function phpwcmsNews()
{
global $BL;
global $phpwcms;
$this->BL =& $BL;
$this->phpwcms =& $phpwcms;
$this->csrf_token = get_token_get_string('csrftoken');
$this->base_url = PHPWCMS_URL . 'phpwcms.php?' . $this->csrf_token . '&do=articles&p=3';
$this->base_url_decoded = PHPWCMS_URL . 'phpwcms.php?' . $this->csrf_token . '&do=articles&p=3';
}
//Wenn Benutzer Admin-Rechte hat
//Löschen eines Benutzers
if (isset($_GET["del"])) {
$ui = explode(":", clean_slweg($_GET["del"]));
$user_id = intval($ui[0]);
$user_email = '';
if (isset($ui[1])) {
$user_email = $ui[1];
}
if ($user_id != $_SESSION["wcs_user_id"]) {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_user SET " . "usr_login='******', " . "usr_pass='******', " . "usr_email='', " . "usr_admin=0, " . "usr_aktiv=9 " . "WHERE usr_id=" . $user_id . " AND " . "usr_email=" . _dbEscape($user_email);
if ($result = mysql_query($sql, $db)) {
if (is_valid_email($user_email)) {
@mail($user_email, "your account", "YOUR PHPWCMS ACCOUNT WAS DELETED\n \ncontact the admin if you have any question.\n\nSee you at " . $phpwcms["site"], "From: " . $phpwcms["admin_email"] . "\nReply-To: " . $phpwcms["admin_email"] . "\n");
}
}
}
}
if (isset($_GET["aktiv"])) {
$ui = explode(":", clean_slweg($_GET["aktiv"]));
$user_id = intval($ui[0]);
$user_aktiv = !empty($ui[1]) ? 1 : 0;
if ($user_id != $_SESSION["wcs_user_id"]) {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_user SET usr_aktiv=" . $user_aktiv . " WHERE usr_id=" . $user_id . ";";
mysql_query($sql, $db) or die("error");
}
}
}
//Ende Abarbeiten Aktion
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=admin');
$sql = "UPDATE " . DB_PREPEND . "phpwcms_forum SET " . $sqla;
$sql .= " WHERE forum_entry=0 AND forum_id=" . $forum["id"];
$sql .= " LIMIT 1";
} else {
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_forum SET ";
$sql .= "forum_entry='0', ";
$sql .= "forum_uid='" . $_SESSION["wcs_user_id"] . "', ";
$sql .= "forum_created = '" . time() . "', ";
$sql .= $sqla;
}
// update or insert data entry
mysql_query($sql, $db) or die("error while updating or inserting forum data");
if (!$forum["id"]) {
$forum["id"] = mysql_insert_id($db);
}
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&' . build_QueryString('&', 'do=messages', 'p=6', 's=' . $forum["id"]));
}
if ($forum["id"]) {
// read the given subscription datas from db
$sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_forum WHERE forum_id=" . $forum["id"] . " LIMIT 1;";
if ($result = mysql_query($sql, $db)) {
if ($row = mysql_fetch_assoc($result)) {
$forum["id"] = $row["forum_id"];
$forum["title"] = html($row["forum_title"]);
$forum["text"] = html($row["forum_text"]);
}
mysql_free_result($result);
}
}
// show form
?>
$sql = "UPDATE " . DB_PREPEND . "phpwcms_template SET " . "template_name='" . aporeplace($template["name"]) . "', " . "template_default=" . $template["default"] . ", " . "template_var='" . aporeplace(serialize($template)) . "' " . "WHERE template_id=" . $template["id"];
} else {
// if ID = 0 then show create new template form
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_template (" . "template_name, template_default, template_var) VALUES ('" . aporeplace($template["name"]) . "', " . $template["default"] . ", '" . aporeplace(serialize($template)) . "')";
}
// update or insert data entry
@mysql_query($sql, $db) or die("error while updating or inserting template datas");
if (empty($template["id"]) || $createcopy == 1) {
