot::$usr['auth_read']); $al = empty($advert->alias) ? '' : $advert->alias; $id = (int) $advert->id; $category = array('config' => array()); if (isset($structure['advboard'][$advert->rawValue('category')])) { $category = $structure['advboard'][$advert->rawValue('category')]; $category['config'] = cot::$cfg['advboard']['cat_' . $advert->rawValue('category')]; } $category['code'] = $advert->rawValue('category'); cot::$sys['sublocation'] = $advert->title; if (($advert->state == advboard_model_Advert::AWAITING_MODERATION || $advert->state == advboard_model_Advert::DRAFT || $advert->begin > cot::$sys['now'] || $advert->expire > 0 && cot::$sys['now'] > $advert->expire) && !$advert->canEdit()) { cot_log("Attempt to directly access an un-validated or future/expired advboard", 'sec'); cot_die_message(403, TRUE); } if (!cot::$usr['isadmin'] || cot::$cfg['advboard']['count_admin']) { $advert->inc('views'); } $title_params = array('TITLE' => $advert->title, 'CATEGORY' => $category['title']); cot::$out['subtitle'] = cot_title(cot::$cfg['page']['title_page'], $title_params); cot::$out['desc'] = $advert->description; cot::$out['keywords'] = strip_tags($category['config']['keywords']); // Building the canonical URL cot::$out['canonical_uri'] = $advert->url; $template = array('advboard', 'advert', $category['tpl']); if (!empty($advert->updated)) { cot::$env['last_modified'] = strtotime($advert->updated); } $allowComments = cot_plugin_active('comments'); if ($allowComments) { if (!isset(cot::$cfg['advboard']['cat_' . $advert->category])) { $allowComments = false; } $allowComments = cot::$cfg['advboard']['cat_' . $advert->category]['enable_comments']; } /* === Hook === */ foreach (cot_getextplugins('advboard.main') as $pl) { include $pl; } /* ===== */ // Сообщение об истечении срока публикации $expDays = null; if ($advert->expire > 0 && $advert->state == advboard_model_Advert::PUBLISHED) { $diff = $advert->expire - cot::$sys['now']; $expDays = floor($diff / 86400); if ($advert->canEdit()) { if (cot::$cfg['advboard']['expNotifyPeriod'] > 0) { if ($diff < 86400 * cot::$cfg['advboard']['expNotifyPeriod'] && $diff > 0) { if ($expDays >= 1) { cot_message(sprintf(cot::$L['advboard_expire_soon'], cot_declension($expDays, $Ls['Days'], false, true)), 'warning'); } else { cot_message(cot::$L['advboard_expire_today'], 'warning'); } } elseif ($diff <= 0) { cot_message(cot::$L['advboard_expired'], 'warning'); } } } } // Если незарег может редактировать объявление, не кешировать эту страницу if (cot::$usr['id'] == 0 && !empty($_SESSION['advboard']) && in_array($advert->id, $_SESSION['advboard'])) { cot::$cfg['cache_advert'] = cot::$cfg['cache_index'] = false; } $crumbs = cot_structure_buildpath('advboard', $advert->category); if (cot::$cfg['advboard']['firstCrumb']) { array_unshift($crumbs, array(cot_url('advboard'), cot::$L['advboard_ads'])); } $crumbs[] = !empty($advert->title) ? $advert->title : cot::$L['advboard_advert'] . " #" . $advert->id; $urlParams = array('c' => $advert->category); if ($advert->alias != '') { $urlParams['al'] = $advert->alias; } else { $urlParams['id'] = $advert->id; } $view = new View(); $view->breadcrumbs = cot_breadcrumbs($crumbs, cot::$cfg['homebreadcrumb'], true); $view->page_title = $advert->title; $view->advert = $advert; $view->category = $category; $view->allowComments = $allowComments; $view->daysLeft = $expDays; $view->urlParams = $urlParams; /* === Hook === */ foreach (cot_getextplugins('advboard.view') as $pl) { include $pl; } /* ===== */ return $view->render($template); }
