/** * Draws article comments * @param $article_id * @param $draw */ public function DrawArticleComments($article_id = '', $draw = true) { if (!$article_id) { return ''; } global $objLogin; $delete_pending_time = ModulesSettings::Get('comments', 'delete_pending_time'); $user_type = ModulesSettings::Get('comments', 'user_type'); $comment_length = ModulesSettings::Get('comments', 'comment_length'); $image_verification = ModulesSettings::Get('comments', 'image_verification_allow'); $comments_on_page = ModulesSettings::Get('comments', 'page_size'); $is_published = ModulesSettings::Get('comments', 'pre_moderation_allow') == 'yes' ? '0' : '1'; if ($image_verification == 'yes') { include_once 'modules/captcha/securimage.php'; $objImg = new Securimage(); } //echo '<pre>'; //print_r($_SERVER); //echo '</pre>'; $task = isset($_POST['task']) ? prepare_input($_POST['task']) : ''; $comment_id = isset($_POST['comment_id']) ? (int) $_POST['comment_id'] : ''; $init_state = 'closed'; $user_id = isset($_POST['user_id']) ? (int) $_POST['user_id'] : ''; $user_name = isset($_POST['comment_user_name']) ? prepare_input($_POST['comment_user_name']) : ''; $user_email = isset($_POST['comment_user_email']) ? prepare_input($_POST['comment_user_email']) : ''; $comment_text = isset($_POST['comment_text']) ? prepare_input($_POST['comment_text']) : ''; $captcha_code = isset($_POST['captcha_code']) ? prepare_input($_POST['captcha_code']) : ''; $msg = ''; $task_completed = false; $focus_field = ''; $current_page = isset($_GET['p']) ? abs((int) $_GET['p']) : '1'; if ($task == 'publish_comment') { $init_state = 'opened'; if ($user_name == '') { $msg = draw_important_message(_USERNAME_EMPTY_ALERT, false); $focus_field = 'comment_user_name'; } else { if (!check_email_address($user_email) && !$objLogin->IsLoggedInAs($this->user_type_name)) { $msg = draw_important_message(_EMAIL_IS_WRONG, false); $focus_field = 'comment_user_email'; } else { if ($comment_text == '') { $msg = draw_important_message(_MESSAGE_EMPTY_ALERT, false); $focus_field = 'comment_text'; } else { if ($comment_text != '' && strlen($comment_text) > $comment_length) { $msg = draw_important_message(str_replace('_LENGTH_', $comment_length, _COMMENT_LENGTH_ALERT), false); $focus_field = 'comment_text'; } else { if ($image_verification == 'yes' && !$objImg->check($captcha_code)) { $msg = draw_important_message(_WRONG_CODE_ALERT, false); $focus_field = 'captcha_code'; } else { // Block operation in demo mode if (strtolower(SITE_MODE) == 'demo') { $msg = draw_important_message(_OPERATION_BLOCKED, false); } else { if ($objLogin->IpAddressBlocked(get_current_ip())) { $msg = draw_important_message(_IP_ADDRESS_BLOCKED, false); } else { if ($objLogin->EmailBlocked($user_email)) { $msg = draw_important_message(_EMAIL_BLOCKED, false); } else { $sql = 'INSERT INTO ' . TABLE_COMMENTS . '( id, article_id, user_id, user_name, user_email, comment_text, date_created, date_published, is_published )VALUES( NULL, ' . (int) $article_id . ', ' . (int) $user_id . ', \'' . encode_text($user_name) . '\', \'' . encode_text($user_email) . '\', \'' . encode_text(strip_tags($comment_text, '<b><i><u><br>')) . '\', \'' . date('Y-m-d H:i:s') . '\', \'' . ($is_published == '1' ? date('Y-m-d H:i:s') : '0000-00-00 00:00:00') . '\', \'' . $is_published . '\' )'; if (database_void_query($sql)) { if ($is_published == '1') { $msg = draw_success_message(_COMMENT_POSTED_SUCCESS, false); } else { $msg = draw_success_message(_COMMENT_SUBMITTED_SUCCESS, false); } $task_completed = true; } else { $msg = draw_important_message(_TRY_LATER, false); } } } } } } } } } } else { if ($task == 'delete_comment') { $init_state = 'opened'; $sql = 'DELETE FROM ' . $this->tableName . ' WHERE TIMESTAMPDIFF(MINUTE, date_published, \'' . date('Y-m-d H:i:s') . '\') < ' . $delete_pending_time . ' AND id = ' . (int) $comment_id; if (database_void_query($sql)) { $msg = draw_success_message(_COMMENT_DELETED_SUCCESS, false); } else { $msg = draw_important_message(_TRY_LATER, false); } } } // -------- pagination $total_comments = 0; $page_size = $comments_on_page; $sql = 'SELECT COUNT(*) as cnt FROM ' . TABLE_COMMENTS . ' WHERE is_published = 1 AND article_id = ' . (int) $article_id; $comments_result = database_query($sql, DATA_ONLY, FIRST_ROW_ONLY); $total_comments = $comments_result['cnt']; $total_pages = (int) ($total_comments / $page_size); if ($current_page > $total_pages + 1) { $current_page = 1; } if ($total_comments % $page_size != 0) { $total_pages++; } if ($task_completed) { $current_page = $total_pages; } if (!is_numeric($current_page) || (int) $current_page <= 0) { $current_page = 1; } $start_row = ($current_page - 1) * $page_size; if (isset($_GET['p'])) { $init_state = 'opened'; } // -------- $sql = 'SELECT * FROM ' . TABLE_COMMENTS . ' WHERE article_id = ' . (int) $article_id . ' AND is_published = 1 ORDER BY date_published ASC LIMIT ' . $start_row . ', ' . $page_size; $result = database_query($sql, DATA_AND_ROWS); $output = '<script type="text/javascript">function deleteComment(cid) { if(confirm(\'' . _PERFORM_OPERATION_COMMON_ALERT . '\')){ jQuery(\'#comment_task\').val(\'delete_comment\'); jQuery(\'#comment_id\').val(cid); jQuery(\'#frmComments\').submit(); return true; } return false; } </script>'; $output .= '<div id="commentsLink"><a href="javascript:void(0);" onclick="javascript:jQuery(\'#commentsWrapper\').slideToggle(\'fast\');">' . str_replace('_COUNT_', $total_comments, _COMMENTS_LINK) . '</a><br /><br /></div>'; $output .