$template["id"] = mysql_insert_id($db);
}
//now proof for default template definition
if ($template["default"]) {
mysql_query("UPDATE " . DB_PREPEND . "phpwcms_template SET template_default=0 " . "WHERE template_id != " . $template["id"], $db);
}
update_cache();
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=admin&p=11&s=' . $template["id"]);
}
if ($template["id"]) {
// read the given template datas from db
$sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_template WHERE template_id=" . $template["id"] . " LIMIT 1";
if ($result = mysql_query($sql, $db)) {
if ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
unset($template);
$template = unserialize($row["template_var"]);
$template["id"] = $row["template_id"];
$template["default"] = $row["template_default"];
// compatibility for older releases where only
// 1 css file could be stored per template
if (is_string($template['css'])) {
$template['css'] = array($template['css']);
}
$sql .= 'WHERE queue_id=' . $value['queue_id'];
@_dbQuery($sql, 'UPDATE');
if ($mailresult == false) {
echo '<p style="color:#CC3300">' . $value['address_email'] . ' (' . $mail->ErrorInfo . ')</p>';
} else {
echo '. ';
}
flush();
$mail->clearAddresses();
$x++;
if ($loop && $loop == $x) {
$mail->smtpClose();
updateSentDate($newsletter["newsletter_id"]);
echo '<script type="text/javascript">' . LF . SCRIPT_CDATA_START . LF;
echo 'function loopIt() { self.location.href="act_sendnewsletter.php?';
echo 'newsletter_id=' . $newsletter["newsletter_id"] . '&' . get_token_get_string('csrftoken') . '&';
echo 'send_confirm=confirmed&loop=' . $loop . '&pause=' . $pause . '"; }' . LF;
echo 'window.setTimeout("loopIt()", ' . $pause * 1000 . ')' . LF;
echo LF . SCRIPT_CDATA_END . LF . '</script></body></html>';
flush();
exit;
}
}
$mail->smtpClose();
updateSentDate($newsletter["newsletter_id"]);
echo '<br /><br />';
echo $BL['be_newsletter_ready'];
}
} else {
echo 'no permission';
}
* some defaults for modules: $phpwcms['modules'][$module]
* store all related in here and holds some default values
* ['path'], ['type'], ['name']
* language values are store in $BL['modules'][$module]
* as defined in lang/en.lang.php
* but maybe to keep default language file more lightweight
* you can use own language definitions starting within this file
*
*/
// first check if neccessary db exists
if (isset($phpwcms['modules'][$module]['path'])) {
// module default stuff
// put translation back to have easier access to it - use it as relation
$BLM =& $BL['modules'][$module];
define('MODULE_HREF', 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=modules&module=' . $module);
define('MODULE_HREF_DECODE', PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=modules&module=' . $module);
define('MODULE_KEY', 'feedimport');
require_once $phpwcms['modules'][$module]['path'] . 'inc/functions.inc.php';
if (isset($_GET['edit'])) {
include_once PHPWCMS_ROOT . '/include/inc_lib/article.functions.inc.php';
//load article funtions
// handle posts and read data
include_once $phpwcms['modules'][$module]['path'] . 'inc/processing.inc.php';
// edit form
include_once $phpwcms['modules'][$module]['path'] . 'backend.editform.php';
} elseif (isset($_GET['active']) && !empty($_GET['editid'])) {
// active/inactive
$data = array('cnt_changed' => now(), 'cnt_status' => empty($_GET['active']) ? 0 : 1);
_dbUpdate('phpwcms_content', $data, 'cnt_id=' . intval($_GET['editid']) . ' AND cnt_module=' . _dbEscape(MODULE_KEY));