case 'announcement': $db->update($db_forum_topics, array("ft_state" => 1, "ft_sticky" => 1), "ft_id={$q}"); cot_log("Announcement topic #" . $q, 'for'); break; case 'bump': cot_check_xg(); $db->update($db_forum_topics, array("ft_updated" => $sys['now']), "ft_id={$q}"); cot_forums_sectionsetlast($s); cot_log("Bumped topic #" . $q, 'for'); break; case 'private': cot_log("Made topic #" . $q . " private", 'for'); $db->update($db_forum_topics, array("ft_mode" => 1), "ft_id={$q}"); break; case 'clear': cot_log("Resetted topic #" . $q, 'for'); $db->update($db_forum_topics, array("ft_state" => 0, "ft_sticky" => 0, "ft_mode" => 0), "ft_id={$q}"); break; } cot_redirect(cot_url('forums', "m=topics&s=" . $s, '', true)); } /* === Hook === */ foreach (cot_getextplugins('forums.topics.first') as $pl) { include $pl; } /* ===== */ require_once cot_incfile('forms'); $structure['forums'][$s]['desc'] = cot_parse_autourls($structure['forums'][$s]['desc']); $title_params = array('FORUM' => $L['Forums'], 'SECTION' => $structure['forums'][$s]['title']); $out['subtitle'] = cot_title($cfg['forums']['title_topics'], $title_params); $out['desc'] = htmlspecialchars(strip_tags($structure['forums'][$s]['desc']));
} if (!$id && empty($al) || !$sql_page || $sql_page->rowCount() == 0) { cot_die_message(404, TRUE); } $pag = $sql_page->fetch(); list($usr['auth_read'], $usr['auth_write'], $usr['isadmin'], $usr['auth_download']) = cot_auth('page', $pag['page_cat'], 'RWA1'); cot_block($usr['auth_read']); $al = empty($pag['page_alias']) ? '' : $pag['page_alias']; $id = (int) $pag['page_id']; $cat = $structure['page'][$pag['page_cat']]; $sys['sublocation'] = $pag['page_title']; $pag['page_begin_noformat'] = $pag['page_begin']; $pag['page_tab'] = empty($pg) ? 0 : $pg; $pag['page_pageurl'] = empty($al) ? cot_url('page', array('c' => $pag['page_cat'], 'id' => $id)) : cot_url('page', array('c' => $pag['page_cat'], 'al' => $al)); if (($pag['page_state'] == 1 || $pag['page_state'] == 2 || $pag['page_begin'] > $sys['now'] || $pag['page_expire'] > 0 && $sys['now'] > $pag['page_expire']) && (!$usr['isadmin'] && $usr['id'] != $pag['page_ownerid'])) { cot_log("Attempt to directly access an un-validated or future/expired page", 'sec'); cot_die_message(403, TRUE); } if (mb_substr($pag['page_text'], 0, 6) == 'redir:') { $env['status'] = '303 See Other'; $redir = trim(str_replace('redir:', '', $pag['page_text'])); $sql_page_update = $db->query("UPDATE {$db_pages} SET page_filecount=page_filecount+1 WHERE page_id={$id}"); header('Location: ' . (preg_match('#^(http|ftp)s?://#', $redir) ? '' : COT_ABSOLUTE_URL) . $redir); exit; } elseif (mb_substr($pag['page_text'], 0, 8) == 'include:') { $pag['page_text'] = cot_readraw('datas/html/' . trim(mb_substr($pag['page_text'], 8, 255))); } if ($pag['page_file'] && $a == 'dl' && ($pag['page_file'] == 2 && $usr['auth_download'] || $pag['page_file'] == 1)) { /* === Hook === */ foreach (cot_getextplugins('page.download.first') as $pl) { include $pl;