= '<div id="commentsWrapper" style="display:' . ($init_state == 'opened' ? '' : 'none') . ';">'; $output .= '<div id="commentsPublished">'; if ($result[1] > 0) { for ($i = 0; $i < $result[1]; $i++) { $output .= '<div class="comment">'; $output .= '<div class="comment_user_name"><b>' . $result[0][$i]['user_name'] . '</b> ' . _SAID . '...</div>'; $output .= '<div class="comment_test">' . $result[0][$i]['comment_text'] . '</div>'; $output .= '<div class="comment_date">'; if ($result[0][$i]['user_id'] == $objLogin->GetLoggedID() && floor(time_diff(date('Y-m-d H:i:s'), $result[0][$i]['date_published']) / 60) < $delete_pending_time) { $output .= '<img src="images/published_x.gif" alt="" style="cursor:pointer;margin-bottom:-3px;margin-right:3px;" onclick="deleteComment(\'' . $result[0][$i]['id'] . '\');">'; } $output .= '<i>' . _PUBLISHED . ': ' . format_datetime($result[0][$i]['date_published']) . '</i></div>'; $output .= '</div>'; } // draw pagination links if ($total_pages > 1) { $output .= '<div class="paging">'; for ($page_ind = 1; $page_ind <= $total_pages; $page_ind++) { $output .= prepare_permanent_link('index.php?page=' . Application::Get('page') . '&pid=' . Application::Get('page_id') . '&p=' . $page_ind, $page_ind == $current_page ? '<b>[' . $page_ind . ']</b>' : $page_ind, '', 'paging_link') . ' '; } $output .= '</div>'; } } else { $output .= '<div class="comment">'; $output .= '<b>' . _NO_COMMENTS_YET . '</b><br /><br />'; $output .= '</div>'; } $output .= '</div>'; $output .= $msg != '' ? $msg . '<br />' : ''; if ($user_type == 'registered' && !$objLogin->IsLoggedInAs($this->user_type_name)) { $output .= draw_message(_POST_COM_REGISTERED_ALERT, false); } else { $output .= $this->DrawCommentsForm($article_id, $image_verification, $focus_field, $task_completed, false); } $output .= '</div>'; if ($draw) { echo $output; } else { return $output; } }
/** * Creates new menu * @param $param - array of parameters */ public function MenuCreate($params = array()) { // Block operation in demo mode if (strtolower(SITE_MODE) == 'demo') { $this->error = _OPERATION_BLOCKED; return false; } // Get input parameters if (isset($params['name'])) { $this->menu['menu_name'] = $params['name']; } if (isset($params['menu_placement'])) { $this->menu['menu_placement'] = $params['menu_placement']; } if (isset($params['order'])) { $this->menu['menu_order'] = $params['order']; } if (isset($params['language_id'])) { $this->menu['language_id'] = $params['language_id']; } if (isset($params['access_level'])) { $this->menu['access_level'] = $params['access_level']; } // Prevent creating of empty records in our 'menus' table if ($this->menu['menu_name'] != '') { $menu_code = strtoupper(get_random_string(10)); $total_languages = Languages::GetAllActive(); for ($i = 0; $i < $total_languages[1]; $i++) { $m = self::GetAll(' menu_order ASC', TABLE_MENUS, '', $total_languages[0][$i]['abbreviation']); $max_order = (int) ($m[1] + 1); $sql = 'INSERT INTO ' . TABLE_MENUS . ' (language_id, menu_code, menu_name, menu_placement, menu_order, access_level) VALUES(\'' . $total_languages[0][$i]['abbreviation'] . '\', \'' . $menu_code . '\', \'' . encode_text($this->menu['menu_name']) . '\', \'' . $this->menu['menu_placement'] . '\', ' . $max_order . ', \'' . $this->menu['access_level'] . '\')'; if (!database_void_query($sql)) { $this->error = _TRY_LATER; return false; } } return true; } else { $this->error = _MENU_NAME_EMPTY; return false; } }
/** * After-Updating - update listing descriptions to description table */ public function AfterUpdateRecord() { global $objLogin, $objSettings; // update translations foreach ($this->arrTranslations as $key => $val) { $sql = 'UPDATE ' . TABLE_LISTINGS_DESCRIPTION . ' SET business_name = \'' . encode_text(prepare_input($val['business_name'])) . '\', business_address = \'' . encode_text(prepare_input($val['business_address'])) . '\', business_description = \'' . encode_text(prepare_input($val['business_description'])) . '\' WHERE listing_id = ' . (int) $this->curRecordId . ' AND language_id = \'' . $key . '\''; database_void_query($sql); } // retrieve pre-moderation settings if ($objLogin->IsLoggedInAsCustomer() && ModulesSettings::Get('listings', 'pre_moderation_allow') == 'yes') { // check if we have to put listing on moderation $sql = 'SELECT * FROM ' . TABLE_LISTINGS_DESCRIPTION . ' WHERE listing_id = ' . (int) $this->curRecordId; $result = database_query($sql, DATA_AND_ROWS, ALL_ROWS); $langs_count = count($this->arrTranslations); for ($i = 0; $i < $langs_count; $i++) { $result_diff = array_diff_assoc($this->listing_info[0][$i], $result[0][$i]); if (count($result_diff) > 0) { $sql = 'UPDATE ' . TABLE_LISTINGS . ' SET is_published = 0 WHERE id = ' . (int) $this->curRecordId; if (!database_void_query($sql)) { /* echo 'error!'; */ } $this->error = _UPDATED_FOR_MODERATION; return false; } } } $access_level = MicroGrid::GetParameter('access_level', false); $advertise_plan_id = MicroGrid::GetParameter('advertise_plan_id', false); // update listings count and date of publishing if ($objLogin->IsLoggedInAsAdmin()) { $customer_id = (int) MicroGrid::GetParameter('customer_id', false); $is_published = (bool) MicroGrid::GetParameter('is_published', false); $is_published_value = ''; $recalculate_listings = false; if (!$this->is_published && $is_published) { $is_published_value = date('Y-m-d H:i:s'); $recalculate_listings = true; } else { if ($this->is_published && !