headerRedirect(MODULE_HREF_DECODE);
} elseif (!empty($_GET['delete'])) {
* @link http://www.phpwcms.de
*
**/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
/*
* module glossary
* ===============
*
* some defaults for modules: $phpwcms['modules'][$module]
* store all related in here and holds some default values
* ['path'], ['type'], ['name']
* language values are store in $BL['modules'][$module]
* as defined in lang/en.lang.php
* but maybe to keep default language file more lightweight
* you can use own language definitions starting within this file
*
*/
// first check if neccessary db exists
if (isset($phpwcms['modules'][$module]['path'])) {
// module default stuff
// put translation back to have easier access to it - use it as relation
$BLM =& $BL['modules'][$module];
define('MODULE_HREF', 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=modules&module=' . $module);
// listing
include_once $phpwcms['modules'][$module]['path'] . 'backend.listing.php';
}
function init_frontend_edit()
{
if (empty($GLOBALS['phpwcms']['frontend_edit']) || empty($_SESSION["wcs_user_id"])) {
define('VISIBLE_MODE', 0);
define('FE_EDIT_LINK', false);
return true;
}
// Check Backend session
checkLoginCount();
if (empty($_SESSION["wcs_user_id"])) {
define('VISIBLE_MODE', 0);
define('FE_EDIT_LINK', false);
} else {
define('VISIBLE_MODE', $_SESSION['wcs_user_admin'] === 1 ? 2 : 1);
if (empty($GLOBALS['phpwcms']['frontend_edit'])) {
define('FE_EDIT_LINK', false);
} else {
define('FE_EDIT_LINK', get_token_get_string('csrftoken'));
}
}
}
$subscription["name"] = clean_slweg($_POST["subscription_name"]);
if (!$subscription["name"]) {
$subscription["name"] = "subscription_" . generic_string(3);
}
$subscription["info"] = clean_slweg($_POST["subscription_info"]);
if ($subscription["id"]) {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_subscription SET " . "subscription_name='" . aporeplace($subscription["name"]) . "', " . "subscription_info='" . aporeplace($subscription["info"]) . "' " . "WHERE subscription_id=" . $subscription["id"];
} else {
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_subscription (" . "subscription_name, subscription_info) VALUES ('" . aporeplace($subscription["name"]) . "', '" . aporeplace($subscription["info"]) . "')";
}
// update or insert data entry
mysql_query($sql, $db) or die("error while updating or inserting subscription datas");
if (!$subscription["id"]) {
$subscription["id"] = mysql_insert_id($db);
}
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=messages&p=2&s=' . $subscription["id"]);
}
if ($subscription["id"]) {
// read the given subscription datas from db
$sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_subscription WHERE subscription_id=" . $subscription["id"] . " LIMIT 1;";
if ($result = mysql_query($sql, $db)) {
if ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
$subscription["id"] = $row["subscription_id"];
$subscription["name"] = html($row["subscription_name"]);
$subscription["info"] = html($row["subscription_info"]);
}
mysql_free_result($result);
}
}
// show form
?>
}
}
mysql_free_result($check);
$_SESSION['PHPWCMS_ROOT'] = PHPWCMS_ROOT;
set_status_message('Welcome ' . $wcs_user . '!');
if ($ref_url) {
if (($token_position = strpos($ref_url, 'csrftoken')) !== false) {
$ref_url = substr_replace($ref_url, '', $token_position, 42);
$ref_url = str_replace('?&', '?', $ref_url);
$ref_url = str_replace('&&', '&', $ref_url);