protected function afterUpdate() { global $structure; cot_log("Edited banner # {$this->_data['id']} - {$this->_data['title']}", 'adm'); // Обновить структуру, если она изменилась if (!empty($this->_oldData['category'])) { $count = brs_model_Banner::count(array(array('category', $this->_data['category']))); static::$_db->update(cot::$db->structure, array('structure_count' => $count), "structure_area='brs' AND structure_code=?", $this->_data['category']); if (!empty($structure['brs'][$this->_oldData['category']])) { $count = brs_model_Banner::count(array(array('category', $this->_oldData['category']))); static::$_db->update(cot::$db->structure, array('structure_count' => $count), "structure_area='brs' AND structure_code = ?", $this->_oldData['category']); } cot::$cache && cot::$cache->db->remove('structure', 'system'); } return parent::afterUpdate(); }
cot_setcookie($sys['site_id'], $u, time() + $cfg['cookielifetime'], $cfg['cookiepath'], $cfg['cookiedomain'], $sys['secure'], true); unset($_SESSION[$sys['site_id']]); } else { $_SESSION[$sys['site_id']] = $u; } /* === Hook === */ foreach (cot_getextplugins('users.auth.check.done') as $pl) { include $pl; } /* ===== */ cot_uriredir_apply($cfg['redirbkonlogin']); cot_uriredir_redirect(empty($redirect) ? cot_url('index') : base64_decode($redirect)); } else { $env['status'] = '401 Unauthorized'; cot_shield_update(7, "Log in"); cot_log("Log in failed, user : " . $rusername, 'usr'); /* === Hook === */ foreach (cot_getextplugins('users.auth.check.fail') as $pl) { include $pl; } /* ===== */ cot_redirect(cot_url('message', 'msg=151', '', true)); } } /* === Hook === */ foreach (cot_getextplugins('users.auth.main') as $pl) { include $pl; } /* ===== */ $out['subtitle'] = $L['aut_logintitle']; $out['head'] .= $R['code_noindex'];
$validationkey = md5(microtime()); $newpass = cot_randomstring(); $ruserpass = array(); $ruserpass['user_passsalt'] = cot_unique(16); $ruserpass['user_passfunc'] = empty($cfg['hashfunc']) ? 'sha256' : $cfg['hashfunc']; $ruserpass['user_password'] = cot_hash($newpass, $ruserpass['user_passsalt'], $ruserpass['user_passfunc']); $ruserpass['user_lostpass'] = $validationkey; $sql = $db->update($db_users, $ruserpass, "user_id={$ruserid}"); $rsubject = $L['pasrec_title']; $rbody = $L['Hi'] . " " . $rusername . ",\n\n" . $L['pasrec_email2'] . "\n\n" . $newpass . "\n\n" . $L['aut_contactadmin']; cot_mail($rusermail, $rsubject, $rbody); $msg = 'auth'; } else { $env['status'] = '403 Forbidden'; cot_shield_update(7, "Log in"); cot_log("Pass recovery failed, user : " . $rusername); cot_redirect(cot_url('message', 'msg=151', '', true)); } } $out['subtitle'] = $L['pasrec_title']; $out['head'] .= $R['code_noindex']; $title[] = $L['pasrec_title']; $mskin = cot_tplfile('users.passrecover', 'module'); /* === Hook === */ foreach (cot_getextplugins('users.passrecover.main') as $pl) { include $pl; } /* ===== */ require_once $cfg['system_dir'] . '/header.php'; $t = new XTemplate($mskin); $t->assign(array('PASSRECOVER_TITLE' => cot_breadcrumbs($title, $cfg['homebreadcrumb']), 'PASSRECOVER_URL_FORM' => cot_url('users', 'm=passrecover&a=request')));