$is_published) { $is_published_value = '0000-00-00 00:00:00'; $recalculate_listings = true; } else { if ($this->accessLevel == 'registered' && $access_level == 'public') { $recalculate_listings = true; } else { if ($this->accessLevel == 'public' && $access_level == 'registered') { $recalculate_listings = true; } } } } if ($recalculate_listings) { // update listings count in categories Categories::RecalculateListingsCount(); } // update finish publishing date $advertise_plan_info = AdvertisePlans::GetPlanInfo($advertise_plan_id); if ($this->advertisePlanID != $advertise_plan_id && $advertise_plan_info[1] > 0) { $duration = $advertise_plan_info[0]['duration']; $finish_publishing = $duration == '-1' ? '0000-00-00 00:00:00' : date('Y-m-d H:i:s', strtotime('+' . (int) $duration . ' day')); $sql = 'UPDATE ' . TABLE_LISTINGS . ' SET finish_publishing = \'' . $finish_publishing . '\' WHERE id = ' . (int) $this->curRecordId; if (!database_void_query($sql)) { /* echo 'error!'; */ } } if ($is_published_value != '') { $sql = 'UPDATE ' . TABLE_LISTINGS . ' SET date_published = \'' . $is_published_value . '\' ' . ($this->isApproved == '0' && $is_published_value != '0000-00-00 00:00:00' ? ', is_approved=1' : '') . ' WHERE id = ' . (int) $this->curRecordId; if (!database_void_query($sql)) { /* echo 'error!'; */ } if ($this->isApproved == '0' && $is_published_value != '0000-00-00 00:00:00') { //////////////////////////////////////////////////////////// $customer_info = Customers::GetCustomerInfo($customer_id); $email = isset($customer_info['email']) ? $customer_info['email'] : ''; $last_name = isset($customer_info['last_name']) ? $customer_info['last_name'] : ''; $first_name = isset($customer_info['first_name']) ? $customer_info['first_name'] : ''; $preferred_language = isset($customer_info['preferred_language']) ? $customer_info['preferred_language'] : ''; $business_name = MicroGrid::GetParameter('business_name_' . $preferred_language, false); $sender = $objSettings->GetParameter('admin_email'); $recipiant = $email; $listing_details = _NAME . ': ' . $business_name . ' <br>'; $listing_details .= _LINK . ': ' . APPHP_BASE . 'index.php?page=listing&lid=' . (int) $this->curRecordId . ' <br>'; send_email($recipiant, $sender, 'listing_approved_by_admin', array('{FIRST NAME}' => $first_name, '{LAST NAME}' => $last_name, '{LISTING DETAILS}' => $listing_details, '{WEB SITE}' => $_SERVER['SERVER_NAME']), $preferred_language); //////////////////////////////////////////////////////////// } } } }
description, date_created, replies_count, is_active ) VALUES ( ' . (int) $params['inquiry_type'] . ', ' . (int) $params['inquiry_category'] . ', ' . (int) $params['listing_id'] . ', \'' . encode_text($params['visitor_name']) . '\', \'' . encode_text($params['visitor_email']) . '\', \'' . encode_text($params['visitor_phone']) . '\', ' . (int) $params['visitor_locations'] . ', ' . (int) $params['visitor_sub_locations'] . ', ' . (int) $params['visitor_availability'] . ', ' . (int) $params['visitor_preferred_contact'] . ', \'' . encode_text($params['visitor_description']) . '\', \'' . date('Y-m-d H:i:s') . '\', 0, 1 ) '; if (database_void_query($sql) > 0) { $inquiry_id = mysql_insert_id(); if ($params['inquiry_type'] == '0') { $where_clause = 'l.id IN (SELECT listing_id FROM ' . TABLE_LISTINGS_CATEGORIES . ' lc WHERE category_id = ' . (int) $params['inquiry_category'] . ') AND '; $where_clause .= 'l.listing_location_id = ' . (int) $params['visitor_locations'] . ' AND '; $where_clause .= 'l.listing_sub_location_id = ' . (int) $params['visitor_sub_locations']; } else { $where_clause = 'l.id = ' . (int) $params['listing_id']; } $sql_insert = '';
/** * Send forgotten password * @param $email */ public function SendPassword($email) { global $objSettings; $lang = Application::Get('lang'); // deny all operations in demo version if (strtolower(SITE_MODE) == 'demo') { $this->error = _OPERATION_BLOCKED; return false; } if (!empty($email)) { if (check_email_address($email)) { if (!PASSWORDS_ENCRYPTION) { $sql = 'SELECT id, first_name, last_name, user_name, password, preferred_language FROM ' . TABLE_ACCOUNTS . ' WHERE email = ' . quote_text(encode_text($email)) . ' AND is_active = 1'; } else { if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'aes') { $sql = 'SELECT id, first_name, last_name, user_name, AES_DECRYPT(password, ' . quote_text(PASSWORDS_ENCRYPT_KEY) . ') as password, preferred_language FROM ' . TABLE_ACCOUNTS . ' WHERE email = ' . quote_text(encode_text($email)) . ' AND is_active = 1'; } else { if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'md5') { $sql = 'SELECT id, first_name, last_name, user_name, \'\' as password, preferred_language FROM ' . TABLE_ACCOUNTS . ' WHERE email = ' . quote_text($email) . ' AND is_active = 1'; } } } $temp = database_query($sql, DATA_ONLY, FIRST_ROW_ONLY); if (is_array($temp) && count($temp) > 0) { ////////////////////////////////////////////////////////////////// if (!PASSWORDS_ENCRYPTION) { $password = $temp['password']; } else { if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'aes') { $password = $temp['password']; } else { if (strtolower(PASSWORDS_ENCRYPTION_TYPE) == 'md5') { $password = get_random_string(8); $sql = 'UPDATE ' . TABLE_ACCOUNTS . ' SET password = '******' WHERE id = ' . (int) $temp['id']; database_void_query($sql); } } } send_email($email, $objSettings->GetParameter('admin_email'), 'password_forgotten', array('{FIRST NAME}' => $temp['first_name'], '{LAST NAME}' => $temp['last_name'], '{USER NAME}' => $temp['user_name'], '{USER PASSWORD}' => $password, '{BASE URL}' => APPHP_BASE, '{WEB SITE}' => $_SERVER['SERVER_NAME'], '{YEAR}' => date('Y')), $temp['preferred_language']); ////////////////////////////////////////////////////////////////// return true; } else { $this->error = _EMAIL_NOT_EXISTS; return false; } } else { $this->error = _EMAIL_IS_WRONG; return false; } } else { $this->error = _EMAIL_EMPTY_ALERT; return false; } return true; }