}
$backend_redirect = $ref_url . '&';
} else {
$backend_redirect = PHPWCMS_URL . 'phpwcms.php?';
}
headerRedirect($backend_redirect . get_token_get_string('csrftoken') . '&' . session_name() . '=' . session_id());
} else {
$err = 1;
}
} elseif (isset($_POST['json']) && intval($_POST['json']) != 1) {
$err = 1;
}
$reason_types = array('default' => 'alert-default', 'info' => 'alert-info', 'error' => 'alert-error', 'warning' => 'alert-warning', 'success' => 'alert-success', 'danger' => 'alert-danger');
?>
<!DOCTYPE html>
<html>
<head>
<title><?php
echo $BL['be_page_title'] . ' - ' . PHPWCMS_HOST;
?>
</title>
// check for multiple entries
if ($value['address_count'] > 1) {
$sql = 'SELECT address_id FROM ' . DB_PREPEND . 'phpwcms_address ';
$sql .= "WHERE address_email='" . aporeplace($value['address_email']) . "' ";
$sql .= 'ORDER BY address_verified DESC, address_name DESC LIMIT 1';
$dataID = _dbQuery($sql);
if (!empty($dataID[0]['address_id'])) {
$sql = 'DELETE FROM ' . DB_PREPEND . 'phpwcms_address ';
$sql .= "WHERE address_email='" . aporeplace($value['address_email']) . "' ";
$sql .= "AND address_id != " . intval($dataID[0]['address_id']);
@_dbQuery($sql, 'DELETE');
}
}
}
}
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=messages&p=4');
}
// delete susbcriber
if (isset($_GET["del"]) && isset($_GET["s"]) && $_GET["del"] == $_GET["s"]) {
_dbQuery("DELETE FROM " . DB_PREPEND . "phpwcms_address WHERE address_id=" . intval($_GET["del"]) . " LIMIT 1", 'DELETE');
}
// change verification
if (isset($_GET["verify"]) && isset($_GET["s"])) {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_address SET address_verified=";
$sql .= intval($_GET["verify"]) ? 1 : 0;
$sql .= " WHERE address_id=" . intval($_GET["s"]) . " LIMIT 1";
_dbQuery($sql, 'UPDATE');
}
echo '<div class="title" style="margin-bottom:10px">' . $BL['be_subnav_msg_subscribers'] . '</div>';
?>
$sql = "UPDATE " . DB_PREPEND . "phpwcms_pagelayout SET " . "pagelayout_name='" . aporeplace($pagelayout["layout_name"]) . "', " . "pagelayout_default=" . $pagelayout["layout_default"] . ", " . "pagelayout_var='" . aporeplace(serialize($pagelayout)) . "' " . "WHERE pagelayout_id=" . $pagelayout["id"];
} else {
// if ID = 0 then create new pagelayout
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_pagelayout (" . "pagelayout_name, pagelayout_default, pagelayout_var) VALUES ('" . aporeplace($pagelayout["layout_name"]) . "', " . $pagelayout["layout_default"] . ", '" . aporeplace(serialize($pagelayout)) . "')";
}
// update or insert data entry
mysql_query($sql, $db) or die("error while updating or inserting pagelayout: <br></pre>" . wordwrap($sql) . "</pre>");
if (!$pagelayout["id"]) {
$pagelayout["id"] = mysql_insert_id($db);
}
//now proof for default pagelayout and set
if ($pagelayout["layout_default"]) {
mysql_query("UPDATE " . DB_PREPEND . "phpwcms_pagelayout SET pagelayout_default=0 " . "WHERE pagelayout_id != " . $pagelayout["id"], $db);
}
update_cache();
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=admin&p=8&s=' . $pagelayout["id"]);
}
if ($pagelayout["id"]) {
// read the given pagelayout from db
$sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_pagelayout WHERE pagelayout_id=" . $pagelayout["id"] . " LIMIT 1";
if ($result = mysql_query($sql, $db)) {
if ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
unset($pagelayout);
$pagelayout = unserialize($row["pagelayout_var"]);