<?php /* ==================== [BEGIN_COT_EXT] Hooks=admin.home [END_COT_EXT] ==================== */ /** * Trashcan delete old * * @package TrashCan * @copyright (c) Cotonti Team * @license https://github.com/Cotonti/Cotonti/blob/master/License.txt */ defined('COT_CODE') or die('Wrong URL'); require_once cot_incfile('trashcan', 'plug'); if ($cfg['plugin']['trashcan']['trash_prunedelay'] > 0) { $timeago = $sys['now'] - $cfg['plugin']['trashcan']['trash_prunedelay'] * 86400; $sqltmp = $db->delete($db_trash, "tr_date < {$timeago}"); $deleted = $db->affectedRows; if ($deleted > 0) { cot_log($deleted . ' old item(s) removed from the trashcan, older than ' . $cfg['plugin']['trashcan']['trash_prunedelay'] . ' days', 'adm'); } }
/** * Removes a project from the CMS. * @param int $id Project ID * @param array $rpage Project data * @return boolean TRUE on success, FALSE on error */ function cot_projects_delete($id, $ritem = array()) { global $db, $db_projects, $db_projects_offers, $db_projects_posts, $cot_extrafields; if (!is_numeric($id) || $id <= 0) { return false; } $id = (int) $id; if (count($ritem) == 0) { $ritem = $db->query("SELECT * FROM {$db_projects} WHERE item_id = ?", $id)->fetch(); if (!$ritem) { return false; } } foreach ($cot_extrafields[$db_projects] as $exfld) { cot_extrafield_unlinkfiles($ritem['item_' . $exfld['field_name']], $exfld); } $db->delete($db_projects, "item_id = ?", $id); $db->delete($db_projects_offers, "offer_pid = ?", $id); $db->delete($db_projects_posts, "post_pid = ?", $id); cot_log("Deleted project #" . $id, 'adm'); cot_projects_sync($ritem['item_cat']); /* === Hook === */ foreach (cot_getextplugins('projects.edit.delete.done') as $pl) { include $pl; } /* ===== */ return true; }
include $pl; } /* ===== */ cot_blockguests(); cot_check_xg(); isset($structure['forums'][$s]) || cot_die(); $sql_forums = $db->query("SELECT * FROM {$db_forum_posts} WHERE fp_id = ? and fp_topicid = ? and fp_cat = ?", array($p, $q, $s)); if ($rowpost = $sql_forums->fetch()) { list($usr['auth_read'], $usr['auth_write'], $usr['isadmin']) = cot_auth('forums', $s); /* === Hook === */ foreach (cot_getextplugins('forums.editpost.rights') as $pl) { include $pl; } /* ===== */ if (!$usr['isadmin'] && ($rowpost['fp_posterid'] != $usr['id'] || $cfg['forums']['edittimeout'] != '0' && $sys['now'] - $rowpost['fp_creation'] > $cfg['forums']['edittimeout'] * 3600)) { cot_log('Attempt to edit a post without rights', 'sec'); cot_die(); } cot_block($usr['auth_read']); } else { cot_die(); } $is_first_post = $p == $db->query("SELECT fp_id FROM {$db_forum_posts} WHERE fp_topicid = ? ORDER BY fp_id ASC LIMIT 1", array($q))->fetchColumn(); $sql_forums = $db->query("SELECT ft_state, ft_mode, ft_title, ft_desc FROM {$db_forum_topics} WHERE ft_id = {$q} LIMIT 1"); if ($rowt = $sql_forums->fetch()) { if ($rowt['ft_state'] && !$usr['isadmin']) { cot_die_message(603, true); } } else { cot_die(true, true); }