/** * 'After'-operation methods */ public function AfterInsertRecord() { // clone to other languages --- $total_languages = Languages::GetAllActive(); $language_id = MicroGrid::GetParameter('language_id'); $template_code = MicroGrid::GetParameter('template_code', false); $template_name = MicroGrid::GetParameter('template_name', false); $template_subject = MicroGrid::GetParameter('template_subject', false); $template_content = MicroGrid::GetParameter('template_content', false); $is_system_template = MicroGrid::GetParameter('is_system_template', false); for ($i = 0; $i < $total_languages[1]; $i++) { if ($language_id != '' && $total_languages[0][$i]['abbreviation'] != $language_id) { $sql = 'INSERT INTO ' . TABLE_EMAIL_TEMPLATES . ' ( id, language_id, template_code, template_name, template_subject, template_content, is_system_template ) VALUES ( NULL, \'' . encode_text($total_languages[0][$i]['abbreviation']) . '\', \'' . encode_text($template_code) . '\', \'' . encode_text($template_name) . '\', \'' . encode_text($template_subject) . '\', \'' . encode_text($template_content) . '\', ' . (int) $is_system_template . ' )'; database_void_query($sql); $this->SetSQLs('insert_lan_' . $total_languages[0][$i]['abbreviation'], $sql); } } }
function create($data, $filename = '') { $errors = array(); // Check given $data if (!array_key_exists('files', $data)) { $errors[] = 'files not found in torrent data'; } elseif (!is_array($data['files'])) { $errors[] = 'files must be a list of files'; } elseif (sizeof($data['files']) != 1) { $errors[] = 'files must contain only a single file at the moment'; } else { foreach ($data['files'] as $file) { if (!is_array($file) || sizeof($file) != 2 || !is_string($file[0]) || !is_int($file[1])) { $errors[] = 'elements of files must be a list of file data (name, size)'; break; } } } if (!array_key_exists('piece length', $data)) { $errors[] = 'piece length not found in torrent data'; } elseif (!is_int($data['piece length']) || !$data['piece length']) { $errors[] = 'piece length must be a number'; } if (!array_key_exists('pieces', $data)) { $errors[] = 'pieces not found in torrent data'; } elseif (!is_array($data['pieces']) || !$data['pieces']) { $errors[] = 'pieces must be a non-empty list'; } if (!array_key_exists('trackers', $data)) { $errors[] = 'trackers not found in torrent data'; } elseif (!in_array(gettype($data['trackers']), array('string', 'array'))) { $errors[] = 'trackers must be passed as string or list of tracker groups'; } elseif (is_string($data['trackers'])) { $trackers = split_values($data['trackers'], true, ',', ' '); } else { $trackers = $data['trackers']; } if (!isset($trackers)) { } elseif (!$trackers) { $errors[] = 'list of trackers must not be empty'; } else { foreach ($trackers as $tracker_group) { if (!is_array($tracker_group) || !$tracker_group) { $errors[] = 'elements of trackers must be a list of tracker URLs (tracker group)'; break; } foreach ($tracker_group as $tracker) { if (!is_string($tracker) || strlen($tracker) < 10) { $errors[] = 'elements of tracker groups must be strings'; break; } } } } foreach (explode(',', 'created by,comment') as $key) { if (array_key_exists($key, $data) && !is_string($data[$key])) { $errors[] = sprintf('%s must be a string', $key); } } if (!$filename && !$this->filename) { $errors[] = 'no output filename given'; } if ($errors) { return $errors; } // Create torrent $root = array(); foreach (explode(',', 'created by,comment') as $key) { if (array_key_exists($key, $data) && strlen($data[$key]) > 2) { $root[$key] = encode_text($data[$key]); } } $root['announce'] = $trackers[0][0]; if (sizeof($trackers) > 1 || sizeof($trackers[0]) > 1) { $root['announce-list'] = $trackers; } // At the moment only single-file torrents can be created because of missing pieces hashing for multi-file torrents $root['info'] = array(); $file = $data['files'][0]; $root['info']['name'] = encode_text(basename($file[0])); $root['info']['length'] = $file[1]; $root['info']['piece length'] = $data['piece length']; $root['info']['pieces'] = $this->encode_pieces($data['pieces']); $root['creation date'] = time(); // Write $file $file = $filename ? $filename : $this->filename; if (!is_file($file) && !$GLOBALS['_opts']['overwrite']) { $file .= '.new'; } file_put_contents($file, $this->bencode($root)); print 'Generated: ' . $file . PHP_EOL; return array(); }
/** * After-insertion operation */ public function AfterInsertRecord() { // --- clone to other languages $total_languages = Languages::GetAllActive(); $language_id = self::GetParameter('language_id', false); $news_code = self::GetParameter('news_code', false); $header_text = self::GetParameter('header_text', false); $body_text = self::GetParameter('body_text', false); $date_created = self::GetParameter('date_created', false); for ($i = 0; $i < $total_languages[1]; $i++) { if ($language_id != '' && $total_languages[0][$i]['abbreviation'] != $language_id) { $sql = 'INSERT INTO ' . TABLE_NEWS . ' (id, news_code, header_text, body_text, date_created, language_id) VALUES(NULL, \'' . encode_text($news_code) . '\', \'' . encode_text($header_text) . '\', \'' . encode_text($body_text) . '\', \'' . encode_text($date_created) . '\', \'' . encode_text($total_languages[0][$i]['abbreviation']) . '\')'; database_void_query($sql); $this->SetSQLs('insert_lan_' . $total_languages[0][$i]['abbreviation'], $sql); } } }