$pagelayout["id"] = $row["pagelayout_id"];
$pagelayout["layout_default"] = $row["pagelayout_default"];
}
mysql_free_result($result);
}
} else {
// set default pagelayout information
}
} else {
// if unmarked -> first remove all unset recipients from queue for same newsletter
$sql = 'DELETE FROM ' . DB_PREPEND . 'phpwcms_newsletterqueue ';
$sql .= 'WHERE queue_pid=' . $newsletter["newsletter_id"] . ' AND queue_status=0';
_dbQuery($sql, 'DELETE');
}
// update active status
$sql = "UPDATE " . DB_PREPEND . 'phpwcms_newsletter SET ';
$sql .= 'newsletter_active=' . $newsletter['newsletter_active'] . ' ';
$sql .= "WHERE newsletter_id=" . $newsletter["newsletter_id"];
@_dbQuery($sql, 'UPDATE');
if (isset($_POST['close'])) {
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=messages&p=3');
} else {
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=messages&p=3&s=' . $newsletter["newsletter_id"] . '&edit=1');
}
}
}
if ($newsletter["newsletter_id"] && !isset($_POST["newsletter_id"])) {
// read the given subscription datas from db
$sql = "SELECT *, UNIX_TIMESTAMP(newsletter_changed) AS newsletter_date FROM ";
$sql .= DB_PREPEND . "phpwcms_newsletter WHERE newsletter_id=" . $newsletter["newsletter_id"] . " LIMIT 1;";
if ($result = mysql_query($sql, $db)) {
if ($row = mysql_fetch_assoc($result)) {
$newsletter = $row;
$newsletter['newsletter_vars'] = unserialize($newsletter['newsletter_vars']);
}
mysql_free_result($result);
}
}
$indexpage = array();
$phpwcms = array();
$BL = array();
$BE = array('HTML' => '', 'BODY_OPEN' => array(), 'BODY_CLOSE' => array(), 'HEADER' => array(), 'LANG' => 'en');
// check against user's language
if (!empty($_SESSION["wcs_user_lang"]) && preg_match('/[a-z]{2}/i', $_SESSION["wcs_user_lang"])) {
$BE['LANG'] = $_SESSION["wcs_user_lang"];
}
require_once 'include/config/conf.inc.php';
require_once 'include/inc_lib/default.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/helper.session.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/dbcon.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/general.inc.php';
checkLogin();
validate_csrf_tokens();
define('CSRF_GET_TOKEN', get_token_get_string('csrftoken'));
require_once PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/default.backend.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lang/backend/en/lang.inc.php';
//load default language EN
include_once PHPWCMS_ROOT . "/include/inc_lang/code.lang.inc.php";
$BL['modules'] = array();
if (!empty($_SESSION["wcs_user_lang_custom"])) {
//use custom lang if available -> was set in login.php
$BL['merge_lang_array'][0] = $BL['be_admin_optgroup_label'];
$BL['merge_lang_array'][1] = $BL['be_cnt_field'];
include PHPWCMS_ROOT . '/include/inc_lang/backend/' . $BE['LANG'] . '/lang.inc.php';
$BL['be_admin_optgroup_label'] = array_merge($BL['merge_lang_array'][0], $BL['be_admin_optgroup_label']);
$BL['be_cnt_field'] = array_merge($BL['merge_lang_array'][1], $BL['be_cnt_field']);
unset($BL['merge_lang_array']);
}
function update_404redirect()
{
$data = array('error' => array(), 'data' => array('rid' => intval($_POST['rid']), 'alias' => clean_slweg($_POST['alias']), 'id' => trim($_POST['id']) === '' ? '' : intval($_POST['id']), 'aid' => trim($_POST['aid']) === '' || !intval($_POST['aid']) ? '' : intval($_POST['aid']), 'type' => empty($_POST['type']) || !in_array($_POST['type'], array('alias', 'id', 'aid', 'link')) ? '' : clean_slweg($_POST['type']), 'active' => empty($_POST['active']) ? 0 : 1, 'shortcut' => empty($_POST['shortcut']) ? 0 : 1, 'code' => empty($_POST['code']) || !in_array($_POST['code'], array('301', '307', '404', '401', '503')) ? '' : clean_slweg($_POST['code']), 'target' => clean_slweg($_POST['target']), 'changed' => date('Y-m-d H:i:s')));