} } if ($ruser['user_maingrp'] == COT_GROUP_MEMBERS && $urr['user_maingrp'] == COT_GROUP_INACTIVE) { $rsubject = $L['useed_accountactivated']; $rbody = $L['Hi'] . " " . $urr['user_name'] . ",\n\n"; $rbody .= $L['useed_email']; $rbody .= $L['auth_contactadmin']; cot_mail($urr['user_email'], $rsubject, $rbody); } /* === Hook === */ foreach (cot_getextplugins('users.edit.update.done') as $pl) { include $pl; } /* ===== */ cot_auth_clear($id); cot_log("Edited user #" . $id, 'adm'); cot_message('User_data_updated'); cot_redirect(cot_url('users', "m=edit&id=" . $id, '', true)); } else { cot_redirect(cot_url('users', "m=edit&id={$id}", '', true)); } } $sql = $db->query("SELECT * FROM {$db_users} WHERE user_id={$id} LIMIT 1"); $urr = $sql->fetch(); $title_params = array('EDIT' => $L['Edit'], 'NAME' => $urr['user_name']); $out['subtitle'] = cot_title('{EDIT} - {NAME}', $title_params); $out['head'] .= $R['code_noindex']; $mskin = cot_tplfile(array('users', 'edit', $usr['maingrp']), 'module'); /* === Hook === */ foreach (cot_getextplugins('users.edit.main') as $pl) { include $pl;
$sql = $db->delete($db_groups_users, "gru_userid='" . $row['user_id'] . "'"); /* === Hook for the plugins === */ foreach (cot_getextplugins('users.register.validate.rejected') as $pl) { include $pl; } /* ===== */ cot_redirect(cot_url('message', 'msg=109', '', true)); } } elseif ($row['user_maingrp'] == -1) { $sql = $db->update($db_users, array('user_maingrp' => $row['user_sid']), "user_id='" . $row['user_id'] . "' AND user_lostpass='******'"); cot_redirect(cot_url('message', 'msg=106', '', true)); } } else { $env['status'] = '403 Forbidden'; cot_shield_update(7, "Account validation"); cot_log("Wrong validation URL", 'sec'); cot_redirect(cot_url('message', 'msg=157', '', true)); } } $mskin = cot_tplfile('users.register', 'module'); /* === Hook === */ foreach (cot_getextplugins('users.register.main') as $pl) { include $pl; } /* ===== */ $out['subtitle'] = $L['aut_registertitle']; $out['head'] .= $R['code_noindex']; require_once $cfg['system_dir'] . '/header.php'; $t = new XTemplate($mskin); require_once cot_incfile('forms'); $t->assign(array('USERS_REGISTER_TITLE' => $L['aut_registertitle'], 'USERS_REGISTER_SUBTITLE' => $L['aut_registersubtitle'], 'USERS_REGISTER_ADMINEMAIL' => $cot_adminemail, 'USERS_REGISTER_SEND' => cot_url('users', 'm=register&a=add'), 'USERS_REGISTER_USER' => cot_inputbox('text', 'rusername', $ruser['user_name'], array('size' => 24, 'maxlength' => 100)), 'USERS_REGISTER_EMAIL' => cot_inputbox('text', 'ruseremail', $ruser['user_email'], array('size' => 24, 'maxlength' => 64)), 'USERS_REGISTER_PASSWORD' => cot_inputbox('password', 'rpassword1', '', array('size' => 12, 'maxlength' => 32)), 'USERS_REGISTER_PASSWORDREPEAT' => cot_inputbox('password', 'rpassword2', '', array('size' => 12, 'maxlength' => 32)), 'USERS_REGISTER_COUNTRY' => cot_selectbox_countries($ruser['user_country'], 'rcountry'), 'USERS_REGISTER_TIMEZONE' => cot_selectbox_timezone($ruser['user_timezone'], 'rusertimezone'), 'USERS_REGISTER_GENDER' => cot_selectbox_gender($ruser['user_gender'], 'rusergender'), 'USERS_REGISTER_BIRTHDATE' => cot_selectbox_date(0, 'short', 'ruserbirthdate', cot_date('Y', $sys['now']), cot_date('Y', $sys['now']) - 100, false)));