/** * Returns encoded data * @param $str */ private function GetFieldsEncoded($str = '') { $str = encode_text($str); $str = str_replace('<TITLE>', '<TITLE>', $str); // <TITLE> $str = str_replace('<META>', '<META>', $str); // <META> $str = str_replace('<DESCRIPTION>', '<DESCRIPTION>', $str); // <DESCRIPTION> return $str; }
/** * Creates new page * @param $params - set of fields * @param $copy_to_other_langs */ public function PageCreate($params = array(), $copy_to_other_langs = 'yes') { // Get input parameters if (isset($params['content_type'])) { $this->page['content_type'] = $params['content_type']; } if (isset($params['link_url'])) { $this->page['link_url'] = $params['link_url']; } if (isset($params['link_target'])) { $this->page['link_target'] = $params['link_target']; } if (isset($params['page_title'])) { $this->page['page_title'] = $params['page_title']; } if (isset($params['page_key'])) { $this->page['page_key'] = $params['page_key']; } if (isset($params['page_text'])) { $this->page['page_text'] = $params['page_text']; } if (isset($params['menu_id'])) { $this->page['menu_id'] = $params['menu_id']; } if (isset($params['menu_link'])) { $this->page['menu_link'] = $params['menu_link']; } if (isset($params['is_published'])) { $this->page['is_published'] = $params['is_published']; } if (isset($params['language_id'])) { $this->page['language_id'] = $params['language_id']; } if (isset($params['comments_allowed'])) { $this->page['comments_allowed'] = $params['comments_allowed']; } if (isset($params['show_in_search'])) { $this->page['show_in_search'] = $params['show_in_search']; } if (isset($params['priority_order'])) { $this->page['priority_order'] = $params['priority_order']; } if (isset($params['access_level'])) { $this->page['access_level'] = $params['access_level']; } if (isset($params['finish_publishing'])) { $this->page['finish_publishing'] = $params['finish_publishing']; } if (isset($params['tag_title'])) { $this->page['tag_title'] = $params['tag_title']; } if (isset($params['tag_keywords'])) { $this->page['tag_keywords'] = $params['tag_keywords']; } if (isset($params['tag_description'])) { $this->page['tag_description'] = $params['tag_description']; } // Menu link cannot be more then 40 characters if (strlen($this->page['menu_link']) > 40) { $this->error = _PAGE_LINK_TOO_LONG; return false; } else { if ($this->page['page_title'] == '') { $this->error = _PAGE_HEADER_EMPTY; return false; } else { if ($this->page['content_type'] == 'link' && $this->page['link_url'] == '') { $this->error = str_replace('_FIELD_', '<b>' . _LINK . '</b>', _FIELD_CANNOT_BE_EMPTY); $this->focusOnField = 'link_url'; return false; } else { if (!check_integer($this->page['priority_order']) || $this->page['priority_order'] < 0) { $this->error = str_replace('_FIELD_', '<b>' . _ORDER . '</b>', _FIELD_MUST_BE_NUMERIC_POSITIVE); $this->focusOnField = 'priority_order'; return false; } else { if (strlen($this->page['tag_title']) > 255) { $msg_text = str_replace('_FIELD_', '<b>TITLE</b>', _FIELD_LENGTH_ALERT); $msg_text = str_replace('_LENGTH_', '255', $msg_text); $this->error = $msg_text; $this->focusOnField = 'tag_title'; return false; } else { if (strlen($this->page['tag_keywords']) > 512) { $msg_text = str_replace('_FIELD_', '<b>KEYWORDS</b>', _FIELD_LENGTH_ALERT); $msg_text = str_replace('_LENGTH_', '512', $msg_text); $this->error = $msg_text; $this->focusOnField = 'tag_keywords'; return false; } else { if (strlen($this->page['tag_description']) > 512) { $msg_text = str_replace('_FIELD_', '<b>DESCRIPTION</b>', _FIELD_LENGTH_ALERT); $msg_text = str_replace('_LENGTH_', '512', $msg_text); $this->error = $msg_text; $this->focusOnField = 'tag_description'; return false; } } } } } } } if (strtolower(SITE_MODE) == 'demo') { $this->error = _OPERATION_BLOCKED; return false; } else { if ($copy_to_other_langs == 'yes') { $total_languages = Languages::GetAllActive(); } else { $total_languages = Languages::GetAllLanguages(' priority_order ASC', '', 'abbreviation=\'' . $this->page['language_id'] . '\''); } $page_code = get_random_string(10); for ($i = 0; $i < $total_languages[1]; $i++) { // Create new record $sql = 'INSERT INTO ' . TABLE_PAGES . '( id, page_code, language_id, content_type, link_url, link_target, page_key, page_title, page_text, menu_id, menu_link, tag_title, tag_keywords, tag_description, comments_allowed, show_in_search, date_created, date_updated, finish_publishing, is_published, is_system_page, system_page, status_changed, access_level, priority_order )VALUES( NULL, \'' . $page_code . '\', \'' . $total_languages[0][$i]['abbreviation'] . '\', \'' . $this->page['content_type'] . '\', \'' . encode_text($this->page['link_url']) . '\', \'' . $this->page['link_target'] . '\', \'\', \'' . encode_text($this->page['page_title']) . '\', \'' . encode_text($this->page['page_text']) . '\', ' . (int) $this->GetMenuIdByLang($this->page['menu_id'], $total_languages[0][$i]['abbreviation']) . ', \'' . encode_text($this->page['menu_link']) . '\', \'' . encode_text($this->page['tag_title']) . '\', \'' . encode_text($this->page['tag_keywords']) . '\', \'' . encode_text($this->page['tag_description']) . '\', ' . (int) $this->page['comments_allowed'] . ', ' . (int) $this->page['show_in_search'] . ', \'' . date('Y-m-d H:i:s') . '\', \'0000-00-00 00:00:00\', \'' . $this->page['finish_publishing'] . '\', ' . (int) $this->page['is_published'] . ', 0, \'\', \'0000-00-00 00:00:00\', \'' . $this->page['access_level'] . '\', ' . (int) $this->page['priority_order'] . ' )'; if (database_void_query($sql)) { // Update page_key $last_insert_id = mysql_insert_id(); $sql = 'UPDATE ' . TABLE_PAGES . ' SET page_key=\'' . $this->page['page_key'] . '\' WHERE id=' . (int) $last_insert_id; if (database_void_query($sql)) { // ok $this->page_id = $last_insert_id; } else { $this->error = _TRY_LATER; return false; } } else { $this->error = _TRY_LATER; return false; } } return true; } }