if (!$data['data']['aid'] && !$data['data']['alias'] && $data['data']['id'] == '' && !isset($_POST['delete_' . md5($data['data']['rid'])])) {
$data['error'][] = $GLOBALS['BL']['be_redirect_error1'];
}
if ($data['data']['type'] && $data['data']['target'] === '') {
$data['error'][] = $GLOBALS['BL']['be_redirect_error2'];
} elseif (($data['data']['type'] == 'id' || $data['data']['type'] == 'aid') && !is_intval($data['data']['target'])) {
$data['error'][] = $GLOBALS['BL']['be_redirect_error3'];
}
if (count($data['error'])) {
$data['data']['active'] = 0;
set_status_message(implode('<br />', $data['error']), 'error');
} else {
$data['error'] = NULL;
$rid = $data['data']['rid'];
unset($data['data']['rid']);
if ($rid) {
// Mark for deletion
if (isset($_POST['delete_' . md5($rid)])) {
$data['data']['active'] = 9;
$result = _dbQuery('DELETE FROM ' . DB_PREPEND . 'phpwcms_redirect WHERE rid=' . $rid, 'DELETE');
} else {
$result = _dbUpdate('phpwcms_redirect', $data['data'], 'rid=' . $rid);
}
} else {
$result = _dbInsert('phpwcms_redirect', $data['data']);
if (isset($result['INSERT_ID'])) {
$rid = $result['INSERT_ID'];
}
}
$data['data']['rid'] = $rid;
if ($result) {
if ($data['data']['active'] == 9) {
set_status_message(str_replace('{ID}', $data['data']['rid'], $GLOBALS['BL']['be_action_deleted']), 'success');
headerRedirect('phpwcms.php?' . get_token_get_string('csrftoken') . '&do=admin&p=14');
} else {
set_status_message($GLOBALS['BL']['be_successfully_saved'], 'success');
}
} else {
set_status_message($GLOBALS['BL']['be_error_while_save'], 'error');
}
}
return $data;
}
$sql .= " WHERE acontent_id=" . $content["id"];
$sql .= " AND acontent_aid=" . $content["aid"];
mysql_query($sql, $db) or die("error while updating content type info");
}
change_articledate($content["aid"]);
//update article date too
update_cache();
// set cache timeout = 0
if (empty($_POST['SubmitClose'])) {
// cnt teaser has some special filter options
if (isset($_POST['teaser_filter_category']) && is_intval($_POST['teaser_filter_category'])) {
$_SESSION['teaser_filter_category'] = intval($_POST['teaser_filter_category']);
}
if (!empty($_POST['teaser_filter_category_by_tags'])) {
$_SESSION['teaser_filter_category_by_tags'] = true;
}
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=articles&p=2&s=1&aktion=2&id=' . $content["aid"] . "&acid=" . $content["id"]);
} else {
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=articles&p=2&s=1&id=' . $content["aid"]);
}
}
}
//end update/insert
}
//end error check
}
//form to edit article content parts
include PHPWCMS_ROOT . "/include/inc_tmpl/articlecontent.edit.tmpl.php";
}
//end edit article content part
}
}
//Undo Normale Message
if ($do == 3) {
if (intval($wert) == 0) {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_message SET " . "msg_deleted=0, msg_tstamp=msg_tstamp WHERE " . "msg_uid=" . $_SESSION["wcs_user_id"] . " AND " . "msg_id=" . $id . ";";
mysql_query($sql, $db) or die("error");
}
}
//Undo Sent Message
if ($do == 4) {
if (intval($wert) == 0) {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_message SET " . "msg_from_del=0, msg_tstamp=msg_tstamp WHERE " . "msg_from=" . $_SESSION["wcs_user_id"] . " AND " . "msg_id=" . $id . ";";