/** * Restores a trash item * * @param int $id Trash item ID * @return bool Operation success or failure */ function cot_trash_restore($id) { global $db, $db_trash, $trash_types; /* === Hook === */ foreach (cot_getextplugins('trash.restore.first') as $pl) { include $pl; } /* ===== */ $id = (int) $id; $tsql = $db->query("SELECT * FROM {$db_trash} WHERE tr_id={$id} LIMIT 1"); if ($res = $tsql->fetch()) { $data = unserialize($res['tr_datas']); $type = $res['tr_type']; $restore = true; $databasename = isset($trash_types[$type]) ? $trash_types[$type] : $type; if (isset($trash_types[$type]) && function_exists('cot_trash_' . $type . '_check')) { $check = 'cot_trash_' . $type . '_check'; $restore = $check($data); } $rsql = $db->query("SELECT * FROM {$databasename} WHERE 1 LIMIT 1"); if ($rrow = $rsql->fetch()) { $arraydiff = array_diff_key($data, $rrow); foreach ($arraydiff as $key => $val) { unset($data[$key]); } if (count($data) == 0 && $restore) { $restore = false; } } if ($restore) { $sql = $db->insert($databasename, $data); cot_log("{$type} #" . $res['tr_itemid'] . " restored from the trash can.", 'adm'); if (isset($trash_types[$type]) && function_exists('cot_trash_' . $type . '_sync')) { $resync = 'cot_trash_' . $type . '_sync'; $resync($data); } if ($sql > 0) { $db->delete($db_trash, "tr_id='" . $res['tr_id'] . "'"); $sql2 = $db->query("SELECT tr_id FROM {$db_trash} WHERE tr_parentid='" . (int) $res['tr_id'] . "'"); while ($row2 = $sql2->fetch()) { cot_trash_restore($row2['tr_id']); } $sql2->closeCursor(); } } /* === Hook === */ foreach (cot_getextplugins('trash.restore.done') as $pl) { include $pl; } /* ===== */ return $sql; } return false; }
<?php /** * [BEGIN_COT_EXT] * Hooks=users.auth.check.done * [END_COT_EXT] */ defined('COT_CODE') or die('Wrong URL.'); if ($cfg['plugin']['regpay']['summ'] > 0) { require_once cot_langfile('regpay', 'plug'); $urr = $db->query("SELECT * FROM {$db_users} WHERE user_id=" . $ruserid)->fetch(); if ($urr['user_logcount'] == 1) { $payinfo['pay_userid'] = $urr['user_id']; $payinfo['pay_area'] = 'balance'; $payinfo['pay_code'] = 'register'; $payinfo['pay_summ'] = $cfg['plugin']['regpay']['summ']; $payinfo['pay_cdate'] = $sys['now']; $payinfo['pay_pdate'] = $sys['now']; $payinfo['pay_adate'] = $sys['now']; $payinfo['pay_status'] = 'done'; $payinfo['pay_desc'] = $L['regpay_payments_desc']; if ($db->insert($db_payments, $payinfo)) { cot_mail($urr['user_email'], $L['regpay_mail_subject'], sprintf($L['regpay_mail_body'], $urr['user_name'])); cot_log("Payment for register"); } } }
<?php /** * [BEGIN_COT_EXT] * Hooks=users.auth.check.done * [END_COT_EXT] */ defined('COT_CODE') or die('Wrong URL.'); if ($cfg['plugin']['regpro']['protime'] > 0) { require_once cot_langfile('regpro', 'plug'); $urr = $db->query("SELECT * FROM {$db_users} WHERE user_id=" . $ruserid)->fetch(); if ($urr['user_logcount'] == 1) { $upro = cot_getuserpro($ruserid); $initialtime = $upro > $sys['now'] ? $upro : $sys['now']; $rproexpire = $initialtime + $cfg['plugin']['regpro']['protime'] * 24 * 60 * 60; if ($db->update($db_users, array('user_pro' => (int) $rproexpire), "user_id=" . (int) $ruserid)) { cot_mail($urr['user_email'], $L['regpro_mail_subject'], sprintf($L['regpro_mail_body'], $urr['user_name'])); cot_log("Pro for register"); } } }