VALUES( \'' . encode_text($first_name) . '\', \'' . encode_text($last_name) . '\', \'' . $birth_date . '\', \'' . encode_text($company) . '\', \'' . encode_text($b_address) . '\', \'' . encode_text($b_address_2) . '\', \'' . encode_text($b_city) . '\', \'' . encode_text($b_zipcode) . '\', \'' . encode_text($b_country) . '\', \'' . encode_text($b_state) . '\', \'' . encode_text($phone) . '\', \'' . encode_text($fax) . '\', \'' . encode_text($email) . '\', \'' . encode_text($url) . '\', \'' . encode_text($user_name) . '\', ' . $user_password . ', \'' . Application::Get('lang') . '\', \'' . date('Y-m-d H:i:s') . '\', \'' . $user_ip . '\', \'\', \'' . $send_updates . '\', ' . ($default_plan_id == '1' ? (int) $default_plan_lc : '0') . ', ' . ($default_plan_id == '2' ? (int) $default_plan_lc : '0') . ', ' . ($default_plan_id == '3' ? (int) $default_plan_lc : '0') . ', ' . ($default_plan_id == '4' ? (int) $default_plan_lc : '0') . ', ' . $is_active . ', 0, \'\', \'' . $registration_code . '\')'; if (database_void_query($sql) > 0) {
/** * Searchs in pages by keyword * @param $keyword - keyword * @param $page * @param $search_in */ public function SearchBy($keyword, $page = 1, $search_in = 'listings') { $lang_id = Application::Get('lang'); $order_by_clause = 'ASC'; if ($search_in == 'news') { $sql = 'SELECT CONCAT(\'page=news&nid=\', id) as url, header_text as title, body_text as text, \'article\' as content_type, \'\' as link_url FROM ' . TABLE_NEWS . ' n WHERE language_id = \'' . $lang_id . '\' AND ( header_text LIKE \'%' . encode_text($keyword) . '%\' OR body_text LIKE \'%' . encode_text($keyword) . '%\' )'; $order_field = 'n.id'; } else { if ($search_in == 'pages') { $sql = 'SELECT CONCAT(\'page=pages&pid=\', id) as url, page_title as title, page_text as text, content_type, link_url FROM ' . TABLE_PAGES . ' p WHERE language_id = \'' . $lang_id . '\' AND is_published = 1 AND show_in_search = 1 AND is_removed = 0 AND (finish_publishing = \'0000-00-00\' OR finish_publishing >= \'' . date('Y-m-d') . '\') AND ( page_title LIKE \'%' . encode_text($keyword) . '%\' OR page_text LIKE \'%' . encode_text($keyword) . '%\' )'; $order_field = 'p.id'; } else { $sel_categories = isset($_POST['sel_categories']) ? (int) $_POST['sel_categories'] : ''; $sel_listings_locations = isset($_POST['sel_listings_locations']) ? prepare_input($_POST['sel_listings_locations']) : ''; $sel_listings_sub_locations = isset($_POST['sel_listings_sub_locations']) ? prepare_input($_POST['sel_listings_sub_locations']) : ''; $sel_view = isset($_POST['sel_view']) ? prepare_input($_POST['sel_view']) : ''; $sel_sortby = isset($_POST['sel_sortby']) ? prepare_input($_POST['sel_sortby']) : ''; $order_by_clause = isset($_POST['sel_orderby']) ? prepare_input($_POST['sel_orderby']) : 'ASC'; $chk_with_images = isset($_POST['chk_with_images']) ? prepare_input($_POST['chk_with_images']) : ''; // 'listings' or 'empty' $sql = 'SELECT CONCAT(\'page=listing&lid=\', l.id) as url, ld.business_name as title, ld.business_description as text, \'article\' as content_type, \'\' as link_url ' . ($chk_with_images == '1' ? ', l.image_file_thumb' : '') . ' FROM ' . TABLE_LISTINGS . ' l ' . ($sel_categories != '' ? 'LEFT OUTER JOIN ' . TABLE_LISTINGS_CATEGORIES . ' lc ON l.id = lc.listing_id' : '') . ' LEFT OUTER JOIN ' . TABLE_LISTINGS_DESCRIPTION . ' ld ON l.id = ld.listing_id WHERE l.is_published = 1 AND ld.language_id = \'' . $lang_id . '\' AND ' . ($sel_categories != '' ? 'lc.category_id = \'' . $sel_categories . '\' AND ' : '') . ' ' . ($sel_listings_locations != '' ? 'l.listing_location_id = \'' . $sel_listings_locations . '\' AND ' : '') . ' ' . ($sel_listings_sub_locations != '' ? 'l.listing_sub_location_id = \'' . $sel_listings_sub_locations . '\' AND ' : '') . ' ' . ($sel_view == '1' ? ' l.date_published LIKE \'%' . date('Y-m-d') . '%\' AND ' : '') . ' ' . ($sel_view == '2' ? ' l.date_published LIKE \'%' . date('Y-m-d', strtotime('-1 day')) . '%\' AND ' : '') . ' ' . ($sel_view == '3' ? ' l.date_published >= \'%' . date('Y-m-d', strtotime('-7 days')) . '%\' AND ' : '') . ' ' . ($chk_with_images == '1' ? ' (l.image_file != \'\') AND' : '') . ' ( ' . (!empty($keyword) ? 