mysql_query($sql, $db) or die("error");
}
}
//Delete Normale Message
if ($do == 5) {
if (intval($wert) == 9) {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_message SET " . "msg_deleted=9, msg_tstamp=msg_tstamp WHERE " . "msg_uid=" . $_SESSION["wcs_user_id"] . " AND " . "msg_id=" . $id . " AND msg_deleted=1;";
mysql_query($sql, $db) or die("error");
}
}
//Delete sent message (Set del to 9)
if ($do == 6) {
if (intval($wert) == 9) {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_message SET " . "msg_from_del=9, msg_tstamp=msg_tstamp WHERE " . "msg_from=" . $_SESSION["wcs_user_id"] . " AND " . "msg_id=" . $id . " AND msg_from_del=1;";
mysql_query($sql, $db) or die("error");
}
}
$ref = empty($_SESSION['REFERER_URL']) ? PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') : $_SESSION['REFERER_URL'];
headerRedirect($ref);
" /><input name="gbid" type="hidden" value="<?php
echo intval($row['guestbook_id']);
?>
" /></td>
<td valign="bottom">
<input type="hidden" name="csrf_token_name" value="<?php
echo $token_name;
?>
" />
<input type="hidden" name="csrf_token_value" value="<?php
echo $token_value;
?>
" />
<input name="gbsubmit" type="submit" id="gbsubmit" value="submit changes" />
<input name="gbcancel" type="button" id="gbcancel" value="close" onclick="location.href='act_guestbook.php?<?php
echo get_token_get_string('csrftoken');
?>
&cid=<?php
echo $row['guestbook_cid'];
?>
';" />
</td>
</tr>
</form>
<?php
$c++;
}
}
mysql_free_result($result);
}
// if no guestbook entry available
if (!@move_uploaded_file($_FILES["file"]["tmp_name"], $usernewfile)) {
$file_error["upload"] = $BL['be_fprivup_err3'] . ' (2)';
}
} else {
$file_error["upload"] = $BL['be_fprivup_err4'];
}
umask($oldumask);
}
if (is_file($usernewfile)) {
@chmod($usernewfile, 0666);
}
if (empty($file_error["upload"])) {
// store tags
_dbSaveCategories($file_tags, 'file', $new_fileId, ',');
//after successful upload go back to clear post (form) var
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=files&f=0&uploaded=1');
} else {
echo $file_error["upload"] . "<br />";
$file_error["upload"] = str_replace('{VAL}', $phpwcms["admin_email"], $BL['be_fprivup_err6']);
mysql_query("DELETE FROM " . DB_PREPEND . "phpwcms_file WHERE f_id=" . $new_fileId . " AND f_uid=" . $_SESSION["wcs_user_id"] . ";", $db);
}
}
}
if (!ini_get('safe_mode') && function_exists('set_time_limit')) {
set_time_limit(30);
}
}
?>
<form action="phpwcms.php?do=files&f=0" method="post" enctype="multipart/form-data" name="uploadfile" id="uploadfile">
<table border="0" cellpadding="0" cellspacing="0" bgcolor="#EBF2F4" summary="">
<tr>
function copy_article_to_level($do, $dbcon)
{
$sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_article WHERE article_deleted=0 AND article_id=" . $do[1];
if ($result = mysql_query($sql, $dbcon) or die("error while connecting to database: <pre>" . $sql . "</pre>")) {
if ($row = mysql_fetch_assoc($result)) {
$row["article_cid"] = $do[2];
$row["article_created"] = now();
$row["article_tstamp"] = date('Y-m-d H:i:s', now());
$row["article_sort"] = getArticleSortValue($row["article_cid"]);
$row["article_alias"] = proof_alias(0, empty($row["article_alias"]) ? $row['article_title'] : $row["article_alias"], 'ARTICLE');
foreach ($row as $key => $value) {
if ($key == "article_id") {
$keys = $key;
$values = "''";
} else {
$keys .= ", " . $key;
$values .= ", " . _dbEscape($value);
}
}
}
mysql_free_result($result);
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_article (" . $keys . ") VALUES (" . $values . ")";
if ($result = mysql_query($sql, $dbcon) or die("error while copy article <br>error while connecting to database: <pre>" . $sql . "</pre>")) {
$article_insert_id = mysql_insert_id($dbcon);
$sql1 = "SELECT * FROM " . DB_PREPEND . "phpwcms_articlecontent WHERE acontent_aid=" . $do[1];
if ($result1 = mysql_query($sql1, $dbcon) or die("error sql")) {
while ($row1 = mysql_fetch_assoc($result1)) {
$row1["acontent_aid"] = $article_insert_id;
foreach ($row1 as $key1 => $value1) {
if ($key1 == "acontent_id") {
$key1s = $key1;
$value1s = "''";
} else {
$key1s .= ", " . $key1;
$value1s .= ", " . _dbEscape($value1);
}
}
$sql2 = "INSERT INTO " . DB_PREPEND . "phpwcms_articlecontent (" . $key1s . ") VALUES (" . $value1s . ")";
$result = mysql_query($sql2, $dbcon) or die("error while copy article content <br>error while connecting to database: <pre>" . $sql2 . "</pre>");
}
mysql_free_result($result1);
}
if (empty($GLOBALS['phpwcms']['disallow_open_copied_article']) && isset($do[3]) && $do[3] == 'open' && $article_insert_id) {
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=articles&p=2&s=1&id=' . $article_insert_id);
}
}
}
}
<?php
/**
* phpwcms content management system
*
* @author Oliver Georgi <*****@*****.**>
* @copyright Copyright (c) 2002-2015, Oliver Georgi
* @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
* @link http://www.phpwcms.de
*
**/
session_start();
$phpwcms = array();
require_once '../../include/config/conf.inc.php';
require_once '../inc_lib/default.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/helper.session.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/dbcon.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/general.inc.php';
checkLogin();
validate_csrf_tokens();
require_once PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php';
$chat_message = clean_slweg(trim($_POST['chatmsg']));
$chatlist = intval($_POST['chatlist']);
if ($chat_message) {
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_chat (chat_uid, chat_name, chat_text, chat_cat) ";
$sql .= "VALUES (" . $_SESSION['wcs_user_id'] . "," . _dbEscape($_SESSION['wcs_user']) . "," . _dbEscape($chat_message) . ",0)";
_dbQuery($sql, 'INSERT');
}
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=chat&p=1&l=' . $chatlist . '&' . get_token_get_string('csrftoken'));
/**
* Add csrftoken GET parameter to backend links.
*
* @access public
* @param string $html
* @return string
*/
function tokenize_urls($html)
{
$get_token = get_token_get_string('csrftoken');
if ($get_token) {
$search = array('phpwcms.php?', '/act_structure.php?', '/act_articlecontent.php?', '/act_file.php?', '/act_download.php?', '/act_filecat.php?', '/act_usergroup.php?', '/act_user.php?', '/act_frontendsetup.php?', '/act_message.php?', '/act_cache.php?');
$replace = array('phpwcms.php?' . $get_token . '&', '/act_structure.php?' . $get_token . '&', '/act_articlecontent.php?' . $get_token . '&', '/act_file.php?' . $get_token . '&', '/act_download.php?' . $get_token . '&', '/act_filecat.php?' . $get_token . '&', '/act_usergroup.php?' . $get_token . '&', '/act_user.php?' . $get_token . '&', '/act_frontendsetup.php?' . $get_token . '&', '/act_message.php?' . $get_token . '&', '/act_cache.php?' . $get_token . '&');
$html = str_replace($search, $replace, $html);
}
return $html;
}