'l.keywords LIKE \'%,' . encode_text($keyword) . '%\' OR l.keywords LIKE \'%' . encode_text($keyword) . ',%\' OR ld.business_name LIKE \'%' . encode_text($keyword) . '%\' OR ld.business_address LIKE \'%' . encode_text($keyword) . '%\' OR ld.business_description LIKE \'%' . encode_text($keyword) . '%\'' : '1=1') . ' )'; $order_field = 'l.id'; if ($sel_sortby == '0') { $order_field = 'l.date_published'; } } } if (!is_numeric($page) || (int) $page <= 0) { $page = 1; } $this->totalSearchRecords = (int) database_query($sql, ROWS_ONLY); $total_pages = (int) ($this->totalSearchRecords / $this->pageSize); if ($this->totalSearchRecords % $this->pageSize != 0) { $total_pages++; } $start_row = ($page - 1) * $this->pageSize; $result = database_query($sql . ' ORDER BY ' . $order_field . ' ' . $order_by_clause . ' LIMIT ' . $start_row . ', ' . $this->pageSize, DATA_AND_ROWS); // update search results table if (strtolower(SITE_MODE) != 'demo' && $result[1] > 0) { $sql = 'INSERT INTO ' . TABLE_SEARCH_WORDLIST . ' (word_text, word_count) VALUES (\'' . $keyword . '\', 1) ON DUPLICATE KEY UPDATE word_count = word_count + 1'; database_void_query($sql); // store table contains up to 1000 records $sql = 'SELECT id, COUNT(*) as cnt FROM ' . TABLE_SEARCH_WORDLIST . ' ORDER BY word_count ASC'; $res1 = database_query($sql, DATA_AND_ROWS, FIRST_ROW_ONLY); if ($res1[1] > 0 && $res1[0]['cnt'] > 1000) { $sql = 'DELETE FROM ' . TABLE_SEARCH_WORDLIST . ' WHERE id = ' . (int) $res1[0]['id']; database_void_query($sql); } } return $result; }
/** * Updates fields * @param $params - pairs: field - value * @param $language_id */ public function UpdateFields($params = array(), $language_id = '') { // check if this is a DEMO if (strtolower(SITE_MODE) == 'demo') { $this->error = _OPERATION_BLOCKED; return false; } $language_id = $language_id != '' ? $language_id : $this->language_id; if (count($params) > 0) { // prepare UPDATE statement $sql = 'UPDATE ' . TABLE_SITE_DESCRIPTION . ' SET '; $count = 0; foreach ($params as $key => $val) { if ($count++ > 0) { $sql .= ', '; } $sql .= $key . ' = \'' . encode_text($val) . '\''; } $sql .= ' WHERE language_id = \'' . $language_id . '\''; if (database_void_query($sql)) { $this->LoadData($language_id); return true; } else { ///echo $sql.mysql_error(); $this->error = _TRY_LATER; return false; } } else { return ''; } }
/** * Sets site template * @param $template - template name */ public function SetTemplate($template = '') { // check if this is a DEMO if (strtolower(SITE_MODE) == 'demo') { $this->error = _OPERATION_BLOCKED; return false; } $sql = 'UPDATE ' . TABLE_SETTINGS . ' SET template = \'' . encode_text($template) . '\''; if (database_void_query($sql)) { $this->template = $template; return true; } else { $this->error = _TRY_LATER; return false; } }
/** * After-Updating - update banner descriptions to description table */ public function AfterUpdateRecord() { foreach ($this->arrTranslations as $key => $val) { $sql = 'UPDATE ' . TABLE_BANNERS_DESCRIPTION . ' SET image_text = \'' . encode_text(prepare_input($val['image_text'])) . '\' WHERE banner_id = ' . $this->curRecordId . ' AND language_id = \'' . encode_text($key) . '\''; if (database_void_query($sql)) { // } else { //echo mysql_error(); } } }
function snippet_category_link($filter = "", $filename = "") { global $Cfg, $db, $Weblogs, $Current_weblog, $Current_subweblog, $Paths; if ($filename == "") { if ($Cfg['mod_rewrite'] == 0) { $filename = $Paths['pivot_url'] . "archive.php?c="; } else { $filename = $Paths['log_url'] . "category/"; } } $output = $db->entry["category"]; if ($filter != "" && isset($Weblogs[$Current_weblog]['sub_weblog'][$Current_subweblog])) { $output = array_intersect($Weblogs[$Current_weblog]['sub_weblog'][$Current_subweblog]['categories'], $output); } $allcats = cfg_cats(); foreach ($output as $key => $item) { // skip cat if it doesn't exist anymore if (!isset($allcats[$item])) { unset($output[$key]); } else { $url = $filename . para_category($item); // check if a weblog parameter is needed for the current category/weblog combo if (para_weblog_needed($Current_weblog, $item)) { if ($Cfg['mod_rewrite'] == 0) { $url .= "&w=" . para_weblog($Current_weblog, $item); } else { $url .= "/?w=" . para_weblog($Current_weblog, $item); } } $output[$key] = sprintf("<a href=\"{$url}\">%s</a>", encode_text($item)); } } if (is_array($output)) { return implode(", ", $output); } else { return ""; } }
/** * After-Updating - update album descriptions to description table */ public function AfterUpdateRecord() { foreach ($this->arrTranslations as $key => $val) { $sql = 'UPDATE ' . TABLE_GALLERY_ALBUMS_DESCRIPTION . ' SET name = \'' . encode_text(prepare_input($val['name'])) . '\', description = \'' . encode_text(prepare_input($val['description'])) . '\' WHERE gallery_album_id = ' . $this->curRecordId . ' AND language_id = \'' . $key . '\''; database_void_query($sql); //echo mysql_error(); } }
*/ // *** Make sure the file isn't accessed directly defined('APPHP_EXEC') or die('Restricted Access'); //-------------------------------------------------------------------------- if (!$objLogin->IsLoggedIn() && ModulesSettings::Get('customers', 'allow_registration') == 'yes') { $code = isset($_REQUEST['c']) ? prepare_input($_REQUEST['c']) : ''; $task = isset($_POST['task']) ? prepare_input($_POST['task']) : ''; $msg = ''; $confirmed = false; if ($code != '') { $sql = 'SELECT * FROM ' . TABLE_CUSTOMERS . ' WHERE registration_code = \'' . encode_text($code) . '\' AND is_active = 0'; $result = database_query($sql, DATA_AND_ROWS, FIRST_ROW_ONLY); if ($result[1] > 0) { $sql = 'UPDATE ' . TABLE_CUSTOMERS . ' SET is_active = 1, registration_code = \'\' WHERE registration_code = \'' . encode_text($code) . '\' AND is_active = 0'; database_void_query($sql); $msg = draw_success_message(_CONFIRMED_SUCCESS_MSG, false); $confirmed = true; $msg .= '<script type="text/javascript">setTimeout(\'appGoTo("customer=login")\', 15000);</script>'; } else { if (strlen($code) == 20) { $confirmed = true; $msg = draw_message(_CONFIRMED_ALREADY_MSG, false); } else { $msg = draw_important_message(_WRONG_CONFIRMATION_CODE, false); } } } else { if ($task == 'post_submission') { $msg = draw_important_message(str_replace('_FIELD_', _CONFIRMATION_CODE, _FIELD_CANNOT_BE_EMPTY), false);
/** * Prepare sql fields array for translations */ public function PrepareTranslateSql($table = '', $field = '', $params = array()) { $output = ''; $sql = 'SELECT id, ' . $field . ', language_id, ' . implode(', ', $params) . ' FROM ' . $table . ' WHERE ' . $field . ' = \'' . self::GetParameter('rid') . '\''; $result = database_query($sql, DATA_AND_ROWS, ALL_ROWS); for ($i = 0; $i < $result[1]; $i++) { foreach ($params as $p_key) { $fd_l = self::GetParameter($p_key . '_' . $result[0][$i]['language_id'], false); $fd = !empty($fd_l) ? $fd_l : $result[0][$i][$p_key]; $output .= '\'' . encode_text($fd) . '\' as ' . $p_key . '_' . $result[0][$i]['language_id'] . ','; } } return $output; }
/** * After-Updating - update album item descriptions to description table */ public function AfterUpdateRecord() { $is_default = MicroGrid::GetParameter('is_default', false); if ($is_default == '1') { $sql = 'UPDATE ' . TABLE_ADVERTISE_PLANS . ' SET is_default = \'0\' WHERE id != ' . (int) $this->curRecordId; database_void_query($sql); } foreach ($this->arrTranslations as $key => $val) { $sql = 'UPDATE ' . TABLE_ADVERTISE_PLANS_DESCRIPTION . ' SET name = \'' . encode_text(prepare_input($val['name'])) . '\', description = \'' . encode_text(prepare_input($val['description'])) . '\' WHERE advertise_plan_id = ' . $this->curRecordId . ' AND language_id = \'' . $key . '\''; database_void_query($sql); //echo mysql_error(); } }
function import_language_files($languagefiles) { // process the files and import strings foreach ($languagefiles as $currentlang => $filepaths) { $strings = array(); $strings = read_language_file($currentlang); if ($strings === FALSE) { print "{$currentlang} is not available in Moodle - skipped.\n"; continue; } print $currentlang . ' - '; if (!empty($strings)) { print 'loaded ' . count($strings) . ' current strings - '; } else { print 'currently empty - '; } $importedstrings = 0; $addedstrings = 0; foreach ($filepaths as $currentpath => $moduletypes) { foreach ($moduletypes as $moduletype => $filenames) { foreach ($filenames as $filename) { $subsection = ''; $file = file($currentpath . '/' . $filename, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); $lastline = trim(array_pop($file)); // remove section ending line if ($lastline == '});') { $filetype = 'submodule'; $currentline = explode("'", array_shift($file)); $section = substr($currentline[1], 3) . ':'; // remove language code, keep section } else { $filetype = 'main'; $currentline = explode('{', array_shift($file)); $section = substr($currentline[1], 3); // remove language code, keep section } //print($currentline[1] ."\n"); $linenumber = 1; while (!empty($file)) { $currentline = trim(array_shift($file)); if ($filetype == 'main' && ($pos = strpos($currentline, ':{')) !== false) { // subsections in main file $subsection = substr($currentline, 0, $pos + 1); } elseif (($pos = strpos($currentline, '\',{')) !== false) { // subsection in dialog files $subsection = substr($currentline, 21, $pos) + ','; } elseif ($currentline == '},') { // subsection closing continue; } elseif (($pos = strpos($currentline, ':')) !== false) { // string $stringid = substr($currentline, 0, $pos); $stringvalue = preg_replace('/^(")(.*)(",?)$/', '\\2', trim(substr($currentline, $pos + 1))); $modulestring = ''; if (!empty($moduletype)) { $modulestring = $moduletype . '/'; } $key = $modulestring . $section . $subsection . $stringid; $value = encode_text($stringvalue); // we're only adding new strings. No removals, no updates. if (!array_key_exists($key, $strings)) { $strings[$key] = $value; //echo "added $key:$value\n"; $addedstrings++; } $importedstrings++; } else { // wrong line !? print "\n!!! problem in {$currentpath}/{$filename}:{$linenumber} !!!\n"; } $linenumber++; } } } } write_language_file($currentlang, $strings); print "imported {$importedstrings} strings, added {$addedstrings}.\n"; } }
b_city = \'' . encode_text($b_city) . '\', b_zipcode = \'' . encode_text($b_zipcode) . '\', b_country = \'' . encode_text($b_country) . '\', b_state = \'' . encode_text($b_state) . '\', phone = \'' . encode_text($phone) . '\', fax = \'' . encode_text($fax) . '\', email = \'' . encode_text($email) . '\', url = \'' . encode_text($url) . '\', ' . ($user_password1 != '' && $user_password2 != '' ? $user_password . ',' : '') . ' preferred_language = \'' . $selLanguages . '\', notification_status_changed = IF(email_notifications <> \'' . $send_updates . '\', \'' . date('Y-m-d H:i:s') . '\', notification_status_changed), email_notifications = \'' . $send_updates . '\' WHERE id = ' . (int) $objLogin->GetLoggedID(); if (database_void_query($sql) > 0) { $objLogin->UpdateLoggedEmail($email); $objLogin->UpdateLoggedFirstName(encode_text($first_name)); $objLogin->UpdateLoggedLastName(encode_text($last_name)); $msg = draw_success_message(_ACCOUNT_WAS_UPDATED, false); } else { $msg = draw_important_message(_UPDATING_ACCOUNT_ERROR, false); } } } $objCustomers = new Customers(); $customer_info = $objCustomers->GetInfoByID($objLogin->GetLoggedID()); $total_groups = CustomerGroups::GetAllGroups(); $arr_groups = array(); foreach ($total_groups[0] as $key => $val) { $arr_groups[$val['id']] = $val['name']; } }